HEUR.Malware.FakeApp.Generic

By CagedTech in HEUR Malware, Malware

Threat Scorecard

Popularity Rank:	58
Threat Level:	100 % (High)
Infected Computers:	332,997

First Seen:	January 8, 2013
Last Seen:	April 16, 2026
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove HEUR.Malware.FakeApp.Generic

File System Details

HEUR.Malware.FakeApp.Generic may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	chrome.exe	291ab9c8444a5594f2853de38c4df005	142
Name: chrome.exe MD5: 291ab9c8444a5594f2853de38c4df005 Size: 3.65 MB (3650560 bytes) Detections: 142 Type: Executable File Path: C:\Users\<username>\AppData\Local\Microsoft\chrome.exe Group: Malware file Last Updated: November 28, 2024
2.	browserupdate.exe	fa0733b9fea77460a5c006e384779577	31
Name: browserupdate.exe MD5: fa0733b9fea77460a5c006e384779577 Size: 10.33 MB (10338888 bytes) Detections: 31 Type: Executable File Path: c:\program files\google\chrome\application Group: Malware file Last Updated: January 14, 2023

Analysis Report

General information

Family Name:	HEUR.Malware.FakeApp.Generic
Signature status:	No Signature

Known Samples

MD5: 92a410010d0fb650385e88c1474ac29d

SHA1: 7ab69e5c7442a94fb5fa25705ca4eb2028a0c32c

File Size: 470.96 KB, 470960 bytes

MD5: 3edbe035264a796abbf11c8af9bf76e3

SHA1: a85b535fa1f227fba963ac012cca2d396c9cac06

File Size: 3.52 MB, 3518976 bytes

MD5: eb78746604c9469d6cf1595d8ce3a0b2

SHA1: 6b0628fe5cf50aa495b8ea7054176822b13e77fa

File Size: 891.01 KB, 891012 bytes

MD5: 05f9c88136ce0445f054242d2e6b4fbf

SHA1: b71c794044a62e178270c5e415a26a7fe3362c30

File Size: 1.14 MB, 1136376 bytes

MD5: a25ef03250ad0a702633171983f1278a

SHA1: 20dbc49a532a96f0ecb6711ed441e938b2fcf73e

File Size: 6.43 MB, 6428728 bytes

MD5: e654b3a15032686df3e4534542ecf8ab

SHA1: b0357788ffe09483bf4817e95755217d18486ea7

File Size: 2.52 MB, 2519260 bytes

MD5: f722341a79e687d969afd7e4af0f7fc2

SHA1: 872c9b1b9ddd2c2027c212fb8bfd0c997b83bc5a

File Size: 8.71 MB, 8705432 bytes

MD5: a95a54ee377ee1e680d35806f1b76482

SHA1: 521ff96d929fa73d599d916c63a899a540e2d610

File Size: 3.52 MB, 3523072 bytes

MD5: 0ed9d3cdd1bb3455b995f3482010e310

SHA1: 938459245f4b52f0d884280d79b082b0bac29b4f

File Size: 6.48 MB, 6484992 bytes

MD5: 1f7a680078168cf2c23fbe9601fd4cf4

SHA1: 8e2ba46d6a4d01201448e6a807b3e05757aea4c2

File Size: 2.08 MB, 2077207 bytes

MD5: 9ce84061b6b8417faebc3d2f927fe93e

SHA1: 363e667a781c364e49fe46781004db20f14f4283

File Size: 1.59 MB, 1586816 bytes

MD5: 910d7f22a2696caa8e02d7e47b86246f

SHA1: b94a4a3610a3e0bb31c20039e9f4d7d12fa62387

File Size: 1.16 MB, 1157783 bytes

MD5: a859c047747d6d72af93ef722a5a8b9c

SHA1: 81238199b1dc6ec50c041ac09547e9cd6a2efbfd

File Size: 33.28 KB, 33280 bytes

MD5: f030b4f7ff875955f4751f1afbed1e68

SHA1: e1b2dc64d8e5bd0ff337a99185c2fe9277a080fd

File Size: 1.12 MB, 1122755 bytes

MD5: dfcfdd06474dc3d77de8999857a16183

SHA1: cc95af2989b6e9dd60807d79608d98b5f0f5b51f

File Size: 1.02 MB, 1015239 bytes

MD5: 0a16cb134b6a32466503e0dcca670611

SHA1: 78ce1c7797e4bad293e7d8872347bcd71e09a522

File Size: 33.79 KB, 33792 bytes

MD5: 9bd285fca406322643fa222f3f5b5c7b

SHA1: ef0d136772c32a948c9b435046e19d8a1318fbde

File Size: 3.53 MB, 3531264 bytes

MD5: f8091b5154209a28974f24f1cf621044

SHA1: c030cc7a4c2d629a9031b309370412a99c527e03

File Size: 5.39 MB, 5387880 bytes

MD5: c5225e28c1a7057682b69ea19e8a788c

SHA1: d8184b403ed29a69cb3794c5bd046fa0624843c9

File Size: 1.14 MB, 1135446 bytes

MD5: 6660bffc77deae3d811171f370732a57

SHA1: 3c71655d7da5ad1eeffbfc770b43485097931159

File Size: 33.28 KB, 33280 bytes

MD5: d838666d5bbb69649e5e51fb6db939a0

SHA1: bd163fbec09c2a1037ce9bc6d8b819db0ade9ccd

File Size: 580.10 KB, 580096 bytes

MD5: 16edbaaa03beb40af11003eea30001b2

SHA1: 69c5b0168d19a6d378d98fe0e7ee92c3ab385754

File Size: 33.28 KB, 33280 bytes

MD5: d1980fdc3ef1b47b55bcc3bda330bfa8

SHA1: 48e43bfd79da2ad141a30e8dc01c811a0e44adbd

File Size: 33.28 KB, 33280 bytes

MD5: 0b0d5d1ae03d36014c01f289ce0321a7

SHA1: 9d1579bc27b313f22a37e598f1335bc526023ae5

File Size: 3.68 MB, 3676160 bytes

MD5: c3a3195532ab52946df93e72f0a9661c

SHA1: 09a6518900cb07a4a5246f9b0763b770ef1a5f66

File Size: 33.28 KB, 33280 bytes

MD5: 9218e5cad03c752f237ed87a9e52def4

SHA1: 0ccddab0d87776d78c613c6e7a6f3bce93ffc3d3

File Size: 1.77 MB, 1774688 bytes

MD5: 9d838e41cb8560e44f6c27bf3d26719c

SHA1: c2d5572f1e16d62e167c57547f04565cdd9e5202

File Size: 84.99 KB, 84992 bytes

MD5: dc348ebac6b0c4904c53bec014f14918

SHA1: 35b0a1f58c4a186ff5c2e219f239a177fad74063

File Size: 8.08 MB, 8079904 bytes

MD5: 115076eaa90f874972e1f2baa561cabc

SHA1: 5ab2237d082801c5ebd01d9c6b1ba06576c523f8

File Size: 8.28 MB, 8280048 bytes

MD5: 72c5ad62207e873df8b715c37d58eac4

SHA1: ad99fdeceb39ce11a5966c0a3af97134e21a796c

File Size: 91.14 KB, 91136 bytes

MD5: c531009fbe886583cb76ad9dee0898d8

SHA1: b4079bf22f13513c9a53aea26018fb393bc018ff

File Size: 91.14 KB, 91136 bytes

MD5: a6153eb893d4ec180bd870c84f2ddea6

SHA1: c30e64ab1f010c489facd60eac25c03d7fa6e4b4

File Size: 8.91 MB, 8912896 bytes

MD5: f730cbe11fa786dd42ed5b6cc412a437

SHA1: aa07fe68ba87877524b1f179ebd95e2091add1a3

File Size: 9.57 MB, 9569384 bytes

MD5: 241ba1d1283fb4069f18259688f876c7

SHA1: 122f3b0695a925a0d709855a0cbe6fbb81ff9d80

File Size: 7.35 MB, 7354065 bytes

MD5: 50064ccac0919bd5280d0f19980c787a

SHA1: 73c8b5702de590f02b4755f5e2975935f97f9920

File Size: 33.28 KB, 33280 bytes

MD5: 622674857d9b72005e53fa6788ebe73e

SHA1: c30998141df86ba2347c6c9734705fd62833acbc

File Size: 33.28 KB, 33280 bytes

MD5: b1533517e173a7c3b8e90b8570bcf20f

SHA1: f79a6c0769d1305f4e48614f2f77e8d811b783f5

File Size: 91.14 KB, 91136 bytes

MD5: 8282f55e0e3674775d824de59265eade

SHA1: be1c384e6c78cf8368e7b48278bf423211860460

File Size: 5.27 MB, 5271552 bytes

MD5: 4419135a11ea29e22d7ef05800849f4b

SHA1: b32943bd557e5500129debfbadd0a4f7c53848c1

File Size: 91.14 KB, 91136 bytes

MD5: 574a0b9b808ac7a48cab401c36ae0df1

SHA1: e28cecd54c1772d4e3bf022b6b26f1d03e9386cd

File Size: 91.14 KB, 91136 bytes

MD5: 278f1e70d9da7b6a08dfb3fcd5697fae

SHA1: a622247fbe04bb2e20e60a8e55883a136d408edc

File Size: 4.82 MB, 4817288 bytes

MD5: 263c64499b1f2b805ddd2bcc6383d527

SHA1: 18925f0db165d72710a59cd295082fca092e7ad5

File Size: 5.04 MB, 5040128 bytes

MD5: 8227c0673de40495def79513fa279d7c

SHA1: cba6e7c8a67ba3dc040cdc592bd51e55e4fb4b2a

File Size: 6.32 MB, 6321248 bytes

MD5: 32643b1b66bd971aad1eb9d5a18bdc18

SHA1: 1d43975d6556363bedbb6ddb3adddd8323e9a215

File Size: 8.26 MB, 8255488 bytes

MD5: 07cc927afdbee9eb7674ea18393b6722

SHA1: 4920e75fd90662c64814d501d25c6c3ff15bb107

File Size: 91.14 KB, 91136 bytes

MD5: 1f545cb754e6ed574e5cb7cd1ad659e2

SHA1: 444a94771c2d0158b308d03dab933780cb3a7b19

File Size: 5.04 MB, 5041152 bytes

MD5: 5c3fd478b535813986b8c66a5592a31c

SHA1: 880492fd526156d270adb26737338dc87c1d08a9

File Size: 33.28 KB, 33280 bytes

MD5: db20d062491867b3612efcf1c6cabc85

SHA1: a00f3853c0fe4d54127b7c0344bc83dd3b3f4bc3

File Size: 91.14 KB, 91136 bytes

MD5: 7a6d6a989dcb6ac25c9ad0d5f71e2a38

SHA1: 30cd69237d7938b2f3d7ed187f35df4406ffd282

File Size: 8.66 MB, 8664267 bytes

MD5: a0f4b13b9959a3fd6cf8aa42438824a5

SHA1: fbb7e3a2b02c4b8771cedde7fab5210547b8918f

File Size: 2.37 MB, 2370210 bytes

MD5: 2d3c314c1fb3dc0dbfe0ea267c70a85e

SHA1: 90b7c2a8afdc571204a58a89b30e01dd61520c9c

File Size: 8.79 MB, 8786392 bytes

MD5: b42bb8d717ff1b1afcdeb69b2c85e06c

SHA1: 736969fa9c158d9d060d8194d0037174637e56ec

File Size: 2.52 MB, 2519218 bytes

MD5: 2a7f9eb3cef620ab51b258a80d1eedcc

SHA1: 7c3914553654f9f571ef666f1bbc2b05b80afc62

File Size: 2.57 MB, 2573592 bytes

MD5: d9319e8eb2fd1caf1fefc5397d927866

SHA1: 0a4bf57ff61770518b3003054818f9482d3c0942

File Size: 2.60 MB, 2602320 bytes

MD5: 54b7f8eba120e25eb620e6c1c6ac867b

SHA1: b7837075855b2c7fb97905efb295c95aa3bf9da1

File Size: 9.93 MB, 9934216 bytes

MD5: b65efee6bb585ec429999d5e67798203

SHA1: 2eecca8973ee5147fa6e4bb64db3d9d502ce38da

File Size: 91.14 KB, 91136 bytes

MD5: 29607712ea6f2cd82fefb2181d4d8087

SHA1: 6c4f397a3bd5f9decd88ba0b2ccafa70fca761ab

File Size: 91.14 KB, 91136 bytes

MD5: 5da6f983b1c2ade772114f22b58c5b92

SHA1: 0357e1b58a4953a4315d249a36cba50ad0a5d621

File Size: 6.31 MB, 6314188 bytes

MD5: c5c788408e86c55bb17b9bb64e568dfa

SHA1: 3783ac609f87a3e3986ab3f018ca0a9028c1bc4f

File Size: 2.60 MB, 2602280 bytes

MD5: 39c4ca9a0a23e3d660ad1e668bf91696

SHA1: 1dc611a292239f98e30c1a7d2fc7545cda83ef4d

File Size: 7.98 MB, 7977599 bytes

MD5: cf63366c172d3fbcb5fd9cb2d9314890

SHA1: 522b9763996ee4b3d0d88248d3b98517c8a373bc

File Size: 91.14 KB, 91136 bytes

MD5: 899ff3e101bf0ca6ce38c8a1a7441e7c

SHA1: 065af0aed82ca1989bff131f52ad791b813db504

File Size: 91.14 KB, 91136 bytes

MD5: 0fb1ca1dc49ad20107ffa5b8026f8668

SHA1: c79ca59a665f1398fb482a83efacaa3f0eb8cd31

File Size: 91.14 KB, 91136 bytes

MD5: ed0d1807777dbf2c66ba12d5060fec5e

SHA1: d6a6d0b294676929b3ea14a6d399f98825f809cd

File Size: 4.25 MB, 4252672 bytes

MD5: a434bdffe050ba5abd0e33089dc1bc8a

SHA1: 261421ca7d5f93061aad3970848fb7f736b1ad07

File Size: 3.59 MB, 3588951 bytes

MD5: 3e042dc152129cc2552cc5985eac4aad

SHA1: 4ad789065640a72de760196a97352ec7016d4242

File Size: 6.16 MB, 6159360 bytes

MD5: 1f1338439fba7a8bf1c7e7c3571ff0a0

SHA1: d113a249c88d252533e183f40707c5a1af620409

File Size: 4.28 MB, 4282858 bytes

MD5: d6d6f1ed219c6f9722bd06d55c409e0d

SHA1: 1a9b3cf33d4a4a6b6e049e92760447ca54882747

File Size: 2.08 MB, 2077207 bytes

MD5: ca5acad6afe84735acf769743d671809

SHA1: a9df9fdc974f42ed251b6c24b788fbb8b1f9e3ba

File Size: 91.14 KB, 91136 bytes

MD5: f4b026b3e68e9e41d63e6f07e464b77b

SHA1: 8bdfd07c21547946dcb2824ebce8d1af89a5e3b5

SHA256: 648EE39994168E5DD86B6C842DC181ABE1F8B176A1010C732DD549EE9E7981F2

File Size: 2.22 MB, 2216920 bytes

MD5: 2be5e555dede72c0ddf6a756b887c3d4

SHA1: 215396a230dc8c4fca2c9b80a1637ed034f6f132

SHA256: 737D8D99830D8C752C5C06FF891C9ED6C8104EDB357943441225DEAECA79D884

File Size: 409.60 KB, 409600 bytes

MD5: 441f8de82da5b2b3a9c9e4bd788b015f

SHA1: 9c85c9decc398418073d20c48358765eb833a780

SHA256: 6A2FAEB560949BF85DE30D28A782C880BE79DAE10D1D900B366A8AEC76B28C67

File Size: 4.48 MB, 4478010 bytes

MD5: 7fffd997df8235415c1e521b7f07c2e5

SHA1: b2dc898db125b108a100394cd38b25dab8122152

SHA256: 4BDC649171A1B627EDA6ABBF202A04F629D4EF75DD9B01E8049F6F85B62EE5AE

File Size: 1.89 MB, 1886208 bytes

MD5: 134db32160f1d6ec0c4619170b58d44f

SHA1: a8cb7581ecf5c5af0c6d7ab915f819992bc1d62d

SHA256: 052ED90EB56F087B7067565CFB66F91BCBEBC66A42638474E69E2F2ECC762CAD

File Size: 104.45 KB, 104448 bytes

MD5: e3caea9016679bfe06a57f316dd426dc

SHA1: b06c2d7d1681a5a6ec8dd0c68ca30f3e46ddad41

SHA256: 40E37A037C1194187E08B4082E05DFC6DDE94692A976DADD99782A210B24347D

File Size: 104.96 KB, 104960 bytes

MD5: 7c3271433eeda591a29742149a983063

SHA1: c41dafef114accce6df146f26d3fef35c846481c

SHA256: 96E8317A569D09495D8E8631DF23390B1FAD6F4ACA8E2F84632A876F10F05DA6

File Size: 2.41 MB, 2405416 bytes

MD5: 817b0aecd1e226d24590e922bd12bfc5

SHA1: 7c629007fe20eaa6c89d519c91e6480f01a9a1b7

SHA256: 1C7BFE880260CC265220335572193A571A60716AF13E28C854B286C9D1D219D3

File Size: 103.94 KB, 103936 bytes

MD5: 8255e014da7ebb00d00274bc3572afa4

SHA1: ef92b05452b5a7c68afad71b2cb0afe49a2df7aa

SHA256: A591D6A6476EB623F5B44D6AB59EF609CF110865135AC5B073EC3AA891E35DCB

File Size: 4.64 MB, 4642304 bytes

MD5: 274fc31a15aaa44f43fae5dae50a3359

SHA1: 9e4b00ce94ddc8d86d8a790742a34ad5e92ce6b4

SHA256: FA219F56F5F53473A1ECC84AF30F434B5B422786AACE6C53F2E4BA041D228C4F

File Size: 91.14 KB, 91136 bytes

MD5: 6be3d5c0e3e3cd27f196355a276f2642

SHA1: d236db5793cce01d34ba852770800eaadbaf0353

SHA256: 518E5CD8FB5C1CB8F0C8C2FF6280827CE1138B6B16D5E515F1A7B3C373532CD9

File Size: 91.14 KB, 91136 bytes

MD5: e37f2665aed351587af1b96790a2107a

SHA1: 693ac1ccc0b519001ca3ab373486625fe864a903

SHA256: 4963389D46DCF8D80B556E83E6435E925B08456ECFF1072461363714FA0D88EB

File Size: 91.14 KB, 91136 bytes

MD5: 963806838e731c273b101b7e83d17dfe

SHA1: ed855b6ccd64d72f7bd125c477595a07782a5ee4

SHA256: CF976EC45F96CB7E4381C6E7C053EF49BE15CF89E1CF7A70AB95EE002EEE7BB5

File Size: 7.14 MB, 7143952 bytes

MD5: 6655ae856a4f668daba241f977858ceb

SHA1: 0618be745f09a18c8bc10ecfec95b6f687e0f3ed

SHA256: F1F2BBE871C9C32FC56C8FDE1A4D7A5858598FF7270598CC3F3C5410438E8970

File Size: 4.99 MB, 4992961 bytes

MD5: fa205fea330a1b861579ad7a92cee695

SHA1: 9426d2270024d9959271706062d9b3a75bfb72f5

SHA256: 8E48062920FB7DB251C06796E35D3EC508F2BEACCB33BD7F4A2D9FD251364117

File Size: 694.70 KB, 694704 bytes

MD5: e5773529a3b46ce63725d5b0951a29e5

SHA1: d01c8ca805d918106234847360a6745fa3192193

SHA256: 2E2BBECD967B4E7B183311DF3AAF6E17923278AE5081CAEFC05AD5316A13FBC4

File Size: 91.14 KB, 91136 bytes

MD5: b20fc7f1f3f717bc549a35aef77adaa3

SHA1: ed72d38518bf08145607111aee1084de22dbe0d8

SHA256: 62711E52F9934EFD4282DC4F2DD821102A3B41C101D55C13588D47661F45D996

File Size: 103.94 KB, 103936 bytes

MD5: f22e74b5f466d09482479efbbe1dd0b9

SHA1: ebd2a6a71a4e7eb7f06a225a0b7f08b6cf908f89

SHA256: 8529BE7E23A340287D8637C9C7E35192C8FE52A11C2085BD688F48E7D8ABD4C0

File Size: 3.14 MB, 3141168 bytes

MD5: 536aa92b0b4eb194076f56b6db05b1ba

SHA1: bbb428def73ef9af8cf274d07e6e709a6b537109

SHA256: 42B13BAA74CC7CA0791229BC42A40257C6D4F1BA0D0F3124326406E6DD9A6BD7

File Size: 91.14 KB, 91136 bytes

MD5: 10693e63d45bbd2f72e41c1745d4d94a

SHA1: 12ed5b67c413f25b4e9ebb57623e4fd29d6753c0

SHA256: DFD5462DE7D595D20560237F7AE719678338C382CC41AB34D58AAFD68AC2D83F

File Size: 73.73 KB, 73728 bytes

MD5: 3dab640f5098ab6ae9c6f5f7f83360a7

SHA1: 3b1dfdac9ed4d7032ec70b45027d2c9421dd4515

SHA256: D0E18F72BF185766D2756B4D4C5F3003FACFDA22AC6D802D70C72802DD3CEF73

File Size: 4.03 MB, 4029832 bytes

MD5: 9f059aee55e21a639f2811eba3a03c68

SHA1: 075f8be72e122c478764cb81155c22dfd78d25ff

SHA256: C9D676E68DEB85508E41D65DB212B3629EDBA36B19F475831FFC31C79D7BD0F8

File Size: 491.28 KB, 491279 bytes

MD5: d8d0f84a49da7b2b71646be65cbca827

SHA1: 360e415998cb8fbc538b3b20fb232b839fe60746

SHA256: 11A06A31C23979FF2F0FDCE1C51B301681CB17BBCD582A621AA38D88A12AB054

File Size: 82.43 KB, 82432 bytes

MD5: 3903990a565ccad73e7da0e7374c15f7

SHA1: aef1c796b04a3856d2b711d6903ff33822815f9f

SHA256: FB2A1A209783F9BD390242945563BB168E311AD089B5B839AD88B5F0B676DA25

File Size: 6.65 MB, 6647688 bytes

MD5: 286ff4e06cbe5dffad12f3375d4e6e4b

SHA1: 7d74d98df09b7513a8e05f72afcd4cef86a18e9e

SHA256: DD601BE57D6632B7EF4C62E849ED1BA514643DAB69A4706592F65439E28DA633

File Size: 82.43 KB, 82432 bytes

MD5: 273b63bc9be92fbf460132ba25d202e5

SHA1: 5698363b7f108630e3730e59cf43888c614ff591

SHA256: 2DAE3408168F9B1BF3A73C5E046827CE3FC0EE79BD52567305C15E831B66ACBE

File Size: 6.05 MB, 6050304 bytes

MD5: d7028f3fe8154c69594267a084a30c63

SHA1: 28933acfe38f747b1a5b182f3102da48eaabe436

SHA256: 1446E26A749A4B2C11B8DAA37C41F70298088EF2D52EB33BEF94236855D91AE2

File Size: 4.76 MB, 4763856 bytes

MD5: c275ca2bfff152b8907018d131778684

SHA1: 489c2024796ac08abd230c6a029f571cb78d0f09

SHA256: 07C49DCDBB00B1B56DE3055B1A08A6055A67A57732B3C54457DFB41C8FC04B6D

File Size: 7.39 MB, 7387648 bytes

MD5: 6b4be6ced9b67ac58ea6f4f474c38d6c

SHA1: 7c7f90b3c09b48fec8c34998f4588e0a27ab7809

SHA256: 8DF94AC00DEE3D31C5EB2F4BFE89CAF1583DC59B12656D337F24CDD514A4D623

File Size: 9.63 MB, 9631928 bytes

MD5: a2d9be75a00ef3c1339e4d5f130f0deb

SHA1: 85de692d60337dbcb37bf9a93cb335faceab2eda

SHA256: F177834C5E97FB742EAE3FDBCB485AE23E2E024AC01AA9734AABFA31822CFA4D

File Size: 3.97 MB, 3971976 bytes

MD5: 9db42dc1fbdbdfac2f53642cd55b1eed

SHA1: f7e1a42a9dd1966614aaabfd9b6fd07a340d893b

SHA256: 9035F718AF9588638EB2A77DEE429DEB23228B98605649F8DCA1D4F3107A23B1

File Size: 6.77 MB, 6769544 bytes

MD5: 1293d2c4223cb9e2601ff07ce94a1b6f

SHA1: 761aee7e9978197465ed1c745df05ca50e5c5754

SHA256: C73D1676618EB45B8C222FB09DF03082F2FF425FA23C931804E81BDE9B5330FF

File Size: 4.59 MB, 4588032 bytes

MD5: 63b7c064721cea4f3273acb52f1be35a

SHA1: c886e4222786a40f846b73b6e6bc94a92ce018c0

SHA256: 02B8A73C0FCF96655686C74FBF9A86CF0B79B2E3CC068FE6CECDCF07611D839E

File Size: 2.64 MB, 2643808 bytes

MD5: 312e73f08629132d9a896695030b2397

SHA1: 1a682d01e73500b32bc70a840a06cb07a1bf8ae4

SHA256: EF5F0F9B39842E20ACBCE5877BB1177248151D79F29F0CCA7944EAD74BBEC08C

File Size: 295.94 KB, 295943 bytes

MD5: ec51c94ca8f5e8673e8423a95e3555c6

SHA1: e4ca63a7cab008dba81fbad62cd998f4c6209da4

SHA256: 1A45E6C23295C308DCF2CEE018BDCD26C084F33AC051DC6FCB5C82671D577F73

File Size: 22.25 KB, 22248 bytes

MD5: c0b411797a17e473e9b50a4bf75510af

SHA1: 1e2b705b3222f4a4b91061f75bee102ec0c26b0f

SHA256: 7C505E87215E34F21D313662BECA537E71ECD572ECFD1FE3E7B1412361BE0657

File Size: 5.03 MB, 5034503 bytes

MD5: 1e7b21e0711f22470d69bcdc8752b47f

SHA1: de7a0962ef676b5f5e524f843e3f910bb5ac53f3

SHA256: 02C21510460DC22F923BC38C07B6BB17F69B2C75493B3524B321D9D05793295F

File Size: 5.61 MB, 5612544 bytes

MD5: 8450f9a2ec2dc0f5e1eb83488ff40473

SHA1: c645122a2bdfb562c69769095282273c74cb1940

SHA256: 659805160C3C0C166F2485990A1434BB3CB868DDE972517DD0DD5419FCB52660

File Size: 7.15 MB, 7154192 bytes

MD5: 27f8b1041230b4239d96f41795cb9423

SHA1: 2ea6f7147cfab7d4252cb74581a7710c04d06527

SHA256: 64F3A893276E111058AB404A7EE331EBDE45F22246CABB66FD95D6D576D5465A

File Size: 4.94 MB, 4936584 bytes

MD5: 7c20625b7ae40f26233a8aba72879015

SHA1: 98a4a1afc05d6e54b5cc454727c3505a27681d1e

SHA256: 3A8298F01061F23AB57B7AE1139552886292B5100B6FEF3109C3971EC2AE1E69

File Size: 9.83 MB, 9829232 bytes

MD5: db6a8cc9328eca4cbe8463cc03d96ffe

SHA1: b7f9302a7aaae598e02ec623434e163b9d83bd45

SHA256: 4332228AB26005520D257C23C39F01A2C8652007299AFB149BC18B0C6D9AE9AD

File Size: 91.14 KB, 91136 bytes

MD5: 34edb21eb44ef40619af33a93a5dea4c

SHA1: 479f379e169b5c83f9da22725aed0ff95a67cba7

SHA256: 51AB2FC21CC1BF9CE6D6897789E808D0D79038CEA66625E9AF88C6CC1B5BF332

File Size: 91.14 KB, 91136 bytes

MD5: 57dd2302da2027fcf07e511f8a6cc002

SHA1: ce39f8187193be2a1c21aa4314c7c3181e1c3839

SHA256: 4781D60E978F76D5981AA4845FB4F7A1EBC4A4462067F423083BDCB81C11AAF2

File Size: 2.58 MB, 2582128 bytes

MD5: 90583ac8c780595d0e7683fb64ccbafe

SHA1: 1fa244ecebd24b05896caf8cc50eb2a2626c1740

SHA256: 16DCC251C85FD0701B6EF5551CF91F23ED1740304708FC4BCD8C4B7CF8DA8465

File Size: 3.76 MB, 3763712 bytes

MD5: 3492dd0c799653af1ae8b55d26fbe5ed

SHA1: e242eb53a62711cbf2332fa576d3e493d38dbf44

SHA256: BB751D816BF51803FC96A74EF0A0150C2C5D33119B10EE84E619E7C0892C4932

File Size: 1.92 MB, 1918696 bytes

MD5: 2680a0213a174c4a5b204170878c20b1

SHA1: 6a2ff616d02aa8f4f9de497cef71902dd492826f

SHA256: 539C5918A675E2E495228F4574C57E14D1F037EC20586FC1AB6CC7344BD98E07

File Size: 7.72 MB, 7721235 bytes

MD5: 390e80d374fceb933b3d4576dec9e3f5

SHA1: eb7e9f8976b8a40a083e29fdcb8bba2b9a82edc4

SHA256: 516C859E819CB481CC746F77FCA0C341270E32A160E0078B14DE68ADB38FC760

File Size: 1.80 MB, 1798656 bytes

MD5: b71416bada5b71a64fda57b80d1856ba

SHA1: d7f44d43379716f3f632be47699c76b21f85eb91

SHA256: 5A70EF24DC936F9E821506C2B0DEDF6FE852AD1049E81CF989CAE1B91C0BE98F

File Size: 1.94 MB, 1942200 bytes

MD5: 12be42cf0a58e850f4989b6f58c93e7e

SHA1: b62b0210af7ace1bc61702006ef29c6e419c5f7d

SHA256: 392F0069054E6F7E1A7A6BBF6128C7BB03833FC87083FAC04C1154CDCA133B72

File Size: 3.12 MB, 3117556 bytes

MD5: b16dbee75ef5f835a895ad2bafcf5f2c

SHA1: 038fde0878504ba3f4095af3ad3bd1c327fa19ca

SHA256: 04C125D984A5C08E2C22D1F8093FB73059342B59534322307BEFF856552E1301

File Size: 7.04 MB, 7036432 bytes

MD5: 16e496ffaa472d9257fa1879c21aa032

SHA1: 5fd9755f0e496cd3e69f71362e1a504e405bf617

SHA256: 128A02CF6A96692C2D5E896426652673ECE574EA08465E8DC195653BC663C7F2

File Size: 4.17 MB, 4171144 bytes

MD5: 72f5efce622baea63395a07241b0e0f7

SHA1: 8aa11a246135c36dd1688541890e30cfa58689f1

SHA256: 20FAFD0EEA4DA8BE23A0DD6100528C9AAD7066DAE9880B27DE71797D3EC07D30

File Size: 5.40 MB, 5395848 bytes

MD5: d9f0b0c95361902a50dd310971229ad6

SHA1: 73186bdb06b22c28e92815b3e2f7b8c4864eb8f1

SHA256: 4D5BD7C311647F83DB8DD9424A8C11DD22A712EE25CF8108F598DD307C02BE9D

File Size: 8.68 MB, 8678296 bytes

MD5: 99d3d62bdb103cf972ffb2ccf73678af

SHA1: 33e5683096a695917f2d43b3b5db5b67e7657a76

SHA256: 1B970DA19493EBAB963E2FB88347B6007052E1F91770C18752B1A3BB3A5B6DCA

File Size: 2.10 MB, 2097840 bytes

MD5: 42f203427a828939f1b5a055df21f757

SHA1: dd648ba29abad76524bf1b06bbf9c9178ff8e25a

SHA256: E2540AE3FD7F8AF67C3C71404C2E8AF45E28259C3357300AA8BB6C406AB0990A

File Size: 412.26 KB, 412256 bytes

MD5: 4b3416e6ee53c9be8715dfeb2ee6e429

SHA1: f0c148e64724840a83a8b1db434b405cfb6d0352

SHA256: AEBDB5F593D33B3972A256A83487ED96959C23670FFEC0DD7114B66E36F71A56

File Size: 419.33 KB, 419328 bytes

MD5: c20bce1fa0cc773cce054f8165159938

SHA1: df974dae4db7a45d23249a7da759faf10d7af086

SHA256: F019D5839F3899CF135E0D00821743D5A054FEF833E7E0D7A93E290596A8BA86

File Size: 91.14 KB, 91136 bytes

MD5: 608a34b48ef6563c6a6fe63fd6e15b84

SHA1: 56a1d72b9499e01be56be72844d4d32966882604

SHA256: FADCFE7C239FD6D19F6A3E9F1D1A30D047F50463005B8479779341F40F7D1194

File Size: 7.45 MB, 7453696 bytes

MD5: 2204ee2b3e3027e25def213c358c3c65

SHA1: 1063e3584a400f0ec847bc3c008d92fef683d0fa

SHA256: AE87C6859D7960A7516911938C7CBB605A8F12D6EE10ED586496C4E498E9A142

File Size: 2.55 MB, 2554224 bytes

MD5: d593a59c08995ee1e2ac6ae802b6681d

SHA1: bab4ba6ee39ee10f93df9649434d9268366aeef1

SHA256: 535198B00BD9FFD9FA3C781770F1B9C0306AB4C95A2AC09E6043FDFDD3F51710

File Size: 3.56 MB, 3564544 bytes

MD5: 275159e4601f6778d2f944eea939a7fb

SHA1: e3dd4b455e6c2da928529b13ca4b82f957717ff2

SHA256: BC480A4E59DD83BA2BA4DAD2D4CF64417F88326E06FD6A308B238EF9ED334D83

File Size: 7.42 MB, 7418368 bytes

MD5: 04c9fecb9324653795e5834c387da0f9

SHA1: 2695ca125b4a07e15ff809e396b7ff588df730dc

SHA256: D76A912DD871DB2C55697E0E59AEFA3CC7AA5098F841930A4CADF265496AC143

File Size: 5.97 MB, 5974624 bytes

MD5: 6dccc9a92ebdd109324fd49b19921858

SHA1: 37c455f2be80cf8e69e29b877ec0550a6a65632b

SHA256: AFFA0960D1C435334FC0A0F40D25EA3A78AB957FF1559461647EED0FED6FB5A3

File Size: 8.96 MB, 8955784 bytes

MD5: 14649f3871a1c0ca01d7f8a280337f6d

SHA1: cfec8882668279046b008c4029dd77f3d2894027

SHA256: D4BD4CA469AD765E571BD88B5E1ACD190B429D4A3BB14BF2528DAFD6C9BE2C06

File Size: 7.45 MB, 7454736 bytes

MD5: b798ef2a7ad70d3ef188495cfd2e0a91

SHA1: f85c8f9607003a5cb68bb3cba7c0482b873dd156

SHA256: CC8C6C1AD7D1F63A2A71CE181565A458643CF5FECE3F7EB0DFB1E172E5C1EBDE

File Size: 6.86 MB, 6863312 bytes

MD5: fdd3fa28cc86fbd7c76ba91589768812

SHA1: 57f9c7aa0692d5634651be51520b8eb7620453af

SHA256: A450E7F5BC957B8906CA72C5BD9B3B1BBFD22DD2DC4419FC16703CA504837640

File Size: 272.90 KB, 272896 bytes

MD5: 7ae2fa00a6543af18b66e0cdf5dc5013

SHA1: c31f2d4136ba401bfc827c6dd6d48f5afcb0d6c4

SHA256: 471987C7C8B6088B3FE14F131982B6F21CA6999F99EFBE23D58C76A9E1A93E1C

File Size: 174.97 KB, 174967 bytes

MD5: 2b0df8204800296e1f062a92231f096c

SHA1: 2b3457baab216de8b7e5f8968709d4902298ec36

SHA256: 3BABCEA6605A759D4FB8CAC1AFD44E963C516FFFD9BCD3AA8C7CC1645C65F388

File Size: 272.90 KB, 272896 bytes

MD5: a07b5041644b78f24e67b2d24cda734c

SHA1: 178a63862c9dde82a0f72cc8003731f7c9671c78

SHA256: FA8040FF249172398B954C9973EAB00A3558EEA6992DD6743F7708AE4E0308B8

File Size: 8.92 MB, 8923136 bytes

MD5: ef00c2763b682eb590a166e2dc7d1b3a

SHA1: ab3ed5cf1e8b71587f8344e11481da9ca4b0dac9

SHA256: 3B903BF71C0F08C717845E84172324532320E5B788C48235DF0F1F8B126002AA

File Size: 272.38 KB, 272384 bytes

MD5: 8d0a41c49d8ce336567a9b2722ac5a2a

SHA1: 466586bbc192705e4ddcf356250367e67007357c

SHA256: 73204C1BD06CBDA1587EF329DC8BEA01E7F04F16C3E26A42786A0FC7A4FA204D

File Size: 272.90 KB, 272896 bytes

MD5: 8ce4112df997a41b9268341f6dd8fefe

SHA1: 2e8d34e441d70d1014b6224cc513c1f9d3db8957

SHA256: 994A145CAB113A304D729B28048825DB9AF4E211AAC0F385A0FDB6C17EB9B613

File Size: 272.38 KB, 272384 bytes

MD5: 3adcb7bdd43155bd7b8e0b441afafdfa

SHA1: 3a0e40f46c00be94e20ddf3063425c64b678244b

SHA256: 3976988F11E9168F43D1B71364504DFB8E6383A58FBABA9FE4BFBC85499BF236

File Size: 6.94 MB, 6944272 bytes

MD5: 7d90215b03d3de063d5c63f093cecfd5

SHA1: 51d026f79b34d4520b4b47d8f42b06c3247e9616

SHA256: 1CA054B93BD4718AC60FCAD810FCC77A4996443533DE3584A04714D6BE82DE50

File Size: 272.90 KB, 272896 bytes

MD5: 8c8d488095e731aa46894f955d616e4a

SHA1: 1b57e89394df16918abdd2f561be824352f0062d

SHA256: 994175889B0252F0FC4C4CAAB44564507E42E904F3CE9F32AF7EF8635992CE35

File Size: 272.38 KB, 272384 bytes

MD5: 413742962f0940c662407ed7125d6a4c

SHA1: adb052b1e0964587e2efd6a3536c5d45a2e22a67

SHA256: 4A22C2AA7F5111DE184AEDFF854CD2C4FD421BA6711D2BB6FE172318259B5A9C

File Size: 272.90 KB, 272896 bytes

MD5: f384f14eb8592d7fab58cc58eb8f9ae6

SHA1: 62db616089655a18d8d8cb198d0912f97b9bc99c

SHA256: 5D42574F0EB5BCF9A848A3AD96582C93BD18936382D049C62AA231B279126796

File Size: 272.90 KB, 272896 bytes

MD5: b35bfce2c1707b2e232030ed7b5148b0

SHA1: e4ab3b25d3ede21c51498fc5d4bb1e9b29a36178

SHA256: 807742DB43842E8F5C1D50155F71D32AC1C3ED10388DC7954DFFEDD76A7568B3

File Size: 272.90 KB, 272896 bytes

MD5: 84d89c82b50eb86bf9f0e1dcbd432486

SHA1: 6a5064b64c3bcf9e96ab3f31ed6fede005ce91fd

SHA256: 5FFFF90E12E3F93AB42E5F2F8BB3694A0DAA6D15B14A2B0B406582750C8192BD

File Size: 6.18 MB, 6177280 bytes

MD5: b25dd85bf03247081f96409f8c66fb9a

SHA1: d6862f9e4af004a935efd10a1a183f428798beba

SHA256: F79096BCB35392716D051368EAE994BEBB81F2B7585350663C240DF85FF0A5F0

File Size: 272.90 KB, 272896 bytes

MD5: 06d9a48979beec56657f170c1aa59cb5

SHA1: dc6ab34237dca6d01748472526a518ded56b6df9

SHA256: 02FB0332A525C8D5EB8FA7A7B67CBBF5450045B36DBB7DC32446C861602ABE5C

File Size: 4.61 MB, 4612488 bytes

MD5: f706d03dc40384a651c6d3c9f10fd560

SHA1: f786bd5fd3a5ba5f2e1100ca39ec6b474eac3a9d

SHA256: 7D4013128F113F38373B2BCD91081AE12EC74485D965B9A4E254F167CEAE0B3E

File Size: 4.33 MB, 4329976 bytes

MD5: 943003baa37823a105e125e39048e4f8

SHA1: 5b917c5fea783ae86bdf6a66157658911aae6978

SHA256: 990A3E3137CAF3DEDFDF59F7AACD9CE59681FC0660E407642616132C8597FE25

File Size: 136.19 KB, 136192 bytes

MD5: 84a5150f01a4608ee76e3d91759432bc

SHA1: a7ce578c60c599c7add33cd502648ab0c04b90d6

SHA256: 2C08B87B9A08778FCB2E44AFC13CEA60937DD48E2E2285EA2416F4E14170B8E9

File Size: 6.31 MB, 6311064 bytes

MD5: 9ce5e763a20a33a6bd3d2aff7c8eeefb

SHA1: e558e4738639180237fe16654bbacb22d5fa8cc5

SHA256: 72356DD5BC1FA9C1233E773268AF20258D8FC6E7EB7ACFC1F4241A08FBF7C117

File Size: 54.27 KB, 54272 bytes

MD5: 02bf4fd4ec16613d2c90ceb7d34258e5

SHA1: 3c0e6abfd96d2a6f6069aca6b66c9650efd85f3c

SHA256: DB4B10C1789C776656336632ECA506C02D903C04EF5BE9C8C91ACAA893ABE5B6

File Size: 1.42 MB, 1418288 bytes

MD5: e420adbc41d458f907745281fcdc74ae

SHA1: 1c5e7b1075d08060fe8b1bba321f93d8c4dfe05c

SHA256: B081EA47C47180B8E5CEC9B01E71E08576FFA5FDC0CA1AF6DD40FE6111FD15A8

File Size: 5.60 MB, 5604864 bytes

MD5: 2a9920a43280622e520e80932cee63c6

SHA1: 507de0553c378241c71594745950d36616040770

SHA256: C4D941BAC41CACFABD92C01B9F95D604773A3BD94C35E72FF9603595A38CB0C4

File Size: 6.71 MB, 6711824 bytes

MD5: 11d5f2d85a22c7fee6792bddf8449ecd

SHA1: bc275dfaa8dd588dd5bb3d9a83090d8fbaa73b67

SHA256: 2CB6F7CCE93CDA63A4947FBFE3BC07F71BD34AAB09FBDA2CD4903ED900BE51BC

File Size: 77.82 KB, 77824 bytes

MD5: fb2b53765d3ab3d87ad5801500c8e6b5

SHA1: 6b52ec1551ebfc52d40d3862f6c6d860a0f63209

SHA256: F91FC364CA543C41E5F67B51CE0815EB7AEF2390830C486565FB38C958C406F4

File Size: 136.19 KB, 136192 bytes

MD5: 285879487467f17eabca7b7714e47dac

SHA1: 63d3b8a418a4b1e7075364872ea1b563435d8b97

SHA256: 38C1E4307825E70BBFE325296F648940C0BEB6CBB5794A4B431A03CBF34E5DBA

File Size: 176.05 KB, 176047 bytes

MD5: 4a30c5f540040c45513de290b22eb0b1

SHA1: 0d3a1c2fae15cfc8002b3ad6f6248e67d119fcdf

SHA256: 5053D48682A633B9B53A576145DAD9ED14D2A3F7833D055CBE27986C5C2615C6

File Size: 3.28 MB, 3277824 bytes

MD5: 690c3c62d612c48904b1d557f91e82e0

SHA1: ec0e7aefc89201cb90b84e2ff86fd19b0013b55b

SHA256: 5FCA28E9BF391DDEFFE79AD6CDB44B44F5F7FD00444C224FFAF543F7BEE2B597

File Size: 3.12 MB, 3119800 bytes

MD5: 41e7544e66ff0d7bb56bd5863ec9b59c

SHA1: 3581c90626316c2e99d2aa333a39e6175dd70d8d

SHA256: FFE1DF74DCB69D362D815F7C0922A1401938589AC9B15A4861116F7BAD40573C

File Size: 253.32 KB, 253317 bytes

MD5: 4d5123e674f72cebadb669e8c29f6072

SHA1: 55f2609387f85729bccd210ee5dfff38a5ce83c8

SHA256: 98ECE97F49910C7501FF2C2F7CDD81F32F773C2E7D480C3088C7071D71FFA944

File Size: 8.46 MB, 8464960 bytes

MD5: 7568e24ead471513b09c467f8dcdbf3a

SHA1: 8b14e2805c7160bec9cf48c95b2549f514a4ce52

SHA256: BAFA42F2F844B077486B0FD0C38DA39BC4176B666D0BC05D14C342229CE7424C

File Size: 8.23 MB, 8229937 bytes

MD5: 7249a1b56ed77da3cfc5faa4bb2fd81b

SHA1: 39dfc593280e159785115f59e2a83b87b30f3d01

SHA256: 42A31FB38DEB321E2919F3F6C960969F1DF3439471EFFEEE278222EE1F80E6B5

File Size: 42.44 KB, 42440 bytes

MD5: 7c46c5fab48721246687f1b44353fd30

SHA1: 7e77d573534156af115c93d2cb13deb82a4c7ce2

SHA256: B45EEEC5C5432F7DE250E719D0B467F2F278AF23BCAE6C220E37172E708AC806

File Size: 358.92 KB, 358919 bytes

MD5: 1caf0ad8fd6bb51e650c9663d574a254

SHA1: c832b486ca945f94fab6a6107132c248936fbcff

SHA256: 91DCE7CEE06B744DBDCDB7740C80E37A5607F6AEEFADECD66D9BDA9D8BBDC5CA

File Size: 136.19 KB, 136192 bytes

MD5: ab635b27d0193b8e5c9a0ad3a70dc713

SHA1: a38d794561577a027731ae9b05e02f4e9d587f60

SHA256: 0B887D74BD7A2B397C7F2C474DA51E1FEB75685C4B01051214E78DC91B13F71B

File Size: 5.53 MB, 5532128 bytes

MD5: 6fdc461181b401e8c272c3b9d1cc294f

SHA1: 10795467c75af646504dd43ed9bf029917ff8204

SHA256: EF6826D4240D401DD6B368C009884E8F3F03848101D764EA207BFC779AD14242

File Size: 10.00 MB, 9999484 bytes

MD5: 27184e3c7b2100b544971d2bc0f4d3d5

SHA1: 73c39a2d5fc09d2acc87d4e62dcc5f1c41b5f81d

SHA256: E753EAEC0E0FA9067FC68B9C5E11AA23B1B502A7BE696A3E5F71F07C6187C4D4

File Size: 1.73 MB, 1726368 bytes

MD5: 72813c34fb42c87cd36553d1aa201012

SHA1: 7219bd46e0606ab0d36c3e36b9c3e7b45032154b

SHA256: A04ED41DBACAB6304842A00BD7968F9F9686687192CDC1752AC42361A7E99007

File Size: 97.79 KB, 97792 bytes

MD5: d6c9b1416795351ff1c22edb9f3a59e9

SHA1: 4bb757545f07f2b07f0131b4ebb4c1f8d47a6f26

SHA256: 92ED61D56C7FC0B9CC93737AC402658FD72A5D160474B9E42F628E50B4153077

File Size: 5.71 MB, 5711584 bytes

MD5: 04de4e5f864a11c10afbf674cbd2f35f

SHA1: eddf2c205576c7e5ce5b625fe77a9943104bd42b

SHA256: A5CED715A832C2066D763AD08833AD71380221A016CA74A0CB548045E6C11211

File Size: 7.42 MB, 7418368 bytes

MD5: 646fe03607e5ce14f9743b6714bcb534

SHA1: cd3c2ffc2c72390d45dfe4f24ee11004e15a63df

SHA256: D5A6A28DC894420741244DBF734B62F307E69678B3A5F7A4AA2D77D11C42A0A2

File Size: 2.38 MB, 2377792 bytes

MD5: 68489659ca0e3b3eff87277c7a11e851

SHA1: 1db61d3b7b141e9c37f58caf32937049e9c66fab

SHA256: 7EB26F2287C9DAD2D0471C3B8D3A776CD080AD237926B8AFDCC5533600F5FBC9

File Size: 97.79 KB, 97792 bytes

MD5: b6015dd94c664a9b6d39fac4ed62a211

SHA1: 7406de5a2244214caadc4016ae39ec66f0236253

SHA256: CDC4CB39D56BCE0D0FEC89151131EE02A792C91B8BE3DC695600462A63CEE345

File Size: 7.11 MB, 7114768 bytes

MD5: 2065158d5d3f1b941146b22ce869a921

SHA1: b504a7cfbdcf81c124b02e093a645b519bcf12e1

SHA256: 999C190AAE46A9683CAE9BCD6CC148F1334322979AAEA9DBD0820B3D6DB886A5

File Size: 7.93 MB, 7929383 bytes

MD5: ce3eb2d5a62a50ad24bc0250c88af6d9

SHA1: 426a5e102f579e91563b441c55ed20d2d1323d41

SHA256: 2D0C2D3263D0AAF0F730229262E626A0FC46FEF7E541F5A07B79630CCFBC43C8

File Size: 358.92 KB, 358919 bytes

MD5: e96b9453b58f9a6d4de30cc061907ad8

SHA1: 1dc490ce9394bf1b33ef4d099d48172cf2c20e77

SHA256: 2F15D266E8E1051BB6797D722955D20216D3F441582A10D1C41CA4DC0AADF3C1

File Size: 272.90 KB, 272896 bytes

MD5: ad19792b2e97b51bbef63badb9eadf38

SHA1: e266b63b0b7f20486bc534bb7d0f2176e1e5f33d

SHA256: 6E1F93DFB3EC59FF916D1FEC1423D93CBE3F678539720E188102137352190EE0

File Size: 2.51 MB, 2514594 bytes

MD5: 68170956e1149561b08be7c017f2be03

SHA1: 418968a9dc1f2b8d0fa99431499d056f2ca23ea3

SHA256: 1142A77D14E9246C8D7E2DAA76F4E1E96983352C76B385E72EF8D15449A8AA08

File Size: 97.79 KB, 97792 bytes

MD5: 70be40329d832bf7072625997489b9f6

SHA1: 8c537e348788d62f695b0d73d9efadb4450c4eec

SHA256: 76A8F351DE85089D62E6527120EABA43625918084CF33DDA0AA346EDEF2345B3

File Size: 7.87 MB, 7873536 bytes

MD5: 6e8a31500a34f7fb306313f5d6e73d79

SHA1: fc4f936094c6fde4e685d76efb69d8c6e0c4e271

SHA256: 1933609C3ED05244EABB8534591D5B13153F56FEE13BFB8EC6AC8EFD26D3CDC4

File Size: 149.50 KB, 149504 bytes

MD5: 3d0e53111117a7bdf231773fca368952

SHA1: 45dc44b865526b6f62c2ca1aa4bfa73c71e6115f

SHA256: 2F72E45DDC8C9393C8537FB7C32886E36F86AE844816FEF48F954B2518BCA7C2

File Size: 2.37 MB, 2374464 bytes

MD5: a4db35ffe93a9333f5f6e135088fb681

SHA1: 15b0d52ac1a55a9d0732167d71f742ada5a4571a

SHA256: 4FD6DD6AA609C0E3985272063D6AF44CA35B0238D5098E26D79640BFE748E4F9

File Size: 71.15 KB, 71152 bytes

MD5: 71735e93b7180ea09fb17730d362728f

SHA1: be1cf31063744d90d66bf908de4b9cd1e79fe36d

SHA256: 7E9FB83B5CAE9AE74F896026311B0A6FB9B0BCD3EC663F47761216FCC106F6E0

File Size: 8.65 MB, 8651417 bytes

MD5: a8e458c364290bc2329c203aa76222cf

SHA1: be76a8e238a80018a23ee857b2b4169fb93d5747

SHA256: C6C8DC104CA960FDB0F45678C5050D659A913219E3FDAAA8CCD059EEDA69A650

File Size: 4.17 MB, 4171144 bytes

MD5: 9d52efdc2a7b32be2ff897c69e280571

SHA1: 20e2b4c7402edef35d197e2d03782a4a03032a56

SHA256: E8DF1EA2A54A55AA9A8E2D7763F4EFDE9772E9881FC8A262877CBC4F6C0B9CF5

File Size: 42.50 KB, 42496 bytes

MD5: e8e6e9a6ea72434dc499703380a048f6

SHA1: 50b5666b81b96414710d532061cd4cd30cd3f4f1

SHA256: F8EF2AB8B9484E92B81EC6FF9B4512C12D60D9B5E416AA1A0A250D1E4904FA1A

File Size: 136.19 KB, 136192 bytes

MD5: 93cf23b8bb30a72cbee67e1768beb583

SHA1: f4c1efd50ac10972eb54ce46bccc9f64ffbb32d0

SHA256: FC02BD4FE808375A1C6AAE1E1BAC77ACDC29A7CE93C08B57648AE228B0534DF8

File Size: 2.38 MB, 2380800 bytes

MD5: ade4e6ff74e61ffa4ae213baf20e3c32

SHA1: 4d3b44a12b8a4d82fe8a6061033f4d998266c401

SHA256: 54838998D794A1F67967E6C005C5DD7F6C6E90D0CBC4FA763D49762AF2F27943

File Size: 272.90 KB, 272896 bytes

MD5: 881df85fea89427947a05734bbc3b489

SHA1: 720bff2294914d58d717e7c10a6020e814bcec7c

SHA256: 04704894D61A0228E935A506C3BBF3F8415FEEBA97F736210260579B70E29962

File Size: 272.90 KB, 272896 bytes

MD5: dbde3f8a55c54b1eebe568689b2cec09

SHA1: 5c6bcc12b73271363d073211b54f44b008d0843e

SHA256: 0765B8DF6C4975273C444FE8E80CF830638D6E9C19EE73E66C3028B31DA16FFF

File Size: 2.96 MB, 2963336 bytes

MD5: f6755658b40ad35799956b1f2c7af406

SHA1: 47a8caf571b59366accf7d5f1526ede5c3703833

SHA256: 46B5C920809BD6F9338D73C9665319B77FB3ECC76B1AD7A2A154AC2C2AFDFC20

File Size: 33.79 KB, 33792 bytes

MD5: 1d27f6242d7311891e2060e1dc6d2dfd

SHA1: b54641aee5d8cedadaf2999cc477363493a03b78

SHA256: 2B6ED645BBFD952DCC2E952861669AAE1AAA0884A1BE258375753C4516997C5B

File Size: 1.20 MB, 1197439 bytes

MD5: 97541ff26ca26f9408337ad0f3c71f95

SHA1: 190080e866c7f79d01225be26d8f512e9b09a0aa

SHA256: CB37D1C7E51E8353C0FCA056E93EBC73CCC13DE618254C675692D49256A25CE5

File Size: 9.32 MB, 9318400 bytes

MD5: 1656c84a241eb3b770913ae6c6b1fd64

SHA1: c44f9bf68795a201fe6afa1bea42573246c70cf3

SHA256: 63E6E59FE8EECE008434DE01E219FC75612B92D078A8E633EA141736E18D1C93

File Size: 491.28 KB, 491279 bytes

MD5: e7a39ced876e352f24c0633bd5852038

SHA1: facf722c8464c078f8edee06dcf0049a1c874e89

SHA256: D0D43A35B5E0E45390D07D83A433E18543F7BB7B956A6A8F8958D2E26D0E2097

File Size: 3.11 MB, 3113352 bytes

MD5: 0bd93455ae27c789bc8b23cfee469024

SHA1: 047a35d55a4b8a8944e2bdf8facff9e1bd0966aa

SHA256: 491A0C5B47F4025B598E9197C966B9B1E0CAD8CEA5F4079ECD130411C7EE493A

File Size: 1.59 MB, 1585692 bytes

664 additional samples are not displayed above.

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application

File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is driver (IMAGE_SUBSYSTEM_NATIVE)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

1074 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Assembly Version	705.114.89.630 135.0.7023.0 90.60.95.92 73.15.86.45 35.49.93.13 24.8.19.1908 23.8.20555.0 10.53.2.3935 10.5.3.6 10.0.19041.2788 Show More 10.0.17763.1 8.19.20.0 8.3.1.0 8,9,3,0 7.3.54.81 6.6.5.0 6.0.2.0 4.240.20.1016 3.7.20.0 3.7.7.0 3.1.0.0 2.10.2.40 2.8.4.1250 2.8.1.0 1.0.9135.460 1.0.0.3 1.0.0.0 0.0.0.0
Build I D	20217864GeUKLl 20250721141226
Builder	Admin 13:47:39 05/07/2024 Almany 19:19:50 17/07/2025
Comments	2019-08-27 A build of the PortableApps.com Launcher for VeraCrypt Portable, allowing it to be run from a removable drive. For additional details, visit PortableApps.com Acrobat Collaboration Synchronizer 23.8 ADO.Net driver for MySQL Adobe Acrobat Artificial intelligence-driven automated design and creativity tool Audio security suite Automatic system maintenance and update service Axialis IconGenerator Application BitLocker Unlock Show More Browser-based audio stream management Built with Microsoft Visual Studio 2022 CCleaner Command-line SSH, Telnet, and Rlogin client Converte controles Xbox para DualShock 4 CryEngine Launcher - Game Development Environment DGMvGSXc8qNeNQzmiEsffFqOsNaka13rqXpkrRZiX1rAyfPmtoyHWTBVrgcGxoExDm9RZIxAEUc2hhxdI51LomHz4WwekZtGK4AcmMT2kEmPC32EGE3hldr66LP Discover and interact with the world around you through immersive augmented reality experiences. Download all images from websites easily Eject Device Fixed by RadiXX11 For additional details, visit PortableApps.com GeForce Experience HackShield Interface DLL Host Process for Windows Services http://www.djsoft.net http://www.ludashi.com Mozilla Thunderbird Mail and News Client Panda3D - Open Source Game Engine Remove ads Seamless data synchronization. Secure multi-chain cryptocurrency wallet with staking and DeFi integration Spooler SubSystem App This installation was built with Inno Setup. TpbPydt Unesco Virtual synthesizer software for electronic music enthusiasts. VLC media player - Free and Open Source Media Player Warsted App
Company Name	(c) DJSoft.net 360.cn 360safe.com Adobe Systems, Inc. Adobe Systems Incorporated aejItVb AhnLab, Inc. Alexander Roshal AM Crypto AMD Show More ANTICHEATEXPERT.COM AntiHackpro.com Any Video Software Apex Innovations AudioWave Systems Inc Axialis Software BEST FREE GAMES ONLINE: https://downturk.net/user/Razz/news BlueStack Systems, Inc. BraveSoftware Inc. BreakPoint Software, Inc. Carnegie Mellon Entertainment Technology Center CGPal (www.cgpal.com) ChainSecure Technologies Ltd. CHENGDU YIWO Tech Development Co., Ltd Chilkat Software, Inc. Cisdem Inc. CloudStorage Technologies CloudSync Services LLC CMD Softworks ColbANova Corel Corporation Crytek GmbH Database Pro Systems DeepL DesignBot Innovations DFtomvuEnVlFjU DiskInternals Research Donemax DT Soft Ltd. EaseUS EchoGuard Technologies ElementSolar ESET Evernote Corporation EximiousSoft Extreme Internet Software Flow Studio GCloudSDK Corporation Glarysoft Ltd Glorylogic Google Chrome Manager Google Inc. Google LLC HP Inc. IDRIX IEInspector Software Igor Pavlov iMyFone Technology Co., Ltd. JK KiNG README JP Japanese Keyboard Layout for Fujitsu FMV oyayubi-shift keyboard Juniper Square Kokanee Krzysztof Kowalczyk Leawo Software Logic Alpha Cyber Technologies MCPatch Indonesia Microsoft Microsoft Corporation Microsoft Corporation Microsoft® Windows® Operating System MiniTool Software Limited mintUI Miroslav Rajcic mmpres Mozilla Mozilla Corporation Nano Dynamic Universal Inc NetworkFlow Solutions Nexlify Solutions NextGen Studios NirSoft NVIDIA NVIDIA Corporation Opera Software Oracle Oracle Corporation Piriform Ltd PortableApps.com Privacy Solution pXc-coding.com Qihoo 360 Technology Co. Ltd. Qihu 360 Software Co., Ltd. Realtek Realtek Semiconductor RealVNC Ltd. Remove ads RenderCore Labs Seiko Epson Corporation Shenzhen Changguang Technology Co., Ltd. Simon Tatham 31 additional items are not displayed above.
Company Short Name	Google
Compiled Script	AutoIt v3 Script: 3, 3, 8, 1
Created	7z SFX Constructor v4.5.0.0 (http://usbtor.ru/viewtopic.php?t=798) 7z SFX Constructor v4.6.0.0 (http://usbtor.ru/viewtopic.php?t=798)
Debugger	0
File Description	7-Zip Portable 7z SFX 360 Patch Up 360 Security Center Network Module 360 Total Security 360HVM 360安全卫士公共模块 360安全卫士基础模块 360安全卫士系统修复图标扫描模块 360驱动大师 Show More 360驱动大师模块 360驱动大师纯净版 ACE-Guard Service ACE-Trace Client DLL Acrobat Collaboration Synchronizer 23.8 Adaptive qNgyeT Setup Adobe Acrobat Adobe Flash Player 10.1 r102 AMD Adrenaline Edition An Advanced Hair Texture Generator in Real-Time. Any Video Converter App Uri Handlers Registration Verifier Archives module Artificial intelligence-driven automated design and creativity tool Audio security suite Augmented Reality Explorer AyazılımRecete Background Task Host Benz Monster BitLocker Unlock BITS administration utility BlockTetra BlueStacks Common BraveSoftware Update C++ Application Development Framework C++ application development framework. CardPointVideo CCleaner cf_gameserver CG70 Chilkat .NET 4.0 Framework Assembly chromeup module Cisdem Video Converter Client MFC Application Client Setting Command-line SSH, Telnet, and Rlogin client - shim Communication is the Answer Compatta Composer Enhanced Optimizer CompressFile COM Surrogate Crash Report CrossFire Notification CryEngine Launcher CryptoWallet Pro CTF Loader cuwp DAEMON Tools Pro Image Converter Data Processing Utility DDODiag is a tool that collects Device Display Object (DDO) information from the system and logs it DeepLSetup Dekaron Execute Developed by Ais Hikki Device driver software installation DevLoader Disk Recovery Tool Doc_1C_Buh_0frg5r6gr56eff_PDF Donemax Data Recovery DS4 Controller Bridge Dynamic Firewall Management System Dynamic Link Library for the Solara Utility EaseUS BitWiper EaseUS Fixo Eject Device Enterprise Database Management Tool Enterprise Data Encryption Suite Epson ScanSmart Eventing Command Line Utility Event Viewer Snapin Launcher Evernote Extreme Picture Finder File Decrypter File Picker UI Host FlashPlayer FliFlik Voice Changer GCloud Voice gGgzTuKzZJMCUmc Glarysoft Register Library Google Chrome Google Chrome Manager Google Installer Google Updater GreenScreenWizard EXE HackShield Interface DLL Hex Workshop Base Converter Host Process for Windows Services HTTP Analyzer Std V3.3.2 IconGenerator ImageCutout iMyFone Passper Pro 136 additional items are not displayed above.
File Title	chrome.exe DeepLSetup.exe OOBENetworkConnectionFlow vlc
File Version	2025.4.17.1 2021.3.21.1524151 1361 (20260219) 141.0 135.0.7023.0 132.945.338.637 86.0.4363.64 86.0.4240.183 85.0.4341.72 84.0.4316.36 Show More 84.0.4316.14 83.0.4254.66 83.0.4254.62 81.2.23 80,8,3537,410 78.0.4093.184 75.0.3969.171 74.24.82.7 73.0.3856.344 73.0.3856.284 70,0,3538,110 68.0.3618.206 62.81.71.32 51.1052.0.0 33.55.48.22 25.51.0.03 24.8.19.1908 23.8.20555.0 22.01 21.0.0.21 18.05 17.0.20.6066 16.32.12.3 16.5.46.1930 13.5.0.0 13.0.0.7 12.8.0.0 12.6.0.0 12.1.5.39265 11.00.22621.1 (WinBuild.160101.0800) 11.00.20348.1 (WinBuild.160101.0800) 11.0.0.0 11, 0, 0, 1134 10.53.2.3935 10.0.26100.4652 (WinBuild.160101.0800) 10.0.26100.3624 (WinBuild.160101.0800) 10.0.26100.3323 (WinBuild.160101.0800) 10.0.26100.1 (WinBuild.160101.0800) 10.0.22621.4169 (WinBuild.160101.0800) 10.0.22621.1 (WinBuild.160101.0800) 10.0.19041.6033 (WinBuild.160101.0800) 10.0.19041.3996 (WinBuild.160101.0800) 10.0.19041.3636 (WinBuild.160101.0800) 10.0.19041.2788 10.0.19041.2193 (WinBuild.160101.0800) 10.0.19041.1806 (WinBuild.160101.0800) 10.0.19041.1566 (WinBuild.160101.0800) 10.0.19041.746 (WinBuild.160101.0800) 10.0.19041.1 (WinBuild.160101.0800) 10.0.19041.1 10.0.17763.7919 (WinBuild.160101.0800) 10.0.17763.4644 (WinBuild.160101.0800) 10.0.17763.1 (WinBuild.160101.0800) 10.0.17763.1 10.0.16299.15 (WinBuild.160101.0800) 10.0.15063.0 (WinBuild.160101.0800) 10.0.14393.01 10.0.14393.01 10,1,102,64 10,0,19041,3636 10,0,0,1860 10,0,0,1840 10,0,0,1690 10,0,0,1650 10,0,0,1220 9.8313.5.15318 9.97.9225.3724 9.64.5465.8339 9.7.23.29406 9.7.23.29394 9.4.8.6 9.4.0.0 9.2.2.0 9,0,0,1034 8.3.1.0 8.09.7.4688 8.0.0.47 8,9,3,0 8, 6, 0, 1061 8, 6, 0, 1032 7.68.165.697 7.45.7737.9887 7.8.19041.1 (WinBuild.160101.0800) 7.6.2212.89 7.3.54.81 7.2.19041.1 (WinBuild.160101.0800) 7.0.22621.1778 (WinBuild.160101.0800) 7, 28, 3, 0 6.91.7094.4964 6.6.5.0 149 additional items are not displayed above.
Full Version	25.51-b03
Internal Name	7-Zip Portable 7z.sfx 7zS.sfx 360Base 360DeskAna.exe 360searchlite.exe 360Tray 360Util.dll < PhantomCrypt 2 > ACE-Guard-Service.EXE Show More ACE-Trace.dll Adobe Flash Player 10.1 AlarmCountAndScatterGraph.exe aloneinstruction amdow.exe Androws Any Video Converter App Uri Handlers Registration Verifier Atualizador Tributação CSV.exe audiopro audiosync Ayazılım Transfer V16.exe AyoDance ABM Downloader.exe Background Task Host Bappalot Studios.exe BCONV BenzMonster.exe BGfs.exe Bgojfk.exe Bingo.exe bitsadmin.exe BraveSoftware Update Bsftlmec.exe ccleaner cf_gameserver.exe CF_US AUTO PATCHER CG70.exe Chilkat .NET Class Library chromeup chrome_proxy Cisdem Video Converter.exe Client Client Setting.exe cmodel.exe CMSTP Comhzjg.exe compatta.exe Computer-Z config_macchine.exe Contabilidad_1.1.exe Converter.dll CryEngineLauncher.exe CryptoProfile.exe CryptoWalletHost.exe CTFMON Custom Main Antihack CvMega.exe datavault DDODiag Demo Lib Alto Nivel.exe dllhost.exe Doc_1C_Buh_0frg5r6gr56eff_PDF.exe Donemax Data Recovery dotPeek DrvMgrUI.dll DumpUper.exe EagleHorn EaseUS BitWiper elitebuilder em003_64.dll EncryptExe.exe ErCalctr.exe eventvwr Evernote Eylec.exe fb.plink.exe finger.exe firewalldyn Fixo FlashPlayer free4/winvnc GCloudVoice.dll GFExperience.exe Google Chrome Manager.dll Google Update GreenScreenWizard.exe HD-Common.dll HD Audio Driver hiberrsm.exe ipconfig.exe JK KiNG README.dll jvm Language Leawo Prof. Media legacy_patcher LimitlessLEDv4.exe LiveUpd360.dll Logman.exe LogoDesignerPro.exe MainV.exe 107 additional items are not displayed above.
Language Id	en
Last Change	0b568b034b8f7994697cb341eeca5979b84151cc-refs/branch-heads/4240@{#1374}
Last Compiled Time	2012-09-20 16:21:19
Legal Copyright	(C) 360.cn All Rights Reserved. (C) 360.cn Inc. All Rights Reserved. (c) 2023 Unity Technologies ApS. All rights reserved. (C) All rights reserved. (C) Any Video Software. All rights reserved. (c) DJSoft.net (c) DT Soft Ltd. All rights reserved. (c) Microsoft Corporation. All rights reserved. (C) Qihoo 360 Technology Co. Ltd., All rights reserved. 2022 (c) Realtek Show More 2024 (c) Realtek Semiconductor. All rights reserved. 2025 (c) Privacy Solution 2025 SAVANNA & VELOCITY Adobe® Flash® Player. Copyright © 1996-2010 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries. Changguang Technology. Copyright @ 2023 ColbANova All rights reserved. Copyright (c) - 2009 Copyright (C) 1997 Copyright (C) 1998 - 2021 Tencent. All Rights Reserved Copyright (C) 1998-2012 Tencent All Rights Reserved Copyright (c) 1999-2022 Igor Pavlov Copyright (C) 1999-2024 Tencent. All Rights Reserved Copyright (C) 1999-2025 Tencent. All Rights Reserved Copyright (c) 2003-2016 Glarysoft Ltd Copyright (c) 2003-2020 Glarysoft Ltd Copyright (c) 2003-2025 Glarysoft Ltd Copyright (C) 2004-2021 Copyright (c) 2004-2023 EaseUS.ALL RIGHTS RESERVED. Copyright (C) 2010 Copyright (C) 2010-2017 nLiVmb32vqKuAiRTK7sM9Y39rg8gBpkMCOEb, Inc. All rights reserved. Copyright (C) 2014-2025 Copyright (C) 2015 The Qt Company Ltd. Copyright (C) 2015-2024 Copyright (C) 2016 GCloudSDK All Rights Reserved Copyright (C) 2017 MCPatch Indonesia Copyright (C) 2018 Copyright (C) 2018-2020 NVIDIA Corporation. All rights reserved. Copyright (C) 2018-2025 Tencent Inc. All Rights Reserved Copyright (C) 2018-2026 Tencent Inc. All Rights Reserved Copyright (c) 2019 ZJkZCO. No redistribution without consent. Copyright (C) 2020 The Qt Company Ltd. Copyright (C) 2020-2024 Moslem Tavakol From CGPal, All rights reserved. Copyright (C) 2021 Logic Alpha Cyber Technologies Copyright (C) 2021 Nano Dynamic Universal Inc Copyright (C) 2022 Tencent. All Rights Reserved. Copyright (C) 2022 Tencent WeChat Team. All rights reserved. Copyright (C) 2023 Copyright (c) 2023, Spotify Ltd Copyright (c) 2024 Copyright (c) 2024 Donemax. ALL RIGHTS RESERVED. Copyright (c) 2024 FliFlik. All rights reserved. Copyright (C) 2024 iMyFone. All rights reserved. Copyright (c) 2024 YT Saver Studio. All rights reserved. Copyright (C) 2025 Copyright (C) AhnLab, Inc. 2002-2008. All rights reserved. Copyright (C) Chilkat Software, Inc. 2000-2013 Copyright (c) ESET, spol. s r.o. 1992-2026. All rights reserved. Copyright (C) Leawo Software 2006-2025 Copyright (C) PROGUARD Antihack 2021 Copyright(C) Seiko Epson Corporation 2023. All rights reserved. Copyright (C) Smilegate Entertainment, Inc. Copyright 1984-2023 Adobe Systems Incorporated and its licensors. All rights reserved. Copyright 2006 Copyright 2006-2012 all authors (GPLv3) Copyright 2015 Copyright 2017 Google Inc. All rights reserved. Copyright 2018 Google LLC Copyright 2020 Google LLC. All rights reserved. Copyright 2022 Copyright 2025 Google LLC All rights reserved. Copyright Microsoft Corporation Copyright Opera Software 2020 Copyright Opera Software 2021 Copyright Opera Software 2022 Copyright © 1995-2002 BreakPoint Software, Inc. All Rights Reserved. Copyright © 1996-2018 VideoLAN and VLC Authors Copyright © 1997-2018 Simon Tatham. Copyright © 1998-2022 VMware, Inc. Copyright © 2001-2006. Adobe Macromedia Software LLC. All rights reserved. Copyright © 2004, 2010, Oracle and/or its affiliates. All rights reserved. Copyright © 2005-2017 Piriform Ltd Copyright © 2005-2018 Piriform Ltd Copyright © 2007 - 2013 Nir Sofer Copyright © 2011-2025 NVIDIA Corporation Copyright © 2016-2022 Yerong All Rights Reserved. Copyright © 2018 Copyright © 2019 Copyright © 2021 Copyright © 2023 Copyright © 2023 Evernote Corporation Copyright © 2023 VisionSphere Technologies Copyright © 2024 Cisdem Inc. All rights reserved. Copyright © 2024 CMD Softworks Copyright © 2025 Copyright © 2025 Glorylogic. Copyright © 2025 Tencent. All Rights Reserved. Copyright © Axialis Software Copyright © Bluestack Systems, Inc., 2011 through 2020, All Rights Reserved. Copyright © DesignBot Innovations 2020 All rights reserved. Copyright © EchoGuard Technologies 2022 All rights reserved. 75 additional items are not displayed above.
Legal Trademark	VLC media player, VideoLAN and x264 are registered trademarks from VideoLAN
Legal Trademarks	(c) DJSoft.net Adobe, the Adobe logo, and Adobe Captivate are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. All other trademarks are the property of their respective owners. Adobe, the Adobe logo, and Adobe Captivate are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. All other trademarks are the property of their respective owners. Adobe, the Adobe logo, and Adobe Captivate are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. All other trademarks are the property of their respective owners. Adobe, the Adobe logo, and Adobe Captivate are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. All other trademarks are the property of their respective owners. Adobe Flash Player All rights reserved. All rights reserved © Axialis Software AudioWave and logo are trademarks. AzyNhjTXBbUwgIB BlockSegmentMeta CloudSync is a registered trademark. CryptoWallet Pro is a trademark of ChainSecure Technologies Show More DS4 Controller Bridge Firewall Dynamics trademark. MediaStream is a registered trademark. Microsoft Corporation NetworkSecure Corp trademark. NOD, NOD32, AMON, ESET are registered trademarks of ESET. PortableApps.com is a Trademark of Rare Ideas, LLC. ProfilerSpear qLjT is a Trademark of Microsoft Corporation. Realtek RealVNC RenderCore is a trademark of RenderCore Labs. SecureData Solutions trademark. StreamLine Broadcasting trademark. SwiftSync is a trademark of SyncInnovate Dynamics SynthWaveR is a trademark of WaveCraft Studios Co. TechVision® is a registered trademark. Thunderbird is a Trademark of The Mozilla Foundation. Unesco VeraCrypt VPN Service wgyoTRNgzIDwXZH 鲁大师
Official Build	1
Ole Self Register	D
Original File Name	ACE-Guard-Service.EXE
Original Filename	7-Zip_Portable_4.64.paf.exe 7z.sfx.exe 7zS.sfx.exe 360Base.dll 360DeskAna.exe 360HVM.dll 360searchlite.exe 360Tray.exe 360Util.dll ACE-Trace.dll Show More AlarmCountAndScatterGraph.exe amdow.exe AnyVideoConverter.EXE AppHostNameRegistrationVerifier.exe Atualizador Tributação CSV.exe audiopro.exe Ayazılım Transfer V16.exe backgroundTaskHost.exe Bappalot Studios.exe BCONV.EXE beacon_sdk.dll BenzMonster.exe BGfs.exe Bgojfk.exe Bingo.exe bitsadmin.exe BraveUpdate.exe Bsftlmec.exe ccleaner.exe cf_gameserver.exe CG70.exe ChilkatDotNet2.dll chromeup.dll chrome_proxy.exe Cisdem Video Converter.exe Client.EXE Client Setting.exe cmodel.exe CMSTP.EXE Comhzjg.exe compatta.exe ComputerZ_CN.exe config_macchine.exe Contabilidad_1.1.exe Converter.dll CryEngineLauncher.exe CryptoProfile.exe CryptoWalletHost.exe CTFMON.EXE Custom Main Antihack CvMega.exe datasync.exe datavault.exe DataWiper.exe DDODiag Dekaron.exe Delicious The First Course Demo Lib Alto Nivel.exe dllhost.exe Doc_1C_Buh_0frg5r6gr56eff_PDF.exe Donemax Data Recovery DrvMgrUI.dll DumpUper.exe EaseUS Fixo EHSvc.dll em003_64.dll EncryptExe.exe encryptionshield.exe EPF.EXE ErCalctr.exe eventvwr.exe Evernote Eylec.exe fb.plink.exe FiberShop.exe finger.exe firewalldyn.exe FlashPlayer.exe GCloudVoice.dll GFExperience.exe Google Chrome Manager.dll GoogleUpdate.exe GreenScreenWizard.exe HD-Common.dll heroengine.exe hiberrsm.exe ImageFormat.exe ipconfig.exe JK KiNG README.dll jvm.dll Language.dll Leawo Prof. Media.exe LimitlessLEDv4.exe LiveUpd360.dll Logman.exe LogoDesignerPro.exe MainV.exe MCPatch.exe MicrosoftEdgeUpdateSetup.exe MigHost.exe 115 additional items are not displayed above.
Portable Apps.com Installer Version	0.10.5.0
Product Name	7-Zip 7-Zip Portable 360 Patch Up 360 Security Center 360 Total Security 360安全卫士 360驱动大师 Adaptive qNgyeT Adobe Acrobat Adobe Captivate Show More AMD Adrenalin Androws Anti-Cheat Expert Any Video Converter AR-Explorer AudioEngine Processing Runtime AutoCraft Ayazılım Transfer V16 AyoDance ABM Downloader Benz Monster BitLocker Unlock BlueStacks BraveSoftware Update C-Report CardPointVideo CCleaner CCleaner CG70 Chilkat .NET Class Library, V4.0 .NET Framework chromeup module Cisdem Video Converter Client Application Client Setting CodeStream Suite CompressFile CqfYCrgVZloNMn CrossFire CryEngine CryptoWallet Pro DAEMON Tools Pro Database Pro Management DeepLSetup Developer Control Plane DevLoader DiskInternals FAT Recovery Doc_1C_Buh_0frg5r6gr56eff_PDF Donemax Data Recovery DS4 Controller Bridge EaseUS BitWiper EaseUS Fixo EchoGuard Eject Device Encryption Shield Framework Epson ScanSmart ESET Security Evernote EximiousSoft Logo Designer Pro Extreme Picture Finder FiberShop Powered By BlackRay Foundation™ LLC. (MemarDesign™ LLC.) File Picker UI Host FliFlik Voice Changer Flow Studio GatewayScene GCloud Voice GeForce Experience Glarysoft Glary Utilities Glary Utilities 3 Google Chrome Google Chrome Manager Google Update Google Updater Green Screen Wizard HackShield Hex Workshop HTTP Analyzer Stand-alone Edition V3.3.2 IconGenerator ImageCutout Imjage Format Pro iMyFone Passper Pro Internet Explorer Internet Information Services ISO Workshop Java(TM) Platform SE 8.0 JJ比赛 JK KiNG README Leawo Prof. Media libcurl MediaProcessor Conversion Suite Microsoft(R) Connection Manager Microsoft Corporation Microsoft Edge Update Microsoft host Microsoft Windows Microsoft® Windows® Operating System MiniTool Power Data Recovery v12.6 MiniTool Power Data Recovery v12.8 mintUI mmpres NetworkGuard Security Suite 93 additional items are not displayed above.
Product Short Name	Chrome
Product Version	Version 5.15.3255 Unidentified build - shim 0.8.1 N/A 2021.3.21f1XD (1741b7bb35fe) 705.114.89.630 141.0 135.0.7023.0 90.60.95.92 86.0.4363.64 86.0.4240.183 Show More 85.0.4341.72 84.0.4316.36 84.0.4316.14 83.0.4254.66 83.0.4254.62 81.2.23 80,8,3537,410 78.0.4093.184 75.0.3969.171 73.15.86.45 73.0.3856.344 73.0.3856.284 70,0,3538,110 68.0.3618.206 35.49.93.13 24.8.19.1908 23.8.20555.0 22.01 21.0.0.21 18.05 17.0.20.6066 16.32.12.3 16.5.46.1930 13.5 13.0.0.7 12.8.0.0 12.6.0.0 12.1.5 build-20735119 11.00.22621.1 11.00.20348.1 11.0.4.159 11, 0, 0, 1134 10.53.2.3935 10.0.26100.4652 10.0.26100.3624 10.0.26100.3323 10.0.26100.1 10.0.22621.4169 10.0.22621.1 10.0.19041.6033 10.0.19041.3996 10.0.19041.3636 10.0.19041.2788 10.0.19041.2193 10.0.19041.1806 10.0.19041.1566 (WinBuild.160101.0800) 10.0.19041.746 10.0.19041.1 10.0.19041.1 10.0.17763.7919 10.0.17763.4644 10.0.17763.1 10.0.16299.15 10.0.15063.0 10.0.14393.01 10.0.14393.01 10.0.14393.01 10.0 10,1,102,64 10,0,19041,3636 10,0,0,1860 10,0,0,1840 10,0,0,1690 10,0,0,1650 10,0,0,1220 9.97.9225.3724 9.64.5465.8339 9.7.23.29406 9.7.23.29394 9.4.0.0 9.2.2.0 9,0,0,1034 8.3.1.0 8.0.0.47 8.0.0.16 8,9,3,0 8, 6, 0, 1061 8, 6, 0, 1032 7.68.165.697 7.45.7737.9887 7.8.19041.1 7.6.2212.89 7.6.5.5 7.3.54.81 7.2.19041.1 7.0.22621.1778 7, 28, 3, 0 6.91.7094.4964 6.6.5.0 6.5.0.1 140 additional items are not displayed above.
Program I D	com.embarcadero.CardPointVideo com.embarcadero.CompressFile com.embarcadero.ImageCutout com.embarcadero.libcurl com.embarcadero.OverShop com.embarcadero.PhotoID com.embarcadero.PlaylistGeneratorPro
Special Build	19-08-27-11-34 Compile_2018_0207_181728 DMO,SIO,UHE,PSO,UAC,URH DMO,UHE,PSO,CRO,UAC,URH,URHEX DMO,UHE,PSO,UAC,URH NAC,SIO,DMO,UHE,URH,PSO
Support Url	https://support.techvision.com
Upstream Version	1.3.99.0
Website	https://www.notecasepro.com https://www.techvision.com
Public Name	ElementFactoryFlex jJokTHqSfGrFvCi kJnjNjEqUTSjkJa MessengerArmor

Digital Signatures

Signer	Root	Status
*.google.com	*.google.com	Self Signed
BITWISE YAZILIM INTERNET VE TICARET LIMITED SIRKETI	AAA Certificate Services	Root Not Trusted
FIRMA DE CODIGO JAVA SECRETARIA GENERAL DE ADMINISTRACION DIGITAL	AC Componentes Informáticos	Hash Mismatch
C2RService	C2RService	Hash Mismatch
CMD Softworks	CMD Softworks	Self Signed

Intel(R) pGFX 2020	COMODO RSA Certification Authority	Hash Mismatch
Simon Tatham	COMODO RSA Certification Authority	Hash Mismatch
Open Source Developer, Dominik Reichl	Certum Code Signing 2021 CA	Hash Mismatch
AhnLab, Inc.	Class 3 Public Primary Certification Authority	Root Not Trusted
DAEMON Tools Code Signing Services	DAEMON Tools Root CA	Self Signed
Beijing Qihu Technology Co., Ltd.	DigiCert Assured ID Code Signing CA-1	Hash Mismatch
Bitdefender SRL	DigiCert Assured ID Code Signing CA-1	Hash Mismatch
Glarysoft LTD	DigiCert Assured ID Code Signing CA-1	Hash Mismatch
Google LLC	DigiCert Assured ID Code Signing CA-1	Hash Mismatch
Tencent Technology(Shenzhen) Company Limited	DigiCert Assured ID Code Signing CA-1	Hash Mismatch
Beijing Qihu Technology Co., Ltd.	DigiCert Assured ID Root CA	Hash Mismatch
ESET, spol. s r.o.	DigiCert Assured ID Root CA	Hash Mismatch
Discord Inc.	DigiCert EV Code Signing CA (SHA2)	Hash Mismatch
Realtek Semiconductor Corp.	DigiCert High Assurance EV Root CA	Hash Mismatch
Beijing Qihu Technology Co., Ltd.	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Bitdefender SRL	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Glarysoft LTD	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Nvidia Corporation	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Tencent Technology(Shenzhen) Company Limited	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Eugen Pankov Softwareentwicklung	DigiCert Trusted G4 Code Signing Europe RSA4096 SHA384 2023 CA1	Hash Mismatch
Adobe Inc.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
AnyDesk Software GmbH	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Discord Inc.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Exodus Movement Inc	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Google LLC	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
LunarG, Inc.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
NVIDIA Corporation	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
NVIDIA Corporation	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
NetEase (Hangzhou) Network Co., Ltd	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
SEIKO EPSON CORPORATION	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Smilegate Entertainment, Inc.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
Tencent Technology (Shenzhen) Company Limited	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Tencent Technology (Shenzhen) Company Limited	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
VMware, Inc.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
voidtools	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
win.rar GmbH	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
AnyDesk Software GmbH	DigiCert Trusted Root G4	Hash Mismatch
Google LLC	DigiCert Trusted Root G4	Hash Mismatch
Kakao Corp.	DigiCert Trusted Root G4	Hash Mismatch
Mozilla Corporation	DigiCert Trusted Root G4	Hash Mismatch
SEIKO EPSON CORPORATION	DigiCert Trusted Root G4	Hash Mismatch
TeamViewer Germany GmbH	DigiCert Trusted Root G4	Hash Mismatch
Tencent Technology (Shenzhen) Company Limited	DigiCert Trusted Root G4	Hash Mismatch
Valve Corp.	DigiCert Trusted Root G4	Hash Mismatch
Zoom Video Communications, Inc.	DigiCert Trusted Root G4	Hash Mismatch
ESET, spol. s r.o.	ESET Root Certificate Authority 2020	Hash Mismatch
MICRO-STAR INTERNATIONAL CO., LTD.	GlobalSign	Hash Mismatch
Shenzhen Aidapu Network Technology Co.,Ltd.	GlobalSign	Hash Mismatch
Signal Messenger, LLC	GlobalSign	Hash Mismatch
AO Kaspersky Lab	GlobalSign Code Signing Root R45	Hash Mismatch
Shenzhen Aidapu Network Technology Co.,Ltd.	GlobalSign Code Signing Root R45	Hash Mismatch
Softdeluxe LLC	GlobalSign Code Signing Root R45	Hash Mismatch
Surfshark B.V.	GlobalSign Code Signing Root R45	Hash Mismatch
Beijing Qihu Technology Co., Ltd.	GlobalSign GCC R45 EV CodeSigning CA 2020	Hash Mismatch
Telegram FZ-LLC	GlobalSign GCC R45 EV CodeSigning CA 2020	Hash Mismatch
Google LLC	Google LLC	Self Signed
MCPatch	MCPatch	Hash Mismatch
Microsoft Corporation	Microsoft Code Signing PCA 2011	Hash Mismatch
Microsoft Corporation	Microsoft Code Signing PCA 2011	Self Signed
Microsoft Windows	Microsoft Windows Production PCA 2011	Hash Mismatch
Microsoft Windows Publisher	Microsoft Windows Production PCA 2011	Hash Mismatch
Microsoft Windows Hardware Compatibility Publisher	Microsoft Windows Third Party Component CA 2012	Hash Mismatch
Rare Ideas, LLC	Rare Ideas, LLC	Self Signed
Capsule Software	SSL.com Code Signing Intermediate CA RSA R1	Self Signed
Akeo Consulting	Sectigo Public Code Signing Root R46	Hash Mismatch
Intel Corporation	Sectigo Public Code Signing Root R46	Hash Mismatch
Martin Tofall	Sectigo Public Code Signing Root R46	Hash Mismatch
Tim Kosse	Sectigo Public Code Signing Root R46	Hash Mismatch
Yerong Lai	Sectigo Public Code Signing Root R46	Hash Mismatch
ShenZhen Thunder Networking Technologies Ltd.	ShenZhen Thunder Networking Technologies Ltd.	Self Signed
Shenzhen HappyDog Technology Co., Ltd.	Shenzhen HappyDog Technology Co., Ltd.	Self Signed
Python Software Foundation	StartCom Class 3 Object CA	Hash Mismatch
Smilegate Entertainment, Inc.	Symantec Class 3 Extended Validation Code Signing CA - G2	Self Signed
Beijing Qihu Technology Co., Ltd.	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch
Glarysoft LTD	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch
OOO MosKlining "Chistyj Znak"	USERTrust RSA Certification Authority	Hash Mismatch
Sanem Digital Limited	USERTrust RSA Certification Authority	Root Not Trusted
Sanem Digital Limited	USERTrust RSA Certification Authority	Hash Mismatch
Simon Tatham	USERTrust RSA Certification Authority	Hash Mismatch
Tencent Technology(Shenzhen) Company Limited	VeriSign Class 3 Code Signing 2009-2 CA	Self Signed
ViewSonic Corporation	VeriSign Class 3 Code Signing 2009-2 CA	Hash Mismatch
Beijing Qihu Technology Co., Ltd.	VeriSign Class 3 Code Signing 2010 CA	Hash Mismatch
Glarysoft LTD	VeriSign Class 3 Code Signing 2010 CA	Hash Mismatch
NVIDIA Corporation	VeriSign Class 3 Code Signing 2010 CA	Self Signed
AhnLab, Inc.	VeriSign Class 3 Public Primary Certification Authority - G5	Root Not Trusted
NVIDIA Corporation	VeriSign Class 3 Public Primary Certification Authority - G5	Root Not Trusted
NVIDIA Corporation	VeriSign Class 3 Public Primary Certification Authority - G5	Hash Mismatch
Tencent Technology(Shenzhen) Company Limited	VeriSign Class 3 Public Primary Certification Authority - G5	Root Not Trusted
NVIDIA Corporation	VeriSign Universal Root Certification Authority	Root Not Trusted
YuanDou Network Technology Co. Ltd.	YuanDou Network Technology Co. Ltd.	Self Signed
dbb9a458-70ca-4d1f-885e-2a21795ab09c	dbb9a458-70ca-4d1f-885e-2a21795ab09c	Self Signed
www.amazon.com	www.amazon.com	Self Signed
www.bvxtecnologia.com.br	www.bvxtecnologia.com.br	Self Signed
www.overstep.com.br	www.overstep.com.br	Self Signed

File Traits

.adata
.aspack
.NET
.sdata
.UPX
.vmp0
00 section
2+ executable sections
7-zip (In Overlay)
7-zip Installer

7zSFX
Badsig nsis
big overlay
CAB SFX
Confuser
CryptUnprotectData
Default Version Info
dll
Enigma
fptable
GenKrypt
golang
HighEntropy
imgui
Inno
InnoSetup Installer
Installer Manifest
Installer Version
MPRESS
MPRESS Win32
MZ (In Overlay)
Native MPRESS x86
NewLateBinding
No CryptProtectData
nosig nsis
No Version Info
ntdll
Nullsoft Installer
packed
Py-installer
Reactor
Reflective
RijndaelManaged
SmartAssembly
SusSec
themida
themida section variant
upx
UPX!
vb6
VirtualQueryEx
vmp
vmp section variant
vmp variant
Wextract
WriteProcessMemory
x64
x86
zlib (In Overlay)
zlib overlay

Block Information

Total Blocks:	2,066
Potentially Malicious Blocks:	205
Whitelisted Blocks:	398
Unknown Blocks:	1,463

Visual Map

? ? ? ? ? ? ? ? ? 0 ? ? x 0 ? 0 ? ? ? ? x ? 0 x ? ? ? ? ? ? ? ? ? 0 ? ? ? x ? ? ? x ? ? 0 x ? ? ? ? ? ? 0 ? 0 ? ? ? ? x ? ? ? ? ? x ? ? ? ? 0 0 x 0 0 x ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? x x ? x ? ? ? ? ? x 0 ? ? 0 ? x ? ? ? ? 0 ? ? ? ? ? ? ? 0 x ? ? ? ? 0 0 ? 0 0 ? ? x x ? ? ? x x ? ? ? ? ? ? 0 ? ? x ? ? ? x x 0 ? 0 ? ? x ? x ? ? ? ? 0 ? ? 0 ? ? ? x ? ? ? ? ? ? ? x x ? 0 0 ? ? x ? x ? ? x 0 0 ? x 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? x ? ? 0 0 ? ? ? ? ? 0 ? 0 ? ? x ? ? 0 ? ? ? ? 0 ? 0 0 0 ? ? ? ? ? ? 0 0 ? 0 ? 0 ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? x ? 0 0 0 ? ? x 0 0 ? ? 0 ? ? ? 0 0 ? x ? x 0 x ? ? ? x x ? 0 x ? ? x 0 x 0 ? ? ? ? 0 ? x 0 ? 0 ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? x ? x ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 x 0 0 ? x ? ? ? ? ? ? ? ? 0 ? x ? ? x 0 ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? x x ? ? ? ? 0 0 ? ? 0 ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? 0 ? 0 0 ? 0 ? ? ? ? 0 ? ? ? 0 0 ? ? x ? x x 0 x x ? ? ? 0 ? ? 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? x x ? 0 ? 0 0 ? 0 ? x 0 ? ? ? ? 0 ? x ? x 0 ? 0 0 0 0 ? ? ? x 0 ? 0 ? ? ? x ? ? x x 0 0 ? ? ? ? x ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? x x 0 ? ? ? ? 0 ? ? 0 ? ? 0 ? 0 ? ? ? ? ? 0 0 0 ? ? ? x 0 x ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? x ? ? ? ? ? ? ? 0 x ? 0 x ? ? ? ? ? ? ? 0 ? ? ? x ? 0 ? ? ? ? ? ? x ? ? 0 ? ? ? ? ? ? 0 ? ? ? x ? 0 ? ? ? ? ? ? ? ? ? x ? 0 ? ? ? 0 ? x 0 ? ? x ? x ? ? ? ? ? 0 ? ? ? 0 ? ? ? x 0 ? 0 x ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? x ? ? ? ? x 0 0 0 ? ? ? ? ? ? ? ? ? x x 0 ? ? ? ? ? ? x x ? ? ? ? 0 ? ? x 0 ? ? ? x ? ? ? ? ? ? ? x 0 ? ? x 0 0 ? ? ? ? ? ? x ? 0 x ? ? ? 0 ? 0 ? ? 0 0 ? ? 0 0 ? ? 0 0 0 ? 0 ? ? ? ? ? 0 ? ? ? ? 0 ? 0 ? ? ? ? ? 0 x 0 ? x x ? 0 0 ? ? ? ? ? ? ? 0 0 x ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 ? ? ? ? 0 ? ? ? 0 ? ? x ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? x 0 ? ? x ? 0 0 0 ? ? ? ? ? ? ? ? 0 ? x ? 0 ? ? 0 ? ? ? 0 ? ? ? 0 0 ? ? ? x 0 0 x ? ? ? 0 ? ? 0 ? ? ? 0 ? ? ? ? 0 ? ? 0 ? ? 0 ? ? ? ? ? ? 0 ? x 0 ? ? ? ? ? 0 x ? 0 ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? x ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? x 0 ? 0 ? x 0 ? 0 ? 0 ? ? ? x ? x ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? x ? ? ? ? ? ? ? ? x ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? ? 0 ? 0 ? ? x x ? 0 ? ? ? x ? 0 x ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 ? ? 0 x ? 0 ? ? x ? ? ? ? ? 0 ? ? ? 0 0 ? ? ? ? 0 x ? ? ? x x ? ? ? ? 0 ? 0 ? ? ? 0 ? 0 ? 0 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? x ? ? ? x ? 0 x ? ? ? ? ? x ? ? ? x ? ? 0 ? 0 0 ? 0 ? ? ? ? ? ? ? x 0 0 ? ? ? ? ? ? ? 0 ? ? ? x ? 0 ? 0 ? 0 ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? 0 0 x ? 0 ? ? 0 ? ? x ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? 0 0 ? ? x 0 ? ? ? ? ? ? x ? ? ? ? ? 0 ? 0 ? ? x ? x ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? x 0 ? x ? ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? 0 ? 0 0 0 0 x ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? x 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? x ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? 0 ? ? 0 ? 0 ? ? ? 0 x ? 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? 0 x ? ? ? ? x ? ? ? x x 0 ? ? ? 0 x ? ? ? 0 ? ? x ? ? 0 0 ? ? ? ? ? ? 0 ? ? 0 x ? ? x ? ? 0 ? x ? ? 0 ? ? ? 0 0 ? ? ? ? ? x ? ? ? ? ? ? ? x ? 0 x ? x 0 ? ? ? ? ? ? 0 ? ? ? ? ? x ? 0 x 0 ? ? 0 ? 0 0 ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 0 0 ? ? ? ? 0 x 0 ? ? x ? ? ? ? 0 ? ? ? ? 0 ? ? ? 0 ? ? ? 0 ? ? ? ? 0 ? x x 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? x ? ? ? x ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? 0 ? ? 0 ? ? ? ? ? ? x ? 0 0 x x 0 ? ? ? 0 ? ? ? 0 ? ? 0 ? ? ? ? ? x 0 ? ? ? ? x ? x 0 0 ? ? 0 ? ? x ? ? 0 ? ? 0 ? ? x x ? 0 ? ? 0 ? ? ? x ? ? ? 0 0 x ? ? 0 x ? ? x ? ? ? x ? ? x ? ? 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? 0 0 ? ? ? ? 0 ? ? ? ? ? ? 0 x ? 0 0 ? ? ? ? 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 ? x 0 ? x x ? ? ? ? ? ? ? ? 0 ? ? x ? ? x 0 0 ? 0 ? ? 0 0 ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? 0 0 x x ? ? ? ? ? ? ? ? x x ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? 0 ? 0 ? ? ? ? ? ? 0 ? 0 0 0 x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? 0 ? 0 0 ? ? ? ? ? ? 0 x ? ? ? ? ? ? ? x 0 0 x x x ? ? ? 0 ? ? 0 ? ? ? ? ? x ? ? 0 x ? ? ? ? ? ? ? 0 ? ? x 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? 0 ? ? ? ? ? ? 0 0 x ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.ANH
Agent.CZC
Agent.DEAB
Agent.DFSK
Agent.DFSR

Agent.FD
Agent.GJR
Agent.HJD
Agent.KLB
Agent.LKN
Agent.LPX
Agent.OSA
Agent.OSH
Agent.OSJ
Agent.OSK
Agent.PFDF
Agent.PFDG
Agent.XAE
Agent.ZFX
ArchSMS.G
AutoHotkey.A
Autoclicker.SF
Autoit
BHO.S
BadJoke.LMG
Bancos.B
Banker.FD
Banker.GT
Banker.LH
Banker.R
Bitcoinminer.FDO
Bitcoinminer.R
Brute.BH
Brute.BHA
Brute.PVA
Brute.PVF
Bulz.EE
Bulz.F
Caldera.A
ClipBanker.DRA
ClipBanker.J
ClipBanker.KF
ClipBanker.PDB
ClipBanker.UDB
Clipbanker.DU
CobaltStrike.GI
CobaltStrike.GIA
CobaltStrike.RG
CobaltStrike.SN
CobaltStrike.SR
CobaltStrike.SU
CobaltStrike.TQ
CobaltStrike.XN
Coinminer.GAI
Coinminer.GAJ
Coinminer.GQ
Coinminer.RIA
Dacic.O
Dapato.ACC
Delf.DA
Downloader.Agent.BHB
Downloader.Agent.DTB
Downloader.KFB
Downloader.Small.G
Dropper.JA
FakeInstaller.B
Farfli.FR
Filecoder.GOA
Filecoder.IFC
Filecoder.KEA
Filecoder.KEC
Filecoder.KEE
Filecoder.XNA
Floxif.E
Fugrafa.T
GO.Ranumbot.A
Gamehack.DSF
Gamehack.GDG
Genius.A
GhostRat.F
Glupteba.P
Go.Agent.DB
Go.Agent.E
Go.Rozena.A
GoBot
Goshell.D
Goshell.F
HEUR.MSIL.Generic_268209
HEUR.MSIL.Generic_274333
Hioles.E
HolyCat.B
Injector.GSD
Injector.KI
Injector.KPP
Injector.XD
Injector.XN
KillWin.H
Kryptik.CBS
Kryptik.CBXB
Kryptik.GSG

167 additional families are not displayed above.

Files Modified

File	Attributes
\device\harddisk0\dr0	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\crashpad_1628_aevdaxjpuvztvmuq	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_1628_aevdaxjpuvztvmuq	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_3448_oxqjvexfakdesbil	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_3448_oxqjvexfakdesbil	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_3864_qvmylofaasrcmtzl	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_3864_qvmylofaasrcmtzl	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_4656_tdldmmkigexzfsyw	Generic Read,Write Data,Write Attributes,Write extended,Append data

\device\namedpipe\crashpad_4656_tdldmmkigexzfsyw	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_4840_ixaqmpwwyyygxsuh	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_4840_ixaqmpwwyyygxsuh	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_5248_yffipyeqxtqladqq	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_5248_yffipyeqxtqladqq	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_5948_gqrroeamvqobzgnj	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_5948_gqrroeamvqobzgnj	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_6116_siliqvntwkvqdpnn	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_6116_siliqvntwkvqdpnn	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_6128_fjimoldbjfufrakp	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_6128_fjimoldbjfufrakp	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_7612_uufymcjqkhgzhzcw	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_7612_uufymcjqkhgzhzcw	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_7692_pploudiupvsshals	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_7692_pploudiupvsshals	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_8164_qtvmdniptvozguhu	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_8164_qtvmdniptvozguhu	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\neteasehsrecord	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pshost.134124537891342407.1552.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134133609339810415.288.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134145460193631010.1768.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\uc2messagepool	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$re0lso7.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\[enternote]	Synchronize,Write Attributes
c:\[enternote]\[maintenance]	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\__tmp_rar_sfx_access_check_1406203	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\[enternote]\[maintenance]\ccleaner	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\ccleaner.exe	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\ccleaner.exe	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\ccleaner.ini	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\ccleaner.ini	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1025.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1025.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1026.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1026.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1027.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1027.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1028.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1028.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1029.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1029.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1030.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1030.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1031.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1031.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1032.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1032.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1034.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1034.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1035.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1035.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1036.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1036.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1037.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1037.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1038.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1038.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1040.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1040.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1041.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1041.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1042.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1042.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1043.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1043.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1044.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1044.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1045.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1045.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1046.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1046.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1048.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1048.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1049.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1049.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1050.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1050.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1051.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1051.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1052.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1052.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1053.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1053.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1054.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1054.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1055.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1055.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1057.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1057.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1058.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1058.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1059.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1059.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1060.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1060.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1061.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1061.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1062.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1062.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1063.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1063.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1065.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1065.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1066.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1066.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1067.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1067.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1068.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1068.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1071.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1071.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1079.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1079.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1081.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1081.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1087.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1087.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1092.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1092.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1102.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1102.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1104.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1104.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1109.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1109.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1110.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-1110.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-2052.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-2052.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-2070.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-2070.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-2074.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-2074.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-3098.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-3098.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-5146.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-5146.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-9999.dll	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lang\lang-9999.dll	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\license.txt	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\license.txt	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lupo-help.txt	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lupo-help.txt	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\lupoapp.ini	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\lupoapp.ini	Synchronize,Write Attributes
c:\[enternote]\[maintenance]\ccleaner\portable.dat	Generic Write,Read Attributes
c:\[enternote]\[maintenance]\ccleaner\portable.dat	Synchronize,Write Attributes
c:\program files (x86)\common files\microsoft shared\msinfo\msinfo32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\dteplanows\boleta.xsd	Generic Write,Read Attributes
c:\program files (x86)\dteplanows\dteplanows.exe	Generic Write,Read Attributes
c:\program files (x86)\dteplanows\dteplanows.exe.config	Generic Write,Read Attributes
c:\program files (x86)\dteplanows\dteplanows.url	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\dteplanows\dteutils.dll	Generic Write,Read Attributes
c:\program files (x86)\dteplanows\facturacionclprint_app.jar	Generic Write,Read Attributes
c:\program files (x86)\dteplanows\ftpclient.dll	Generic Write,Read Attributes
c:\program files (x86)\dteplanows\imprimirticket.dll	Generic Write,Read Attributes
c:\program files (x86)\dteplanows\siiplano.dll	Generic Write,Read Attributes
c:\program files (x86)\dteplanows\sumatrapdf.exe	Generic Write,Read Attributes
c:\program files (x86)\dteplanows\sumatrapdfprefs.dat	Generic Write,Read Attributes
c:\program files (x86)\dteplanows\uninst.exe	Generic Write,Read Attributes
c:\program files (x86)\dteplanows\update.exe	Generic Write,Read Attributes
c:\program files (x86)\dteplanows\util\config.xml	Generic Write,Read Attributes
c:\program files (x86)\dteplanows\util\config_linux.xml	Generic Write,Read Attributes
c:\program files (x86)\dteplanows\wsclient.dll	Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\programdata\anticheatexpert\sldh.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\anticheatexpert\sldh.dat-journal	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\microsoft\devicesync\wudfhost.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\onedrives\[22.09.2025]_info.txt	Generic Write,Read Attributes
c:\programdata\onedrives\[24.11.2025]_info.txt	Generic Write,Read Attributes
c:\programdata\spools.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\spoolss.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics	Synchronize,Write Attributes
c:\programdata\synaptics\rcxa822.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\rcxaa35.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe	Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe	Synchronize,Write Data
c:\programdata\windowsservice.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_5c4ba1ba\file_25bef704.txt	Generic Write,Read Attributes

12923 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	輽Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	꤆Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Dbigqrmr\AppData\Local\Temp\~nsuA.tmp\Un_A.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Dbigqrmr\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Dbigqrmr\AppData\Local\Temp\~nsuA.tmp	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ᶇ۪Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꭻǛ	RegNtPreCreateKey

HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꭻǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	穰ꯃǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	듖⸱Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	绣轄Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	轆Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	쮼轱Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㈍轴Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	밙萻Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	脃Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	脃Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ƞ㩭Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ƞ㩭Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	뚖㪳Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	뢛㪴Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	秐Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	秐Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	倊Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	덥Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	Ò搭Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	戽搯Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	읎摴Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	읎摴Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ᕵ⻉Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ᕵ⻉Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ﳁ⼗Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ﳁ⼗Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꮁǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	뷳Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	掄훥Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	璢휗Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	큨溵淚Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	漆淚Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	圪䳈歷Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	찫䳼歷Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ಽ暤神Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	曚神Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㰓﫤Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㏃㱠﫤Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	﫳Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	옷﫳Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	뢿復ﮀǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	쪵輦ﮀǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	痭䱿ﲂǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	쇐䲬ﲂǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	旣⚶ﳛǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ፉ⛦ﳛǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	♙㡮ﴄǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	瓂㢛ﴄǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	矍׮ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	׮ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	饂ٿǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꭦٿǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	℉ࡓǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	葵ࡓǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ࡓǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	妇ࡓǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	莔めࢠǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ゃࢠǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	サࢠǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	宇ジࢠǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㶹ࣦǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㶹ࣦǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	亳ࣦǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	亳ࣦǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	轂駧फǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	駩फǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㽒騗फǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꁟ騙फǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	茮縗ংǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	鑔繉ংǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ᆗꏴুǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ᆗꏴুǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	삲ꐣুǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	삲ꐣুǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䁅ୁǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	逽䁵ୁǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䫰〴୰ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	궁〶୰ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	屫て୰ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	屫て୰ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䧏틶஬ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꮽ틸஬ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	媛패஬ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	媛패஬ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls	C:\PROGRA~1\COMMON~1\System\symsrv.dll	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls		RegNtPreCreateKey
HKLM\software\wow6432node\360safe\liveup::mid		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䚤롋౛ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	꣺롍౛ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	뮉롿౛ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ᰪ뢂౛ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	헺ಝǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	๿ಝǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	珞ቱǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䥐ቱǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	╗ቻǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	俁╚ቻǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㦳▅ቻǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㦳▅ቻǜ	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Htgzorxq\AppData\Local\Temp\~nsu1.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Htgzorxq\AppData\Local\Temp\~nsu1.tmp\??\C:\Users\Htgzorxq\AppData\Local\Temp\~nsu1.tmp\Un.exe	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	嗖튒៪ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꐯ튿៪ǜ	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Dykwdwfc\AppData\Local\Temp\~nsu1.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Dykwdwfc\AppData\Local\Temp\~nsu1.tmp\??\C:\Users\Dykwdwfc\AppData\Local\Temp\~nsu1.tmp\Un.exe	RegNtPreCreateKey
HKLM\software\classes\exefile\shell\open\command::	C:\WINDOWS\svchost.com "%1" %*	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	绗뛜⚧ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	绗뛜⚧ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	逄뜎⚧ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	逄뜎⚧ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\360safe\liveup::mid		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	像⡷ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	像⡷ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	왫⡷ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	⣝⡷ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	඄৺⧿ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::browsertabmonitor	"C:\ProgramData\spoolss.exe"	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Mjznmvcc\AppData\Local\Temp\~nsuA.tmp\Un_A.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Mjznmvcc\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Mjznmvcc\AppData\Local\Temp\~nsuA.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Hqfypxpv\AppData\Local\Temp\~nsu1.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Hqfypxpv\AppData\Local\Temp\~nsu1.tmp\??\C:\Users\Hqfypxpv\AppData\Local\Temp\~nsu1.tmp\Un.exe	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	泲㽏㍶ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	쿂㽑㍶ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䋯㾆㍶ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	꒾㾈㍶ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\runonce::wextract_cleanup0	rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Ddprelgy\AppData\Local\Temp\IXP000.TMP\"	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䛝岯䕽ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꪟ岱䕽ǜ	RegNtPreCreateKey
HKCU\software\winrar sfx::c%%[enternote]%[maintenance]	C:\[enternote]\[maintenance]	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	絜煬䠞ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	첬煭䠞ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	悅熰䠞ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	該熱䠞ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	熼䠞ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	熼䠞ǜ	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Ddyqedlc\AppData\Local\Temp\~nsuA.tmp\Un_A.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Ddyqedlc\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Ddyqedlc\AppData\Local\Temp\~nsuA.tmp	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	锘䢵ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	綪锚䢵ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	쌑镝䢵ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ჵ镟䢵ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	꣙镤䢵ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	꣙镤䢵ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\runonce::wextract_cleanup0	rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Ostqravm\AppData\Local\Temp\IXP000.TMP\"	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	쟽脿䣘ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	黃腶䣘ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	D腹䣘ǜ	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Mldqahzq\AppData\Local\Temp\~nsu1.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Mldqahzq\AppData\Local\Temp\~nsu1.tmp\??\C:\Users\Mldqahzq\AppData\Local\Temp\~nsu1.tmp\Un.exe	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㾽ꎴ䬑ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㾽ꎴ䬑ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꏣ䬑ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꏣ䬑ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	拰⋇䬛ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	謚⋈䬛ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	뗅⌀䬛ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	됺⌁䬛ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	猉⌆䬛ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꞁ⌆䬛ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㌉ᓆ䭰ǜ	RegNtPreCreateKey

394 additional registry modifications are not displayed above.

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAccessCheckByType ntdll.dll!NtAddAtomEx ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAllocateLocallyUniqueId ntdll.dll!NtAllocateReserveObject ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcCancelMessage ntdll.dll!NtAlpcConnectPort Show More ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePort ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCallbackReturn ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareObjects ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCopyFileChunk ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateIRTimer ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreateNamedPipeFile ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateResourceManager ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateUserProcess ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDebugActiveProcess ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteAtom ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateDriverEntries ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushBuffersFile ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFreezeTransactions ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtGetContextThread ntdll.dll!NtGetCurrentProcessorNumberEx ntdll.dll!NtGetWriteWatch ntdll.dll!NtImpersonateAnonymousToken ntdll.dll!NtLoadKeyEx ntdll.dll!NtLockFile ntdll.dll!NtLockVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtModifyDriverEntry ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenPrivateNamespace ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtPrepareEnlistment ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFile ntdll.dll!NtQueryDirectoryFileEx 230 additional items are not displayed above.
Service Control	OpenSCManager OpenService
Process Shell Execute	CreateProcess ShellExecute ShellExecuteEx WriteConsole
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent NtQuerySystemInformation OutputDebugString
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserNameEx GetUserObjectInformation OpenClipboard
Network Winsock2	WSAConnect WSAGetOverlappedResult WSASend WSASocket WSAStartup WSAttemptAutodialName
Process Terminate	TerminateProcess
Network Info Queried	GetAdaptersAddresses GetAdaptersInfo GetNetworkParams
Network Winsock	bind closesocket connect freeaddrinfo getaddrinfo gethostbyname getsockname inet_addr recv send Show More setsockopt socket
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory ZwMapViewOfSection
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetOpenUrl InternetReadFile InternetSetOption
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Network Winhttp	WinHttpOpen
Keyboard Access	GetKeyState
Network Icmp	IcmpCreateFile IcmpSendEcho2Ex

Shell Command Execution


							open C:\WINDOWS\system32\cmd /c copy Hindu.eps Hindu.eps.bat & Hindu.eps.bat


							WriteConsole:         1 file(s


							WriteConsole:


							WriteConsole: C:\Users\Ufxfngz


							WriteConsole: Set


									WriteConsole:  Sign=Z


									WriteConsole: MuOrganizational


									WriteConsole: (Cum(Morris(Clea


									WriteConsole: 'MuOrganizationa


									WriteConsole: bPypCustomized


									WriteConsole: (Lord(Scholarshi


									WriteConsole: 'bPypCustomized'


									WriteConsole: BBkVUpgrading


									WriteConsole: (Has(Appeal(Info


									WriteConsole: 'BBkVUpgrading'


									WriteConsole: yQaqFalls


									WriteConsole: (Algorithms(Fax(


									WriteConsole: 'yQaqFalls' is n


									WriteConsole: FoyqSignatures


									WriteConsole: (


									WriteConsole: 'FoyqSignatures'


									WriteConsole:  Td=B


									WriteConsole: ljKnife


									WriteConsole: (Bullet(Prefix(C


									WriteConsole: 'ljKnife' is not


									WriteConsole: mIPic


									WriteConsole: (Paying(


									WriteConsole: 'mIPic' is not r


									WriteConsole: LHObjective


									WriteConsole: (Tested(Patients


									WriteConsole: 'LHObjective' is


									WriteConsole: dDpUtils


									WriteConsole: (Ethnic(Belkin(


									WriteConsole: 'dDpUtils' is no


									WriteConsole: IbMesh


									WriteConsole: (Sage(


									WriteConsole: 'IbMesh' is not


									WriteConsole:  Printing=p


									WriteConsole: ypPerson


									WriteConsole: (Generations(


									WriteConsole: 'ypPerson' is no


									WriteConsole: SMqLInstitutes


									WriteConsole: 'SMqLInstitutes'


									WriteConsole: nizExcellence


									WriteConsole: (Monroe(Retailer


									WriteConsole: 'nizExcellence'


									WriteConsole: KVEaCrystal


									WriteConsole: (Authorization(M


									WriteConsole: 'KVEaCrystal' is


									WriteConsole: TPReligious


									WriteConsole: 'TPReligious' is


									WriteConsole:  Thorough=9


									WriteConsole: NIwvRacial


									WriteConsole: (Glen(Mn(Cedar(H


									WriteConsole: 'NIwvRacial' is


									WriteConsole: eYzOBirthday


									WriteConsole: (Famous(Gourmet(


									WriteConsole: 'eYzOBirthday' i


									WriteConsole: qpGun


									WriteConsole: 'qpGun' is not r


									WriteConsole: DZLaunched


									WriteConsole: (Makes(Vendors(B


									WriteConsole: 'DZLaunched' is


									WriteConsole: IkdWBrakes


									WriteConsole: 'IkdWBrakes' is


									WriteConsole: mzyCox


									WriteConsole: 'mzyCox' is not


									WriteConsole: zIvServices


									WriteConsole: (Rural(Portal(


									WriteConsole: 'zIvServices' is


									WriteConsole: lmMjWilson


									WriteConsole: (Cf(Stat(Elderly


									WriteConsole: 'lmMjWilson' is


									WriteConsole: SPSatellite


									WriteConsole: (Taught(Adjustme


									WriteConsole: 'SPSatellite' is


									WriteConsole:  Translated=I


									WriteConsole: AWYu


									WriteConsole: (Ballot(Bottle(A


									WriteConsole: 'AWYu' is not re


									WriteConsole: NXCc


									WriteConsole: (Attraction(Outs


									WriteConsole: 'NXCc' is not re


									WriteConsole: etRSPropecia


									WriteConsole: (Aimed(Follows(N


									WriteConsole: 'etRSPropecia' i


									WriteConsole: wzFSpas


									WriteConsole: (Otherwise(


									WriteConsole: 'wzFSpas' is not


									WriteConsole: HOhGazette


									WriteConsole: (Meyer(Message(V


									WriteConsole: 'HOhGazette' is


									WriteConsole: hoPerspectives


									WriteConsole: 'hoPerspectives'


									WriteConsole: jjCrNotify


									WriteConsole: (Operators(Slova


									WriteConsole: 'jjCrNotify' is


									WriteConsole: ObnaDevelopment


									WriteConsole: (Homepage(Minera


									WriteConsole: 'ObnaDevelopment


									WriteConsole: dzvRobot


									WriteConsole: (Fed(Suites(Enab


									WriteConsole: 'dzvRobot' is no


									WriteConsole: cIhConsultant


									WriteConsole: (Pretty(Conditio


									WriteConsole: 'cIhConsultant'


									WriteConsole:  Television=.


									WriteConsole: AxbCoated


									WriteConsole: (Explanation(Jad


									WriteConsole: 'AxbCoated' is n


									WriteConsole: JOAttended


									WriteConsole: (Covers(Belong(T


									WriteConsole: 'JOAttended' is


									WriteConsole: jfzScanned


									WriteConsole: (Gg(


									WriteConsole: 'jfzScanned' is


									WriteConsole: ScDogs


									WriteConsole: (Celebs(Mil(Anda


									WriteConsole: 'ScDogs' is not


									WriteConsole: ADsEarth


									WriteConsole: 'ADsEarth' is no


									WriteConsole: fqiUAnatomy


									WriteConsole: (Timer(Omissions


									WriteConsole: 'fqiUAnatomy' is


									WriteConsole: tXkSeafood


									WriteConsole: (Comes(Present(D


									WriteConsole: 'tXkSeafood' is


									WriteConsole: lxManaged


									WriteConsole: (Conviction(Mail


									WriteConsole: 'lxManaged' is n


									WriteConsole:  Pics=3


									WriteConsole: bIReception


									WriteConsole: (Hourly(Gets(Sin


									WriteConsole: 'bIReception' is


									WriteConsole: KwNSeparately


									WriteConsole: (Tiger(Yacht(App


									WriteConsole: 'KwNSeparately'


									WriteConsole: ISmSaints


									WriteConsole: (Generators(Prov


									WriteConsole: 'ISmSaints' is n


									WriteConsole: jzuhMilitary


									WriteConsole: (Nylon(Easier(


									WriteConsole: 'jzuhMilitary' i


									WriteConsole: LefgFun


									WriteConsole: (Plug(Consultanc


									WriteConsole: 'LefgFun' is not


									WriteConsole: ZpNFacilitate


									WriteConsole: (Publishers(City


									WriteConsole: 'ZpNFacilitate'


									WriteConsole: SoSHuge

6026 additional execution are not displayed above.

HEUR.Malware.FakeApp.Generic

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove HEUR.Malware.FakeApp.Generic

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed