HEUR.Malware.Misc.Packed.Generic

By CagedTech in HEUR Malware, Malware

Threat Scorecard

Popularity Rank:	70
Threat Level:	100 % (High)
Infected Computers:	265,955

First Seen:	September 24, 2012
Last Seen:	April 16, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	HEUR.Malware.Misc.Packed.Generic
Signature status:	No Signature

Known Samples

MD5: 4f60fc0707cf8ad2a584ba4e8bca8a6f

SHA1: d62b9d7e3b4901af9ff33b06572f90f19c785cb7

File Size: 1.86 MB, 1859588 bytes

MD5: 1bf4f6b0ec3b2f94e6fed201185c7601

SHA1: 0d374bbcc910fb4d9b3a02ad5c1f8c03a825262d

File Size: 9.22 KB, 9216 bytes

MD5: a279230ef9676ffb83f82ec257cb80f1

SHA1: ebb85bab1daa817d1a890dd7353d4f19317b1a9d

File Size: 60.42 KB, 60416 bytes

MD5: 0587dbb8905bf3072a62e64f8b3e9f09

SHA1: f66b8ca13d80ed80fe166e6937e4601b9964754d

File Size: 4.79 MB, 4790798 bytes

MD5: 2dc15fe99a5762fa8d1b7a3cb85a848d

SHA1: 8712c6b087ecc496eb9d9a78882d685ecfb70505

File Size: 16.38 KB, 16384 bytes

MD5: 5abd9d11cb95cd70bef0fdef1502af60

SHA1: 79061668dd9c3fc193644dfebebdf2091188b031

File Size: 3.08 MB, 3077942 bytes

MD5: 09473f394170d8f68c09e9afe511e6f2

SHA1: 21ce38f5a54c9ecd7632a9af5dc64b3152e14037

File Size: 5.07 MB, 5070215 bytes

MD5: bb9fd41e56be74e19ec89a35addadc0e

SHA1: 0f77c59b9ab799477bbc0f47e12fca655edc0cfc

File Size: 212.48 KB, 212480 bytes

MD5: 58521bcef8384ee09291a73b1bef8450

SHA1: 7426198c26ad7144a2e427494facb1298a5e49af

File Size: 49.15 KB, 49152 bytes

MD5: 7563e910680fcc5f3a5a4db3b681d0bc

SHA1: 01ccd62fa0a45c71a295b8b8edb653acab1796de

File Size: 956.42 KB, 956416 bytes

MD5: a352ff37c82b4bcea2921d64c6512ad7

SHA1: eaca7f14c8d22984846a2b1e77b8a2aa3f3e2dfc

File Size: 317.95 KB, 317952 bytes

MD5: fb2150803bc23dcca6d1e634a85fe66a

SHA1: e1e17a7f257d28c2a6f015b81fccd545a119a814

File Size: 78.85 KB, 78848 bytes

MD5: d071837b7fa866dbc1dcb930ac1eb218

SHA1: 9f43e5cb3f0a07d80ce7f3686ea30714ecd809e7

File Size: 980.99 KB, 980992 bytes

MD5: e4c52095dc9489c3606a7d8d8804a3db

SHA1: 2bc74f045e00446122443b78ee2d8c2da785aa75

File Size: 483.19 KB, 483186 bytes

MD5: 44a21422124d3b92a4bd1bd6f5feb7bf

SHA1: 2c076b87cca5fc73cabae9aa6586c0f1368cf829

File Size: 2.10 MB, 2097582 bytes

MD5: ae1ef51a2d01a173ae5fe5ec79853bab

SHA1: 3c4aa9877cc2a64e66ef6e1f8c372de3feacf248

File Size: 427.01 KB, 427008 bytes

MD5: dd7f5b45cdca6e4ee156a210b2548b26

SHA1: d31f6a9dc44e9fa9c39842609ce4def95c9c22d3

File Size: 8.71 MB, 8709789 bytes

MD5: 468cdf4a2d5f1e9f15249c62f76032ae

SHA1: 96340f000892d020440d52d547cac5e600dca3b3

File Size: 842.24 KB, 842240 bytes

MD5: f6302dea6661454fa175220824e04f4b

SHA1: 6d2f2fb995f4112a3a484361bc6d8a1f204978f4

File Size: 3.55 MB, 3547136 bytes

MD5: cbb310cbf1d69fb1c3c7b08e3de10551

SHA1: bbb846dd2c37a00b33f29e067dce5a7599b84bdd

File Size: 4.62 MB, 4620003 bytes

MD5: cbd4e6b40fe7cb76ce2d97ef8674b6bd

SHA1: 3170ed0c2e6a8e7fb4fcbc96d440192e7a8a5254

File Size: 3.66 MB, 3662336 bytes

MD5: 056295fa4f34f317b6b003e6de53837b

SHA1: 560d1c3e7f4ff18f3bb42156f0e08775a1076089

File Size: 4.44 MB, 4436007 bytes

MD5: 7e5808c1e6bb27c971e70eff61e0cae1

SHA1: 109e4ded41274fad3e79436951a83a91db51a01f

File Size: 6.00 MB, 6004736 bytes

MD5: 7ea6ec1c2647cdf2d33fcf3daf381616

SHA1: 2a3861adeb7c2d2254acefc8c8eff34b62cef230

File Size: 378.88 KB, 378880 bytes

MD5: 07dcfdb6f809faa4b562906212969c85

SHA1: e545428319a208452314207501d9a8ac040cfaec

File Size: 8.70 KB, 8704 bytes

MD5: ca4f496d99d1b61201910ca44fc0029f

SHA1: 2c7ae6df370a2026c479ef06700407e243f89a68

File Size: 66.49 KB, 66492 bytes

MD5: 4c7f8666a27ec902845a07a1ca819208

SHA1: 49eca9b4b752a3ec7e84822fb1d6006340de8e31

File Size: 5.12 KB, 5120 bytes

MD5: 17b645d6548f0639b695514c5cd58108

SHA1: 6be73bd252b2e57149827a9fe39c83ec3cca7f92

File Size: 4.19 MB, 4191827 bytes

MD5: 38cc4aae390b1589c1f936a27f3e7b6d

SHA1: f0014f0e715e27f38e77a692e80485ae0f034cc8

File Size: 4.18 MB, 4177400 bytes

MD5: 5f29376c550330b976da8ad2cec75a7e

SHA1: 679733d7c493f394bc50eff9f08be423c9584500

File Size: 6.30 MB, 6295251 bytes

MD5: 0e41e444df0c666ebd1c5ba84790c6bd

SHA1: 88e3dee160c851f79d699ae0c3197139a8a94377

File Size: 11.78 KB, 11776 bytes

MD5: fff242c41e065c27d146f117940e05ae

SHA1: 2cf020c396a53debb8a2b08bcd1314cdaf04ff55

File Size: 4.69 MB, 4686610 bytes

MD5: 9d99131e16476393a8f74be84b2b844d

SHA1: 3f974c6f5c0d3622e6a98969e44d878f494698f3

File Size: 2.86 MB, 2857888 bytes

MD5: 4f962762d61777686f4806020502c4dd

SHA1: 37374a3b0ac6e3702fa889ed24337939579ffee3

File Size: 1.02 KB, 1024 bytes

MD5: 95ca47f9dfe138ce89538660769b3b57

SHA1: 1319578b6eca0390f6d2fe31d86ae595e01e7778

File Size: 7.17 KB, 7168 bytes

MD5: 02809d18f4ee80b27ff98155ae0ff71d

SHA1: 7ad8f778086893e190b87082a4e1d31f8647a4fe

File Size: 3.60 MB, 3602940 bytes

MD5: 9eac37d213bd30e4ae6bb2bea07e2c6a

SHA1: a8198a38557495c0958a7f260e0fcef97daf809c

File Size: 801.79 KB, 801792 bytes

MD5: 754ca46acdcadccdcc932846dae55be3

SHA1: 3a611ee76085029acd0620d47977798481dbb8d6

File Size: 8.22 MB, 8218755 bytes

MD5: 2b5caa750c2a8f5e58e526be22c41b0a

SHA1: b8b526ebac5b57356318301fdce1af348707b69b

File Size: 3.50 MB, 3504293 bytes

MD5: 7d3d7c3e178d0dc8e3426c9ccf9023f2

SHA1: f69504f4e3f2068f14733727da63bee44b5c68b8

File Size: 282.11 KB, 282112 bytes

MD5: e33036c1c9a501210edf11d970b0b7ab

SHA1: a554a51295dc79dbd60d1b17326574a02ebad8ad

File Size: 1.17 MB, 1173627 bytes

MD5: 9d1e6252fd933439f4b5d2f0eba5b467

SHA1: 23567842a4778743f13b2f609f5020e4965e30a1

File Size: 3.34 MB, 3338062 bytes

MD5: a7dcf31c7818784fb3d0899458c523a7

SHA1: 5af87bd7d7eab20bdbbc6117658f8ac8aec69f92

File Size: 157.18 KB, 157184 bytes

MD5: cd5ca427447492bf2b584a225f658bd2

SHA1: 1adcf8cc47d54b135aafd42715de11607352201d

File Size: 5.38 MB, 5378480 bytes

MD5: f7d1ce3613fb05fb9eef7c4657544728

SHA1: bd3fc2fef9342fa4972d20bec51c9b2fe1cd1ed8

File Size: 212.48 KB, 212480 bytes

MD5: 94df123d15ae29064300f8807ccc12d3

SHA1: fe5287e8561377e9c968cced61e97786e0ae11d3

File Size: 934.43 KB, 934432 bytes

MD5: 29893f4fcfbdf78a428a5060869c7822

SHA1: a22e7664d66c2473353072aab182ec75c7319ea4

File Size: 9.35 MB, 9349173 bytes

MD5: 1e1481e267a39f4f836d7ffd999eccda

SHA1: 75bd1cd7b30542d1ce1ce7f0176097a2aee703aa

SHA256: 669F027A3523778DBFE64628E6B868AF88E51E53879636AEAD5D48B0F6B55026

File Size: 343.55 KB, 343552 bytes

MD5: 8c92abe9c7ac90ebb3378cce48c7c341

SHA1: 8a80351a53e44cc0a5fe607dac364bb9dcf38663

SHA256: 0AB936514045B9EC6D780B4482532FA2F7C05FA3F22B48A1BD36A12BD2EE5164

File Size: 259.58 KB, 259584 bytes

MD5: 5e28d3b2f79937855e22184b0b6b1759

SHA1: 4a72cad4f4cea7054110df9317b906a71934f96d

SHA256: 66AD98DD71E5BAD9388B6A8180F0426231063CF381852D75F89C589C523B6013

File Size: 28.67 KB, 28672 bytes

MD5: 9e51e8fefaa9ac8bea519a26d3ebd9df

SHA1: 270e27339ea0d685dcb2efc5200480bd4d519890

SHA256: C306B9697D39DAEF19688ED3B7F7AF75D31EF2F63AFE92F7C501A30F901FE2CB

File Size: 308.74 KB, 308736 bytes

MD5: cf6954ee7e4ede0b30ef4b522e09dea8

SHA1: ec36cf8a9deff902213a72cfe258a4cd37eda3fd

SHA256: F5D55C4FD0DD4A74767169346EAB5E120C3707C52B8FA92D1823747DD1D764CD

File Size: 1.57 MB, 1566514 bytes

MD5: 801ca7ed8105852dae57149e70a5f7ee

SHA1: babbe7a5eb93f4b419f2bce0d8ebdf4a46c444c3

SHA256: 3BAD7D0BDAD1E68821FE999CABC6F15AC27CEB347D77D77B014C3C91ED1211B4

File Size: 4.45 MB, 4445696 bytes

MD5: 7a2d1c0d0f0032e4329deb8dd069602a

SHA1: 31b8e6ef08fe68a555abe2a2694d6052ea0278b4

SHA256: B1F65E4CA813628D371D804EFC89C1FC0C0E65CA0E550230B1B7558EF4F26CC6

File Size: 2.17 MB, 2167296 bytes

MD5: 1c040113bfab43d450fd7d0297949a9b

SHA1: 62b692562338bcd5f58536bad6d4c4836c454262

SHA256: 882A08184C0CE99F1AE5C6F6A9FCEEE83391B1B2811A7FB2923260527CADD368

File Size: 3.38 MB, 3381248 bytes

MD5: eae890d850255ae7ede23268c96f3af6

SHA1: 529df41f37f8fe52e65f5627df95a880efa75ea4

SHA256: 262E65A1240E312E6F32DEBECA3A90BE4398B07C003F87D38805C7E45A04AECE

File Size: 432.32 KB, 432323 bytes

MD5: 4a3eb54d181e91ff33b5f8c0142c5f5d

SHA1: 04c8166810b959e42808a703059b99cdb7f314b3

SHA256: 32A21DB4D1675578C0DE3651ADC7102B55067A2672D3F204FEDAB583C31AF901

File Size: 967.68 KB, 967680 bytes

MD5: 861db17560fff04095303dbfb46f2e8c

SHA1: 7b54500cdb6c9476ec998896dcb63a09a06d2fec

SHA256: 6AA236A2BF506898A9BE7CB4008EB06010420614C888846AF7EE1D6DC0A16F45

File Size: 41.47 KB, 41472 bytes

MD5: 008832fb734fef92658f5282b1ac6609

SHA1: 088d6385381b2cd31b4f85968dfff761df8b2256

SHA256: EE05E8EDE5EAFDBA8B2F58F5FC8AB8FE8F2A2161083E26C4908985F6DCDD1E5A

File Size: 4.05 MB, 4053504 bytes

MD5: 4644ad2d03e01df828d1d92148672ae4

SHA1: 400153f0b38ee99b42eb6169f5ba91331ca8cc46

SHA256: C879045FAE8B1302D86273A356C6C41767303F054C38698A788BDCAAFAE99D42

File Size: 9.60 KB, 9600 bytes

MD5: 5beaa7efd2a29e58ea5d459b516fc719

SHA1: 9632a792ae0dc730379b2351250554639b3818ba

SHA256: 4AA9800962EB78BFBF1F631AABBB41071DF93B6DAF4AA24A515D07AA7C412428

File Size: 74.24 KB, 74240 bytes

MD5: 752d34d8930ffa166a3fd08fd6f1f7bb

SHA1: 3a41d3bbd6bf2dcf5ee351f751e0bd1d659985e2

SHA256: 728BDA4171ACD104611D0B326E947B8F674C74F56E6F4EF8D0D86CFD42859390

File Size: 3.13 MB, 3127296 bytes

MD5: bd4f7de9c3f1e79b97f9a08f1dc017f4

SHA1: 5a04f1ddcc8fe1c9ca76aba9a02bd8560b3240a9

SHA256: E59BEE051A814F814C8EB19C9C865A0858DB4F212232F7C80883AC5E91D8AAE7

File Size: 5.69 MB, 5694976 bytes

MD5: a418667c9bb0e4f0fc9cb1f78a745ed3

SHA1: ad1ce56c16a0e5e1109d6df0fcda4ec1522ce22e

SHA256: 0F79FAF34C024CE13A69F9F69D0D4E5BCA596EF9B55F664B2F15B2829B5DE8BE

File Size: 794.62 KB, 794624 bytes

MD5: bb551ceaea45c8fd6e9ffd3e66636edd

SHA1: cd1542a589e4b0fc70c249bf91480c164a9b51f5

SHA256: C09010C372878102298ABBAF00EC84625F423AFF08DA62043AA980E71CC78CDC

File Size: 326.14 KB, 326144 bytes

MD5: a8a4b42288c18af1fc7d26b939c476b1

SHA1: 32dc51ecc07831bf0ccc09f86c290b0bc192a699

SHA256: AF21DF9881997C365A4638CF47F2EF8031F31C43613414DBAC48925C74826359

File Size: 434.18 KB, 434176 bytes

MD5: 75ed99325c4665a301abb3cb06c327e6

SHA1: f7c8be8eb4d1ebe3a90c980979f30cda741f6324

SHA256: 4FA78C05277A6AB2C93C83ED2946EF370B9A162F8A4F012ACDE29E792A4F56FF

File Size: 834.12 KB, 834118 bytes

MD5: 5a0038e17e9d8887f03efcb8f72dfb5c

SHA1: bcca8ddba2aa4bd1f450a87e9ea15367d7bbb1b8

SHA256: 1F29A4685746B71E276F34D26A7A12AEC32F06FD86095F18C1A5AE8297FFEF01

File Size: 2.82 MB, 2823320 bytes

MD5: 7833a5d145cd03eed0d4e1902f38ecf3

SHA1: b467ba5b8c84e7931a94f646e8a5950e4ab40cc2

SHA256: 9D72C461FFAF5026C742F288530E4B8EDCC88D19FB33467441D5AA7F33AB9FB3

File Size: 48.13 KB, 48128 bytes

MD5: 1676d7d1d74331f25e31f65003bf224c

SHA1: c5c17375c34d70b94f64cbb1ec22d90d9346a615

SHA256: 2892D28E15EDE203D33026E72B5830806E5886DA4233A425E7006B76D80A469F

File Size: 2.04 MB, 2044432 bytes

MD5: 3c420e6cca41e0e671678e0ac01921dc

SHA1: c70549977c97cf1f5bc1832ff2803b48bff70b32

SHA256: 718F8E7163762AA9E04EE030A7AE071C249DEF7E8C9B0F537BE1A3D60C3AEC02

File Size: 6.21 MB, 6206040 bytes

MD5: 7b49125764b8d2ec4a23e07b054a42a2

SHA1: 57970363b6802022522cccdd69ae4c08134a30b5

SHA256: ECE14C54F9C5DC2FA85EF3A33BCA41B80205FDDC1BC983C6AAA6FC90369E7F1F

File Size: 2.86 MB, 2862080 bytes

MD5: 8557472961bb60f3698780ab350b9642

SHA1: 1ad78f110a5a88cb0c79b8c710500f827625a66c

SHA256: 2575EB5431C5DA3CD49887364D06DEF657FFADB3A15C8EE5E576FA9B8809B34D

File Size: 143.87 KB, 143872 bytes

MD5: e65b2b18bc53902ffddffde745c71bdd

SHA1: 5490294a3659d5ca35d6a24f6b55afbbc32af5d3

SHA256: 9761C77F633BB1E04E35E6559A052EDFC9C5680E3D738E7FF9D9E6A02A137367

File Size: 3.82 MB, 3821528 bytes

MD5: 87a35aa3c1152f495a94f42f312370b8

SHA1: e11b9f651ad4fdee95eeac5cb84a53e229766302

SHA256: 05D401B70FBD643182979C67096F88439B01118BA193209EC21708497D8AD8AF

File Size: 5.76 MB, 5764140 bytes

MD5: b418e5e93265681f451db519c9833f9d

SHA1: bbb44c941a4fef03f456e86666a17f646422a5a7

SHA256: 6D35018ACD9A7977D7AAC16549FF112CCF4D0C169A4D6C94111F32E597F21684

File Size: 1.52 MB, 1519104 bytes

MD5: 512b447260670c13e769a0a59d8c6427

SHA1: dafe2fd38b4515f217b3429643647003074bb086

SHA256: 845D8FB15CA2FFB5E1612860C4C1058F99A50E2945E09BB70EF70F6E8CC53BFD

File Size: 69.63 KB, 69632 bytes

MD5: a689eac16de7cef18eab37fbf62a198a

SHA1: 53087cfa02d2a60f457bec3a2a375680b2721366

SHA256: 76D9F06104A643AB7C59B63BEDEEEA456086B5725A46C13CE4225E2170ED445B

File Size: 9.94 MB, 9943552 bytes

MD5: 2810dc2bfb0a9e05bb749ec91b05025c

SHA1: 4cb37963a758fb08205469624b7e4d55eaeec17c

SHA256: A9F89F474DB8B6FD9E5432862A25BC254FBBC8C4973046D4B2677FEBFC84D51A

File Size: 5.36 MB, 5360640 bytes

MD5: 3e9d74ee89920565ac43d13296255c1d

SHA1: eee48672974fa70288fada724a849ec109e6f8f0

SHA256: E50CE141056574A4B4670BE59F6145D5A8D70F159DD1FCB19449B9C8518CD7AC

File Size: 954.32 KB, 954316 bytes

MD5: 5093a22ca4affb629672dbcf0807fba3

SHA1: 0d419cf55382cf2b36bbbc17b5262b1967cd70e8

SHA256: 7B38BA26E0F1D542DC6D0F0AAAEF1CA82C4F98453EA93BE7171A665AAEA4733C

File Size: 103.94 KB, 103936 bytes

MD5: 4de4dfbf3f11d7db024a3d66a2196ada

SHA1: 91c7bfc86a872e4ee22e964b4d9df286739b3e67

SHA256: 1702E51DC43AB0172BA44B6B5E2F8F8BEB3207DE4BB53FB5578B72FF1332C6E4

File Size: 4.62 MB, 4623360 bytes

MD5: 3501965e8a21fd0b774c09438965af9d

SHA1: 9a6d47ac1e079626b4221fad0a2c9ec0301f2c0a

SHA256: FC73FD1992D35342F92838544C632EF37E3EB54FDABEA0FE183A3EE4D916F885

File Size: 36.35 KB, 36352 bytes

MD5: 96fbe02743df6acfddffc94155af5f2f

SHA1: a8c7e83f5c0aea37d433bfc6c782dd81a3d817e9

SHA256: 8162D53A729C1201833753F2D5C9B88350AFB17E5F730B4CAC24691075CC3749

File Size: 1.20 MB, 1198080 bytes

MD5: 8ba04e92acb9b65f0356fbb1efada1d4

SHA1: b7e02029d4578281063be963de20433008420694

SHA256: 0FB824DD5E55DA936786EA4446FE682BB368DEE3FEA7921993845C1DEB24C97C

File Size: 14.34 KB, 14336 bytes

MD5: 5ec1a497ea3d2289e121e572ddd1d297

SHA1: 37986ebd4b819794647c91835a2e8b9c43670c8e

SHA256: 7E062AA5CA3727B36A3456CFFC23CF8AAF683DF11E83D234DD575DBBDBE04E42

File Size: 9.22 KB, 9216 bytes

MD5: 9fea09048b075bdce294749c4c271352

SHA1: b8274e90e3f21bebd4e81da1e3d344f894c708c5

SHA256: 94BBD65971EA2C8DBD0D50FD949404EF76C175DE5D27B2D45FC51F466FC658D1

File Size: 7.31 MB, 7313920 bytes

MD5: faca30112de0eb9feda6db3c7c6b9e07

SHA1: d240782c28d7a37b62cf9e38fa89553f9e10b289

SHA256: 610B44C5F9F626675E538F0E456FE93A701EDA1464AB1919B9513FE1B019ED42

File Size: 3.53 MB, 3530752 bytes

MD5: f6ef0f06791aee7d6374583c945d72a6

SHA1: 17f8caaea4cd10bd16ba5895769b63566ff2943c

SHA256: 727D120EBDF77A51293DAAE2DE523A8B8E5AF9B02F545C024C84B11D6B48E2B2

File Size: 8.73 MB, 8730128 bytes

MD5: 358c5365f9f2d67a9fb5b021f83fc8a9

SHA1: 43b4b4f3d48eb788e4686e3246dc54a7baae6319

SHA256: 7AC081A77D7BB150412FBFB71908EB1D00A13D1F9CCA50A49F9B1650F3591650

File Size: 411.07 KB, 411072 bytes

MD5: 515fbe8ac7c9f1f501e494ea8f88d0a7

SHA1: 5d7a7f419c99ab06d03f9feb40bde85541b8a2fd

SHA256: 27FB71F698DBD281F536ACCB4AEE1D34BFA6C2495238F5F150AE1A45486A372E

File Size: 290.82 KB, 290816 bytes

MD5: 413fc3971f74d98a23078e29212d1e7c

SHA1: 4afe8f620802c4998b9d72df973f05391b6e0d18

SHA256: D7B3ED171781AB6E7BCBAD85B56F8AD6E5CEA830B3166096CFED67F053B6A91C

File Size: 663.55 KB, 663552 bytes

MD5: e6c812c752e93667b7b860a1e3914930

SHA1: 2a8d234a581c7fa329d71b38ec656f6e44b28dbd

SHA256: 33CDA8E54CDA8E5E59B043B64610B47F64873D9D13D5DCA812D946227A831B61

File Size: 5.18 MB, 5175728 bytes

MD5: 0535127e5570a9edccb19b3a855dccbd

SHA1: 2d3dfbb6b0745383658eaf8334afcab39107962c

SHA256: 6BD895CB2B146E536D0BCE84CB8C4F69ADD778DA1DC8B18CDDD7D413671C524E

File Size: 356.36 KB, 356355 bytes

MD5: c4d63eb64cf60dcb2c98256ca6a89cbe

SHA1: 9a8d2cb82f379a6c41e66d16b511a16355b297f3

SHA256: 4454076A84CE5FE75EAEA0E8BEEB453C185279FD84BA7DBF2C9DF2034A2B0A86

File Size: 7.68 KB, 7680 bytes

MD5: b2b75ef2e6d257879872c88d3e4c8423

SHA1: b2e11a85cc93071e2fce575e0f1adf20d2e8ed60

SHA256: 8263F208C1A1204F09E21DC86706D06572C2BA71CCABF670CBD9D55619036CD3

File Size: 5.43 MB, 5426512 bytes

MD5: bf41aa02cb6de908de4fa1effd693d83

SHA1: b6fc187622cb5311d7256e930b7eb8d155c1eb79

SHA256: A5885883DF4D7A2116EAD365BB72C3F9BC66C607263B8CCF6467BB2B9FD919FC

File Size: 812.93 KB, 812934 bytes

MD5: 085f1a321db2b4e0c414305cdffeba16

SHA1: 9aabf58e5e6d48ae15ce5572bc151977239c78f7

SHA256: CE9D8DDF62790F842FAACA30A05138FDCE7E4296F91E2CFD3A7B4422C467F38C

File Size: 3.24 MB, 3238912 bytes

MD5: bac2c4ed0d29c883bb1acbd61d666aa8

SHA1: f8d566540b97d745d7167a86494af69bfc76d893

SHA256: 6F9C79945F6B2353E7472960ABC2EAB2FF826CD9009383A32251C2E1679D6E4D

File Size: 115.20 KB, 115200 bytes

MD5: 94c5efb5a7c5a755b0f74de906f0d0ca

SHA1: 40caee245fcc9a2c63d5afa388b2ac8a1538a2a2

SHA256: 7B464030E3D46F4370D07EEE6A3013A307F5F21E8D60B8091DD04230A51A96D4

File Size: 115.71 KB, 115712 bytes

MD5: f6ecbf5f56b9b54659c6775ec5d0b259

SHA1: 8168c7ffcd3322d59d4cf55f80473492f5bace42

SHA256: F3792AE8C8F0D016D7365C413E1B63B6236B8D7B52915AD069AC0745D809191E

File Size: 1.77 MB, 1771520 bytes

MD5: 353194784d4ce8fcf774b7b9e023a7bc

SHA1: baabce9c66185d1825734c2d0e823fb626ca283c

SHA256: 834085DAB6536174612755517D9D0455930510DE4D3EC0864EE0476D5CD4C605

File Size: 7.68 KB, 7680 bytes

MD5: 7e81242014e8f06c18e94129a38fbaf6

SHA1: 1805b4f761eb1892c57698a299697eee6ed3af85

SHA256: C2DF03AAF8ECF644772D7C762F578610168AB5D62A458573091EC2C22BC488C7

File Size: 3.59 MB, 3590612 bytes

MD5: 2d36eb0948deeed5dbe4322f9ee618a5

SHA1: 211aa26d86c0dbcfaf631e73c90e7d3738b54b52

SHA256: 5BA3CA7D6326398DA855E3CC8738B1F779552D623C7C14164928FA01191DA89C

File Size: 8.70 KB, 8704 bytes

MD5: 959abb5e828759d9703be31669413df8

SHA1: 9d27fbfde21da59946e2e3d08258bcffea53d0ae

SHA256: 31BC4A6C6EE5133CFE545F48243DA1488F28CA64492DBE9B7084A1B90412C799

File Size: 1.40 MB, 1403392 bytes

MD5: 47c144d278c035122ca44fd9097bcd20

SHA1: 163ee3440443b5dc4e294a174d03ed0d0500986e

SHA256: 775A8CC10EF1C5C61CE1AB058F40CF9C0217E885F140AC0EF881CD21B165B9E5

File Size: 710.66 KB, 710656 bytes

MD5: 72d74473a89394d39edeed02cc29a15d

SHA1: a44bda3330f2ca05846ba1733d25fd2defccfde1

SHA256: EC26CC2D05DFBB345BC630FD700015EE97F00C708B0D3B969BD03A4B01757AF8

File Size: 1.02 MB, 1019904 bytes

MD5: c397fa9524fa8e78f7a903d96f100f0d

SHA1: 8fba418a32fa2fc10f5f4c9b20da32e793bff48c

SHA256: F475C0F1019365DC18ACE8862F33FB4828C474FF3E6151B127EC46088FC4322C

File Size: 3.93 MB, 3934691 bytes

MD5: 9e45a908d10a2a1402740f57f664cbd5

SHA1: e27c60b241fd263fd40678b1ab61ca73bb41e034

SHA256: 05EA1D6F98B0F9F56961F651EDD70DB4505C82B44F71816A6048534AEB3A23C7

File Size: 62.98 KB, 62976 bytes

MD5: 6f113c619a8b909189c082a1b52833f1

SHA1: 915e9619410bfdb68d6ebf95b5c42943e7c2101f

SHA256: ED4B9960D3EDB8210C610B9F0F2C5E87295A4210954EBF0040F38FD46AD61620

File Size: 1.26 MB, 1261568 bytes

MD5: 0df6d4434b007906ae33a8a8a2f7231f

SHA1: b675b6d3ce6500e393272dca60a5bd054115c51f

SHA256: EF103AC0876BFC05534E9CA3F15B4ABE488018C095F1D2CA31162818E59B4F0F

File Size: 25.60 KB, 25600 bytes

MD5: a57ed12aaf054f69c1442410fecdfaf6

SHA1: 88027d16b91e313aaf74271543dffa0975ff7249

SHA256: 29B3C4C96DD932F3E6B828A8A147EC25664913391C30406E2CCA638FB1962567

File Size: 1.54 MB, 1537373 bytes

MD5: 4b820ec5ea2adba9102340cf382013ed

SHA1: 61c0da143559a4a1f1862caf38d6ac9dae1877c7

SHA256: 6AF57912EB94EF3296AC9A9940D939705A0203CC10AFFC6E55BB726A10C9EA5F

File Size: 7.17 KB, 7168 bytes

MD5: 873008ba1d41bcbf411dd49973dabc38

SHA1: 92ffbf3185f6d10fcbeeafba13fa0825b2634dc9

SHA256: 924BA84B9AF78D208AAB1CEF6C89B7447EA10846D8A47DA1990810D78A6F0E1F

File Size: 2.34 MB, 2337736 bytes

MD5: ac112e6bfbc08b9c4e7ee1cdf9023f22

SHA1: 0a79b3551ce4149e172260ebaac10f598235fa6b

SHA256: 355313FFA3B9A4CA953B4F595DA21838C58B72EC355900B63A66688E16E72C80

File Size: 4.21 MB, 4212240 bytes

MD5: 3aa8680844fccfd76cf9d7d69cb23705

SHA1: c7caa511192c882d47f0e71e355c7b0feb5f6cb2

SHA256: D28C09F00A8B24CA3CE7E96E2E47C0A4D08318B04B29ED5C3633D559086152BC

File Size: 4.84 MB, 4838888 bytes

MD5: ec9efc419f8cff6e75dca6401829aa70

SHA1: 337a00ef80fbaaa05d2d87fe10cef43911fbc38e

SHA256: B16528F88D42BFF42E20DD1D3819D3485F1DFD3C236F909D071ADC8FBD825B77

File Size: 4.18 KB, 4176 bytes

MD5: c0c10e4df51afbe7ca78ca7abb9adba8

SHA1: 2f6cfad7cf4567ef7425923d707194241e7da6e9

SHA256: C95CAA0B06133D84121DD9F25ACCEBD4D93BB9DEE30AD5D2F611501D97945520

File Size: 6.27 MB, 6266048 bytes

MD5: 04f996d3d734dbf604979814298868fa

SHA1: 8100aa3ea5f51fe938bf85f79ab374d4070eb80b

SHA256: A2ADA79E36D8E57973BFB11E4556F8C44276A288A880752B250062C753A858D9

File Size: 7.17 KB, 7168 bytes

MD5: 66609627581fc781c2760faca9858a6c

SHA1: 4d11a5c294ec917365a6c1c4efbb9e715a007067

SHA256: 184868A9C639F36C1AEE9D7666E8EC22C6E3EB5E79CD794F5B47C6FC0B474FA9

File Size: 278.53 KB, 278528 bytes

MD5: 261a3559c291beee0a263566d1c04e11

SHA1: 09a429a4298b8c19c53698a4e92252b37137702c

SHA256: F66EB587C3ECAC050355839A35F51B451024CF792AB534F88BBBBBEA4C33836A

File Size: 1.49 MB, 1488701 bytes

MD5: d7c81fa55acb5b2cf88193e1cc677d95

SHA1: 8fa1fddb17fa614d64c069d0790ac7c2cdc34fd5

SHA256: 25499370F9F64ED12D21F15D203AB689E688BF5121537E85876C366444DF6099

File Size: 16.38 KB, 16384 bytes

MD5: 282b82c0b1cceddc918af63b32cb75d0

SHA1: dc18d1701b3ef17486279afc959e47753080bce2

SHA256: A038449C43875D9CF2FF833131C4E08D52A5437ECBD19A5AA5BF77E3A50572B9

File Size: 434.18 KB, 434176 bytes

MD5: 91daecf224f8d2a790429288e2d0ad0c

SHA1: 7db2b746ef625ce8c9b86f5f3e2cefb23b3d3eb6

SHA256: 647B22B9E4A8B4B71DB017DFE45942E083FB8E5A79B9CBD07FFBF4386B9181DF

File Size: 7.68 KB, 7680 bytes

MD5: 0b23598c0398d8d5dd0df1d8cfb8ce07

SHA1: c9ae5f6d1e3cb3af788faca4a89178d6e7dfb0af

SHA256: 4EE02FFD7E5312B6244FE804748EB1BC828FF0F21637BFE7F7867A10B7D2A9C6

File Size: 189.95 KB, 189952 bytes

MD5: b8ed25420a1c5d3f55050967880a4119

SHA1: 312a497d0f316925998ea370f310c20d660207fe

SHA256: 7F77DCE88AC42EB9332F8DC59A8B4E38CC119AC56DB0292D77B47FFFB849060E

File Size: 5.55 MB, 5549056 bytes

MD5: 316f06d4c564314fd57bd371b4fe59c0

SHA1: d3d255f38ff3a41bb6dcafce32730799b69a7fc6

SHA256: B9FB3E93E79BB459E1A2BD3CE125069E3EF85BAE20A5A8D9AFADEAB100DE84CE

File Size: 294.91 KB, 294912 bytes

MD5: 9361d47e0cf9670dc2941d54df061152

SHA1: 323f339f21dcf2f3daec84990b7db0c5282a0b6b

SHA256: 414A9BE686C40F9236EE70E6C035D37882C79F8D97D0AF875CFA929399D852C8

File Size: 1.79 MB, 1787392 bytes

MD5: f22b60dc0d271428d34991e832641dff

SHA1: a8a0e3beac14f43e6c3fc5d353c87fee3694422f

SHA256: F3BFF8705BFC2A9EED9F8BE5195E679E6393573A66DCC6E10BC58342DC421BEC

File Size: 8.36 MB, 8359936 bytes

MD5: f8f489ed62be84b66e45398e4b23b5c9

SHA1: d38f0d77dee9d170828b852784bbe82481cb9d40

SHA256: FAE1FA2ECE68CC050BEDA950067F04C437F5BA5C89CB0D214C6411BC39563A03

File Size: 13.82 KB, 13824 bytes

MD5: 5d8df31ef6c651550dc8ce27551304c6

SHA1: f2197872bcdc5b074687c395ff63ab37bb6c75e7

SHA256: 386A9784858476EFD471254C7533BAE898A48D6D91CEB457DE07B416CB7F6D29

File Size: 3.93 MB, 3932672 bytes

MD5: 5c22469f77e257b5080fb35f43903288

SHA1: a2cb99abdd695f9fedbecf0a215f8939533cdce8

SHA256: 0A8D36218CC62B5628AA220DAD6B00AF3B2D2D8DA183BB3797C8B67BA4391899

File Size: 7.17 KB, 7168 bytes

MD5: 92b0b2de80ed480bd83dbff1464bc759

SHA1: 7cd65ede5f33cbf0088bd0527d5c0ca15ac7a1e6

SHA256: E57EBCB726882DA3963B4E6A28D9BBF2A4A6232E39DCADB270F52BA3D7A09FD3

File Size: 1.59 MB, 1593344 bytes

MD5: 3574dcbbda0749c255d364cfae24500d

SHA1: 91516bad2d8c8c752707204dee3445a8e5efcb75

SHA256: 68828C007E3D7637B5708FE79AB73ADFE553056C57EEC3CAFB05583D123F8EDF

File Size: 76.29 KB, 76288 bytes

MD5: a8e6fbef80f5a209d8387d275b934bea

SHA1: 0b24eca7ff77a7817270adcee884ad1acef47355

SHA256: 8A8A772329C43F35E9773A02E60FC580D3BE6D85C7F5E7D663AFE14272F81C20

File Size: 114.69 KB, 114688 bytes

MD5: e0be40d255d762ff10e47b9a9c9e7cbc

SHA1: 5c9463a70d09c79352a8906ccd730a4ec5491673

SHA256: 3F945E75A051E3C6A0F59C8E10AE3C39D7019CC8BAD9B0B0DC6694C85D3E6ADE

File Size: 7.68 KB, 7680 bytes

MD5: 342b97f53d69eb44e7205bc7d04060ff

SHA1: a7c8f6ebf3fc825b40925facf9f540dfb4a78992

SHA256: 365DF0CBA5ABC609D6700951A1F7B2F4CBDC85BAD6466F0682F0632DEB6F58A9

File Size: 4.27 MB, 4271104 bytes

MD5: 7fb901f6bc582a2b93b5312c2ef0885c

SHA1: 77176ff77d86e6dc85495f96b531b112230ffbeb

SHA256: CF4E6D5EE21BC738E2A0920DD2385658A436FC16677B9DB43A4434A20CF4BD75

File Size: 7.12 MB, 7120384 bytes

MD5: cdf62969b3428c10fd7f1753d3b00691

SHA1: 18397efa703a118d73e2916288359d1d4843ed9d

SHA256: F254F038219CB284624BCE7EAD626A9A6739E797987B93FF0A52981E40163965

File Size: 955.76 KB, 955756 bytes

MD5: f82cc573781c69634ba69bd0fd66e5dc

SHA1: 216098cc25962c0901ffb74611a8cddfa6557ab9

SHA256: 872CAF4BAFAE1DB8C6D80D5DE27EF9A5F9966480B79CC5D912A5288FEC17855D

File Size: 7.17 KB, 7168 bytes

MD5: 12d58cd26e2cc0440d2f11e2ec25305a

SHA1: d6ef4bbd5fca74ffd125034e2bfa5d48b8580b2a

SHA256: 0FCEC62582ABC04043DF1A586007AB8FEBE2A141FC647DD9298AFFA356703BC9

File Size: 3.97 MB, 3968016 bytes

MD5: 503564e7fcf3a147493e6049565e74f3

SHA1: f074ad345c7f8d33281269b437a160ccaf016e5b

SHA256: 91F12CCDAD1DED3A01823E758A8763A852F1BED474BABC32D3354577FCAC4B9B

File Size: 1.33 MB, 1325708 bytes

MD5: 227469598ccbe47a93bef7803a75569c

SHA1: 1880a93554455c566ae2619af0d36b542cf35492

SHA256: B62917811E39661ABE4BA052BDB09BA62D7F2AA551BEADB06F8778E834BD3BDC

File Size: 2.79 MB, 2793472 bytes

MD5: a09d343bc4a41e20d3bf84ca52f288d1

SHA1: 0e62691adcec8d54daf12b4b06f6ea48ff78afde

SHA256: C855C74D0D56C6929E8C4C0C1614662A2FC984BCDFCEA0C0764D52BAF6918AC0

File Size: 667.65 KB, 667648 bytes

MD5: 13d98f3785ff6dc71b2379048b46a2b1

SHA1: 81f7ddcc80f97cd18c7534ae61ed2941d993acea

SHA256: E29E7CD4CC83E90CE6C53A3537D10733CA6E6C24F5D309B39654E4387E96952F

File Size: 4.19 MB, 4189688 bytes

MD5: 3f4c26cfe298a3caf2f1638f8960dd14

SHA1: 2265c26d7713d3d47a5c39964c77f4076f65969b

SHA256: 6BD0AE7F6D1DE6EEA606D7C9EB454144B5FF5483FAD6DBE3AB5FFF46651EF5BB

File Size: 70.76 KB, 70756 bytes

MD5: 10c4633b222ed1d93a1b3560157ece99

SHA1: 713218bb46e384c00e778e03955155e42e8a671e

SHA256: 50500636332FB05FB59258C59E8310BA27B1635B7924003C1DEAC1FB63B2281E

File Size: 1.64 MB, 1642496 bytes

MD5: b10fb13407aaa0cd6d014b4d7f480446

SHA1: 660b6c66c34fa6b5edcbd354eae050add8fc818f

SHA256: 0BFEA0F3800A756A0FF6702F67CE93D999F5F83B695B122EF1D11CA619E57E33

File Size: 1.42 MB, 1418863 bytes

MD5: 6a37047b5c79a215077b38faacc8c777

SHA1: fe08538b47e4c695e7af02aa840a039196e6958f

SHA256: FF5FD02C6080E3C8FAD4508E70A325662115A426ED616660F52D966265815412

File Size: 708.61 KB, 708608 bytes

MD5: f31e1a3cf83a692b6b4db920d213ab87

SHA1: 8da31ae1d3eeb1706b77331082ec8e767745da84

SHA256: 1A697644A0255FF5AC84DD8CFD108F84846B3131FA53EBCB92F004DEEFB726CC

File Size: 421.01 KB, 421010 bytes

MD5: 808fd8db8ff0b4df329d62f1b5b8906b

SHA1: 5a87c6a25d6b5b2b9960a035638e08af064a6e93

SHA256: CED9806BA50E5C52E1E9E87AB338F12D0F31AC8747D0589B2ADAC27B8DAB0A83

File Size: 49.15 KB, 49152 bytes

MD5: eddc4748c1bc1a2b47d6a85c6891937d

SHA1: b53f6d47dc0d56cfce4cd6d2b975c552b2869126

SHA256: 07C48069548665CE4401410063291889DD7D2A8D90D447AF320D69F0A8B2DED0

File Size: 1.03 MB, 1032704 bytes

MD5: 6d9694aff9d4b95b4f52201d6b284d17

SHA1: 24e974e75a484a329ff954e6eb0e12cc65fb9546

SHA256: B188E8C4A7E0FF81FDB29F4FC6B36FDC48C30B22AC31B1EA088B17B383C89A7B

File Size: 11.78 KB, 11776 bytes

MD5: 00df36f67ecaee6242be41af7acc3c7e

SHA1: cef496e63834980d92b3fbfc3c3adbf96b1cbd31

SHA256: 36520BAFF4270D202CD11EA43597E8C32EC61AB9AE7A9F15222563CD6024E3B6

File Size: 2.54 MB, 2538512 bytes

MD5: 3349f75a50426fcd8fcf95c69b63d608

SHA1: f0971d78ac079258f540d844f1f21e3f31589bae

SHA256: 7907A6D779A9FD1760305D72149B75B316BA71253F585F6A65DB25642F6D647B

File Size: 3.68 MB, 3680256 bytes

MD5: 40aa366806e9506814c7dd9b04d064ac

SHA1: 52b489777932eef0033b5c34a38391a53c9491fc

SHA256: 15D48FE933988D8BDC3C3890B18152ACD547B775C076DDBA06957F589832986B

File Size: 584.35 KB, 584352 bytes

MD5: 41912679366056034172f9b5ecd50773

SHA1: ad1fffbd86d6fe047f564e0fdeb73b5b537ad63d

SHA256: FC2784E6D052EFDA809E890AD496A89F9FC20D04845DCFBFB61BBECD1D1EA77F

File Size: 688.97 KB, 688968 bytes

MD5: 73b5e384035e116355d2714871155efe

SHA1: 6a5d4efd9d49eb3471a5990733542331af3f6860

SHA256: 56ACC12170C6AEC8B6CFDE59616804907A27A1090F7E39CBAEF1F07A8E66704B

File Size: 702.86 KB, 702864 bytes

MD5: 48206efce60eb3ff5f41cffdd2cb8a39

SHA1: 61688b961798c0085e19365f79f963964683f8c4

SHA256: 24D6E383500CAF48058FAE5FFDDBBCD8BB851B4DC6F9E28C45A0438614EBDF7A

File Size: 6.79 MB, 6791168 bytes

MD5: edcb66fb463f9b3fe256c7a1fc081f48

SHA1: b235034ca125c0492b804f5f51b220ac1287dab1

SHA256: B6ED3AF8BF7082A9C57140F9E1367EFFC4C196A0B092DED4BA8512A08C7AF94E

File Size: 1.62 MB, 1622016 bytes

MD5: 8a8c5e5ceacf8e8c3b0b9c5ee897530e

SHA1: d02e807d35a87bae2888b10c06bd2abada21b4ba

SHA256: 54DF0F6DB6CBBF97C7B1C4C4DF058500690756A9CA1ABF06B63E1C1751C3F1B5

File Size: 392.70 KB, 392704 bytes

MD5: 69575bcdb39c150d3b91c15bcc818766

SHA1: 223e335f830c30354dc474c8b85a2e5c20fece0f

SHA256: 87D9995950094CFADC62F0E549FF1C0BF81E2165A6EE3EC49B798304B9A44E51

File Size: 118.27 KB, 118272 bytes

MD5: b5cae2a7722ddfe7ca2c2ee19e2083a6

SHA1: 34765df6ed4f86872044cff117c2db9b601d0ef3

SHA256: 588F2136180558C2D6763D3F10DF0F7F239526F4F33D287944CB2663D2361E0F

File Size: 217.60 KB, 217600 bytes

MD5: 347ce8e928d8c5e813940b89fb586eac

SHA1: 8f0b74235b11d022889eef387d539e4f97d33aef

SHA256: 96AA961AE7ED13A40CCDC37467F627A47D1B44845BC1165EB19E465B004A1A01

File Size: 717.13 KB, 717135 bytes

MD5: b0a83aa0be965972e75810defd712c13

SHA1: 417295b0555cd5b98c94c884517ca247b958aaa5

SHA256: B26E314E35E2E157EAE7D3674CA1FEDAE7FF981FF11CF6DE4E18627648805C09

File Size: 1.07 MB, 1073664 bytes

MD5: b1b0801745b282ce7e4c2aefe4d196a8

SHA1: 3d53125a098be812edba44e8e8fca380240a7e30

SHA256: 8F069933F6B522B18861C803136BF8920D0E45826C9D84DF19ED6C4F4BA645CE

File Size: 9.93 MB, 9925136 bytes

MD5: 3d122d2f24714dd9ad050a487fdef4b8

SHA1: 02e33a84cc43bc3e0abac443bcf5249f87528d77

SHA256: 3F452AEE21A00A0558B78FC610F84D4B7D7A35DB72B53650D63E88B9DD56FE3B

File Size: 7.91 MB, 7914096 bytes

MD5: 12cfaf5e4d65959f549222d8649c59aa

SHA1: d4f114500e810c122eac9d5909b4faa9751c8727

SHA256: 46194153D980CCE2B5B19E0D1186B25BA381693FC0330A0250B739CD143E2D8B

File Size: 163.57 KB, 163575 bytes

MD5: 777ffa145bba8558f58b7480355458f7

SHA1: d9a2593de2e3d0a7ee415ae350f95e879a168422

SHA256: 0CFF61E400DF4D8F018AFEB505232CE005BC28E4905D6A0C93E3110F184DFB71

File Size: 8.09 MB, 8089570 bytes

MD5: efa4c18597eaa9d237d65650f9c29162

SHA1: f9ca69bb05b0da2f7884de817a2fd0afb0c1e38d

SHA256: EDE4406BA4E9E9513A00C783F72B43920BDAFCCB632F26DAD1946DA590C097AE

File Size: 5.80 MB, 5798102 bytes

MD5: 91fcd75eb27b3b4fba4cfa47723e0ae6

SHA1: 84866ce1d176e4348b9fb1480eb18391f9b78f51

SHA256: FE78B8E903965F5A2BECCEE6505DE2DF95853B84B010949431421472DF6517FE

File Size: 876.54 KB, 876544 bytes

MD5: 864b5f1075ad860cb8b60a6de27dd8ca

SHA1: e5c0ed55d8ddeeaf8e1544328efeb9cb61e6f6f8

SHA256: 07564AD42D0843837E0D69986F990BB8B8C2F2D9DC4700486CB3A18561F2ADA7

File Size: 2.19 MB, 2187295 bytes

MD5: e3f13004df627f354d9e3c9d40798b6c

SHA1: 81dfd61f36c668bbf75facf873ea995dec8f9e8a

SHA256: 74AE42E6F91703A1CCCEDE31F465FA7ED300923766FC95AAAA32988DDA461A4B

File Size: 354.30 KB, 354304 bytes

MD5: 66587c0dbaf7985aca8eac20b0b03713

SHA1: e92d764a546eb759c6b1f4a9953fbd4033bcaa70

SHA256: ECD67FCA11F7D69986C4BC6542240D14A65D2972980C99920E51C21078DD7B6D

File Size: 99.84 KB, 99840 bytes

MD5: ce9fe3b5d4f67e4e9d241559732ca5a8

SHA1: 01b7798d84986d1c1d68fcff1d39b7656456ccbb

SHA256: 3B3BAB22967C3E2D85237C815A5CCDD3E0EE4CBFEE41EBE8B75126E38FD2C963

File Size: 242.46 KB, 242456 bytes

MD5: d4a796bd90c658dbb0a11e7caa5507fc

SHA1: cbb796619d06f34f74a949cc14bf63d9d7a431fd

SHA256: 54418A49899C17F023B35D1EC4BA27CE2B5208A7AB4AFC4C177602BE169ABE6B

File Size: 2.14 MB, 2138112 bytes

MD5: 05ce3b23c12aee2f53f3152ee771f3c9

SHA1: 7d3f266bef050dba7990d63cf082334974f82dfd

SHA256: E39D53B9DC77AC6949510BB27D735D538D78DFCB5142C6E88EDC75C7C02C7814

File Size: 913.41 KB, 913408 bytes

MD5: 8cd8233c15df4879aefebd8fc3675f19

SHA1: 30d8a27842ebc29f69c3786c21ef31ec80c9e29e

SHA256: 6613D64BFD8E530AA9B566DFA6CAF6DB25FE0B20ABA0B85E2101B1D6ECA7A439

File Size: 565.28 KB, 565280 bytes

MD5: 27ecde16d9b39904f22697c603aacff5

SHA1: 49bb0decea04ebaa2ca538de981a18311dacaec8

SHA256: 03C873D28EC65DA331FD175EDFFCA4E05F4535E64CDD2888F033111D2ADCA962

File Size: 461.99 KB, 461991 bytes

MD5: bbc8e145957305deea3bdaac381721e0

SHA1: e2e2c3c0369322a3212a67eacf6d2e25de203f03

SHA256: A8C36C583E9C8DC5FECAB66B1FE0637311EC5913CC28D4D6DB35B3C5AB66910E

File Size: 1.77 MB, 1768619 bytes

MD5: 308d90bcbc6b90da0abe71f650a7cf10

SHA1: 84fef553eea3e13f68ff1afca2bf7077561bace0

SHA256: 710BBA3F09CDC2F29EC98C817F23623A1C0CB25C722E6A875DDC3FA45D2DD83B

File Size: 11.78 KB, 11776 bytes

MD5: aa0c63ea4524f5874d187b2478e72f46

SHA1: 57bd621b50aa9ec72e3c204b10de81742180b8f5

SHA256: 2551E5FD855C21FA4264242854B13850BEBCA5E680BB3EA4F68A4F7678285E1E

File Size: 4.39 MB, 4394794 bytes

MD5: 7b9a5dac04815c5be6850e8e3616544b

SHA1: 20117b545cbd38a303a791247bb1a5fbff83ede9

SHA256: 58F2FD5E1D5FFDCBF9DC1780D39DC36BE790E00EDD8ACA44E430B19D30D41527

File Size: 7.68 KB, 7680 bytes

MD5: 1504087b08f5a0f3cd505971229d51e4

SHA1: 33e9ca006ad61169a1ad2f03b1b2e7463d69315d

SHA256: 4519E88049371D562D4A932F4701A81DA6360F84D30A8215A1401EF94CE4669B

File Size: 4.78 MB, 4776953 bytes

MD5: 5c8fa3bfa168e70de59ff52855cb7f28

SHA1: e1cb0fd6119e04d6fb2c66304b95b66611c62acb

SHA256: 8C1D6047019FAD4D97868C8978F754C84B404C75C834B4A6EA05BCF4DBDFD3E8

File Size: 9.39 MB, 9391616 bytes

MD5: 430d6c91002adab6c0a0c866660d8a73

SHA1: 9e4d8e369bc7e25d331999d500e71809c50f7a0d

SHA256: DF5A62B10813F10E62D6C7ED6EF5A2519B1BE839D86C6961671B0A958FEDB46C

File Size: 2.05 KB, 2048 bytes

MD5: 42116e8950baf647002f8682c982c6da

SHA1: 3c1841e2e444fb9bfd6edac7d99a23aa52a1fc25

SHA256: 846EAB4C17041BDAB2CF0DF94F8391C9442177DAF838E08EC8754AFEB498293A

File Size: 2.98 MB, 2982400 bytes

MD5: 405d46efa1be4d262d98539a6b7b9922

SHA1: 7097317d6fa1efb1fc0a6f6ede0b631675345802

SHA256: C26E2015A2A51633B57EFE16DC5D4B5D86C3BD26FBC54B2F01AEB9D9388CC720

File Size: 2.33 MB, 2327552 bytes

MD5: 564042851761b6cac8b8565e15b36ad6

SHA1: 5637165a379caa4f15722baa9f68e61869b05fc1

SHA256: C2445BA1609177A8840F7B353DEB2FE646871D3911AA2C554E39EA001B539A9C

File Size: 8.83 MB, 8828928 bytes

MD5: 0c78dbb9ed970241465a26e9b01e090f

SHA1: 5228a718f1b8261b8ebe8756eb36a7cea5b6dc27

SHA256: F4E82A45B61F1040A3273800C6935416B6AC4F88AE6EE0DAE3483BEED07103C8

File Size: 36.86 KB, 36864 bytes

MD5: 33e3b89f5cc9a2aeb21bd16a17b4acfe

SHA1: 72491410142d59f1179a14aaf765dfb5f5050aed

SHA256: DE1DC9CC3760D08316C4BDDDB6274ABFB3E44F720D52E0E9D6987586EAD27ECD

File Size: 8.23 MB, 8227328 bytes

MD5: 71bb065f868be7b7065f24a3c1dcf33e

SHA1: 2183e8e521b191f3c1b30837b3d9538337fb63b7

SHA256: C2253A5934EED810795FB30A2A605A4BEE4DB9B459F97A75DEDE8DBABCD10A6A

File Size: 4.98 MB, 4978192 bytes

MD5: 65ca01e0b373e45b453ed0f6c846c069

SHA1: 033f918a8397e3bd2958bea7e4b21b77b4510477

SHA256: 8FF30250C95468A6DE33EEBEBFAE3DA9E5B36CEAEE4A31A86D168397C5452E4F

File Size: 9.38 MB, 9380740 bytes

MD5: f4a57e08cfa980c0050cabb42292395a

SHA1: 14a68ecf5822de75489257c37f6b96275b4cc11d

SHA256: FDBEE4788CC2915C299DDE33BB61D87F9F17BCAA95AADA0B695BA6037578FF4D

File Size: 2.62 MB, 2616336 bytes

MD5: b4e4b7fe5d7f1a8311b60cac36462510

SHA1: 5bcd00f0c69c2c13c19a60a349d928277653315c

SHA256: EE1FBDA2D6379B40615964EA5AEBDF1B097062CBD7CFCAF01E6C565E67906A26

File Size: 67.50 KB, 67496 bytes

MD5: ad0e835001774e1c7c03ff3b5aa98c4a

SHA1: 786fce8a74c70e191a1ed406c5c6dc214d27ff80

SHA256: 7D7BD3C2FBCB433DDEBAB78F4AB187D9058C232543CC7C646B3D0C60C0EF6DEB

File Size: 297.37 KB, 297366 bytes

MD5: 0a74a150d477640cd8b6dd1cedd9621f

SHA1: fac04c4c339c6a13914abeb120c5e62fa23496ed

SHA256: B0ADACFD69478ACC4F6B40FF126AA1359AEBECBA5AE760A4F738C025182B8901

File Size: 5.99 MB, 5987678 bytes

MD5: 0870c2967f4a7365cb9a5b6b7966c609

SHA1: edd59c2a1a897040ad89d42ee47c2d3f6568c057

SHA256: DD04B0CB31EC978555417432DD37ECBCEBC63380D6DCE4183844C9B3390B7D0E

File Size: 3.97 MB, 3969024 bytes

MD5: cf0d0c112bdb1ac78b25b6c4d5dacf5d

SHA1: d70f7131d02d085fd64cead9eb139f152bb3d962

SHA256: 5A71D1FBFFC0782669DF76A70541D5C23673AB4274D2C7621991583BC66C5B0B

File Size: 356.35 KB, 356352 bytes

MD5: 5a64fbceba4f2313753c262c1e840234

SHA1: 7332c58ed7aca01c27d1038ac6e76866fdb3f72e

SHA256: 3F8F76FB91AF8C21DD0B636C2D182052332A5C0E57AF51B21BDF4B02B879FB14

File Size: 6.04 MB, 6037504 bytes

469 additional samples are not displayed above.

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application

File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

987 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Assembly Version	4.0.0.2 2.3.7.5 2.1.0.2 1.3.11.0 1.3.10.0 1.1.0.0 1.0.2.6 1.0.0.1 1.0.0.0
Assembly Version	13.09.2016.1
Author	Gabriel Topala Michael Soderstrom and Christopher Kirmse
Autor	Adam.Lesien@bresa.com.pl
Build I D	20210129155428
Comments	(416)-733-9743 3 A diagnostic application for Alfa Romeo vehicles. August 1, 2007 Author: Mazov Gosha Beta version BOSCH MEDVC17 TC176x / TC179x / TC172x - ALL BRAND Calculo de resistencia CD Dumper CDMenuPro CD-Start Show More Componente Timer Café CONTINENTAL SIEMENS VDO M3C / M4D / M4C / Easy-U1 - DUCATI Created by BLACKFIRE69 Created with AutoPlay Media Studio (www.indigorose.com) Created with Setup Factory Created with Setup Factory 6.0 DENSO RENESAS - ALL BRAND Developed and written by Quik Series Ltd Diag Focus For additional details, visit PortableApps.com format-experts serial tools Gamear Client Extension GOM Player Setup File (2008-04-24 오후 2:48:51) GOM Player Setup File (2010-02-26 오후 5:56:27) GraphicWorks 5.0 http://www.emerge.de http://www.wealsoft.com idNet Imagem Installation program for the VAG-COM diagnostic software. InstallScript Setup Launcher Unicode Instaluje oprogramowanie diagnostyczne OP-COM. KaraBox Remote Control Services LoftyBot Multiple Arcade Machine Emulator for Win32 Packed portable application inside RDGSoFT Sarin Low Level Componenents Shareware Software installer by Andrew Volanandriana Lucien A. Splitter This application was created using the student edition of SWF Studio. Commercial distribution is prohibited. This installation was built with Inno Setup. This installation was built with Inno Setup: http://www.innosetup.com This setup code is the property of Indigo Rose Corporation Tool for creating packed application UniKey Dynamic Library Unlimited version Versín 1.0 Video-ke Visit our website http://www.ssware.com for latest updates www.abritus72.com www.avsmedia.com www.dbf2002.com www.mp-cheats.net 佳能单反相机联机拍摄控件宽带认证客户端本程序使用易语言编写(http://www.eyuyan.com) 破天辅助YH版键盘检测工具 곰플레이어 설치 파일 (2008-04-24 오후 2:48:51) 곰플레이어 설치 파일 (2010-02-26 오후 5:56:27) 원작 : Godtype, Star175. 한글화 : 레가시.
Company Name	(주)그래텍 A.S.L Software abc Abritus72 Ltd. Acesso Fácil Adlee Software Adobe Systems Incorporated Advanced Utilities GmbH ANIM Antimacro Show More Aone Software ARCHON+ Armada Tanks Armjisoft DRM Systems ArmYofOneEngine Artogon Studio ASCARON Entertainment GmbH Auto-M3 Ltd Awem Studio AWEM Studio BattlEye Innovations BLACKFIRE69 Blue River Bradesco Brother Industries, Ltd. CDMenuPro CMD Technologies srl CnCLab Cocodrilo mp-cheats.net CPUID crack-westernpips.com Crystal Squid Ltd. CSIS Security Group Dane Prairie Systems, LLC. DATA BECKER DATA BECKER GmbH & Co. KG Dimsport S.R.L Dimsport S.R.L. Dlubal Software GmbH e-merge GmbH EC Computing Solutions Electronic Arts Inc. Elite ElSemi emu8086 Enel Enrico Schiratti Epagri ErgoSoft EvJOSoft.com FAD Softwares Feitian Technologies Co., Ltd. FileSharingZ Focus FreeTP.Org - Floor44 Multiplayer Fix FrostLabs Software G&G Software GAS Tecnologia Grass Valley GRB Gretech Corp. Gretech Corporation H. Stoll AG & Co. KG hcjm Hewlett-Packard Company hftland.com HiBase Group Honeywell Inc. http://127.0.0.1:8989// IGC-Network IGE+XAO® Indiepath Ltd Indigo Rose Corporation Indigo Rose Corporation http://www.indigorose.com Infinity Team Intelliclick Informatica Internet Testing Systems IObit Jumbox_Music KaOs Krew 2023 Koei Co. Ltd M.I. Montreal Informática Ltda. Macromedia, Inc. MAME Team Marco Polo Microsoft Microsoft Corporation MONSTERSOFT Mt2 Entertainment N/A NCH Software Neoprot Technologies LLC NESYLINE di Patti Pasquale Nicolas Coolman NTWind Software Nufsoft ON BYTE® FORMAÇÃO PROFISSIONAL Online Media Technologies Ltd. Panopreter.com PortableApps.com 58 additional items are not displayed above.
Created By	g3n-h@ckm@n
Email	contact@sosvirus.net frostlabs@xhost.ro
Entreprise	SosVirus Software
File Description	abkettelnkaw Dynamic Link Library ABRITES D-PDU API Acesso Fácil 2015 Setup actuareg Adjustment program for EPSON Inkjet Printer / Scanner Adobe Update Manager Advanced XLS Converter Age of Empires II AlfaDiag Alien Stars Show More Anomaly 1.5.3 Setup ANSTOSS 2005 Antimacro Appacker's Packer tool Asystent BattlEye Launcher BB5EasyServiceTool Big Bang West BlackScreen BlindRead CD Reader Boeing-Type Glass Cockpit by Maher Fattouh CaptureWizard CardBlaster by Marco Polo Cargador para injected 7 CDMenuPro Business Edition - CD-Start ChangeIcon MFC Application ChkSum Add-on Client Extension cls-bcmx.dll ComboFix NSIS Installer CPU-Z Application Custom Installer Ultimate v3 DBF Recovery Setup DBF Viewer 2000 Direct driver preloader Dlubal Library 1.26 64-bit Edius Pro 8 FIX-3 eeprom MFC Application emu8086 microprocessor emulator Setup ErgoSoft PosterPrint 12.0.6.3433 update Setup Exdb MFC 응용 프로그램 ExEinfo PE - Win32 exe identifier Express Zip File Compression F.A.D. Softwares Feeding Frenzy FileView ActiveX Control 4.3 Floor44 Focus for windows & doors For rf online 2232 Forza Horizon 5 v1-3.538.198.0(Steam & UWP) +22 Options Fotoalbum Gamear Client Extension Game Client Extension Game Extension Geburtstagserinnerer GIF Maker GOM Player Setup File GraphicWorks 5.0 GTN Simulator GTN Simulator - XPlane GunBound Hacha HardwareLaserMarking DLL hasp_windows Heimdal HLTV Launcher Honeywell AMINES DLL HotBuckUp Icons Look idNet.Imagem.Captura IGE+XAO® Software installer Instalator OP-COM Install Installer of EasySetup (ZIP) Internet Banking Helper IObit Uninstall Tool Juego Portable KaraBox Broadcast Live Server Kazaa Lite Resurrection Key Driver KG Killer L2Lige Setup Layout & Editing Lender's ToolBox v9 Setup program LoftyBot lol see MFC Application Macromedia Flash Player 6.0 r23 Map3Diag Matrix-Crypt for Win9x/NT/2K/XP MBLoader Medal of Honor Allied Assault Metin2Client MONSTER Multiple Arcade Machine Emulator for Win32 musaviahmad952@gmail.com myAC.Client myvcinpl DLL Napigator Nature Studio 92 additional items are not displayed above.
File Extents	igl
File Open Name	Módulo de Proteção - Infoseg - Senasp npigl
File Version	V12 'Trident II' Build 20100110 v4.00.105 R460.1 Outil de diagnostic Geburtstag Pro Edius Pro 8 FIX-3 090820b 2021.3.9.11352176 2015.1.0.0 2015 Show More 2013.0.0.0 2008, 12, 16, 0 2008, 09, 03, 0 311.3 51.52.0.0 25.8.23.0 24.0.1.0 23.10.2.0 21.5.1.0 20.2.3.1 20.2.3.0 20.2.2.5 20.1.3.10 20.1.3.8 20.0.0.6 19.11.04.01 19.2.3.12 19.2.1.6 15.07.31.01 14.05.19.01 14.03.04.01 14, 582, 0, 0 13.20.0.3689 13.9.2016.1 13.06.05.01 13.05.13.01 13.03.24.03 12.10.25.02 12.8.3 12.7.0.249 12.4.0.7 12.07.07.04 12.06.13.01 12.03.14.01 12.02.03.02 12.02.01.01 11.12.06.01 11.10.20.03 11.10.13.01 11.10.12.03 11.10.12.01 11.2.2.0 11.09.21.04 11.09.03.01 11.08.31.05 11.08.29.03 10.23+ 10.0.26100.3037 (WinBuild.160101.0800) 9.42 9.4.0.0 9.1.0.0 9.02.221 9.01.246 9.01.054 9.0.26297.0 9, 7, 4, 0 8.0.0.0 7.40 7.2.7 7.0.0.0 6.1.5.7 6.00.9802 6.00 6.0.1.4 6.0.0.0 6,8,028,1 6,0,23,0 5.65.1194.0 5.00.2314.1000 5.0.1.4 5, 5, 2, 818 4.1.0.0 4.1.0 4.09.00.0900 4.0.0.186 4.0.0.8 4.0.0.2 4.0.0.0 4, 3, 0, 1 4, 0, 0, 0 4, 0, 0 3.61.3.89 3.25 3.8.2.3 3.7.3.45 3.2.8.0 3.1.5.0426b 3.0.4.24 3.0.2.94 3.0.0.66 102 additional items are not displayed above.
Full Version	25.71-b00
Home Page	http://www.gtopala.com
Internal Name	ABKETTELNKAW actuareg3 Add AdjProg AdobeUpdateManager Advanced XLS Converter AlfaDiag.exe Alien Stars AMINES.DLL ams_runtime Show More ANSTOSS 2005 Antimacro.dll api.dll ARCHON Asystent Aula19 AVDI-VCI BEST bigbangwest BlindRead Bradesco CardBlaster CDMenuPro ChangeIcon ClientAPI CliExt cmdprot ComboFix.exe cpuz Crhysler_V21.exe CSIHelp DBF Viewer 2000 DBGCORE.DLL dBuckUp.exe Defenseurs De L'espace drcomauthsvr DRV.exe DSChecksum.dll DSCK0094 DSCK0115 DSCK0121 dsetup.dll ducati-console EasySetup - InstallerZip eeprom Ekd5 Electret Embedit.exe EMPIRES2 EosCtrl.ocx Exdb ExeinfoPE.exe ExpressZip Feeding Frenzy FifaGuide4.exe FileView FluentApi Focus Forza Horizon 5 v1-3.538.198.0(Steam & UWP) +22 Options Fotoalbum GIFM GraphicWorks 5.0 GunBound hacha HardwareLaserMarking Help HLTV Launcher HUN73R IconsLook idNet.Imagem.Captura.dll IGC.DLL igLoader Info irsYviNtoHmtCanioWDvGmvGmHmtCaioL3.exe issystem JianYing.exe jvm KBBLS KeyboardTest KG Killler.exe L2Servers.dll lol see Macromedia Flash Player 6.0 MAME32 Matrix-Crypt for Win9x/NT/2K/XP MBLoader.exe MD8Emu1 Metin2Client MODULO5Clave MOHAA mono.dll MSICompat.exe MSVBVM60.DLL myAC myvcinpl Napigator Nebula NitroPC npsf_isg.dll Office2013_UC 65 additional items are not displayed above.
Legal Copyright	(c) 2001 (c)2006 Trutia Alexandru (c) 2008 Thorsten Hoeppner (C)2016 http://www.vcap.com.cn 保留所有权利。 (C) 2024 LoftyBot (c) GRB 2oo9 (C) Internet Testing Systems (C) 版权所有 1997-98 e-merge GmbH 1998,1999, 2000 (c) Adam Lesień Show More 1999 VSO Soft 2002-2009 © HiBase Group 2003 - 2006 2007-2016 PortableApps.com, PortableApps.com Installer 3.1.1.0 2025 A.S.L Soft Abrites (C) 2011 all copyrights reserved @2025 Anim Copyright (C) 2018 Antimacro ARCHON+ Banco Bradesco S.A. BLACKFIRE69 Copiright (c) Dimsport S.R.L 2000-2020 Copyright (c) 1996-2003 Copyright (C) 1998-2003 Copyright (C) 1999-2016 Copyright (C) 2000 Copyright (C) 2000-2004 Klaus Schwenk Copyright (C) 2000-2005 Webzen,. Inc. Copyright (C) 2000-2007 Ross-Tech, LLC Copyright (C) 2001 Copyright (C) 2002 Copyright (C) 2003 Copyright (C) 2003 by Mazov Gosha Copyright (C) 2003 DATA BECKER Copyright(C) 2003-2008 Copyright (C) 2003-2009 Auto-M3 Ltd. Copyright(C) 2003-2010 Copyright (C) 2004 - 2005 ASCARON Entertainment GmbH Copyright (C) 2004 Aone Software Copyright (C) 2004, DATA BECKER & PAW-Software Copyright (C) 2004-2006 Xilisoft, Inc. Copyright (C) 2004-2008 Copyright (C)2007-2008 Solution Softwares. Todos os direitos reservados Copyright (C) 2009 Copyright (C) 2010 Copyright (C) 2010 - 2022 Panopreter.com. All rights reserved. Copyright (C) 2011 Copyright (C) 2013 Copyright (C) 2013-2016 SosVirus Software Copyright (C) 2014 BattlEye Innovations Copyright (C) 2015 Copyright (C) 2015 Koei Co. Ltd Copyright (C) 2016 Copyright (C) 2018 Copyright (C) 2020 CopyRight (C) 2021 - RealZeal Soft Copyright (C) 2023 CnCLab Copyright (C) 2024 Copyright (C) 2025 Copyright (C) Abritus72 Ltd. Copyright (C) Dimsport S.R.L. 2000-2020 Copyright (C) Gamear 2024 Copyright (C) Microsoft Corp. 1981-1999 Copyright (c) Quik Series Ltd Copyright (c) Rocket Division Software, StarBurn Software 2001-2010. All rights reserved. Copyright (C) SEIKO EPSON CORPORATION 2002-2007. All rights reserved. Copyright (C) Vanganth 2015 Copyright 1996-2021 Brother Industries, Ltd. Copyright 2012 GAS Tecnologia Copyright 2016 Copyright ?1998-2003 Adobe Systems Incorporated. All rights reserved. Copyright ? 2008-2010 Copyright ? 2019 Copyright ArmY of 0n3 © 2022 Copyright Derek Goslin. Copyright Tanuki Soft, 2015, All Rights Reserved. Copyright © 1987-2000 Microsoft Corp. Copyright © 1994-2008 by E. G. Collins, Metairie, LA U.S.A. Copyright © 1996-2002 Macromedia, Inc. Copyright © 1997-99 Nicola Salmoria and the MAME team Copyright © 1997-2018 H. Stoll AG & Co. KG Copyright © 1998/2001 by Software Protection Labs all rights reserved Copyright © 1999-2003 Speedsoft Copyright © 2000 Copyright © 2000 Indigo Rose Corporation Copyright© 2000 thirty4 interactive Copyright © 2001 XaG Copyright © 2002 Copyright © 2003 ElSemi Copyright © 2004 Crystal Squid Ltd. All rights reserved. Copyright © 2004 DATA BECKER GmbH & Co. KG Copyright © 2004 Sprout Games, LLC Copyright © 2004-2008 Gabriel Topala Copyright © 2005-2006 Awem Studio Copyright © 2005-2007 Copyright © 2005-2018 Honeywell Inc. Copyright © 2006-2021 Sistemas Mexicanos de Diagnostico Automotriz S.A. de C.V. Copyright © 2007 AWEM Studio 63 additional items are not displayed above.
Legal Trade Marks	g3n-h@ckm@n
Legal Trademarks	- 1997-98 e-merge GmbH Abrites Adlee Software - Asystent All rights reserved ARCHON+ ASIO & VSTi technology Copyright © Steinberg Banco Bradesco S.A. BLACKFIRE69 Copyright © 2004-2008 Gabriel Topala Show More DBF Recovery is a trademark of HiBase Group Dr. Software Indiepath Ltd Infinity Team (c) IObit KARABOX Macromedia Flash Player Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation MONSTERSOFTGAME Panopreter PE-DESIGN 11 PortableApps.com is a registered trademark of Rare Ideas, LLC. Project Magenta Glass Cockpit Quik Series RDGSoFT Recover4all SecuTech Solution Inc. Setup Factory is a trademark of Indigo Rose Corporation. ThunderSoft GIF Maker UniDream PhotoPlayer VSO Soft WhoCares
Legal Trademarks2	ReWire technology Copyright © Propellerheads
Legal Trademarks3	DXi technology Copyright © Cakewalk
Legal Trademarks4	Ogg/Vorbis Copyright © Xiph.Org
Legal Trademarks5	FLAC Copyright © GPL/LGPL
M I M E Type	application/gas-ibh-isg\|application/gas-events-isg application/vnd.igloader
Original File Name	ComboFix.exe
Original Filename	ABKETTELNKAW.DLL actuareg.exe Add.dll AdjProg.EXE AdobeUpdateManager.exe AlfaDiag.exe AlienStars.exe AMINES.DLL Antimacro.dll api.dll Show More ARCHON.exe Asystent.exe Aula19.exe AVDI-VCI.DLL AVS Capture Wizard BEST bigbangwest.exe BlindRead bokudaka.exe CardBlaster.EXE CELib.dll ChangeIcon.EXE ClientAPI32dll CliExt.dll cpuz.EXE Crhysler_V21.exe CSIHelp.exe DBGCORE.DLL dBuckUp.exe dbview.exe Defenseurs De L'espace.exe drcomauthsvr.exe DSChecksum.dll DSCK0094.DLL DSCK0115.DLL DSCK0121.DLL dsetup.dll ducati-console.exe eeprom.EXE Ekd5.exe Electret.exe Embedit.exe EMPIRES2.EXE EosCtrl.ocx Exdb.EXE ExeinfoPE.exe ExpressZip.exe FeedingFrenzy.exe FifaGuide4.exe FileView.ocx FluentApi.dll Focus.exe Forza Horizon 5 v1-3.538.198.0(Steam & UWP) +22 Options Fotoalbum.exe GifMaker.exe GraphicWorks.EXE GunBound.gme hacha.exe HardwareLaserMarking.DLL Help.exe hltv.exe HUN73R.exe IconsLook.exe idNet.Imagem.Captura.dll IEToolbar.DLL IGC.DLL Info.exe InstallZip.exe IObitUninstaller.exe irsYviNtoHmtCanioWDvGmvGmHmtCaioL3.exe issystem.exe JianYing.exe JNN SR.exe jvm.dll KaraBox Broadcast Live Server KeyboardTest.exe KG Killler.exe L2Servers.dll lol see.EXE MAME32.exe MBLoader.exe MD8Emu1.DLL menu NISSAN.exe Metin2Client.exe MODULO5Clave.exe mohaa.exe mono.dll MSICompat.exe mx-crypt.exe myAC.ex myvcinpl.DLL napigator.exe NavegadorExclusivoBradesco.exe Nebula.exe NitroPC.exe None npigl.dll npsf_isg.dll Office2013_UC.exe OpenBullet 2.exe 61 additional items are not displayed above.
Portable Apps.com App I D	XMPlayPortable
Portable Apps.com Format Version	3.0
Portable Apps.com Installer Version	3.1.1.0
Private Build	- 001 1.0.0.1 14, 582 18.02.2014 088 20080903 20081216 build at 2018-03-01 14:48:45.873000 svn17446 CDMenuPro 3.22
Product Name	4 abkettelnkaw Dynamic Link Library Acesso Fácil 2015 Add.dll Adjustment program for EPSON inkjet printer Adobe Update Manager Age of Empires II alco Anomaly 1.5.3 ANSTOSS 2005 Show More Antimacro Appacker Asystent AULA1 Authorized Copy UniKey AVDI-VCI AVS Capture Wizard 1.2 Awem Studio Alien Stars AWEM Studio Star Defender 4 BattlEye Launcher BB5 Easy Service Tool Big Bang West BlackScreen BlindRead 3 Boeing-Type Glass Cockpit CardBlaster Application CDMenuPro CDv 5.2 ChangeIcon Application Client Extension CliExt cls-bcmx ComboFix Comércio e Serviço CPU-Z Application DBF Recovery Dlubal Library EasySetup Edius Pro 8 FIX-3 eeprom Application Electret emu8086 microprocessor emulator Enel Ducati - Widget EOSCTRL EvJO Photo-Image Resizer Exdb 응용 프로그램 Exeinfo PE by A.S.L Express Zip Feeding Frenzy FileView ActiveX Control 4.3 Floor44 FluentApi Focus Forza Horizon 5 Foto-Werkstatt Fotoalbum Game Client Extension Geburtstag Pro GOM Player GraphicWorks 5.0 GTN Simulator GTN Simulator - XPlane Hacha hasp_windows Heimdal Help & Learn Center HLTV Launcher HotBuckUp Icons Look - Icons Extractor Tool idNet.Imagem.Captura igLoader IObit Uninstall Tool JumboxStudioKe KaraBox Broadcast Live Server Kazaa Lite Resurrection KG Killer L2Lige libmono Lite PDF to Word Converter lol see Application MAME32 Map3Diag Matrix-Crypt Medal of Honor Allied Assault Metin2Client Microsoft(R) Windows (R) 2000 Operating System Microsoft® DirectX for Windows® Microsoft® Windows® Operating System myAC.Client myvcinpl Dynamic Link Library MÓDULO 5 NSR-10 Módulo de Proteção - Infoseg - Senasp Napigator Nature Studio Navegador Exclusivo Bradesco Nebula NeoKey Office 2013 Ultimate Suite OLR_3.0 OP-COM 88 additional items are not displayed above.
Product Version	V12 'Trident II' Build 20100110 v4.00.105 v1.538.198.0/STEAM & v3.538.198.0/UWP TeamViewer GmbH SEREGA-LUS REPACK by S.L R460.1 Build 21106 Edius Pro 8 FIX-3 Build 10863307 2021.3.9.11352176 Show More 2015.1.0.0 2013.0.0.0 2008, 12, 16, 0 2008, 09, 03, 0 25.8.23.0 24.0.1.rd 24.0.1.ra 23.6.12.0 21.5.1.ra 20.2.3.1 S 20.2.3.0 S 20.2.2.5 S 20.1.3.10 S 20.1.3.8 S2 20.0.0.6 19.2.3.12 S 19.2.1.6 S 14, 582, 0, 0 13.09.2016.1 13.0.0.0 12.8.3 12.7.0.249 12.0.0.0 11.2.2.0 10.23+ 10.0.26100.3037 9.42M 9.1.0.0 9.02.221 9.01.246 9.01.054 9, 7, 4, 0 8.0.0.0 7.40 7.5 7.2.7 7.0.0.0 7.0 6.00.9802 6.00 6.0.1.4 6.0.0.0 6.0 6,8,028,1 6,0,23,0 5.65.1194.0 5.00.2314.1000 5.0.1.4 5, 5, 2, 818 4.1.0.0 4.1.0 4.09.00.0900 4.0.4.1 4.0.0.186 4.0.0.8 4.0.0.2 4.0.0.0 4.0 4, 3, 0, 1 4, 0, 0, 0 4, 0, 0 3.25 3.8.2.3 3.7 3.2.8.0 3.1.5.0426b 3.04 3.0.1 3.0.0.66 3.0.0.29 3.0.0.1 3,22,4,0 - 25.FEB.2004 3,5,0,0 3, 3, 29, 10 3, 0, 0, 0 2.7.3 2.5.29.0 2.5.28.6 2.5.27.0 2.4.2.2 2.4.2.1 2.4 2.3.7.5 2.2.5.0 2.2.2 2.1.0.2 2.1 2.08 2.0.x (15.07.2009) 2.0.3.0 72 additional items are not displayed above.
Product Version Number	13.09.2016.1
Program Build Number	21106
Program I D	com.embarcadero.BlackScreen com.embarcadero.FluentApi com.embarcadero.hasp_windows com.embarcadero.WebUI com.embarcadero.WindowsLoaderDL
Publisher	g3n-h@ckm@n
Special Build	- 14, 582 BUILD 1001 CDMenuPro 3.22 HeartBeat Presented By GameHouse Presented by GameHouse Release Test Version. Support MD <=8.1 AND >8.2 !!! TT Hack. Irdeto ECM fix
String File Info	runtime.dll
Strona Internetowa	http://www.al.insite.com.pl/asystent
Thin App Build Date Time	20130520 131304
Thin App License	VMware ThinApp
Thin App Version	4.6.0-287958
Unity Version	2021.3.9f1_ad3870b89536
Website	frostlabs.xhost.ro

Digital Signatures

Signer	Root	Status
Hewlett-Packard Company	COMODO RSA Certification Authority	Hash Mismatch
Heimdal Security A/S	COMODO RSA Code Signing CA	Self Signed
Hewlett-Packard Company	Class 3 Public Primary Certification Authority	Hash Mismatch
Sergey Pooshnovsky	Sergey Pooshnovsky	Self Signed
SurfSecret, LLC.	SurfSecret, LLC.	Self Signed

GRETECH	Thawte Premium Server CA	Root Not Trusted
Gretech Corp.	Thawte Premium Server CA	Root Not Trusted
HiBase Group	UTN-USERFirst-Object	Self Signed
Rustemsoft LLC	UTN-USERFirst-Object	Root Not Trusted
Hewlett-Packard Company	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Synacast Corp.	VeriSign Class 3 Code Signing 2004 CA	Self Signed

File Traits

$Id: UPX
.adata
.aspack
.NET
.petite
.sdata
.UPX
.vmp0
00 section
2+ executable sections

adata with ImpREC
Agile.net
AMS
ASPack v2.1
ASPack v2.11d
ASPack v2.12
big overlay
Confuser
Default Version Info
dll
Enigma
Fody
fptable
HighEntropy
imgui
Installer Manifest
Installer Version
MPRESS
MPRESS Win32
MZ (In Overlay)
Native MPRESS x86
NewLateBinding
No Version Info
ntdll
Nullsoft Installer
packed
PEC2
PECompact v0.94
PECompact v1.4x
PECompact v2.20
PECompact v[0.977-1.20.1]
PECompact v[1.22-1.26b]
PECompact v[1.40-1.45]
PECompact v[1.47-1.50]
PECompact v[1.60-1.65, 1.66]
RAR (In Overlay)
RARinO
Reactor
Reflective
RijndaelManaged
SUF
themida
themida section variant
Upack
UPack (Dwing)
UPack (Generic)
UPack 0.57
upx
UPX!
UPX x64
vb6
VirtualQueryEx
virut
vmp section variant
vmp with ImpREC
vmp with ShellExecuteA, no signature
vmp with VirtualProtect, no signature
WinZip SFX
WriteProcessMemory
x64
x86
Yano
ZIP (In Overlay)
ZIPinO
Zprotect
ZYXDN

Block Information

Total Blocks:	12
Potentially Malicious Blocks:	1
Whitelisted Blocks:	1
Unknown Blocks:	10

Visual Map

x ? ? 0 ? ? ? ? ? ? ? ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.AAQC
Agent.DSJ
Agent.EDA
Agent.FUF
AutoHotkey.A

Autoit
BadJoke.TH
BadJoke.XA
Bancos.B
Banker.GF
Banload.AH
Banload.NB
Banload.Q
Banload.XG
Banload.XN
Bat2Exe.F
Bitcoinminer.R
Brontok.A
Bzub.B
Caosoft.A
ClipBanker.J
CoinMiner.BB
CoinMiner.ZA
Dapato.BJ
Delf.BN
Delf.Q
Deyma.G
Downloader.Agent.D
Downloader.Agent.DA
Ekstak.AN
Emotet.AAJ
Emotet.AAL
Emotet.AAPA
Emotet.CDA
FSG.Gen
FakeInstaller.B
Fakon.A
Farfli.FR
Fugrafa.T
GameHack.QB
Gamehack.AAD
Gamehack.PDFA
GhostMail.B
Guildma.B
HackKMS.TC
IEHelper.B
IRCBot.GA
Injector.FHBA
Injector.FHE
Injector.FN
Injector.FZ
Injector.GDSA
Injector.GTB
Injector.HGG
Injector.JDA
Injector.KPP
Injector.KS
Injector.PMA
Keygen.GB
Keygen.Z
Keylogger.KD
Kraddare.AB
Kryptik.FHE
Kryptik.GSJ
Kryptik.XXBA
Kryptik.YFH
Kryptik.YHB
Lamer.CA
Lamer.CB
Lamer.CF
Lamer.E
LegendMir.B
Loader.DE
Lotok.A
MPRESS Packer
MSIL.DllInject.RSC
MSIL.Krypt.BAFJ
MSIL.Krypt.XFB
MSIL.Krypt.XZF
MSIL.PNGLoader.B
MSIL.Spy.Agent.QE
Morto.B
Netsky.C
Netsky.CA
Oleloa.A
Patcher.T
Philadelphia.A
Philadelphia.B
QHost.XG
QQPass.VA
Qhost.O
RBot.C
Rugmi.FC
Rugmi.GI
Rugmi.GL
ServStart.K
ServStart.LA
Servstart.B
Shipup.AG
Small.D

36 additional families are not displayed above.

Files Modified

File	Attributes
\\hebtunshfb\pipe\svcctl	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\harddisk0\dr0	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4b1d.tmp\flexbackup.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5901.tmp\finish.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\_\07	Generic Write,Read Attributes

c:\a9ae.tmp\resestry.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\acf8.tmp\gmc_rel.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\china-drm\pdfreadersts.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\da44.tmp\important! activate mysecureusb.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\common files\synacast\synalive\channelxml\default.xml	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\eroc.dll	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\evid4226patch.exe	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\fwupnp.dll	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\kom.dll	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\languages\1028.ini	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\languages\1033.ini	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\languages\2052.ini	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\mir.dll	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\option.ini	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\pe.exe	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\pwzd.exe	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\synacastewa.ocx	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\ten.dll	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\theme\default.ptheme	Generic Write,Read Attributes
c:\program files (x86)\common files\synacast\synalive\uninst.exe	Generic Write,Read Attributes
c:\program files (x86)\reflexivearcade\channels\4116\channel.dat	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\programdata\bkrrmqyh.coj	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\erbbnmjd.nsd	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\javidic07rl\javidic07rl	Generic Write,Read Attributes
c:\programdata\javidic07rl\javidic07rl	Synchronize,Write Attributes
c:\programdata\mntemp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\rdftdwqz.fks	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\rtmeslt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\quickdiag\g3n.ico	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\quickdiag\g3n.ico	Generic Write,Read Attributes
c:\quickdiag\mbr\mbrwiz	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\quickdiag\mbr\mbrwiz	Generic Write,Read Attributes
c:\quickdiag\mbr\winlogon.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\quickdiag\mbr\winlogon.exe	Generic Write,Read Attributes
c:\quickdiag\pre_scan.ico	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\quickdiag\pre_scan.ico	Generic Write,Read Attributes
c:\quickdiag\smss.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\quickdiag\smss.exe	Generic Write,Read Attributes
c:\speedsfx_settings.tmp	Generic Write,Read Attributes
c:\sstmp\648868be24c94950b5b0a7ce02556f80	Synchronize,Write Attributes
c:\sstmp\648868be24c94950b5b0a7ce02556f80\__0.swf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sstmp\648868be24c94950b5b0a7ce02556f80\__main.swf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sstmp\c4e5070b12ec4aa88e60d6a99dbf3888	Synchronize,Write Attributes
c:\sstmp\c4e5070b12ec4aa88e60d6a99dbf3888\__0.swf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sstmp\c4e5070b12ec4aa88e60d6a99dbf3888\__main.swf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sstmp\c74b99ffa8db4112b2bb2f5c52f1c37d	Synchronize,Write Attributes
c:\sstmp\c74b99ffa8db4112b2bb2f5c52f1c37d\__0.swf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sstmp\c74b99ffa8db4112b2bb2f5c52f1c37d\__main.swf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sstmp\cd181bf69a04428f91e01b3b4de8a58e	Synchronize,Write Attributes
c:\sstmp\cd181bf69a04428f91e01b3b4de8a58e\__0.swf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sstmp\cd181bf69a04428f91e01b3b4de8a58e\__main.swf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\public\documents\pcd1115.l!c	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\.obs32\{38682925-6e02b5cb-e05dbb9a-92e927d9}.6754161863454739256	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\internet explorer\msimgsiz.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_32.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\23067	Synchronize,Write Data
c:\users\user\appdata\local\temp\511e.tmp\b2e.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\55d1.tmp\batchfile.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\5ac3.tmp\b2e.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\5f76.tmp\batchfile.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\!script_patch_for_windows_xp_wow64_function.eis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\!script_patch_for_windows_xp_wow64_function.eis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\anti_inno_verino_unicode.eis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\anti_inno_verino_unicode.eis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\aslscript3.eis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\aslscript3.eis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\aslscript_7zip_fix.eis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\aslscript_7zip_fix.eis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\aslscript_jp2_picture_ripper.eis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\aslscript_jp2_picture_ripper.eis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\aslscript_tpf0.eis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\aslscript_tpf0.eis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\aslscript_webp_avi_ripper.eis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\aslscript_webp_avi_ripper.eis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\aslscriptext.eis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\aslscriptext.eis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\aslscriptext_example.eis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\aslscriptext_example.eis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\dpi_set_true.eis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\eis script\dpi_set_true.eis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\exeinfope.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\exeinfope.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\exeinfopelng.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\exeinfopelng.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\ext_detector.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\ext_detector.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\file_id.diz	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\file_id.diz	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\languages	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\languages\chinese_simplified_0.0.7.3.lng	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\languages\chinese_simplified_0.0.7.3.lng	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\languages\chinese_traditional_0.0.8.3.lng	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\languages\chinese_traditional_0.0.8.3.lng	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\languages\russian_v0.0.4.6_ii.lng	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\languages\russian_v0.0.4.6_ii.lng	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\new	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\new\header_gui_added_debug_as_string_rsds.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\new\header_gui_added_debug_as_string_rsds.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\addsig.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\addsig.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\advanced_scan.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\advanced_scan.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\asl_signmaker64.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\asl_signmaker64.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\crc32.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\crc32.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\decrypt def.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\decrypt def.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\ecrap oep verify.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\ecrap oep verify.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\epscan.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\epscan.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\extoverlay.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\extoverlay.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\fc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\fc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\fixcrc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\fixcrc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\frant.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\frant.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\genoep_fix.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\genoep_fix.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\guid.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\guid.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\hidecapt.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\hidecapt.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\kanal_fix.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\kanal_fix.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\kavoshgar v1.0.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\kavoshgar v1.0.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\morphine.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\morphine.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\overlay1.0_fix.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\overlay1.0_fix.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\packupx.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\packupx.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\pe2html.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\pe2html.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\pe2html.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\pe2html.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\peid-0.95-20081103_exeinfope.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\peid-0.95-20081103_exeinfope.zip	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\quick chsum_fix.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\quick chsum_fix.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\rebuildpe_fix.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\rebuildpe_fix.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\sectool.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\sectool.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\send spy_fix.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\send spy_fix.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\stringviewer.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\stringviewer.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\unfsg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\unfsg.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\units browser_fix.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\units browser_fix.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\unreal.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\unreal.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\unupx.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\unupx.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\unupxshit.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\unupxshit.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\upx fileinfo.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\upx fileinfo.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\upxscramb.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\upxscramb.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\userdb.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\userdb.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\vera.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\vera.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\wwwhelper.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\wwwhelper.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\xnresourceeditor_plugin.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\xnresourceeditor_plugin.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\ypp.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\ypp.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\ypp.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\plugins\ypp.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\skins	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\skins\exei_goldenor.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\skins\exei_goldenor.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\skins\exeinfope_skindna.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\skins\exeinfope_skindna.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\exeinfope\skins\exeinfope_skingoldmetal.jpg	Generic Write,Read Attributes

1369 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo	vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.3570"hypervisor="Hypervisor detected (Micros	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Qhtssrta\AppData\Local\Temp\nsz64F6.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Kpzehlvw\AppData\Local\Temp\nsy1BA7.tmp\	RegNtPreCreateKey

HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	헀ᒩ暊ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::version	܀	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::name	F69504F4E3F2068F14733727DA63BEE44B5C68B8_0000282112.EXE	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::id	F69504F4E3F2068F14733727DA63BEE44B5C68B8_0000282112.EXE477C075C00044E00	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	荠𣏕Ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	f69504f4e3f2068f14733727da63bee44b5c68b8_0000282112.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	ݜ䝼	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name	f69504f4e3f2068f14733727da63bee44b5c68b8_0000282112.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	fe5287e8561377e9c968cced61e97786e0ae11d3_0000934432	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	纾䕃	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name	fe5287e8561377e9c968cced61e97786e0ae11d3_0000934432	RegNtPreCreateKey
HKCU\wow6432node\clsid\{0656a137-b161-cadd-9777-e37a75727e78}\inprocserver32::	C:\WINDOWS\SysWow64\abirvalg32.dll	RegNtPreCreateKey
HKCU\wow6432node\clsid\{0656a137-b161-cadd-9777-e37a75727e78}\inprocserver32::threadingmodel	Apartment	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\explorer\sharedtaskscheduler::{0656a137-b161-cadd-9777-e37a75727e78}	OLE Module	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes	(NULL)	RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes		RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version	139.0.3405.86	RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKLM\system\controlset001\services\2f1ou2ux3::type		RegNtPreCreateKey
HKLM\system\controlset001\services\2f1ou2ux3::errorcontrol		RegNtPreCreateKey
HKLM\system\controlset001\services\2f1ou2ux3::start		RegNtPreCreateKey
HKLM\system\controlset001\services\2f1ou2ux3::state	ဎ	RegNtPreCreateKey
HKLM\system\controlset001\services\2f1ou2ux3::imagepath	System32\Drivers\LHIQCImye.sys	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	Ŏ㊼ᅐǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㦓㋵ᅐǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::wextract_cleanup0	rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Xwvodufo\AppData\Local\Temp\IXP000.TMP\"	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	핿ȁ⓸龡^Ɣ紘Çƻ獖}Ɯ좟Ê	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Gpdmoavh\AppData\Local\Temp\nsy55D3.tmp\	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	㚐锖ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::name	34765DF6ED4F86872044CFF117C2DB9B601D0EF3_0000217600	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::id	34765DF6ED4F86872044CFF117C2DB9B601D0EF3_00002176004C9DC59C00035200	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	걺憬⥞ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	34765df6ed4f86872044cff117c2db9b601d0ef3_0000217600	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	얜䲝	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name	34765df6ed4f86872044cff117c2db9b601d0ef3_0000217600	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Slfrfdjt\AppData\Local\Temp\nss12D5.tmp\	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	멠䘋鶟ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::name	786FCE8A74C70E191A1ED406C5C6DC214D27FF80_0000297366	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::id	786FCE8A74C70E191A1ED406C5C6DC214D27FF80_00002973660000000000048996	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	듂㇦ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name	786fce8a74c70e191a1ed406c5c6dc214d27ff80_0000297366	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name	7ac21233a9b70dde4895267b11c1c05ef569ded3_0003032064	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Uwxoxvxv\AppData\Local\Temp\nsk69A9.tmp\	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name	d4748299e73a0cf19aebdf06483122a1bc53fa8a_0000552960	RegNtPreCreateKey
HKCU\wow6432node\clsid\{ec11dce8-3d3e-6ac7-2142-c44aa930}::prodid	삏ꨴ佧ᙣⱧ	RegNtPreCreateKey
HKCU\certificateauthority.request\clsid::request id (512ao2ymt17)	ᾗ㰊搠弈쌜	RegNtPreCreateKey
HKCU\local settings\muicache\17\52c64b7e::@c:\program files (x86)\common files\system\wab32res.dll,-10100	Contacts	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Xrzrprmr\AppData\Local\Temp\nsi9967.tmp\	RegNtPreCreateKey
HKLM\software\classes\typelib\{2ce64f20-d4b0-11d3-9ca6-444553540000}\1.0::	example Library	RegNtPreCreateKey
HKLM\software\classes\typelib\{2ce64f20-d4b0-11d3-9ca6-444553540000}\1.0\flags::	0	RegNtPreCreateKey
HKLM\software\classes\typelib\{2ce64f20-d4b0-11d3-9ca6-444553540000}\1.0\0\win32::	c:\users\user\downloads\05ce993450d988e597af7ae1b385ea07452cc1ae_0001193143	RegNtPreCreateKey
HKLM\software\classes\typelib\{2ce64f20-d4b0-11d3-9ca6-444553540000}\1.0\helpdir::	c:\users\user\downloads\	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{2ce64f21-d4b0-11d3-9ca6-444553540000}::	ITIEtoWebPacker	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{2ce64f21-d4b0-11d3-9ca6-444553540000}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{2ce64f21-d4b0-11d3-9ca6-444553540000}\typelib::	{2CE64F20-D4B0-11D3-9CA6-444553540000}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{2ce64f21-d4b0-11d3-9ca6-444553540000}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{2ce64f21-d4b0-11d3-9ca6-444553540000}::	ITIEtoWebPacker	RegNtPreCreateKey
HKLM\software\classes\interface\{2ce64f21-d4b0-11d3-9ca6-444553540000}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{2ce64f21-d4b0-11d3-9ca6-444553540000}\typelib::	{2CE64F20-D4B0-11D3-9CA6-444553540000}	RegNtPreCreateKey
HKLM\software\classes\interface\{2ce64f21-d4b0-11d3-9ca6-444553540000}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3f2bbc05-40df-11d2-9455-00104bc936ff}::	Implements DocHostUIHandler	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3f2bbc05-40df-11d2-9455-00104bc936ff}\localserver32::	c:\users\user\downloads\05ce993450d988e597af7ae1b385ea07452cc1ae_0001193143	RegNtPreCreateKey
HKLM\software\classes\example.dochostuihandler::	Implements DocHostUIHandler	RegNtPreCreateKey
HKLM\software\classes\example.dochostuihandler\clsid::	{3F2BBC05-40DF-11D2-9455-00104BC936FF}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3f2bbc05-40df-11d2-9455-00104bc936ff}\progid::	example.DocHostUIHandler	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{679e50a0-19c4-11d4-9d9d-00c0dfe068de}::	OurNSHandler	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{679e50a0-19c4-11d4-9d9d-00c0dfe068de}\localserver32::	c:\users\user\downloads\05ce993450d988e597af7ae1b385ea07452cc1ae_0001193143	RegNtPreCreateKey
HKLM\software\classes\example.ournshandler::	OurNSHandler	RegNtPreCreateKey
HKLM\software\classes\example.ournshandler\clsid::	{679E50A0-19C4-11D4-9D9D-00C0DFE068DE}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{679e50a0-19c4-11d4-9d9d-00c0dfe068de}\progid::	example.OurNSHandler	RegNtPreCreateKey
HKLM\system\controlset001\control::waittokillservicetimeout	200	RegNtPreCreateKey
HKCU\control panel\desktop::waittokillapptimeout	200	RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\807c1d3241a964ee9dad841fd5857ae96fb3cac4_0002361856::eulaaccepted		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\807c1d3241a964ee9dad841fd5857ae96fb3cac4_0002361856::elevation		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\807c1d3241a964ee9dad841fd5857ae96fb3cac4_0002361856::path	c:\Users\user\downloads\807c1d3241a964ee9dad841fd5857ae96fb3cac4_0002361856,C:\QuickDiag\807c1d3241a964ee9dad841fd5857ae96fb3cac	RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\freeware implementation of xcacls::eulaaccepted		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\freeware implementation of xcacls::elevation		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\freeware implementation of xcacls::path	C:\QuickDiag\smss.exe	RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\mbr.pif::eulaaccepted		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\mbr.pif::elevation		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\mbr.pif::path	C:\QuickDiag\MBR\smss.exe	RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\csrss.exe::eulaaccepted		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\csrss.exe::elevation		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\csrss.exe::path	C:\QuickDiag\csrss.exe,C:\QuickDiag\winlogon.exe	RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\mbrcheck.exe::eulaaccepted		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\mbrcheck.exe::elevation		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\mbrcheck.exe::path	C:\QuickDiag\MBR\Winlogon.exe	RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\mbrfix www.sysint.no::eulaaccepted		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\mbrfix www.sysint.no::elevation		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\mbrfix www.sysint.no::path	C:\QuickDiag\MBR\Winlogon.exe	RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\mbrwiz.exe::eulaaccepted		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\mbrwiz.exe::elevation		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\mbrwiz.exe::path	C:\QuickDiag\MBR\wininit.exe,C:\QuickDiag\MBR\Winlogon.exe	RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\replace\winlogon.exe::eulaaccepted		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\replace\winlogon.exe::elevation		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\replace\winlogon.exe::path	C:\QuickDiag\Replace\winlogon.exe	RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\steelwerx command line registry editor::eulaaccepted		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\steelwerx command line registry editor::elevation		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\steelwerx command line registry editor::path	C:\QuickDiag\svchost.exe	RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\streams.exe::eulaaccepted		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\streams.exe::elevation		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\streams.exe::path	C:\QuickDiag\streams.exe	RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\interpréteur de commandes windows::eulaaccepted		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\interpréteur de commandes windows::elevation		RegNtPreCreateKey
HKCU\software\g3n-h@ckm@n\interpréteur de commandes windows::path	C:\WINDOWS\System32\cmd.exe	RegNtPreCreateKey
HKCU\software\sysinternals\streams::eulaaccepted		RegNtPreCreateKey
HKCU\software\sysinternals\streams::elevation		RegNtPreCreateKey
HKCU\software\sysinternals\streams::path	C:\QuickDiag\streams.exe	RegNtPreCreateKey
HKCU\software\sysinternals\freeware implementation of sc::eulaaccepted		RegNtPreCreateKey
HKCU\software\sysinternals\freeware implementation of sc::elevation		RegNtPreCreateKey
HKCU\software\sysinternals\freeware implementation of sc::path	C:\QuickDiag\Lsass.exe	RegNtPreCreateKey
HKCU\software\sysinternals\listdlls::eulaaccepted		RegNtPreCreateKey
HKCU\software\sysinternals\listdlls::elevation		RegNtPreCreateKey
HKCU\software\sysinternals\listdlls::path	C:\QuickDiag\LDLLs.exe	RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\807c1d3241a964ee9dad841fd5857ae96fb3cac4_0002361856::eulaaccepted		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\807c1d3241a964ee9dad841fd5857ae96fb3cac4_0002361856::elevation		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\807c1d3241a964ee9dad841fd5857ae96fb3cac4_0002361856::path	c:\Users\user\downloads\807c1d3241a964ee9dad841fd5857ae96fb3cac4_0002361856,C:\QuickDiag\807c1d3241a964ee9dad841fd5857ae96fb3cac	RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\freeware implementation of xcacls::eulaaccepted		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\freeware implementation of xcacls::elevation		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\freeware implementation of xcacls::path	C:\QuickDiag\smss.exe	RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\mbr.pif::eulaaccepted		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\mbr.pif::elevation		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\mbr.pif::path	C:\QuickDiag\MBR\smss.exe	RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\csrss.exe::eulaaccepted		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\csrss.exe::elevation		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\csrss.exe::path	C:\QuickDiag\csrss.exe,C:\QuickDiag\winlogon.exe	RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\mbrcheck.exe::eulaaccepted		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\mbrcheck.exe::elevation		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\mbrcheck.exe::path	C:\QuickDiag\MBR\Winlogon.exe	RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\mbrfix www.sysint.no::eulaaccepted		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\mbrfix www.sysint.no::elevation		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\mbrfix www.sysint.no::path	C:\QuickDiag\MBR\Winlogon.exe	RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\mbrwiz.exe::eulaaccepted		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\mbrwiz.exe::elevation		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\mbrwiz.exe::path	C:\QuickDiag\MBR\wininit.exe,C:\QuickDiag\MBR\Winlogon.exe	RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\replace\winlogon.exe::eulaaccepted		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\replace\winlogon.exe::elevation		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\replace\winlogon.exe::path	C:\QuickDiag\Replace\winlogon.exe	RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\steelwerx command line registry editor::eulaaccepted		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\steelwerx command line registry editor::elevation		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\steelwerx command line registry editor::path	C:\QuickDiag\svchost.exe	RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\streams.exe::eulaaccepted		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\streams.exe::elevation		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\streams.exe::path	C:\QuickDiag\streams.exe	RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\interpréteur de commandes windows::eulaaccepted		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\interpréteur de commandes windows::elevation		RegNtPreCreateKey
HKLM\software\g3n-h@ckm@n\interpréteur de commandes windows::path	C:\WINDOWS\System32\cmd.exe	RegNtPreCreateKey
HKLM\software\sysinternals\streams::eulaaccepted		RegNtPreCreateKey
HKLM\software\sysinternals\streams::elevation		RegNtPreCreateKey
HKLM\software\sysinternals\streams::path	C:\QuickDiag\streams.exe	RegNtPreCreateKey
HKLM\software\sysinternals\freeware implementation of sc::eulaaccepted		RegNtPreCreateKey
HKLM\software\sysinternals\freeware implementation of sc::elevation		RegNtPreCreateKey
HKLM\software\sysinternals\freeware implementation of sc::path	C:\QuickDiag\Lsass.exe	RegNtPreCreateKey
HKLM\software\sysinternals\listdlls::eulaaccepted		RegNtPreCreateKey
HKLM\software\sysinternals\listdlls::elevation		RegNtPreCreateKey
HKLM\software\sysinternals\listdlls::path	C:\QuickDiag\LDLLs.exe	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	预驌共ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list::3050:tcp	3050:TCP:*:Enabled:Firebird	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	黙荔刬ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	弓莶刬ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	莿刬ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	屘菴刬ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	灬萇刬ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	嚦葰刬ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	䊦葼刬ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	僧蓬刬ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	⡖蔄刬ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	襞蔥刬ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ﵤ蕙刬ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\reflexivearcade\51::downloadid	䷹᎒	RegNtPreCreateKey
HKLM\software\wow6432node\reflexivearcade\51::channelid	န	RegNtPreCreateKey
HKLM\software\wow6432node\reflexivearcade\51::channelname	FlyOrDie	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name	7d870bf01269642f3d8c0043ff56261991a6cbe1_0001850880	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	젢俻ǜ	RegNtPreCreateKey
HKCU\wow6432node\interface\{d27cdb6d-ae6d-11cf-96b8-444553540000}\proxystubclsid32::	{00020420-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	✅齖厊ǜ	RegNtPreCreateKey
HKCU\software\digital river\softwarepassport\macrosun\lite pdf to word converter\0::buyurl	https://www.regnow.com/softsell/nph-softsell.cgi?item=27124-1&affiliate=197487&hardwareSignature=Lite-202511271733390744	RegNtPreCreateKey
HKLM\software\classes\typelib\{2ce64f20-d4b0-11d3-9ca6-444553540000}\1.0\0\win32::	c:\users\user\downloads\d40350f8df35840dff6cbdb17ed96d8045e2c7c1_0001155662	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3f2bbc05-40df-11d2-9455-00104bc936ff}\localserver32::	c:\users\user\downloads\d40350f8df35840dff6cbdb17ed96d8045e2c7c1_0001155662	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{679e50a0-19c4-11d4-9d9d-00c0dfe068de}\localserver32::	c:\users\user\downloads\d40350f8df35840dff6cbdb17ed96d8045e2c7c1_0001155662	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9\??\C:\Windows\SystemTemp\b1a39cca-eadf-4949-a384-a0ef6a3b3fd2.tmp\	RegNtPreCreateKey
HKCU\software\microsoft\msdaipp\provider\{ca7698f1-e3785e26-4f2dae53-105a340b}::		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	4d4a56655515eadce3fc3429ee9ff5c6ff4d58a0_0006245385	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	尘冇	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

79 additional registry modifications are not displayed above.

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Anti Debug	IsDebuggerPresent NtQuerySystemInformation OutputDebugString
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserObjectInformation
Keyboard Access	GetAsyncKeyState GetKeyState
Network Winhttp	WinHttpOpen
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Process Shell Execute	CreateProcess ShellExecute ShellExecuteEx WinExec WriteConsole
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePort ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcCreateSecurityContext Show More ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcImpersonateClientOfPort ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePort ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteAtom ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFindAtom ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetContextThread ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtQueryWnfStateNameInformation ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRemoveIoCompletionEx ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetContextThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey 177 additional items are not displayed above.
Process Terminate	TerminateProcess
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Network Winsock2	WSAGetOverlappedResult WSASend WSASocket WSAStartup
Service Control	ControlService OpenSCManager OpenService StartServiceCtrlDispatcher
Network Info Queried	GetAdaptersAddresses GetNetworkParams
Network Winsock	bind connect getaddrinfo getpeername getsockname setsockopt socket

Shell Command Execution


							C:\Users\Vaermtcl\AppData\Local\Temp\dxversion.exe


							"C:\Users\Itfcbgvk\AppData\Local\Temp\is-NETIM.tmp\bbb846dd2c37a00b33f29e067dce5a7599b84bdd_0004620003.tmp" /SL5="$10254,4302020,74240,c:\users\user\downloads\bbb846dd2c37a00b33f29e067dce5a7599b84bdd_0004620003.exe"


							"C:\Users\Grurpifm\AppData\Local\Temp\is-9AKDL.tmp\3f974c6f5c0d3622e6a98969e44d878f494698f3_0002857888.tmp" /SL5="$30194,2622585,53248,c:\users\user\downloads\3f974c6f5c0d3622e6a98969e44d878f494698f3_0002857888.exe"


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\babbe7a5eb93f4b419f2bce0d8ebdf4a46c444c3_0004445696.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\62b692562338bcd5f58536bad6d4c4836c454262_0003381248.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\088d6385381b2cd31b4f85968dfff761df8b2256_0004053504.,LiQMAxHB


									rundll32.exe C:\WINDOWS\system32\abirvalg32.dll


									javaw.exe -version


									open http://www.java.com


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5a04f1ddcc8fe1c9ca76aba9a02bd8560b3240a9_0005694976.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\32dc51ecc07831bf0ccc09f86c290b0bc192a699_0000434176.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c5c17375c34d70b94f64cbb1ec22d90d9346a615_0002044432.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\57970363b6802022522cccdd69ae4c08134a30b5_0002862080.,LiQMAxHB


									"cmd.exe" /c schtasks /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Ggeezpkc\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Ggeezpkc\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									"cmd.exe" /c timeout 5 >nul && del "c:\users\user\downloads\1ad78f110a5a88cb0c79b8c710500f827625a66c_0000143872"


									C:\WINDOWS\system32\timeout.exe timeout  5


									"C:\Users\Wghayxnn\AppData\Local\Temp\is-8VJE4.tmp\e11b9f651ad4fdee95eeac5cb84a53e229766302_0005764140.tmp" /SL5="$401FA,5504024,56832,c:\users\user\downloads\e11b9f651ad4fdee95eeac5cb84a53e229766302_0005764140"


									C:\Users\Xwvodufo\AppData\Local\Temp\IXP000.TMP\init.exe


									(NULL) C:\Users\Xwvodufo\AppData\Local\Temp\IXP000.TMP\installer.exe


									C:\Users\Xwvodufo\AppData\Local\Temp\IXP000.TMP\Install.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\17f8caaea4cd10bd16ba5895769b63566ff2943c_0008730128.,LiQMAxHB


									C:\Users\Wemtnppd\AppData\Local\Temp\CF06674C-EDA6-48df-B12C-F810984ACF54.exe (NULL)


									"C:\Users\Hlzorgzl\AppData\Local\Temp\is-Q5BPQ.tmp\1805b4f761eb1892c57698a299697eee6ed3af85_0003590612.tmp" /SL5="$20250,3097973,152064,c:\users\user\downloads\1805b4f761eb1892c57698a299697eee6ed3af85_0003590612"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a44bda3330f2ca05846ba1733d25fd2defccfde1_0001019904.,LiQMAxHB


									(NULL) C:\Users\Xkrdkgff\AppData\Local\Temp\RarSFX0\dosbox.exe -conf dosbox.conf-noconsole


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0a79b3551ce4149e172260ebaac10f598235fa6b_0004212240.,LiQMAxHB


									"C:\Users\Btxnhtui\AppData\Local\Temp\is-AMSG6.tmp\2f6cfad7cf4567ef7425923d707194241e7da6e9_0006266048.tmp" /SL5="$20130,5965595,88064,c:\users\user\downloads\2f6cfad7cf4567ef7425923d707194241e7da6e9_0006266048"


									"C:\Users\Upqirwof\AppData\Local\Temp\is-DU8DI.tmp\09a429a4298b8c19c53698a4e92252b37137702c_0001488701.tmp" /SL5="$10250,244736,0,c:\users\user\downloads\09a429a4298b8c19c53698a4e92252b37137702c_0001488701"


									open C:\Users\Pfmbvfyx\AppData\Local\Temp\5AC3.tmp\b2e.exe C:\Users\Pfmbvfyx\AppData\Local\Temp\5AC3.tmp\b2e.exe c:\users\user\downloads "c:\users\user\downloads\8fa1fddb17fa614d64c069d0790ac7c2cdc34fd5_0000016384"


									open C:\Users\Pfmbvfyx\AppData\Local\Temp\5F76.tmp\batchfile.bat


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\312a497d0f316925998ea370f310c20d660207fe_0005549056.,LiQMAxHB


									open C:\Users\Kduxodqw\AppData\Local\Temp\511E.tmp\b2e.exe C:\Users\Kduxodqw\AppData\Local\Temp\511E.tmp\b2e.exe c:\users\user\downloads "c:\users\user\downloads\d38f0d77dee9d170828b852784bbe82481cb9d40_0000013824"


									open C:\Users\Kduxodqw\AppData\Local\Temp\55D1.tmp\batchfile.bat


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a7c8f6ebf3fc825b40925facf9f540dfb4a78992_0004271104.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\77176ff77d86e6dc85495f96b531b112230ffbeb_0007120384.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d6ef4bbd5fca74ffd125034e2bfa5d48b8580b2a_0003968016.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fe08538b47e4c695e7af02aa840a039196e6958f_0000708608.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cef496e63834980d92b3fbfc3c3adbf96b1cbd31_0002538512.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d02e807d35a87bae2888b10c06bd2abada21b4ba_0000392704.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8f0b74235b11d022889eef387d539e4f97d33aef_0000717135.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3d53125a098be812edba44e8e8fca380240a7e30_0009925136.,LiQMAxHB


									"C:\Users\Ucgjpiyp\AppData\Local\Temp\is-HL3LB.tmp\02e33a84cc43bc3e0abac443bcf5249f87528d77_0007914096.tmp" /SL5="$80050,7035979,793600,c:\users\user\downloads\02e33a84cc43bc3e0abac443bcf5249f87528d77_0007914096"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e5c0ed55d8ddeeaf8e1544328efeb9cb61e6f6f8_0002187295.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e92d764a546eb759c6b1f4a9953fbd4033bcaa70_0000099840.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7097317d6fa1efb1fc0a6f6ede0b631675345802_0002327552.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2183e8e521b191f3c1b30837b3d9538337fb63b7_0004978192.,LiQMAxHB


									open _ZupSfx0\setup.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\14a68ecf5822de75489257c37f6b96275b4cc11d_0002616336.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7332c58ed7aca01c27d1038ac6e76866fdb3f72e_0006037504.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f59bc955b56188d7a9a9fd43a5eda012b116f080_0001865699.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d44c20dc8193d06b439ebef4f8a6c6375ce6d5a4_0000879632.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4ceb81c4d1857eb56c5a81336c60d897800c114c_0003890176.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d7fb0071791c2359376e1c9bfecbb2883c2f7aa2_0002066432.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c6b0931f3a091d52071255a0118f3f4aff91726b_0000858128.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9a47ccae2949cb8ee60599b08346e69c7036993b_0002083840.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c35e372d9ff90fa14af091ec7908babf647a21db_0005236752.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c45df85117c704ba5a240f404a9c0c967f6ef3a9_0003202786.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d5e55e3d2973ebb391ae11ac3154ee27f4eadb81_0003060752.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2238c1d06f34dcf82b503f2c937e5eb7930de7c4_0006049792.,LiQMAxHB


									"C:\Users\Wjfnhbtq\AppData\Local\Temp\is-UB6V9.tmp\4660925d1224875646fccf1c74aa80e2c74e0f70_0007779645.tmp" /SL5="$3024A,7188283,445952,c:\users\user\downloads\4660925d1224875646fccf1c74aa80e2c74e0f70_0007779645"


									"_ZupSfx0\setup.exe"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\28f4b4bf5a99fc8fb605ac70ba4d6f2bbf7bf151_0000663552.,LiQMAxHB


									(NULL) C:\Users\Mprmnyqu\AppData\Local\Temp\RarSFX0\dosbox.exe -conf dosbox.conf -noconsole


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8b84ba42c2e1f9d0d6ac80f01bda9afe5d81ff5d_0000945680.,LiQMAxHB


									C:\WINDOWS\system32\cmd.exe /c%HomeDrive%\QuickDiag\MBR\Winlogon.exe /Save=%HomeDrive%\QuickDiag\MBR.bin


									C:\QuickDiag\MBR\winlogon.exe C:\QuickDiag\MBR\Winlogon.exe  /Save=C:\QuickDiag\MBR.bin


									netsh.exe -c firewall add portopening protocol=TCP port=3050 name=bioevolution.exe mode=ENABLE scope=SUBNET


									(NULL) netsh.exe firewall add allowedprogram "bioevolution.exe" Anti-Virus ENABLE


									netsh.exe -c firewall add portopening protocol=TCP port=3050 name=respirando.exe mode=ENABLE scope=SUBNET


									(NULL) netsh.exe firewall add allowedprogram "respirando.exe" Anti-Virus ENABLE


									netsh.exe -c firewall add portopening protocol=TCP port=3050 name=bio_evolution.exe mode=ENABLE scope=SUBNET


									(NULL) netsh.exe firewall add allowedprogram "bio_evolution.exe" Anti-Virus ENABLE


									netsh.exe -c firewall add portopening protocol=TCP port=3050 name=Biomiografia.exe mode=ENABLE scope=SUBNET


									(NULL) netsh.exe firewall add allowedprogram "Biomiografia.exe" Anti-Virus ENABLE


									netsh.exe -c firewall add portopening protocol=TCP port=3050 name=BioRespirar.exe mode=ENABLE scope=SUBNET


									(NULL) netsh.exe firewall add allowedprogram "BioRespirar.exe" Anti-Virus ENABLE


									netsh.exe -c firewall add portopening protocol=TCP port=3050 name=CoerenciaCardiaca.exe mode=ENABLE scope=SUBNET


									(NULL) netsh.exe firewall add allowedprogram "CoerenciaCardiaca.exe" Anti-Virus ENABLE


									netsh.exe -c firewall add portopening protocol=TCP port=3050 name=ControleDeAnsiedade.exe mode=ENABLE scope=SUBNET


									(NULL) netsh.exe firewall add allowedprogram "ControleDeAnsiedade.exe" Anti-Virus ENABLE


									netsh.exe -c firewall add portopening protocol=TCP port=3050 name=FITNESS.exe mode=ENABLE scope=SUBNET


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ee02aeda0d96710b8a350e53dd114cd801d19c8c_0000817168.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7e6aeb68c6b837f15cc96a85f44b95d1d5c1b0db_0004942848.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4c9eec4b72089ec91779b6feb8a24b66bebb3988_0003156496.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1f3fb0119f9c4d4082249e334e7780304c58eb5f_0009418768.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d4b0af5880ac0db8adec26e77f471b14af263769_0002375861.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a2d669b8d8201de7259924f44d291b4859434664_0003870224.,LiQMAxHB


									"C:\Users\Pvzmnrsx\AppData\Local\Temp\BugatronSetup1514.exe" ""


									"\5901.tmp\finish.bat"


									C:\WINDOWS\system32\net.exe net  use T: /delete


									C:\WINDOWS\system32\timeout.exe timeout  /t 3


									"C:\Users\Zypuiqlg\AppData\Local\Temp\is-JAEQ5.tmp\cee12885364953ef5b0fbd0a023676ac15a1daf0_0008187979.tmp" /SL5="$A01E8,7486664,539136,c:\users\user\downloads\cee12885364953ef5b0fbd0a023676ac15a1daf0_0008187979"


									C:\WINDOWS\system32\cmd.exe /c del "c:\users\user\downloads\e247f4a60bbf8c5958b506059f06c8714d5dbd32_0000438963


									open \4B1D.tmp\FlexBackup.bat


									WriteConsole: The system canno


									WriteConsole: '7z.exe' is not


									WriteConsole: Ejecutando FTP


									C:\WINDOWS\system32\ftp.exe ftp  -n


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\01dc8df7f7796c60aec21026bb96cceede2a789f_0004714496.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\52f46d9b9830f4aefc56c953ccfbbc4c962dbc33_0005329424.,LiQMAxHB


									"\A9AE.tmp\Resestry.bat"


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\Custom_Button.ocx


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\Comdlg32.ocx


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\Crystl32.ocx


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\MSADODC.ocx


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\MSCOMCT2.ocx


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\Mscomctl.ocx


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\MSDATGRD.ocx


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\MSFLXGRD.ocx


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\msmask32.ocx


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\num2str32.ocx


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\SysTray48.ocx


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\TABCTL32.ocx


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\ASYCFILT.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\COMCAT.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\CRAnalyzer.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\craxddrt9.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\craxdrt9.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\crdb_ado.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\crdb_dao.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\crdb_dictionary.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\crdb_odbc.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\Crpaig80.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\crpe32.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\crqe.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\crtowords_en.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\crtslv.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\crviewer9.dll


									C:\WINDOWS\system32\regsvr32.exe Regsvr32  /s c:\windows\SysWOW64\NICE_Tareq\crxf_pdf.dll


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\15404834ee646ccbf2e146645147ec44ede30c88_0008921104.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b49dbd386b9aa7a6282832f0ee8fb9136cfc6fc6_0004212752.,LiQMAxHB


									C:\Users\Uwdaiymp\AppData\Local\Temp\Stp5FFC_TMP.EXE (NULL)


									"C:\Users\Mbbndlad\AppData\Local\Temp\is-IBMDF.tmp\a307d8f3ac0fb32edbb6d6ea85b57544ea44999b_0005836919.tmp" /SL5="$C03A2,4974020,780288,c:\users\user\downloads\a307d8f3ac0fb32edbb6d6ea85b57544ea44999b_0005836919"


									"C:\Users\Gftozfor\AppData\Local\Temp\is-GLA3N.tmp\2c233e6751de5f69fced2de61263c90db8d397dc_0008668126.tmp" /SL5="$A031E,7603839,753152,c:\users\user\downloads\2c233e6751de5f69fced2de61263c90db8d397dc_0008668126"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\153013b0952dc21b953123868eb355b29451a3bf_0002434048.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\413a5508bb3a9849c0ae6d52a0380a43c8574669_0009399824.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\398e9eba6d43c9319c19527f71624197723c6e5c_0001560064.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5bb0053a464878d7ea2295d72f6738974ee4220a_0005020672.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\37be18c924e34cb5751e6725107ee2734cf83636_0000352256.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8efd8c37e38ef5dfad89a299be0371cb5ec54c53_0009783824.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a7a9ab2104dca542bf3be592e67efdc7befb6dc1_0005964800.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0f1f5742a002cb66a5d40ec6e5383da843349790_0004736000.,LiQMAxHB


									C:\Users\Pnekpden\AppData\Local\Temp\irsetup.exe C:\Users\Pnekpden\AppData\Local\Temp\irsetup.dat


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\473450810dea642a390a419e0ba05ffb09b7f5a0_0007962624.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\35a580b59811e22c04f3a640b15f1c8dc25ddd08_0002311680.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\eecc13d46ce07aaa93b9586ac0e5a49e7eaca726_0004904960.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5d3cb1d4a0927d43e826f083a55f49ee9bc936a1_0004773608.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b67be9ddbaa67d31cd0bf5ac031501624c9e1ce6_0003214848.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9adcd695779aca5cde3d5edc4fe8446ce7969bdb_0002621440.,LiQMAxHB

87 additional execution are not displayed above.

HEUR.Malware.Misc.Packed.Generic

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed