HEUR.Malware.Patched.Generic

By CagedTech in HEUR Malware, Malware

Threat Scorecard

Popularity Rank:	232
Threat Level:	100 % (High)
Infected Computers:	26,709

First Seen:	March 13, 2024
Last Seen:	April 15, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	HEUR.Malware.Patched.Generic
Signature status:	No Signature

Known Samples

MD5: e816d1e2de1fa73bca84b828a2a29de0

SHA1: e017f9cb8f6473da8b2649c95a8097e0ac2ed78a

File Size: 107.51 KB, 107512 bytes

MD5: 36e84563d9410ebef1b46e5b4b723087

SHA1: 82e19124b2e8aa5a67ab2b5f66193551802da048

File Size: 65.54 KB, 65536 bytes

MD5: 8124ace4aafc19859b370000dc44cdb6

SHA1: da38132196273b85fe1295beff02bd2a56e3d8d9

File Size: 341.35 KB, 341352 bytes

MD5: c696284589bb3ea18a7bd23fb344b36c

SHA1: c5df873f44c057f6405fa9758d492da091bbaf6b

File Size: 138.29 KB, 138287 bytes

MD5: 99b27f19c1fe3f89cc55a0c4cdcc7b15

SHA1: 2c6e545f5274e5633d5de0e0cf5834e085ec2f1a

File Size: 3.67 MB, 3672384 bytes

MD5: 50f391c4aeb4d72de007931d1a890401

SHA1: 7bb9a4df5d8ddf01fdcab0e56323aca03df8a3e9

File Size: 138.28 KB, 138282 bytes

MD5: b720656124fe5c986841af15071b202c

SHA1: 9bd0ca84d322082963d69909fae1ced55a9d3bd4

File Size: 594.43 KB, 594432 bytes

MD5: fa43afc3a5566d3cbe4b01f2befd8603

SHA1: 4e273421a09f0f179c4623ee73b84332aacf6cf8

File Size: 27.65 KB, 27648 bytes

MD5: bf84a984466f030be45221fdeb2826b9

SHA1: 5e58e5c4ec6d5d31bf8b41a64bf66cf2e07796c4

File Size: 195.38 KB, 195384 bytes

MD5: 21e8966c911c2d1932a82276244f5d78

SHA1: cd78a1201b40ae4a52c747165a8d7daced61f8bc

File Size: 8.04 MB, 8043112 bytes

MD5: e7a8202f885679b9000f10d7820c7985

SHA1: 245aa46d12ed978e9d9f2eb6cb8c7c14f6048ce4

File Size: 138.49 KB, 138494 bytes

MD5: 7b88e175b8585422a68a41ebbe3f0007

SHA1: 6784ffe295411b69f23a74bb15d56c71bb2b3e20

File Size: 138.40 KB, 138402 bytes

MD5: ee0ae7856a7d6441af9524da7800d69c

SHA1: 42b44e09eb995b975130c556ec97f8348c942f32

File Size: 138.39 KB, 138388 bytes

MD5: 6efcd772e8470abb7233580dba39fafb

SHA1: 8531842940ab9ddc8cbd6e0406a9e614216ddd49

File Size: 718.85 KB, 718848 bytes

MD5: 0f7dbecb4404eb31c90c349aa539c77e

SHA1: e35b3c3bd68e6bfe78ee7358af4c1798774aa5b3

File Size: 188.42 KB, 188416 bytes

MD5: 0abfb1d224fdcd99089a59270604c084

SHA1: 89168fccd44f35d103371ace385d91f8bb0f50ed

File Size: 900.10 KB, 900096 bytes

MD5: 4a56a3607acfd50b4b7830d3dd13151b

SHA1: 0a63c60d074d3f63440374ea3649c5220b4526c8

File Size: 909.48 KB, 909476 bytes

MD5: 1498ee3fdb98074269edb0a5b454c98a

SHA1: f81d679237ea9e83aabe1b016a8174e58de3987a

File Size: 55.36 KB, 55360 bytes

MD5: e8803b1eb393b6f6d1f95b3e4a63ada6

SHA1: af138da7b15e4c0462ec03fbfedb21a7e08b63da

File Size: 45.06 KB, 45056 bytes

MD5: 70479f55812ed95fedc8f46a7de0c90d

SHA1: 3ae67d1628ff10a6b6a10b734c567ff47c1ef260

File Size: 7.33 MB, 7329775 bytes

MD5: 827c1a1660967bc15c547df13c30f813

SHA1: f5d4265c2dc61f41ec419e74a5f9556943dfc25e

File Size: 5.47 MB, 5466536 bytes

MD5: 0e009175109d0f707463dc9e6e270313

SHA1: 606e8c3967bd5c9c1ff3a0e05b1096d63f3cb1cb

File Size: 3.39 MB, 3391488 bytes

MD5: 1e21997a44cf769f2ab7de5532fd6fd7

SHA1: 8963695e60a775f5873982eb301be6f6f09c2977

File Size: 1.80 MB, 1801216 bytes

MD5: e0d1c6379b241b55a9e90836b2b28b3d

SHA1: b38dfddf75b2ce1b28bf71e19219bd89830bd471

File Size: 1.09 MB, 1086937 bytes

MD5: 44368bb4df3f46b0b679845b569e852b

SHA1: 8e90543b5cdfbfdde13a941361b101869959409f

File Size: 1.67 MB, 1665536 bytes

MD5: b070e5ba4e91798d70a7d7f5b3990d1b

SHA1: 84cdc4117d202ba678a688d951e2593886972dce

File Size: 5.53 MB, 5529254 bytes

MD5: 34ee7ddaeb0127d1fb1650f69c374d4d

SHA1: 98ff8258893661cde075733cc8bee121dc9cf28b

File Size: 629.25 KB, 629248 bytes

MD5: bfab5d66ec82f283c29da5750f1fafce

SHA1: 2371ed73bba534514751de0f9628dc1fd49fedb0

File Size: 396.50 KB, 396497 bytes

MD5: 51b7221e11879518121f20cdfd374b4c

SHA1: e8d71dd787592c5053d1bb5ac052cad94983e5d0

File Size: 211.96 KB, 211958 bytes

MD5: 224cff39e694985128be3ce7c3181505

SHA1: d2f132227c8a105f13ddbc82c28216d2593f844e

File Size: 141.82 KB, 141824 bytes

MD5: 9ccedcdbdf1a947ace827acebfd44bd7

SHA1: c091857bedf9e6f773eec016758c9f8858c5741a

File Size: 332.33 KB, 332333 bytes

MD5: 61f1233df45bc59bc4f18234e145a526

SHA1: 68eb6a0693c095e909f2f1998fa65a1473312b95

File Size: 701.95 KB, 701952 bytes

MD5: 65eb354b5a336ebdf2a30c24064d8783

SHA1: aa9d0a4d0829e9941015b838ac8ae2a9fc349d87

File Size: 928.77 KB, 928768 bytes

MD5: 6676fbad640854d0631a7fa830525045

SHA1: 9fc79bb56c81c3f3f075d5bee99e640bf10413d0

File Size: 6.76 MB, 6761228 bytes

MD5: 380e2a2ea00f634e88bf76aa54cc1aea

SHA1: 8c3c7f27e9e6efdcead4436ae4e857a9dd271516

File Size: 138.28 KB, 138284 bytes

MD5: ecfc2f34d192322bf9351e592667c625

SHA1: 76597565a17f19919cfae4ca0fb661420f719456

File Size: 9.36 MB, 9361947 bytes

MD5: 6625dccc5e88bf362b1448dd081dead1

SHA1: d44340d1c240995252932821ea1665d56fbfebcd

File Size: 329.76 KB, 329760 bytes

MD5: e90a051e2aae160365b042c2a2cf6b2d

SHA1: 64f87be471431bbdc2aa91f87189e9798120336c

File Size: 138.41 KB, 138405 bytes

MD5: a4f48fcb17d46b8f0471b68620c6710c

SHA1: 41677721be70e73d09ec3666c19908d733a15450

File Size: 138.47 KB, 138469 bytes

MD5: 65ab8cdc112d70f289950bc431e33d63

SHA1: 48aa328e0db44dfc1b067f603cf0a936c92b8b19

File Size: 138.52 KB, 138519 bytes

MD5: bb78fd5e9e45ce3755986c55597a75cc

SHA1: 41d51913aa86783afa00bbc1cc78bf89574cfcfc

File Size: 162.12 KB, 162120 bytes

MD5: b4e73b7b11e5db6ca38f44b2c152ca81

SHA1: 9cf9b402db4910a20a32e80ddd91be0494b75322

File Size: 397.31 KB, 397312 bytes

MD5: 809e950d3b9e2188b37cf6e245f668f9

SHA1: ee7382c8baa9e0f9f3565f3114f1d4631e858b1a

File Size: 138.32 KB, 138316 bytes

MD5: 43cea01bee58d4e5bdf25e002d7f7b28

SHA1: 5a3f411905069b0fe55eb5c8b8e5a986cb7a90cb

File Size: 1.26 MB, 1262006 bytes

MD5: 9cdd0cdf51e1c98452ca6a70f928dc83

SHA1: 4803e908e10bfa2d9d5b162d135d9ff33a10c9a5

File Size: 268.29 KB, 268288 bytes

MD5: 70f9b540ff5105cc957444fea8b86984

SHA1: aca50b07ff966490e35788e32cfedda6a4fccfee

File Size: 103.42 KB, 103424 bytes

MD5: fef854ace3d140a60d78df9e66cf1839

SHA1: 49dce935f4301983fd66b829ecfb4a8a3d6c18d3

File Size: 163.84 KB, 163840 bytes

MD5: 4c25c56cadace6b25b9724272d30a2f3

SHA1: 54dd1256508fbaba994968ee7c8d03d5fb914622

File Size: 138.37 KB, 138372 bytes

MD5: 4b8bf52c5e797a4f3587d12c9540e257

SHA1: 5f6a919d649ac207a40d876a566b1902c8c89d18

File Size: 1.82 MB, 1818624 bytes

MD5: 4a244982d4e4335c3380ccfe6204d5a0

SHA1: 58b5212a71669d39d19f3ed85d1a14a9b01325c1

File Size: 138.49 KB, 138487 bytes

MD5: 146ae0ecb39e2efaf43cf921586b5a0a

SHA1: 583f323abc221a5c1c89bfbf458373af0f34a285

File Size: 1.47 MB, 1470992 bytes

MD5: 00bbe15c0e9a6d5b8ab9dadb598a5ad4

SHA1: 53a50d7f84df636165745412c33997df9fc30eff

File Size: 138.51 KB, 138511 bytes

MD5: cda60fafe8d561fdbc45728805a86436

SHA1: 86a167dafe35b58a1661d5c9c5cbc4c08a0ae8c8

File Size: 1.87 MB, 1865995 bytes

MD5: 06325e8075441f8811248bb69c26034f

SHA1: c1a0c2d7031b3afffe9a0218cbf9d5d267748c9d

File Size: 138.27 KB, 138268 bytes

MD5: 98be60ba24166a4beb84fe23e5d9432b

SHA1: ab7d48675d96704a2bbc505a44ae60bdfb729509

File Size: 138.51 KB, 138508 bytes

MD5: bde45d1e97402ad561bdf941b6295aa6

SHA1: 0451ffec871372852eea0c671fbc90dc60f03a15

File Size: 733.41 KB, 733407 bytes

MD5: 88a2e25dc3e4e0afc10c4152d4e9d60e

SHA1: de5edd93f094a506877ae6e0d58117a0d6fca439

File Size: 211.75 KB, 211753 bytes

MD5: 3ad932cc72ae62859b00f030d9232e18

SHA1: a25cd4dc9b030e7979bf41d8444e67d0da7bedca

File Size: 138.42 KB, 138420 bytes

MD5: e4465816c079cb1c287f79280ac7461d

SHA1: ec198f43c7ba8dcd978b55ae34f3fb4fe8f37284

File Size: 86.02 KB, 86016 bytes

MD5: 93dd26e72b9b89c3a332e8cd3a43dc24

SHA1: 86b73010af1c9756bbcc440cc1e43ede264fc6a0

File Size: 211.81 KB, 211805 bytes

MD5: d3eca8b582e7e292d7765d0cca4f04c1

SHA1: bc3b2800ad5310b162d0c5b3185e593e50c1e350

File Size: 138.44 KB, 138439 bytes

MD5: 461bbde38a364a8bf04d6342383b9f27

SHA1: 89c8680845704263fc1f4eb5d0053b67cf86b25a

File Size: 138.38 KB, 138383 bytes

MD5: fbb3deab1e9e7e8ee0824d1722250bba

SHA1: 6f2884b69bc4dfc290244b4ef47c7190e614c600

File Size: 1.21 MB, 1206449 bytes

MD5: 66474f20936ce7359cdc24dc686d5701

SHA1: f11370a3055d0af076256544265d66c0f679dfec

File Size: 3.92 MB, 3923544 bytes

MD5: 871fcdffee98d958f6cf0168bdeed38a

SHA1: 06a416cb6f61f65484d48687879e25ef278b25f1

File Size: 1.45 MB, 1446705 bytes

MD5: fe50a1b05927a7a0b4ab67ea9d964c87

SHA1: 61e129cf7ff11dcb15e1b382202e4490db942fd4

File Size: 211.88 KB, 211879 bytes

MD5: 5fe99f8a8a0cf5d33372945e9ff3ac91

SHA1: 826cad3751de34eeb450199304b522bbea457f98

File Size: 445.54 KB, 445541 bytes

MD5: 522edefa4d14f1604ae10f67d9e0d17b

SHA1: 225bde8366e1a809ab3d6c8c25cc988a75dbfdc4

File Size: 6.82 MB, 6819840 bytes

MD5: b392f20b15721d6bd59a4a9f70c68b8c

SHA1: 29badbeb7c0c005d929781c4ea7e8b7bc995c3df

File Size: 534.02 KB, 534016 bytes

MD5: 5d614a50a762122737a1bcf300440503

SHA1: 88323a3f49c20db1420a849c8187c4949cac6e8f

File Size: 562.18 KB, 562176 bytes

MD5: be58e7788ae6739f08e1ba204d12c3eb

SHA1: 4c42311e70525b0e2cb7896a7de8b73272f06418

File Size: 1.38 MB, 1376256 bytes

MD5: 1a41ee5156a87b727c8a06c687e01e4d

SHA1: 067b4dc084b13b8666241c96a2e537208f625ddc

File Size: 1.86 MB, 1859632 bytes

MD5: 73695a5a23414c7536104c9384569740

SHA1: 34ca47c62368b6f6c2863378439eb5612c90fd6b

File Size: 1.92 MB, 1916928 bytes

MD5: 62861dc5f550d78a13ac8bd8c6c44943

SHA1: 49e24debe8ca5737c30620abad153ae6e5f54069

File Size: 138.31 KB, 138313 bytes

MD5: f1d327f0154e6482518bb3c71bfdb521

SHA1: a289c459da94c982611895f725af144bdf6ddd49

File Size: 1.51 MB, 1511424 bytes

MD5: b090d6b3b28a21e6e29da6d3b457f780

SHA1: dd19ee35a7750fe0c19dca7e19a2600d510d67a1

File Size: 1.18 MB, 1179648 bytes

MD5: 3b0066468ff9ee6ba434b7687e5c6070

SHA1: 966503c0761e174f5ee4e1493bd7e0d344bbf5dd

File Size: 138.31 KB, 138314 bytes

MD5: 3334b1e551c329cb8ffde55c2ae6d633

SHA1: fa0c4c9c61fc8c73251b687d611e3f3d715c46d4

File Size: 2.99 MB, 2992665 bytes

MD5: 664af70fe3d10d080a57e469b6328f96

SHA1: d4af26b8a5f5a12dbac6e7eee002e9c4e02b42f9

File Size: 217.09 KB, 217088 bytes

MD5: 87e17d57c0c690afe48823f834e0d10c

SHA1: e9f02093635a84649b9c80aace4b51e0514469d4

File Size: 1.27 MB, 1271757 bytes

MD5: 63c0fcaa04e9fb4c576362bc7468a163

SHA1: e9ec6cb51484c01a554e9e88afd2bd3e43f54c62

File Size: 939.27 KB, 939272 bytes

MD5: 8ba0e0741fcad34a9274acafcc79f4be

SHA1: 3c045562f925f6bfece1a4f86780a0ec5aeca541

File Size: 249.06 KB, 249064 bytes

MD5: 9a457ac0ac686cdf598fc000ee10e50d

SHA1: 8602913c158a1d3c8cf9480d361543f8c9566d9f

File Size: 3.09 MB, 3088896 bytes

MD5: 0266263456ffe0a4a673e595a1158c31

SHA1: 8b258b26f7982da03e2cd4623ea4cc6c6db746fd

File Size: 181.25 KB, 181248 bytes

MD5: 3be68a2880924c0ebdbe71fabd40752f

SHA1: 2aab01cf5aea79696059a8dd1199174b8d973e03

File Size: 138.48 KB, 138480 bytes

MD5: 65d34de06b9e5704845f2b56dc2695d8

SHA1: 8aabca6930d4dc7a1801bda2a12b92307085de76

File Size: 2.58 MB, 2579456 bytes

MD5: cae64685a732c3e6a15251d2496087b6

SHA1: 9047a03dbb033d0ff092d90f887dd4d77f895695

File Size: 211.85 KB, 211854 bytes

MD5: 9f2e82ab3f8c9f17b7e64c63f7a67722

SHA1: ec8ce854f78283adff4bdfe5cdfaf1a863a190aa

File Size: 138.48 KB, 138480 bytes

MD5: bdb63c8e49c0dcd6a19740b9fe5f8c00

SHA1: d6b3241135e185762ae9ebc7e59c4a5a09da9403

File Size: 921.60 KB, 921600 bytes

MD5: 9cb489d1d8b096be81d67a06b528cad1

SHA1: 5d1a3f14a89348d1eeac420d47b0cf6236d32032

File Size: 381.95 KB, 381952 bytes

MD5: 5beb6c44a9377bd28b0c4c46a0bb462e

SHA1: 832198048fab6cd3bd6bafcb0843cc4be1548f47

File Size: 138.33 KB, 138331 bytes

MD5: 25fcbd02b1265ad8cd8914adc5096168

SHA1: 2b4f5a64463dc301eade458c0b50550d9caa81c9

File Size: 138.38 KB, 138379 bytes

MD5: c2f0de458069303fb071462ff71342ae

SHA1: ca822bf9f81fc703eb35ad3b912b4b78c5f48184

File Size: 7.42 MB, 7419908 bytes

MD5: fd5e78c73ec6ebfeefde28d8fc6fc2c2

SHA1: 82723fc5ff484c3da4fcdb6b03c4d305c5c8aa4b

File Size: 138.28 KB, 138276 bytes

MD5: 1b9cf3a6417ee087e7b358a425bc2bf0

SHA1: 04aa8f9443e3ce4de02c5591dec7c6db2329474e

File Size: 725.51 KB, 725514 bytes

MD5: 6a00c537b110080015583140b31be85d

SHA1: 6536c29cc8914fafd151b54b643416f53dd1fd10

File Size: 138.35 KB, 138348 bytes

MD5: 8e33800f1eeba296e15609d3ff3c807c

SHA1: b17627fe55f60f459624ab133c0078ca2c19af2f

File Size: 2.93 MB, 2928128 bytes

MD5: 4531ca09104488d7edc931a4104f8e75

SHA1: 0035c7e84dfbcc65b4448d374bcfb339ced10de4

File Size: 414.21 KB, 414208 bytes

MD5: 3b9b9c3e6d4de63ff2ea2b468834f2c7

SHA1: c5e5693b86af2b9d7226922a555826191c3a4de1

File Size: 138.48 KB, 138482 bytes

MD5: 5e43a2057f4e4975c21a7b1b7bf25f41

SHA1: 089adc74c43f29ffc6d5d9e61471c10d70f3fa11

File Size: 861.87 KB, 861869 bytes

MD5: 4003128c3c1ec7891c42fbd598714590

SHA1: f2b6d9df6abe5689723340127d7f9b3389fbfa14

File Size: 44.03 KB, 44032 bytes

MD5: 51fed8b591f494132fb6e470038ede76

SHA1: 3f40b3631bd732683830441d0d53502d469f9205

File Size: 38.40 KB, 38400 bytes

MD5: 86ccb333934834b33384d132f8c22ee2

SHA1: c57e5c36ce63e670c11e044065014c21e8c1ecc2

File Size: 1.57 MB, 1565184 bytes

MD5: f34304d2bff2808510b5ed245e4ab611

SHA1: 3f5fc3a6c37343db1fde3adc283eeeee6d8a2a4f

File Size: 1.23 MB, 1229568 bytes

MD5: 2365b84887a53e62dff12ec2e1802946

SHA1: 0aa8c6a2a7f8d666083e15f04213ebf37a44605e

File Size: 211.90 KB, 211898 bytes

MD5: 0d346d321fec1b3da2b7083efdefa0c7

SHA1: 33a2e6485419ccd8663eb4b33c386bba6070f0b8

File Size: 169.78 KB, 169784 bytes

MD5: e0d51c69bf5411bc59e43be793dd91c6

SHA1: 4a567610325479448b390b2970b6eb31c35f2321

File Size: 28.67 KB, 28672 bytes

MD5: fe2bda8d6e08be3fc6a1163d2432f9fe

SHA1: cb474840950deb3414f9c6c3eca15ba4497d925a

SHA256: 1E53135DF9F2A89D2136EC5E602F5E5818C9CFE8C25AFB5793257911A97DC3D7

File Size: 111.10 KB, 111104 bytes

MD5: a596813b4e160677f1a16b051f45f909

SHA1: e60b09e79521f281741a2144078807c28dcfd607

SHA256: 7E92FADF8A78518E9AB3A2DD092DD90D539CF82901541BD7B1AD63F0F9131037

File Size: 71.17 KB, 71168 bytes

MD5: 0fd65eb42332b38b4ed6461d26ce9cd4

SHA1: 480f05ffbb7b5172c5b0c127d83ce8c4e1ecee40

SHA256: E22CE284D4E1E2FD3496EFBBF88E3852562E90132BA9CD95202E01DB9185DB6E

File Size: 8.02 MB, 8022370 bytes

MD5: 64dcf63427169ed66176a9b4af32bf0f

SHA1: f0fa41ec87f7797c93a6bfb2621cc057a5ce6a1c

SHA256: 30EB6E8D7A8918620C542B894AA8E12C2697A9FDDCBDB6BBA4D0AB693B4827A4

File Size: 75.26 KB, 75264 bytes

MD5: da1e93045e6409a1fd392e92ae2cd334

SHA1: 48a4136e383cf069bd43543fdc5b71f1910b20eb

SHA256: DC04D3B97CB12AD930939AD4481A3E7CCB5CB8E010BA1D2AA32C83CB730D405D

File Size: 7.63 MB, 7625766 bytes

MD5: abdc37307e3ad1a5bda7fed24fd6a2c7

SHA1: 972358c047a35dc01d9e697b219ddaf46f30d301

SHA256: C0B80A195F07A37088991D7AFE7CCBC46EA851891E56B1C34EDE48E7A1A47CF2

File Size: 6.13 MB, 6126084 bytes

MD5: d7b797163da06a58493e2b945b1c01da

SHA1: e77cbfae8167b200ef5d14425333ea529687b01e

SHA256: E8477819A68EEF8579FA873EC6B8D34B21E52F039EE2F8BF02EE909AA0A8DF94

File Size: 364.54 KB, 364544 bytes

MD5: d6c1436d424046c351203876f11d66cc

SHA1: 3bbd7a90075465434c99976e23dd6dd2cf85972c

SHA256: 8A7E41D318EABD1D81E5684AB2AB0BC9152029E36F9075E6747BD5DA880E1FE7

File Size: 138.37 KB, 138373 bytes

MD5: 6f0375d3b19b90567b2924112eec7ad7

SHA1: 7e54a334989db57894cf625c0a6fd71ab15ac26c

SHA256: BEF4CF0C7FDF86E2E48694F4D18E899578BF7CBCA70A6B218F4A88BF5ECE8B3B

File Size: 3.27 MB, 3268791 bytes

MD5: 5d8db89c36c1d97195dfb4d301d5a8a3

SHA1: 0d6061efd0f57f9e3cfa71443022adfd67cb2777

SHA256: 2BF0F695E386967780D5ACE71BCA61AA6B901850F66062108EF675D78836C157

File Size: 20.48 KB, 20480 bytes

MD5: 9dd37008f385391b606342550201120f

SHA1: 457299bcc3d893e0573c62c210af52e52f5d6f6e

SHA256: A62FF21DD0D5BA1BFB113BB6CF4F0CF53C8F928BC9F8304731925A42808013C8

File Size: 138.46 KB, 138458 bytes

MD5: 0fa5c8acec7111417721c4a93580301c

SHA1: 12e845903a9fcd567280cb149c0dfb10be8a22aa

SHA256: CF136C831140823B4E79D6DC8A751E19ECFF066C3AFE6FDCBD2F32BA68D6AFD5

File Size: 707.35 KB, 707354 bytes

MD5: 9d298c42c4b42ea3225a76c3e43bcade

SHA1: b9aaee3de9f20c899ce98d5860f0bdac76a4eb62

SHA256: 6BF6BA7EBC5D569A30DCE3F1B1ECDE9F0149A3B3F6641BA4A4F9EF79E796E2AD

File Size: 4.53 MB, 4531829 bytes

MD5: feb79afa69fbfb67f634b56f93c1668b

SHA1: 0220ee1d2f30d08cf6b6cae2b8eb81ee3ab46461

SHA256: 007F8637A54E2AD39D709AE5F2C2A2DC2FC79D82821194038AA84A49C2697DF7

File Size: 967.68 KB, 967680 bytes

MD5: b8615463b4d7c78a28bcd3462cc8e283

SHA1: cf40ee427a4cb4e3f48af46e9b0e6ca88b58531d

SHA256: 5C8264031AAF4A3BD2892B744F33510D8429F93C1E54BD03F66DA7C0440FDD19

File Size: 149.97 KB, 149968 bytes

MD5: 2a4484d2f4932684cb70aafac329f95a

SHA1: a74033621c74d21195a9d4cad3bc2b3ecea52815

SHA256: 0D941FF61605272CEEF7D48979CE3B0B3972BE056B6D7CBF6FDFA062753AE1F6

File Size: 138.39 KB, 138389 bytes

MD5: 300960e945e4ae04aed99d0207ab6f0b

SHA1: 817bc8e71b17ee58b03fde4799536a096369bda1

SHA256: 7377A04EE6FE1AA754FCE12C4CDD3019C2C186BC5B4BA5CFC34E8ABBD431CA4F

File Size: 43.01 KB, 43008 bytes

MD5: 1b56315a7f46db2617ba380d34bf72e9

SHA1: 18d9f598d9a6c3504037d68d5a97267be4a061cd

SHA256: 24047D4A16CFDCA7B0A17B152725C30DD21F437FC6A48AB091EB9781E63B8E78

File Size: 138.28 KB, 138283 bytes

MD5: 3ad2390f91fb0e1947d0b071f0c32258

SHA1: 3bc37863f8dad04afa43149eaa5dcc073a5509ef

SHA256: A1D36EA35967CF4B125D248BB5534FBF8D3C8861C2901B1B31C01755577B6F77

File Size: 322.56 KB, 322560 bytes

MD5: 41210c482d1ae63363584cd14fb8e72e

SHA1: 9d698b8d97b07b47233134aaad08ba2f0463515a

SHA256: F9EFCEC319D1C89CF93E5328DE0A127EF871CA50EC849AEA07AAC8E44CA3156F

File Size: 3.09 MB, 3092480 bytes

MD5: e8990754914caca5f73f278b59611ffe

SHA1: 73d1b782ba0d8d9bf9e2dd127d71703d0d51de63

SHA256: E04B78FCCEAC36C3683FB3A089A7C76DE34A8922ADF4F164607E61BAF04EACF0

File Size: 138.37 KB, 138373 bytes

MD5: e6c2ba1b5e70ad9c1ab8bcdb2ea7218e

SHA1: 1d5bcf61cb0e485c64eb25b2fc36f5c325e5f1fe

SHA256: FFDC239D428388992325CAFA7F8BEA793C87D96AD298E87A8C890DCCCD7BF541

File Size: 1.21 MB, 1207766 bytes

MD5: da0984242632281b91ae21130c2ed847

SHA1: d4839ed98d33ecbf9032fb37628ce8bafc694b93

SHA256: E7E692D800EC930CF03AB2D077BE90E7A290F50EB2E3095F5EE984120876E913

File Size: 528.38 KB, 528384 bytes

MD5: 2bc665e3f2dc6cf1cdcc29e798348930

SHA1: b83bd599d6700ac9effdb81b2dcf0ad5a7a505fe

SHA256: 372E098D79F0166AFA55E786DC6AE39349EAA15BA0440631B45EBAC594C2A9E6

File Size: 1.29 MB, 1286819 bytes

MD5: 5b2468f5af08d1f37ea9382814324bf2

SHA1: 56980350ca61bda4443b1f53db9f774f12abeb5c

SHA256: F0D32F8A4ABF7DD35CBDF568C21967B06FD0D41BB8562F5DCA6BE979635D93F7

File Size: 138.30 KB, 138302 bytes

MD5: 7fc00d3185ee6bfc4d6c56ac7c3e10ef

SHA1: bac06b73fb97fa894079d7e05e10c4232738420d

SHA256: E9A03EE9FA0B073A067D7798BDA0097C74272F3D7680B0ACAC758D79E56FAC37

File Size: 55.30 KB, 55296 bytes

MD5: da204d0e619989de27bbbf995c2173c9

SHA1: a51351e3842264ce5855fd1cb5e4cd739e2a819f

SHA256: D24F5EC015B2E0DE4C30AC0C99947DAB7290B18AE124EB2857CD60D0B596F786

File Size: 4.75 MB, 4747776 bytes

MD5: be4208a0082bf6a9a8a4e377c4348848

SHA1: e85713c5d718f429054db093c7e9c67921293931

SHA256: 3023E9CCA304E542443295FDFBA77F5B738155359CFC3EC97EF147E285873A9E

File Size: 148.51 KB, 148506 bytes

MD5: 3817cbc0f149ee542b4ffc983bb955a0

SHA1: f9f464995576318ecd580283c7385427d082dcb4

SHA256: 107AE0A366E9006F20948A94CFA279DA0FC082A984F2D83DBC2B21FE7A6F1C7E

File Size: 552.81 KB, 552811 bytes

MD5: 94b5009ac3a79f74352c4cbc7772315e

SHA1: e305f641c3b62750d0f7216028b11286d807dcd3

SHA256: E97E5C644098165A9ADD98A2729F374593B6655D4BC9594057625DB4883E2526

File Size: 138.27 KB, 138271 bytes

MD5: d5e67d9c4ba2be2d2d22190860f70287

SHA1: 108fd1caf236df02826363adac2ed67de42d63de

SHA256: 6C42F9E124AB5C0D5735A28BEA0264F7F3555B98469058C9745245D0FB735777

File Size: 792.62 KB, 792621 bytes

MD5: 9ea806a33cd7b0b41be4b2c76483c8bc

SHA1: 2c3bb30aaceb4368f08a9eb1912ede586fa3b6e0

SHA256: BA57EFB545CC599374E362104E0B7391AF4DF7290AA92501DAD0544517E5B332

File Size: 425.98 KB, 425984 bytes

MD5: 87c0757aa50c99969acc454a142ab2a8

SHA1: 1f4f12fba6b1873db67c531b260950701e314ab6

SHA256: DD106F5B2479CF9E9D4E6008576FFFB1C6FAA5BBA5689713B6459F37E4E1F647

File Size: 303.15 KB, 303153 bytes

MD5: 683ff2a7501daee594f46623adecc486

SHA1: 3164f84f29647105983928e539e3d0f065b6df93

SHA256: 8C31E849781F941AF39E975D422133A4990490DD7ED0DF4E7C336B0B5D67CB83

File Size: 138.42 KB, 138417 bytes

MD5: 65ee0b64a5bb6665a25be880fe6ee8c6

SHA1: c09f7446ec5cd4f7001976138b2383919a32c0e2

SHA256: BAC3B775B59882F42B53D8AFBBF8A824B8BF0CDDEAFD742834603791260A300C

File Size: 138.39 KB, 138388 bytes

MD5: d87b344cc435c9265fe8c558826e5013

SHA1: 61bc06b33aa060100e80ed7562c1ac92b265ff64

SHA256: 98022D007E764532BD75DF67C7E017739B2BAF47F56C500F626A5220D6410546

File Size: 1.22 MB, 1223855 bytes

MD5: b29cf67dd3c255ebb0b9123569de94d9

SHA1: 9a8b853bd1d3febedad3922980594ede6dc3ee5e

SHA256: 1B59CEA45F2D8055BF8A9F29A27564340FE8ED65C5F7B7B0E64DE51F10B4D6B6

File Size: 1.73 MB, 1732608 bytes

MD5: a9345c74509819cc7e9f24af1b6eb250

SHA1: aa2bb86ffab8724d0302c61dc9f295aa5eafe50b

SHA256: EDD92261EA483AA62541D5D46B42505FB7F10901F58716846D89528510F426B5

File Size: 5.85 MB, 5846827 bytes

MD5: 60549b4e89f73ab56e968cb2a754a3c0

SHA1: 4339c838f33569380f816a2c81a71d994d3bb1d8

SHA256: F3D76BD6D38092EF882B575719861B2785B0C074764E5CBB8131A5E9BE89DA6F

File Size: 211.97 KB, 211966 bytes

MD5: 23cc7ae97f75ab9fb3ccfd30bf21f8b1

SHA1: 68a5d08249899aa1ebd557cb93821605dc899daf

SHA256: FC5DCFAD04D6103D9CE23F8E9CA726E9D7E62928A59AE0CE85FAC3511187A4CC

File Size: 3.19 MB, 3192832 bytes

MD5: e5efaa9867adf90aabbe2c96af17a7e5

SHA1: 10e7ee1770079e1d6019de02c065e824a01d480e

SHA256: A69642D0CC6FA1BBFEDE8C97BEC8A21AD9E9576B9D318C7C688088A9B2CAA13C

File Size: 138.46 KB, 138456 bytes

MD5: dcd689ef0c2d12078ff453ac666e1df3

SHA1: 8a6df47708425138c4d62a194e07fcc46f86f3bb

SHA256: 98215AE491F33935E8D3F59601C13FABC9DB26A6667221B058CF57216A6862CF

File Size: 7.82 MB, 7821288 bytes

MD5: 2079f89d9a6bc79d5680ecb552e57f2b

SHA1: fe00574b30351893ce8131a2641cd9169a83aec0

SHA256: 3E30E4B27C9DFF84DA16BDB74B308BB76314251C3ED39C191C1F7B6C9B9B577B

File Size: 138.51 KB, 138514 bytes

MD5: 4941a397a664f320b81a1286704d3530

SHA1: 35bd95896fea28a1a49b9fc0288a8660c420e5f4

SHA256: 67CE92E65BE0C0AD6D32979D2C209962363370E8DCDDED9A275091AE8F122B52

File Size: 138.35 KB, 138352 bytes

MD5: bfd909124c94e9918e4041c9b37383e1

SHA1: a21000d16126cef937b3daea0a7cafec72bb5e0f

SHA256: 883C0C55E906AB8E5CC743B46BF1981C54EDA2E987B460340EB8A7AD461C9DAA

File Size: 2.69 MB, 2689208 bytes

MD5: 534f8a1b6879ed479f3646585228ad55

SHA1: a04a19395b3987f34c8578e6d93744105bca0ad1

SHA256: 1848577DFE802F341EA8F222887E8F90E367DB239441E7614F44A6472D388043

File Size: 270.66 KB, 270662 bytes

MD5: cf86bc67e2deeb4bcb97efe0e02945b5

SHA1: 97a65a0e861743769596937987d3b934d4606cfe

SHA256: 8D17D677CBA080929863AD295BE9E132374BC3BE189A857BED65E267A4B154A6

File Size: 86.02 KB, 86016 bytes

MD5: e226a0c3cd3a3fbcaa7a07c72d486c0a

SHA1: 2419f9930c2738a1be89457bac0c944d48ad7eea

SHA256: B164405143F517A3EA295C8F7B8A653B0BC101C860AD9C67AAD8958E48B283BB

File Size: 169.05 KB, 169049 bytes

MD5: ee61537d8eb7faaa556be02ebc4b69ca

SHA1: da38deaf3fe995b96b8a3f51e383d16009ab5e29

SHA256: BC26CC8ABD8B7984F7C1EB8BD900241E07357AA653676DF4D9C25CCB4E11C7EE

File Size: 50.69 KB, 50688 bytes

MD5: 31c34e225cb6b50120268b486a413862

SHA1: e90ab7fabf0f2fb6d9df60b22b969f5cbe9d918f

SHA256: E6C771EC08454C414C23053DAA960B829EF6CAA9A59C86FDDF877E6AF07C092A

File Size: 765.81 KB, 765809 bytes

MD5: 66937c5170206c56322c20e2f1837730

SHA1: 2b3738e96a40412a7152e726634d45bef1091701

SHA256: 017432F766CC031206E16BB4DD9E39656FF45E655495803D8A0CF4416A13754F

File Size: 143.87 KB, 143872 bytes

MD5: 3a75088f233b468f3336d9f38167513e

SHA1: 41c05917187e57391d9f973a958796e9cde6395d

SHA256: 32DE05BAAB004258C85D94FE8CE08D320049029EEDB62F43ACEBA0A7ED259BF0

File Size: 32.77 KB, 32768 bytes

MD5: 1e0b40988cb73535aed2c5206d6945ee

SHA1: 87f9d3ad663fa5841aac6e210e2a2ad6a87176cd

SHA256: 36C36FBEDADA3419DD4CD4D6C295A3A13EF683B42E98E6208C5DED75F32F5753

File Size: 138.36 KB, 138357 bytes

MD5: 707b10e5558b4e23f6d59ebdc6652d18

SHA1: 702b31f51616c4435272f83a2156636088e4bc63

SHA256: C050A1F947569365358DECF9B5736AC1405E2E97B18DA2BE4D1E13041B672654

File Size: 143.87 KB, 143872 bytes

MD5: b51bf135be9d7fc85caad7010558fb7a

SHA1: 8420aa6e1545dec4abe59d494bb67c4853b42e84

SHA256: 023B6032CA2FF44EF72F7FDD8CE42E855DB940376351C4B15CB49E8CB41B848B

File Size: 3.92 MB, 3915888 bytes

MD5: 155b4c9ce1fb4ba4dc5591b42db3e2bb

SHA1: c6aec2e55c32d43bf2ac388fc91e3516ab3b9aea

SHA256: 000D40EE3A9A61260845E6825E89F98BE2F0BC5FF9D8F3E6E087CFD08D1B1996

File Size: 211.97 KB, 211968 bytes

MD5: e58628c8516160d1de3112524e806d63

SHA1: be7d4113c8202754a85871c1057a9f2a2ab2bc2c

SHA256: 463CBCE75EFA20EE91E1D1B14A5082B03B916D34990049E525D1D80C2E2A0978

File Size: 2.81 MB, 2814496 bytes

MD5: 824a42d6e8ce09e8b3d19d10f0c166c5

SHA1: 2c02484e7c7879dd64ab272177854254baece425

SHA256: 56C9EE0AEB438BFE1FE49AF3EEAA331B8D9203B43F457A083CA347F837C64E29

File Size: 122.88 KB, 122880 bytes

MD5: c1df413db9520fa38157af9dc155afa7

SHA1: 0af057eaa1066a4495bb1792de1baeee3578db01

SHA256: 03C06952632FCD1D748991D6BF99D2B4C28EB8D76E8C58770031DD8388D84114

File Size: 24.58 KB, 24576 bytes

MD5: 7d95c47d75ec548b2b9789a017ffe640

SHA1: 71f7d9f8e71260ba06fccffdbca9746410d9d193

SHA256: 21B0686F013BF9C8DC0E22FED04215FD160D1FBFDC6AEA42DCF7F1611E269A03

File Size: 211.75 KB, 211753 bytes

MD5: b6596b7598867952f2344d482005253b

SHA1: 2a84437a1989ea5a87822d684a0d2473ebf72e88

SHA256: D40531756B4C4C3BE11DCA0204BE13A52F59AF5BC4D7758021BBC458AB0A7A18

File Size: 33.28 KB, 33280 bytes

MD5: e0f6b25ab7c5b32ad8259c43e9cf10ac

SHA1: afd190edeadefbba59a78a98f29dc2615a41c392

SHA256: 491F45CC642D639AED85FE0E1A6504A92A350D6AE061A22B1C6E942837C4D587

File Size: 138.44 KB, 138440 bytes

MD5: a97c837ad538657f101675d636489b14

SHA1: e169ffe6a9dacb231cf4fdfeceb03f9a3a1205a0

SHA256: CDDF99A78722A17ED51F27E6CA177D1098B5B2216214ABE5DCED9E08FD18D192

File Size: 211.82 KB, 211825 bytes

MD5: 85222c86d0a9c7dd353b3b8bd8af8a94

SHA1: 81e5ebe5e957a6f7bb8fe0632615bc2108946e34

SHA256: 11BE29F107D00B6807E108D770BFBC0360EB7301BA5CA22FCD72436BFDAFD7F2

File Size: 143.87 KB, 143872 bytes

MD5: 235f7d15cd8a8e7dfd778e808e8882b2

SHA1: af1cf94f5f3d413a8b7413d76b47076450765234

SHA256: 5A7312540FCA7F2C945FBD4F441E71AA5E2B8E67B176A453A49A7000EB9B2083

File Size: 211.96 KB, 211964 bytes

MD5: c513b5515dc07db461616233c36e64c7

SHA1: 586692258307911c60f9e26f0015c999c1f84c9d

SHA256: D345629CA6D45B510F06232CB80DE4A0FB117331354A1650228B3D6EA07C76D0

File Size: 7.47 MB, 7473118 bytes

MD5: b6ce3e09a9583ab27ad91ead740d871e

SHA1: cca12ff4e29de995d1904f109b741ffcd403ac76

SHA256: 0F1871408AD5F0D30237E5F5463E4C738A107F183019B065793D2E4CF56EAC64

File Size: 1.89 MB, 1885696 bytes

MD5: af09b017a8e6341b216deb90e72b8a21

SHA1: f8c79b6ed4634e9e176a91b9ddd01fe726feead0

SHA256: 936DA32AF3A4F22AD792C8C2910CCBA9B1D0EDBDCB43FA65BCA418CD1A36E4E4

File Size: 86.53 KB, 86528 bytes

MD5: dec612e787eba1ec198565d128498891

SHA1: 33a905519a92f4a22b34a7c6a764a804ae2b4c23

SHA256: 6E3D711D37F67CE01E033AE097A5E060352551B4FC467BC2254E9F76ECFCAE49

File Size: 3.19 MB, 3188224 bytes

MD5: 91505506b7669d70a21239f5ce389d4f

SHA1: 029815d17f85c95bd44e77e5096cf074abbff4b7

SHA256: 2D9860798B5E2B70ACB32B4FAD68BEE51ADEE0EAFA0625F05D228FCBA7BF075C

File Size: 197.63 KB, 197632 bytes

MD5: 96eb77a91d7664077487a81dc52ea3ef

SHA1: 400dfe3f575ad3a620355728ed96e5ecd3c68230

SHA256: 911B1D64C5F9010EC6525D5F99A5CB668D83DE3C2FCD97605438CEDFE5EDBB26

File Size: 4.18 MB, 4177208 bytes

MD5: f79017d4a0719f056fdb60ad27c5d8d7

SHA1: a8997bcc1b1326357653f292f94d493d9f6a1f59

SHA256: E58245BCB5BAC176295FD5E2DF935ED6D434969B6EEE614E0B70ABD805468997

File Size: 1.19 MB, 1185718 bytes

MD5: 4ac8858cc9ec7a69f30daa35aa78c4a8

SHA1: 86419e4c7cb1d4722bc4a72aa177e2ff61e957aa

SHA256: 0D478D88D66843A558C5FBEAB4EC06FA320843C1DA8007B322BC299A7903690D

File Size: 143.87 KB, 143872 bytes

MD5: e28815286f14aaa8defd0d2080c1983f

SHA1: e7df2a4ab2865212a732fd75e03bb3668ae21fb4

SHA256: 654F3455BA6777F99E9D0542D894ABA956D9DBC6564B7CC1DECFA1E583331526

File Size: 115.71 KB, 115712 bytes

MD5: 0a9dbf7ce3e0f63beb971612292c8bb8

SHA1: 9eb348ad74642192e5fcf3105d8edaa59fa827c2

SHA256: 0821C13CF6791F3BB7298913EBE51C5AEEA812871D6B44D30329B026FE6AC49A

File Size: 138.48 KB, 138478 bytes

MD5: a126e0ed60f481e3d432a27cdc8b0240

SHA1: 0fff43650c92eb0308177a1801c72704c6fda6dd

SHA256: 48E221B23ABFB79D88A582817F077A19550137BB3E6C42AF700C94D0C8828022

File Size: 7.04 MB, 7035904 bytes

MD5: 0215b2832b86b307068ebe88686f2acd

SHA1: ace1a491970941743602701684b222477e86f5da

SHA256: 1F7D19BAAC916938CBF329C68766EA4241170E27A70FBE1DBF00128FF36DCEAC

File Size: 133.91 KB, 133908 bytes

MD5: 2138ec70b556f9b9d9252d0a36b921bc

SHA1: 1b01586c2e35a158be3e8f913d8c7b2621de2a6c

SHA256: F9DFE08F4065BF25104DF4581729043117BA60515F96795887A0E2F7AFADECC6

File Size: 20.48 KB, 20480 bytes

MD5: 98ac633e1e652100075bd432175fe0f7

SHA1: 75d9206228694cc3c1890c4a2490e27beebc4e93

SHA256: 502F7D8D545E82BD034093D9F88405A3D0477676646454773EB0F7FB655D86F6

File Size: 138.30 KB, 138303 bytes

MD5: 6bc769b4bb3ef4b9cad52229acdac5c8

SHA1: ebb4e63276c3845c4cac4c77f617db2a91840552

SHA256: 5D5A1404437449B605DC57DCD636DF4DADD591BB696635D7C57EA8B90BADE2C3

File Size: 819.20 KB, 819200 bytes

MD5: 4896ab63d03dbfe67ed8bff23e4d6930

SHA1: 849d6050316c9687e905751f8d2f194d3d705551

SHA256: F5F529587F4BA3F75E6E8ACAAAE15832323313B4F31299BD44B0BEAD88FE8EA3

File Size: 487.42 KB, 487424 bytes

MD5: 2b1a11c83063945ff70a1f7e5f037320

SHA1: 0fce80ae384aa0df1d54bbb2da5643b25fe5e502

SHA256: 725231BFDA1ECDF6C5C0C33A47C53042EEDE4C375673C321391CF2A810B5E923

File Size: 619.05 KB, 619051 bytes

MD5: db6a512af8a607420036231c8107d6ae

SHA1: 65710149b9ea41aa3adc0d7921b0f82da816f76c

SHA256: FA084CEF4C2E2FBFD656EFAE43C156A2D9A1CBA5927CC274598D689EBA7B8A5D

File Size: 340.12 KB, 340117 bytes

MD5: 83eebb3c971adc9a20534807d43009f0

SHA1: 74933ede096a5d9c76213f4c96d6b3f81f85f7f0

SHA256: 057DE0D1E5528DE97265A2ED361D33C3DBC9BA93664E77A82BEEE26F06FC5414

File Size: 115.71 KB, 115712 bytes

MD5: 06807e2a05da48d7c46ca5d31c34456f

SHA1: 9cf3f202e32acfec394e9c37f9dbbab5c6a99730

SHA256: 417C37C9D51DB3C79AD22F0BF50250B3248EA1E4CB5073CBF8BC82DB226BEA58

File Size: 421.89 KB, 421888 bytes

MD5: 0db4cf4f286544a6616a51ebb8542673

SHA1: 8db855f9837c141435205180492c6135ba935a39

SHA256: B2C9C9CBF4E03704499D12DA8FF22C7C9383B4FBCD58F3D5B3C9B62F8B157EB5

File Size: 115.71 KB, 115712 bytes

MD5: de5c8555788ea33069f57f432152d866

SHA1: f4b4261d198de6eee330a2797eabea6a7ab5fbe7

SHA256: 072154B42F165A30E1E47F62BE0CD34912DBE780F3931806A884EE1F52CED104

File Size: 210.94 KB, 210944 bytes

MD5: c7cd5c0a9b8404d27e04e0723719135d

SHA1: 71ac7967f2d8bd3f0d70d18c6f0c8a6603a403ac

SHA256: C82FA10CD36B1F314E3302120EF26BDF720DE813CD95802AC34FED628E8A7E66

File Size: 138.38 KB, 138376 bytes

MD5: 4c22080629b6fc9e8bd8cdf2dca8ce8e

SHA1: 5ec1f29fd9ef66f71224a1d039afbdd0a5d68f07

SHA256: A6F1B9644D556B31EE2E948E13F52991D58AD9BAC26F931F60FFA0AA1D46290F

File Size: 133.86 KB, 133863 bytes

MD5: ed2554e10b64a6c21688f7edca6d9611

SHA1: d1ce77deee14c1e726d4e722662feb2515b26dcf

SHA256: 8B3D5577FD89BB949A1170C835E1858D0AF40CE690B5E8B0CA3A258206911A1D

File Size: 176.13 KB, 176128 bytes

MD5: dffb3b2bbd3cd08b02a685a6f8566592

SHA1: ee4cefa951135977985e46052a25226ae4de0276

SHA256: 04DBFF96F549E617E6347BE68C3D962057F02B2F93E721EBD7B65BB50B801459

File Size: 7.93 MB, 7926796 bytes

MD5: 4689768771b709d86cd98c65191af698

SHA1: 2a701f4028a6291314365368489d7afc566183dd

SHA256: C9F9E2D44C4241165824A8977B3B398D93247F4C6FB89134A49DEA8BD4522786

File Size: 741.38 KB, 741376 bytes

MD5: a29a9eda39cd2cda92de97ea5728e0ab

SHA1: 2de0f0c6db94a80167f3d2fe6397d838384d503f

SHA256: 469F7B3F683AC9667106E49BA71B04045E034401984E5908AAB70EB9A8699802

File Size: 843.78 KB, 843776 bytes

1090 additional samples are not displayed above.

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application

File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

2007 additional icons are not displayed above.

Windows PE Version Information

Name	Value
	1.0.0.0
Applies To	Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows 2003
Assembly Version	11.50.0.42618 9.3.1.0 6.0.0.0 4.220.0.4001 3.8.7.0 2.4.2.9 2.3.3.3 2.0.6821.41776 2.0.0.0 1.1.4.6 Show More 1.0.2285.38815 1.0.0.6 1.0.0.2 1.0.0.1 1.0.0.0 0.1.0.0 0.0.0.0
Author	KTDA ICT-B
Bin Type	32
Build Date	2004/12/06
Build Date	0000/00/00-00:00:00 August 11, 1998
Build I D	1
Build Type	Release
Build Version	12.0.0.1
Built By	OFFMSO5 VSBuildLab
Comment	DirectShow Sample ECap
Comments	10/04/99 2020 @mxm.corporation Acronis OS Selector Installation Allows Mozilla Firefox to be run from a removable drive. For additional details, visit http://portableappz.blogspot.com All Rights Reserved 2004 - 2009 IDT, Inc. AMXXPC compile.exe Archiver ArtCAM Dongle Checker CHMView.exe which allow you browse CHM files in system default web-browser (e.g. Opera). It unpacks all files from CHM and makes framed index file. Homepage on Russian: www.yaransk.ru/~hobo Show More Conquer Clicky Create backups of selected files/folders/partitions/complete hard disk to hard disk, network drive, CD/DVD or FTP. Created By Orhan ÜNAL ounal@ford.com.tr orhan_unal@hotmail.com Program hakkında görüş ve önerilerinizi bizimle paylaşabilir, programın güncellenmiş yeni sürümlerini temin edebilirsiniz. Created with AutoPlay Media Studio Created with Multimedia Builder, version 4.9.8.13 Creative Registry Update Cria Database CS GO Changer by Alexander Veretennikov Default "VIMICRO" Driver Booster Flavor=Retail For updates visit http://cleanup.stevengould.org/ GOM Player Setup File (2009-06-08 오후 7:05:07) GUI Version Hello AIO Tool [Qualcomm Edition] HK-Software services cotrol center https://geekuninstaller.com https://rufus.ie Idealizado, Criado e Desenvolvido por Domingos Waller e Michael Waller INFINITY EXE Inno Setup home page: http://www.innosetup.com Installer support for .NET Installshield for WoG. Installs IE compatible plugin. Installs Netscape compatible plugin. Installs OpenAL32.dll (6.14.357.22) and wrap_oal.dll (2.1.8.1) Installs OpenAL32.dll (6.14.357.24) and wrap_oal.dll (2.2.0.5) June 18, 1998 Kernel Utility Program used with kernel to update main and boot programs in TMCXXX & MiniMarker boards. LaunchAnywhere: the Java application launcher Lingea Setup Application Mail Access Checker v1.0 \| MgSofax March 14, 2000 March 17, 1999 MicroWeb Web Server Mira Edit Team Mobile Connect Mods Launcher + Redirector Moorhuhn game NCN File Manager is a program for managing files for MIDI Karaoke. Contact me: chollathee@gmail.com Network-Device set IP Pro Evolution Soccer 5 Settings Pro Evolution Soccer 6 Settings QUALCOMM,SAMSUNG MTK Realtek DHCP Server sales.gist@cdac.ernet.in www.cdacindia.com SetLCDMode Application Simple office network management system and others networks. Sistema Automático de Reproduccion Multimedia Speed up Windows 10 and 11 PC for Maximum Performance SSD Benchmark Systray module TeamViewer Remote Control Application Thank you for choosing Revo Uninstaller This installation was built with Inno Setup. This installation was built with Inno Setup: http://www.innosetup.com This is a sample application designed to demonstrate the RichTextBox control. It was developed by Rhy Mednick of Microsoft Developer Support. This program Is for Trial Not for illegal use. By Mussie. This setup code is the property of Indigo Rose Corporation This version of StellaX is not to be sold without written permission of the author VISON SECURYT Work in progress ! Worms World Party wsid service v1.0 www.virtualdj.com برنامج تحميل الكتب المدرسية لوزارة التربية الوطنية 此安装程序由 Inno Setup 创建此安装程序由 Inno Setup 构建。
Company	Nenad Hrg (SoftwareOK.de) Theorica Software http://www.theorica.net
Company Name	(C) Ford Otomotiv Sanayii A.Ş. // 1C ABBYY ABBYY Software ACD Systems, Ltd. Acer Incorporated Acoustica Acresso Software Inc. Acresso Software Inc. Show More Acronis ACTIA ActiveState Tool Corp. ActiveXperts Adobe Systems Adobe Systems, Copyright 2005-2007 Adobe Systems, Inc. Adobe Systems, Incorporated Adobe Systems Inc. Adobe Systems Incorporated Advanced Micro Devices, Inc. AFIP ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Phone: ++49-7248-911-800 Fax: ++49-7248-911-888 e-mail: info@ahead.de AIMP DevTeam Akeo Consulting Alex Schepeljanski Alterdata AltisLifeFrCom Andrew Zhezherun AnyDWG Software, Inc. ARPON SYSTEMS, SA DE CV Atomi Systems, Inc. Atomix Productions ATSG Autodesk Autodesk, Inc. AVG Technologies AVM Berlin GmbH Bahagian Teknologi Maklumat, LHDN Bash Software BI BIAS Inc. Binarema, S.L. BioData Biosis, C.A. BitTorrent Inc. Bleeding Or Lost U.. Blizzard Entertainment BlueStack Systems, Inc. Borland Software Corporation BPB C-CEW SERVICE Cakewalk CANON INC. Changer CheshireCat Cisco Systems, Inc. ClearList XX CNH Global NV Company 'gora-sah' Compute Tech Micro System Co.,Ltd. Conexant System, Inc. Conexant Systems, Inc. Corel Corporation CORZO&CARRASCO Creative Labs Inc. Creative Technology Ltd. CyberLink CyberLink Corp. CyberSul Soluções em Informática LTDA. darmiles Dell Inc. Design Science, Inc. DEVGURU Co., LTD. Dexpot GbR DG0JBJ Disedig GWC S.A. DOSBox Team DT Soft Ltd Easeware EasyObdII.com Econtech JSC Electronic Arts Electronic Arts (Canada), Inc. Electronic Arts Inc. Embedded Systems Academy, Inc. Escriba Informática EZ-Soft EZB Systems, Inc. FactorySoft, Inc. Fideltronik Firebird Project Flexera Software FlulpyCrea FORTES Przedsiębiorstwo Informatyczne FreeDownloadManager.ORG Gary Henderson GBG Geek Uninstaller Gestec-Video S.L. 179 additional items are not displayed above.
Compiled Script	AutoIt v3 Script : 3, 2, 4, 9 AutoIt v3 Script: 3, 3, 8, 1
Composite Baseline	1,6,1,1,3
Debugger	0
Dist Code	PN01
File Description	.NET Framework license compiler 1C:V7 starter program (for SQL) 1C:V7 starter program (multi-user) 3DSetup Application 7 Zip v9.30 alpha x86/x64 (7z SFX archive) 7-Zip Console 7-Zip GUI 7-Zip Installer 7-Zip Reduced Standalone Console 7-Zip Standalone Console Show More 7-Zip Uninstaller 7z SFX 32-bit Active Delivery Self Extracting Front End 32-bit InstallShield Deleter. 32-bit Setup Launcher ABBYY ScreenshotReader ACDSee Full Version Installation ACTIA Driver Installer ADANICHELL TOOL UNIVERSAL V2.2 ADDSETUP MFC Application Adobe Acrobat SpeedLauncher Adobe AIR Redistribution Helper Adobe Bootstrapper for Single Installation Adobe Flash Player 9.0 r45 Adobe Photoshop CS3 AdobeQTServer Adobe Setup AIMP2 Audio Tools v2.61 ALUSNCheck AMXXPC compile.exe AntiVirus Any DWG DXF Converter Setup Aplicación MFC Transformer ArtCAM Dongle Checker AS SSD Benchmark ATSG 2017 Seminar and Bulletin Index AutoCAD component Autodesk DWF Viewer Autodesk Internal Use Only AutoHotkey Unicode 32-bit AutoPlay AutoPlay Application AutoRun AVG Setup Self-Extractor based on 7-Zip AV VCS DIAMOND 4.0.42 Demo AV Voice Changer Software 3.1.27 Awex aplikacja serwisowa Awex Service Application AWRSrv B2CAppSetup LGMobile Application Bandicam Portable BESTplayer - Sprytny odtwarzacz filmów BF2SPCC Big Kahuna Reef My Fish Screen Saver BJ Status Monitor Bloco de notas BlueStacks 4 BlueStacks Installer BNUpdate Board Printers BootUpdate Microsoft 基础类应用程序 BorangC2002 Borland Database Engine BurnCDCC - Burn a CD/DVD file image to a disc. Burnout(TM) Paradise Configuration Tool BypassCertInstaller Bíblia Sagrada Gratuita 5.1 - Corrigida e Revisada Setup C# to PHP Encryption Library Cakewalk Pro Audio Camtasia Player Canon IJ Network Scanner Selector EX2 Canon IJ Scan Utility Capture Application Capture Application (Sample) Catalyst® Control Center Launcher CDStart Module Center Microsoft 基础类应用程序 Chaipro Financial System CHCFG.exe Chicken Invaders 2 ClearList ClearTKHandle MFC Application Client do sistema de licenciamento da escriba Client Shield Setup Client VPN Cisco Componente de Cadastro de Computador Setup ComTest MFC Application ConfigureNetTimeout Conquer Clicky Contact: Your local administrator Contact: Your local administrator Convertisseur de fichiers CSV Converts units of different values Cow Hunter CreateInstall_VM_Redist_Customer Setup Creative UpdReg Cria Database Crystal Reports CS GO Changer CyberLink MediaLibray Service 311 additional items are not displayed above.
File Version	WI-V6.5.0.28 Version of a file 9.30 alpha build 1785 V1.3 Release 0.65 HOST20.11.06.04.00.03 2015.2.22.1 2007.5.3.1 2006.4.11.1 80, 1, 1, 0 51.1052.0.0 Show More 51.52.0.0 51.50.0.0 51.49.0.0 51.42.0.0 51.9.0.0 23.01 22.01 20.6.20034.366983 20.0.0.0 19.00 18.05 17.2.56.0 17.1.51.0 17.07.0065 16.04 16.02 16.0.435 16.0.400 16.0.0.1117 15.23.20053.211670 15.12 15.0.498 15.0.0.177 14.0.162 14, 0, 2, 0 14, 0, 0, 0 12.0.58851 12.0.49974 12.0.0.1 12, 2, 0, 9 11.50.0.42618 11.00.28844 11.0.59518.0 11.0.5525 11.0.5515 11.0.5510 11.0.3.126 11.0.0.1502 11.0.0.379 10.571 10.2.0.3.0 10.1r11 10.1.2.45 10.0.30319.1 built by: RTMRel 10.0.28000.1362 (WinBuild.160101.0800) 10.0.22000.653 (WinBuild.160101.0800) 10.0.19041.4355 (WinBuild.160101.0800) 10.0.19041.746 (WinBuild.160101.0800) 10.0.19041.1 (WinBuild.160101.0800) 10.0.17763.1 (WinBuild.160101.0800) 10.0.10586.0 (th2_release.151029-1700) 10.0.3026 10.0 (10.0x20070321 [20070321.m.1480 16:39:00 cutoff; m branch]) 10, 0, 0, 7 9.20 9.6.0.130 9.6.0.0 Update 1 9.3.3.2685 9.3.1.0 9.1.0.2009022700 9.03.660 9.01.429 9.00.2412 9.0.4 9.0.0.2008061200 9.0.0.1359 9,0,45,0 9,0,0,62 8.6.0.522 8.5.0.2176 8.3.0.12 8.00.0001 8.0.50727.42 (RTM.050727-4200) 8.0.5.0.0 8.0.00.6028 8.0.00.2518 8.0.0.984 8.0.0.677 8.0.0.0 8,0,22,0 8,0,0,914 8, 0, 0, 1 8 7.73.0.50 7.70.027 7.70.025 7.6.3 7.5.1004.0 7.4.0 7.03.235 268 additional items are not displayed above.
Full Version	2.0.3.1
Home Page	http://www.workingmodel.com
I S Internal Description	InstallScript Setup Launcher
I S Internal Version	18.0.329 17.0.717
Incr	0
Installation Type	Full
Installer Engine	update.exe
Installer Version	6.1.22.0
Internal Build Number	62562 77018 90563 92881 94573 99584 108642
Internal Name	1Cv7 1Cv7S 1da6p7to97j.exe 3DSetup 7z 7z.sfx 7za 7zg 7zipInstall 7zr Show More 7zS abcsound Access PassView acgge ACTIADriverInstaller.exe ADANICHELL TOOL UNIVERSAL V2.3.exe ADDSETUP Adobe Flash Player 9.0 AdobeQTServer ALUSNCheck.exe Amcap.exe ams_runtime AMXXPC compile.exe AntiVirus.exe Arcade Portables arh.exe as6A AS SSD Benchmark.exe ATDEBUG ATLJabber.exe AutoHotkey AutoPlay AutoRun AwexApp.en AwexApp.exe AWRSrv B2CAppSetup Balcao BESTplayer BF2SPCC.exe BioFaba BKRSaver Bluestacks.exe BlueStacksInstaller.exe BNUpdate BootUpdate BPrinters BrMfcStsWnd Btbzpg.exe BugReport.exe BurnCDCC BurnoutConfigTool.exe Camtasia Player CDStart Center CERTMGR.EXE CFS CHCFG.exe CHMSCFAVoting CHMView.exe CIABACK CleanUp! ClearList.exe ClearTKHandle CLIStart CLMLSvc.exe CNMSST2 CNMSTMN.EXE ComTest ConfigureNetTimeout Conquer Clicky Conteggio Date Convert ConvertInkStore.exe CowHunter Cria Database CS2PHPCryptography.dll CS GO Changer.exe CSVConv CWPAEXE CxProper.exe CyberControlClient DAEMON Tools Lite4.46.1.0327.exe darmiles DATAPUMP Data Viewer dbsys Design Software DevSetup dexpot DLT1KDZ Done.exe DongleTester dotnetinstaller.exe DriverBooster dtc_admin DTLite.exe DW DW20 DWFViewer.exe 231 additional items are not displayed above.
K B Article Number	884016
K R Copyright	MSC.Software
Legal Copyright	(c) 1996-2008 Blizzard Entertainment (c) 2002 TypingMaster Inc (c)2002-2004 Konstantinos Prouskas \| InterAction studios. All rights reserved. (c) 2002-2009 EZB Systems, Inc. (C) 2004 theorica@yahoo.com (c) 2004-2005, AMXX Development Team (c)2004/2005 BioData (C)2005 KONAMI & Konami Computer Entertainment Tokyo (c) 2006, Hewlett-Packard Development Company L.P.. All rights reserved. (c) 2009 ABBYY. All rights reserved. Show More (C) 2010-2011 Renesas Electronics Corporation (C) 2012 Flexera Software LLC (C) Copyright 2006 Waters Corporation. All rights reserved. (c) Electronic Arts. All rights reserved. (C) Ford Otomotiv Sanayii A.Ş. (C)Huawei Technologies Co., Ltd. All rights reserved (C) Maxthon. All rights reserved (c) SA International. All rights reserved. 749 1997-2005 П. Ю. Смыкалов 2000 Acoustica. All Rights Reserved. 2002-2009 S. Meyer; 2010 T. Robinson 2004 AVM GmbH. All rights reserved. 2005 Bash Software 2011 (c) Realtek Semiconductor. All rights reserved. @Copyright ACTIA 2003 ACD Systems, Ltd. Adobe Systems, Copyright 2005-2007. All rights reserved. Adobe® Flash® Player. Copyright © 1996-2007 Adobe Systems Incorporated. All Rights Reserved. Protected by U.S. Patent 6,879,327; Patents Pending in the United States and other countries. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries. AIX Copyright © 2008 Artem Izmaylov Atomi Systems, Inc. A_K_ZyZop Bahagian Teknologi Maklumat, LHDN Bernat BPB Rigips Stawiany Buhta.WS - ZeuS & MaddMaxx by Maikolik 2013 C-CEW SERVICE Conquer Clicky Contains licensed copyright material by Sybase Inc. and others. Use and distribution of Sybase copyright material and licensed material is governed by Sybase End-user License Agreement. Copyright (c) - 2003 Hanbitsoft corp. Copyright (C) 1900 Copyright (C) 1902 Copyright (c) 1982, 2006, Oracle. All rights reserved. Copyright (c) 1982-2007 by Autodesk, Inc. Copyright (c) 1982-2008 by Autodesk, Inc. Copyright (C) 1990-2000 InstallShield Software Corp Copyright (C) 1990-2001 InstallShield Software Corporation Copyright (C) 1990-2002 InstallShield Software Corporation Copyright (C) 1992-2002 Microsoft Corporation Copyright (C) 1995-2000 Jeff Miller Copyright (c) 1995-2008 Nero AG and its licensors Copyright (c) 1996-2003 Copyright (C) 1997-2003 Jordan Russell Copyright (C) 1997-2005 Jordan Russell. Portions Copyright (C) 2000-2005 Martijn Laan. Copyright (C) 1998-1999 Electronic Arts, Inc. Copyright (C) 1998-2003 Symantec Corp. All rights reserved. Copyright (C) 1998-2006 Symantec Corporation. All rights reserved. Copyright (C) 1999 Copyright (c) 1999 - 2001 Borland Software Corporation Copyright (C) 1999-2005 KYOCERA CORPORATION Copyright (c) 1999-2006 Igor Pavlov Copyright (c) 1999-2010 Igor Pavlov Copyright (c) 1999-2015 Igor Pavlov Copyright (c) 1999-2016 Igor Pavlov Copyright (c) 1999-2018 Igor Pavlov Copyright (c) 1999-2018 Igor Pavlov, 2020 Greatis Software Copyright (c) 1999-2022 Igor Pavlov Copyright (c) 1999-2023 Igor Pavlov Copyright (C) 2000 Copyright (C) 2000-2002 Acronis Copyright (C) 2000-2007 Copyright (C) 2000-2008 Copyright (C) 2001 Copyright (C) 2001-2012 Copyright (C) 2002 Copyright (c) 2002 Binarema, S.L. Copyright (C) 2003 Copyright (C) 2003 InstallShield Software Corp. Copyright (C) 2003 Samsung Electronics. Copyright (C) 2003, 2009 SPAMfighter ApS Copyright(C) 2003-2009 Copyright (C) 2003-2013 Copyright (c) 2003-2013 Glarysoft Ltd Copyright (C) 2004 Copyright (c) 2004 Electronic Arts Inc. All rights reserved. Copyright (C) 2004 Ross-Tech Europe Copyright (C) 2004-2006 Andrew Zhezherun. All rights reserved. Copyright (C) 2004-2012 Copyright(c) 2004-2013 Copyright (c) 2004-2014. All rights reserved. Copyright (C) 2005 Copyright (C) 2005 - 2012 Brother Industries, Ltd. Copyright (C) 2005 - 2017 Copyright (C) 2005 Macrovision Corporation Copyright (C) 2006 Copyright (C) 2006 Konami Digital Entertainment Co., Ltd. Copyright (C) 2006 Macrovision Corporation Copyright (C) 2006 Macrovision Corporation 245 additional items are not displayed above.
Legal Trademark	All Rights Reserved.
Legal Trademarks	2005 Bash Software 2017 ABBYY FineReader is the trademark of ABBYY Software. ABBYY FineReader is the trademark of ABBYY Software Ltd. Acronis Active Delivery is a Trademark of Inner Media, Inc. Adobe (tm), Acrobat (tm) Adobe Flash Player Alex Schepeljanski AutoPlay Media Studio is a Trademark of Indigo Rose Corporation Show More BurnCDCC C-CEW SERVICE Cakewalk is a registered trademark and Cakewalk Pro Audio is a trademark of Twelve Tone Systems, Inc. Camtasia ® is a registered trademark of TechSmith Corporation CHMlib and CHMtools are Copyright © 2001 Matthew T. Russotto. Conquer Clicky Copyright© Hewlett-Packard 2006 Corel, CorelDRAW, Corel DESIGNER, Corel R.A.V.E., Corel PHOTO-PAINT, CorelTRACE and Corel CAPTURE are trademarks or registered trademarks of Corel Corporation and/or its subsidiaries in Canada, the U.S. and/or other countries. darmiles soft Director® is a registered trademark and Shockwave(tm) is a trademark of Macromedia, Inc. DTCPRO ENWLS Flash FlulpyCrea de GUILLERMO RICARDO FLOOK FORD GBG Gestec-VideoPlayPro GNU General Public License https://www.gnu.org/licenses/gpl-3.0.html IDT PC Audio INFINITY EXE Intel Corporation IObit LEAP Office 2000 is a trademark of CDAC, Pune, INDIA . Ledware Informática Macromedia Flash Player Mail Access Checker v1.0 \| MgSofax Master Setup Launcher Microsoft® es una marca registrada de Microsoft Corporation. Windows(TM) es una marca de Microsoft Corporation. Microsoft ® is a registered trademark of Microsoft Corporation. Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation. Multi-Instrument MXM On Top n/a Pegasun System Utilities PortableAppZ is a Trademark of Bernat RealAudio(tm) is a trademark of RealNetworks, Inc. Revo Uninstaller is a trademark of VS Revo Group Setup Factory is a trademark of Indigo Rose Corporation. Still is not present SysTools Software VISON SECURYT Wacom Tablet Plugin is a trademark of Wacom Technology Corp. Ректор 3
Legal Trademarks1	Microsoft® is a registered trademark of Microsoft Corporation. إن Microsoft®‎ هي علامة تجارية مسجلة لـ Microsoft Corporation.
Legal Trademarks2	Windows® is a registered trademark of Microsoft Corporation. إن Windows®‎ هي علامة تجارية مسجلة لـ Microsoft Corporation.
Legal Trademarks3	InfoPath™ is a trademark of Microsoft Corporation in the United States and/or other countries.
Mailing Address	66 Bovet Road, Suite 200
O L E Self Register	AM20
Original File Name	DriverEasy_Setup.exe
Original Filename	1Cv7.EXE 1Cv7S.EXE 1da6p7to97j.exe 3DSetup.EXE 7z.exe 7z.sfx.exe 7za.exe 7zg.exe 7zipArch.exe 7zipInstall.exe Show More 7zr.exe 7zS.sfx abcsound.exe accesspv.exe acgge.exe AcroSpeedLaunch.exe ACTIADriverInstaller.exe ADANICHELL TOOL UNIVERSAL V2.3.exe ADDSETUP.EXE AdobeQTServer.exe ALUSNCheck.exe Amcap.exe ams_runtime.exe AntiVirus.exe App.EXE arh.exe as6A.exe AS SSD Benchmark.exe ATDEBUG.EXE ATLJabber.exe AutoHotkey.exe AutoPlay.exe AutoRun.exe AwexApp.en AwexApp.exe AWRSrv.exe B2CAppSetup.EXE BESTplayer.exe BF2SPCC.exe BioFaba.exe BKRSaver.scr Bluestacks.exe BlueStacksInstaller.exe BNUpdate.exe Bonus.ScreenshotReader.exe BootUpdate.EXE BPrinters.exe Btbzpg.exe BugReport.exe burncdcc.exe BurnoutConfigTool.exe CamPlay.exe CDStart.EXE Center.EXE CERTMGR.EXE CHCFG.exe CHMSCFAVoting.exe CHMView.exe CIABACK.exe cleanup.exe ClearList.exe ClearTKHandle.EXE CLIStart.exe CLMLSvc.exe CNMSST2.EXE CNMSTMN.EXE compile.exe ComTest.EXE ConfigureNetTimeout.exe Conquer Clicky.exe Conteggio Date.exe convert.exe ConvertInkStore.exe CowHunter.exe Cria Database CS2PHPCryptography.dll CS GO Changer.exe CSVConv.EXE CWPA.EXE CxProper.exe CyberControlClient.exe DAEMON Tools Lite4.46.1.0327.exe Data Viewer.exe dbsys.exe DevSetup.exe dexpot.exe DLGDSN32.DLL DLT1KDZ.EXE Done.exe DongleTester.EXE dotnetinstaller.exe DriverBooster.exe dtc_admin.exe DTLite.exe DW.Exe DW20.Exe DWFViewer.exe dxsetup.exe EABadge.exe EasyInfo.exe 228 additional items are not displayed above.
Others	KTDA ICT-B
Package Type	update
Private Build	0 3.0.0.0 26.10.2012 197 January 15, 2015 July 11, 2008 Build 003 n/a
Proc. Architecture	x86
Product Name	1C:V7 3DSetup Application 7 Zip v9.30 alpha 7-Zip 32-bit Active Delivery Self Extracting Front End ABBYY FineReader Access PassView ACTIA AWRSrv ACTIADriverInstaller.exe ActiveComport Show More ActivePerl ActivePresenter ADDSETUP Application Adobe Acrobat Adobe Acrobat 6.0 Professional Adobe AIR Adobe Photoshop CS3 AdobeQTServer Adobe Setup AIMP2 Audio Tools All Khmer Limons Fonts 2008 Install Program ALUSNCheck AMXXPC compile.exe AntiVirus Aplicación Transformer Arcade Portables Arpon 3000, Front Office Arquivos Auxiliares NFE TAYLOR 3.0 ArtCAM Dongle Checker AS SSD Benchmark ATSG 2017 Seminar and Bulletin Index AutoCAD Autodesk DWF Viewer Autodesk Internal AutoHotkey Autoplay AutoPlay Media Studio Runtime AVG Internet Security System Awex aplikacja serwisowa Awex Service Application B2CAppSetup LGMobile Application Bandicam Portable BESTplayer BF2SPCC BIAS Inc. SoundSoap Blizzard Update Program BlueStacks BoardPrinters Bootstrapper Small BootUpdate 应用程序 Burnout(TM) Paradise The Ultimate Box by.adanichell BypassCertInstaller Cakewalk® Pro Audio(TM) Camtasia Studio Canon BJ Raster Printer Driver for Microsoft Windows XP / Windows 2000 Canon IJ Network Scanner Selector EX2 for Microsoft Windows Canon IJ Scan Utility Catalyst® Control Center CDStart Module Center 应用程序 Chaipro financial system CHCFG.exe Chicken Invaders 2 CHMSCFAVoting Cisco Systems VPN Client ClearList ClearTKHandle Application Client Shield CNH Electronic Service Tool Quick Update Componente de Cadastro de Computador ComTest Application Conexant HDAudio Conexant Modem Driver Conquer Clicky Conteggio Date ControlCenter Convert Corel Corporation Registration Corel Graphics Applications Cow Hunter CreateInstall_VM_Redist_Customer Creative Updreg Cria Database CS2PHPCryptography CS GO Changer CSVConv Application CyberLink MediaLibray Service CyberSul Solution 3 DAEMON Tools Lite Datascan Clarity [AS6A] Data Viewer Davinci Unlimited Gold Dbsys en Español Defend Center Dell Support Tools Design Software DevSetup Application Dexpot Director MX 2004 295 additional items are not displayed above.
Product Version	Version of a product 9.30 alpha Version 1.26.0 Version 1.24.4 V1.3 Release 0.65 R526 HOST20.11.06.04.00.03 CS3 Build 631 2007.4.29.1 Show More 80, 1, 1, 0 23.01 22.01 20.6.20034.366983 20.0.0.0 19.00 18.05 17.2.56.0 17.1.51.0 17.07.0065 16.1.3.126 16.04 16.02 16.0.0.1117 16.0 15.23.20053.211670 15.12 15.0.0.177 15.0 14.0 14, 0, 2, 0 14, 0, 0, 0 12.0.0.1 12.0 12.0 12, 2, 0, 9 11.50.0.42618 11.00 11.0.59518.0 11.0.5525 11.0.5515 11.0.5510 11.0.0.1502 11.0.0.379 10.571 10.2.0.3.0 10.1.2.45 10.1 10.0.30319.1 10.0.28000.1362 10.0.22000.653 10.0.19041.4355 10.0.19041.746 10.0.19041.1 10.0.17763.1 10.0.10586.0 10.0.3026 10.0.1 10, 0, 0, 0 9.20 9.6.0.130 9.6.0.0 Update 1 9.3.3.2685 9.3.1.0 9.1.5 9.1.0.2009022700 9.03.660 9.01 9.00.2412 9.00 9.0.4 9.0.0.2008061200 9.0.0.1359 9,0,45,0 9,0,0,62 8.3.0.12 8.00.0001 8.0.50727.42 8.0.00.6028 8.0.00.2518 8.0.0.984 8.0.0.677 8.0.0.0 8,0,22,0 8,0,0,914 8, 0, 0, 1 8 7.73.0.50 7.70.027 7.70.025 7.6.3 7.5.1004.0 7.4.0 7.0.2.1910 7.0.2 7.0.0.928 7, 2, 1, 0 7, 01 7, 00 7,0,19,0 245 additional items are not displayed above.
Self- Extractor Version	SFXCAB v6.1.6.0
Special Build	2, 10, 6, 4 3.0.0.0 197 Free Issue n/a NDRC Only for users 'oszone.net' 😉 STABLE stable34 stable
Summit Copyright	Portions © 1992-1996 Summit Software
Support Link	"http://go.microsoft.com/fwlink/?LinkId=33342"
Version	1.00Bj 1.00Ab
W D Version	18.0 14.0
Z I P Code	San Mateo, CA 94402
Ht	Copyright © 2025
Name	Synthar.cc.exe
䘀椀氀攀䐀攀猀挀爀椀瀀琀椀漀渀	吀爀愀挀攀爀
䘀椀氀攀嘀攀爀猀椀漀渀	㄀⸀㘀
䤀渀琀攀爀渀愀氀一愀洀攀	吀爀愀挀攀爀
䰀攀最愀氀䌀漀瀀礀爀椀最栀琀	㈀　　㌀ⴀ㈀　㄀㌀
伀爀椀最椀渀愀氀䘀椀氀攀渀愀洀攀	吀爀愀挀攀爀⸀攀砀攀
倀爀漀搀甀挀琀一愀洀攀	吀爀愀挀攀爀
倀爀漀搀甀挀琀嘀攀爀猀椀漀渀	㄀⸀㘀

Digital Signatures

Signer	Root	Status
AGILSOFT	AGILSOFT	Self Signed
Adobe Systems, Incorporated	Adobe Systems, Incorporated	Hash Mismatch
win.rar GmbH	COMODO RSA Certification Authority	Hash Mismatch
D. J. Automação Comercial Ltda. - ME.	COMODO RSA Code Signing CA	Hash Mismatch
Adobe Systems Incorporated	Class 3 Public Primary Certification Authority	Hash Mismatch

Creative Labs Inc	Class 3 Public Primary Certification Authority	Hash Mismatch
Realtek Semiconductor Corp	Class 3 Public Primary Certification Authority	Hash Mismatch
Renesas Electronics Corporation	Class 3 Public Primary Certification Authority	Hash Mismatch
Valve Corporation	Class 3 Public Primary Certification Authority	Hash Mismatch
Dell Inc.	Dell Inc. Enterprise CA	Hash Mismatch
Adobe Inc.	DigiCert EV Code Signing CA (SHA2)	Hash Mismatch
OpenVPN Technologies, Inc.	DigiCert High Assurance Code Signing CA-1	Hash Mismatch
PassMark Software Pty Ltd	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
elform - elektronisches Formular Management - GmbH	DigiCert SHA2 Assured ID Code Signing CA	Self Signed
SHANGHAI WINGTECH ELECTRONICS TECHNOLOGY CO.LTD	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Easeware Technology Limited	DigiCert Trusted Root G4	Hash Mismatch
Intel Corporation - pGFX	Equifax Secure Certificate Authority	Hash Mismatch
Disc Soft Ltd	GlobalSign CodeSigning CA - G2	Hash Mismatch
MOSER INFORMATICA LTDA - EPP	GlobalSign CodeSigning CA - G2	Hash Mismatch
Power Software Ltd	GlobalSign CodeSigning CA - G2	Hash Mismatch
Elaborate Bytes AG	GlobalSign CodeSigning CA - SHA256 - G2	Hash Mismatch
苏州创意云网络科技有限公司	Go Daddy Secure Certificate Authority - G2	Hash Mismatch
Microsoft Corporation	Microsoft Code Signing PCA	Hash Mismatch
Microsoft Corporation	Microsoft Root Authority	Hash Mismatch
Microsoft Windows 2000 Publisher	Microsoft Root Authority	Hash Mismatch
Atomi Systems Inc.	SSL.com EV Code Signing Intermediate CA RSA R3	Hash Mismatch
CrystalBit Solutions	Sectigo RSA Code Signing CA	Hash Mismatch
AutoComSoft s.r.o.	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch
TeamViewer	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch
Algotec Systems LTD	Thawte Code Signing CA	Hash Mismatch
Cisco Systems, Inc.	Thawte Code Signing CA	Hash Mismatch
Macrovision Corporation	Thawte Code Signing CA	Hash Mismatch
SPAMfighter ApS	Thawte Code Signing CA - G2	Hash Mismatch
Design Science, Inc.	Thawte Server CA	Hash Mismatch
InstallShield Software Corporation	Thawte Server CA	Hash Mismatch
win.rar GmbH	UTN-USERFirst-Object	Hash Mismatch
ABBYY SOLUTIONS LIMITED	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Adobe Systems Incorporated	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Adobe Systems, Incorporated	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Autodesk, Inc	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Autodesk, Inc.	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Corel Corporation	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
CyberLink	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Electronic Arts	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Google Inc.	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Hewlett Packard	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Lenovo Information Products (Shenzhen) Co.,Ltd	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Nero AG	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
PopCap Games	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
SafeNet, Inc.	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Symantec Corporation	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
The Codemasters Software Company Limited	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
U3 LLC	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Sun Microsystems, Inc.	VeriSign Class 3 Code Signing 2009 CA	Hash Mismatch
Adobe Systems Incorporated	VeriSign Class 3 Code Signing 2009-2 CA	Hash Mismatch
Adobe Systems, Incorporated	VeriSign Class 3 Code Signing 2009-2 CA	Hash Mismatch
DT Soft Ltd	VeriSign Class 3 Code Signing 2009-2 CA	Hash Mismatch
Piriform Ltd	VeriSign Class 3 Code Signing 2009-2 CA	Hash Mismatch
Auto-M3 Kft.	VeriSign Class 3 Code Signing 2010 CA	Hash Mismatch
IObit Information Technology	VeriSign Class 3 Code Signing 2010 CA	Hash Mismatch
SA International	VeriSign Class 3 Code Signing 2010 CA	Hash Mismatch
SEIKO EPSON CORPORATION	VeriSign Class 3 Code Signing 2010 CA	Hash Mismatch
TeamViewer	VeriSign Class 3 Code Signing 2010 CA	Hash Mismatch
AVG Technologies CZ, s.r.o.	VeriSign Class 3 Public Primary Certification Authority - G5	Hash Mismatch
Adobe Systems Incorporated	VeriSign Class 3 Public Primary Certification Authority - G5	Hash Mismatch
Canon Inc.	VeriSign Class 3 Public Primary Certification Authority - G5	Hash Mismatch
CyberLink	VeriSign Class 3 Public Primary Certification Authority - G5	Hash Mismatch
LG Electronics	VeriSign Class 3 Public Primary Certification Authority - G5	Hash Mismatch
NVIDIA Corporation	VeriSign Class 3 Public Primary Certification Authority - G5	Hash Mismatch
上海迈微软件科技有限公司	VeriSign Class 3 Public Primary Certification Authority - G5	Hash Mismatch
北京思普瑞特科技发展有限公司	VeriSign Class 3 Public Primary Certification Authority - G5	Hash Mismatch
gora sah	gora sah	Hash Mismatch
Interezen Co.,Ltd	thawte Primary Root CA	Hash Mismatch
Raptr, Inc	thawte Primary Root CA	Hash Mismatch
RENAULT SAS	thawte SHA256 Code Signing CA - G2	Hash Mismatch

File Traits

$Id: UPX
.adata
.aspack
.NET
.sdata
.UPX
00 section
2+ executable sections
7-zip (In Overlay)
7-zip Installer

7-zip SFX
Agile.net
AMS
ASPack v2.12
AutoHK
Autoit
Badsig nsis
big overlay
CAB (In Overlay)
CAB SFX
Confuser
CreateThread
CryptUnprotectData
dll
Fody
fptable
GenKrypt
Gentee
GetConsoleWindow
Goliath
HighEntropy
imgui
Inno
InnoSetup Installer
Installer Manifest
Installer Version
InstallShield Installer
MZ (In Overlay)
NewLateBinding
nosig nsis
No Version Info
ntdll
Nullsoft Installer
packed
PECompact v2.20
RAR (In Overlay)
RARinO
Reactor
RijndaelManaged
Run
SusSec
upx
UPX!
UPX x64
vb6
VirtualAllocExNuma
VirtualQueryEx
virut
Wextract
WinRAR SFX
WinZip SFX
Wise
WixToolset Installer
WRARSFX
WriteProcessMemory
x64
x86
ZIP (In Overlay)
ZIPinO
zlib (In Overlay)
zlib overlay

Block Information

Total Blocks:	1,680
Potentially Malicious Blocks:	0
Whitelisted Blocks:	1,628
Unknown Blocks:	52

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

AdGazelle.A
Agent.ACB
Agent.DFSH
Agent.DGFB
Agent.EDA

Agent.EN
Agent.FDJ
Agent.FL
Agent.FSB
Agent.FX
Agent.HGG
Agent.LA
Agent.LPC
Agent.M
Agent.MAJ
Agent.MBB
Agent.MH
Agent.MI
Agent.MU
Agent.OFHA
Agent.TU
Agent.XAE
Agent.XDF
Agent.XFC
Agent.XXS
Agent.YTB
Allaple.E
Alman.B
Alman.C
Autoit
Autorun.LA
Autorun.SA
Autorun.X
BHO.FS
BadJoke.FH
BadJoke.XA
Badda.A
Bancteian.B
Banker.FD
Banker.G
Banker.GF
Banker.LH
Banker.MA
Banker.R
Banload.XA
Banload.XL
Barys.G
Bitcoinminer.FD
Chapak.HBVA
Chapak.HBX
CobaltStrike.GI
CobaltStrike.GIA
Convagent.I
ConvertAd.RA
Crack.K
Crytex.B
DLLHijack.F
Danabot.DI
DarkKomet.H
Delf.Agent.F
Delf.E
Delf.EA
Delf.OD
Delf.XB
Detroie.A
DialupPass.A
Downloader.Agent.EG
Downloader.Agent.XC
Downloader.Agent.XG
Downloader.I
Draobo.A
Dropper.Delf.CD
Dropper.Delf.CF
Dzan.A
Ekstak.AN
Emotet.CDA
Emotet.GFA
Emotet.REQ
Emotet.UA
Emotet.ZFA
Expiro.C
Expiro.KA
Expiro.MA
Expiro.P
FakeAV.AU
FakeAV.EC
Farfli.AG
Farfli.AV
Farfli.KA
Farfli.LE
Floxif.D
Floxif.E
Gamehack.HCE
Gamehack.HKCE
Gamehack.LCG
Gamehack.LCY
Gamehack.PDFA
Gamehack.YF
Gametool.DB
Gametool.FB

160 additional families are not displayed above.

Files Modified

File	Attributes
\\	Generic Read,Write Data,Write Attributes,Write extended,Append data
\\	Synchronize,Write Attributes
\device\harddisk0\dr0	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\msetup4_exec_pipe	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ie0lso7.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ie0lso7.exe	Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ijkdrh7.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ijkdrh7.exe	Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ivz02qf.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ivz02qf.exe	Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$re0lso7.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$re0lso7.exe	Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$rjkdrh7.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$rjkdrh7.exe	Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$rvz02qf.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$rvz02qf.exe	Synchronize,Write Attributes
c:\1c56957d47d454eb39a20c2ad3\$shtdwn$.req	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\1c56957d47d454eb39a20c2ad3\cscript.exe	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\dispex.dll	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\jscript.dll	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\scripten.inf	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\scrobj.dll	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\scrrun.dll	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\spmsg.dll	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\spuninst.exe	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\update\eula.txt	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\update\scripten.cat	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\update\spcustom.dll	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\update\temp\shsandbox-win32.dll-5.22.1.9999-x86.dmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\1c56957d47d454eb39a20c2ad3\update\update.exe	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\update\update.inf	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\update\update.ver	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\update\updspapi.dll	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\vbscript.dll	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\wscript.exe	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\wscript.hlp	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\wshcon.dll	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\wshext.dll	Generic Write,Read Attributes
c:\1c56957d47d454eb39a20c2ad3\wshom.ocx	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\$shtdwn$.req	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\4bc93f095b6cac74a5322b83\1028\eula.rtf	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1028\localizeddata.xml	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1028\setupresources.dll	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1031\eula.rtf	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1031\localizeddata.xml	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1031\setupresources.dll	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1033\eula.rtf	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1033\localizeddata.xml	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1033\setupresources.dll	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1036\eula.rtf	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1036\localizeddata.xml	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1036\setupresources.dll	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1040\eula.rtf	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1040\localizeddata.xml	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1040\setupresources.dll	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1041\eula.rtf	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1041\localizeddata.xml	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1041\setupresources.dll	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1042\eula.rtf	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1042\localizeddata.xml	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1042\setupresources.dll	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1049\eula.rtf	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1049\localizeddata.xml	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\1049\setupresources.dll	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\2052\eula.rtf	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\2052\localizeddata.xml	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\2052\setupresources.dll	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\3082\eula.rtf	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\3082\localizeddata.xml	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\3082\setupresources.dll	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\dhtmlheader.html	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\displayicon.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\print.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\rotate1.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\rotate2.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\rotate3.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\rotate4.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\rotate5.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\rotate6.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\rotate7.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\rotate8.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\save.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\setup.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\stop.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\sysreqmet.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\sysreqnotmet.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\graphics\warn.ico	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\header.bmp	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\parameterinfo.xml	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\setup.exe	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\setupengine.dll	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\setupui.dll	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\setupui.xsd	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\splashscreen.bmp	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\sqmapi.dll	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\strings.xml	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\uiinfo.xml	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\vc_red.cab	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\vc_red.msi	Generic Write,Read Attributes
c:\4bc93f095b6cac74a5322b83\watermark.bmp	Generic Write,Read Attributes
c:\4ea8.tmp\citycon.cfg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4ea8.tmp\citycon.zip	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4ea8.tmp\default.cfg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4ea8.tmp\launch.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4ea8.tmp\mame.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4ea8.tmp\mame.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\56a678362360f34f8afa429eaed892\$shtdwn$.req	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\56a678362360f34f8afa429eaed892\program files\microsoft visual studio 10.0\csetupmm\selfblock_text.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\readme.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\addinfoband.gif	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\adlist.ini	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\admin_ban.bmp	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\adminmodeinfo.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\adminreadme.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\admintoolinfo.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\banner.bmp	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\banner_blank.bmp	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\baseline.dat	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\big-info.png	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\blockmsi_text.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\blockwic_text.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\bluerule.gif	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\bullet.png	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\deffactory.dat	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\deletetemp.exe	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\dividerart.jpg	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\dlmgr.dll	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\failed.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\gencomp.dll	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\greenrule.gif	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\htmllite.dll	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\ia64block_text.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\info-icon.png	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\install2.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\install_button.png	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\large_information.bmp	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\license.txt	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\locdata.ini	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\maint_ban.bmp	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\office2003_help.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\office2003_text.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\pidgenx.dll	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\pkconfig.xrm-ms	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\readme.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\redrule.gif	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\rmt9x.mst	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\securitynotes.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\selfblock_text.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\setup.exe	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\setup.sdb	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\setupres.dll	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\sitsetup.dll	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\smallfail.gif	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\smallsuccess.gif	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\sqmapi.dll	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\styles.css	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\uninstall1.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\uninstall2.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\upgrade.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\usercancelled.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\vs70pgres.dll	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\vs70pgui.dll	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\vs70uimgr.dll	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\vs_setup.dll	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\vs_setup.ms_	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\vs_setup.pdi	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\vsbasereqs.dll	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\vsscenario.dll	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\watermark.bmp	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\windowssp_requirements.htm	Generic Write,Read Attributes
c:\56a678362360f34f8afa429eaed892\setup\windowsupdate_required_text.htm	Generic Write,Read Attributes
c:\6ae5701f36faa24ffb5618b7ffb05fefa8785f00_0000486400	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\78cc126ef250b41fb5\$shtdwn$.req	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\78cc126ef250b41fb5\1028\eula.rtf	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1028\localizeddata.xml	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1028\setupresources.dll	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1031\eula.rtf	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1031\localizeddata.xml	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1031\setupresources.dll	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1033\eula.rtf	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1033\localizeddata.xml	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1033\setupresources.dll	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1036\eula.rtf	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1036\localizeddata.xml	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1036\setupresources.dll	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1040\eula.rtf	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1040\localizeddata.xml	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1040\setupresources.dll	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1041\eula.rtf	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1041\localizeddata.xml	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1041\setupresources.dll	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1042\eula.rtf	Generic Write,Read Attributes
c:\78cc126ef250b41fb5\1042\localizeddata.xml	Generic Write,Read Attributes

2816 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::1	Z1扔癲牢歯B 뻯.Tbrvbrok	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::0	\1坛㰨佄啃䕍ㅾD 뻯啫嬯夸匹.蚣샒documents	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots	ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::nodeslot		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::mrulistex		RegNtPreCreateKey

HKCU\local settings\software\microsoft\windows\shell\bags\132\shell::sniffedfoldertype	Documents	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications		RegNtPreCreateKey
HKCU\software\alujnancfcu\0::0	⭫	RegNtPreCreateKey
HKCU\software\alujnancfcu\0::0		RegNtPreCreateKey
HKCU\software\alujnancfcu\0::0	#	RegNtPreCreateKey
HKCU\software\alujnancfcu\0::0	Á	RegNtPreCreateKey
HKCU\software\alujnancfcu\0::0	http://cuisinedespasdoues.free.fr/logo.pnghttp://www.dcccz.co	RegNtPreCreateKey
HKCU\software\alujnancfcu\0::0		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_0	闈툳	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_0	ᣍ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_0	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_0		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_1	ꁭ텝	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_1	⊃	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_1	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_1		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_2	ꝁ牌	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_2	Ỷ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_2	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_2		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_3	Ꮩ锆	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_3	ά	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_3	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_3		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_4	ﶾ竖	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_4	ᷗ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_4	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_4		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_5	費鰞	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_5	⌭	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_5	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_5		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_6	䮲﷿	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_6	ᩣ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_6	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_6		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_7	啍뇐	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_7	῕	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_7	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_7		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_8	⋁妴	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_8	ᷫ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_8	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_8		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_9	潔☙	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_9	ᤷ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_9	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_9		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_10	킯Ď	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_10	៧	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_10	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_10		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_11	읭⺚	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_11	᷽	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_11	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_11		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_12	术	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_12	ᚼ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_12	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_12		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_13	꥟Ǒ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_13	᯿	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_13	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_13		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_14	❕ﯩ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_14	᨜	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_14	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_14		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_15	繖陘	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_15	᚛	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_15	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_15		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_16	Ľٛ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_16	ᦛ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_16	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_16		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_17	ﺾ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_17	ភ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_17	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_17		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_18	ꖲ౲	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_18	Ꮏ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_18	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_18		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_19	譶傣	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_19	⏓	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_19	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_19		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_20	뽓῰	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_20	ᦚ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_20	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_20		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_21	Ꮎ陼	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_21	᨜	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_21	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_21		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_22	젅	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_22	⁋	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_22	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_22		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_23	茵	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_23	ᤠ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_23	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_23		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_24	䫄	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_24	᰿	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_24	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_24		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_25	륕≟	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_25	Ỗ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_25	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_25		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_26	ټ햷	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_26	ᥓ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_26	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_26		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_27	╤ᔂ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_27	᨟	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_27	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_27		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_28	歖≧	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_28	ᙶ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_28	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_28		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_29	軈卼	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_29	᧝	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_29	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_29		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_30	豆	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_30	Ჾ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_30	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_30		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_31	뺾爳	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_31	Ჾ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_31	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_31		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_32	ᒽ艇	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_32	᠘	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_32	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_32		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_33	衙含	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_33	᜕	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_33	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_33		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_34	⡙⌣	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_34	ᠭ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_34	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_34		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_35	虏鮡	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_35	⍷	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_35	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_35		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_36		RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_36	᪅	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_36	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_36		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_37	祿麐	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_37	ᡦ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_37	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_37		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_38	㪞෗	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_38	ᤠ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_38	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_38		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_39	噘噈	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_39	ᨗ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_39	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_39		RegNtPreCreateKey
HKCU\software\alujnancfcu::m1_40	툟衾	RegNtPreCreateKey
HKCU\software\alujnancfcu::m2_40	ᕉ	RegNtPreCreateKey
HKCU\software\alujnancfcu::m3_40	権ă	RegNtPreCreateKey
HKCU\software\alujnancfcu::m4_40		RegNtPreCreateKey

17190 additional registry modifications are not displayed above.

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory ZwMapViewOfSection
Process Shell Execute	CreateProcess ShellExecute ShellExecuteEx WinExec WriteConsole
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserNameEx GetUserObjectInformation
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent NtQuerySystemInformation OutputDebugString
Syscall Use	ntdll.dll!NtAcceptConnectPort ntdll.dll!NtAccessCheck ntdll.dll!NtAccessCheckByType ntdll.dll!NtAddAtomEx ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAllocateUuids ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx Show More ntdll.dll!NtAlpcCreatePort ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeletePortSection ntdll.dll!NtAlpcDeleteSectionView ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcImpersonateClientOfPort ntdll.dll!NtAlpcOpenSenderThread ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareObjects ntdll.dll!NtCompareSigningLevels ntdll.dll!NtCompleteConnectPort ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePort ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetContextThread ntdll.dll!NtGetWriteWatch ntdll.dll!NtImpersonateAnonymousToken ntdll.dll!NtLoadKeyEx ntdll.dll!NtLockFile ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtNotifyChangeMultipleKeys ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenPrivateNamespace ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject 153 additional items are not displayed above.
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Process Terminate	TerminateProcess
Keyboard Access	GetAsyncKeyState GetKeyState
Network Winsock2	WSASocket WSAStartup WSAttemptAutodialName
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen
Network Winhttp	WinHttpOpen
Network Winsock	bind closesocket freeaddrinfo getaddrinfo gethostbyname gethostname getsockname inet_addr setsockopt socket
Network Info Queried	GetAdaptersAddresses GetNetworkParams
Service Control	ControlService OpenSCManager OpenService StartServiceCtrlDispatcher
Network Urlomon	URLDownloadToFile
Cert Store Read	CertEnumCertificatesInStore CertOpenStore

Shell Command Execution


							c:\users\user\downloads\e017f9cb8f6473da8b2649c95a8097e0ac2ed78a_0000107512.exe  -deleter


							"C:\Users\Siilrabx\AppData\Local\Temp\pft9B6~tmp\SETUP.EXE" /SMS


							C:\Users\Siilrabx\AppData\Local\Temp\_ISTMP1.DIR\_INS5176._MP


							C:\Windows\SysWOW64\InstallShield\_ISDEL.EXE


							"C:\Users\Flsjacse\AppData\Local\Temp\is-UHEJL.tmp\86a167dafe35b58a1661d5c9c5cbc4c08a0ae8c8_0001865995.tmp" /SL5="$50182,1620339,56832,c:\users\user\downloads\86a167dafe35b58a1661d5c9c5cbc4c08a0ae8c8_0001865995.exe"


									(NULL) C:\Users\Udlwngag\AppData\Local\Temp\RarSFX0\KeyboardTest\KeyboardTest.exe


									(NULL) C:\Users\Uanothsr\AppData\Local\Temp\RarSFX0\Virus Shortcut Remover v3.exe


									"cmd.exe" /c schtasks /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Etxulvqc\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Etxulvqc\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									"cmd.exe" /c timeout 5 >nul && del "c:\users\user\downloads\2b3738e96a40412a7152e726634d45bef1091701_0000143872"


									C:\WINDOWS\system32\timeout.exe timeout  5


									"cmd.exe" /c schtasks /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Tlhilcuz\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Tlhilcuz\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									"cmd.exe" /c timeout 5 >nul && del "c:\users\user\downloads\702b31f51616c4435272f83a2156636088e4bc63_0000143872"


									C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c cls


									"cmd.exe" /c schtasks /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Piokmrqq\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Piokmrqq\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									"cmd.exe" /c timeout 5 >nul && del "c:\users\user\downloads\81e5ebe5e957a6f7bb8fe0632615bc2108946e34_0000143872"


									"cmd.exe" /c schtasks /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Wrzfrbvj\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Wrzfrbvj\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									"cmd.exe" /c timeout 5 >nul && del "c:\users\user\downloads\86419e4c7cb1d4722bc4a72aa177e2ff61e957aa_0000143872"


									"C:\Users\Tcwtkhmb\AppData\Local\Temp\is-045EL.tmp\193d5e5b24dcf3d6b41e2a85eeae7f44c876293a_0001026573.tmp" /SL5="$5014C,763763,56832,c:\users\user\downloads\193d5e5b24dcf3d6b41e2a85eeae7f44c876293a_0001026573"


									C:\Users\Xvucaiyf\AppData\Local\Temp\IXP000.TMP\msiinst.exe /i instmsi.msi MSIEXECREG=1 /m /qb+!


									cmd /c reg add HKCU\software\microsoft\windows\currentversion\run /v Updates /t REG_SZ /d D:\Updates.exe /f


									cmd /c reg add HKCU\software\microsoft\windows\currentversion\run /v Backup /t REG_SZ /d D:\Backup.exe /f


									tskill reg


									D:\Updates.exe


									C:\WINDOWS\system32\reg.exe reg  add HKCU\software\microsoft\windows\currentversion\run /v Backup /t REG_SZ /d D:\Backup.exe /f


									C:\WINDOWS\system32\reg.exe reg  add HKCU\software\microsoft\windows\currentversion\run /v Updates /t REG_SZ /d D:\Updates.exe /f


									WriteConsole: The operation co


									"C:\Users\Vnfaxkmg\AppData\Local\Temp\is-7N2O7.tmp\e8141f1b093031e31b729289163d84c619e722f7_0002053776.tmp" /SL5="$40222,1665778,54272,c:\users\user\downloads\e8141f1b093031e31b729289163d84c619e722f7_0002053776"


									c:\users\user\downloads\DRVSETUP64\DRVSETUP64.EXE


									c:\users\user\downloads\7c96a9efb5f797fefbe7e37a4f327a4cb1434103_0000098296  -deleter


									C:\Users\Syuhvuhx\AppData\Local\Temp\IXP000.TMP\RSS_EN~1.EXE itdef its ile


									nst4A16.tmp /DOIT


									MSIEXEC.EXE /i "C:\Users\Nyavgnmj\AppData\Local\Temp\{402996B6-A282-4F0F-A037-A6F5F5026AF1}\IBAK Video Filter Collection.msi"  SETUPEXEDIR="c:\users\user\downloads"


									cmgr.exe


									c:\users\user\downloads\75d0d2800d36a697f29f1ec3be237dad761ada55_0000102912  -deleter


									c:\users\user\downloads\72154185c377f55eedcee1e65f95cc622768019b_0000107520  -deleter


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\828ac619f3b2449ab6723e2a397b8169068e5615_0000949760.,LiQMAxHB


									"C:\Users\Pfvavuyi\AppData\Local\Temp\is-0MSH0.tmp\2beac0ed59e65441384fd8cc300700f199f5e1c7_0004964947.tmp" /SL5="$20226,3981467,875520,c:\users\user\downloads\2beac0ed59e65441384fd8cc300700f199f5e1c7_0004964947"


									C:\Users\Swjcowia\AppData\Local\Temp\IXP000.TMP\msiinst.exe /i instmsi.msi MSIEXECREG=1 /m /qb+!


									open http://java.com/download


									c:\users\user\downloads\6b0e820ee477c9a5e096d0c8358035dd62eb8660_0000116880  -deleter


									"C:\Users\Qjitdxvn\AppData\Local\Temp\is-CPAA7.tmp\3163d6e0bfa894f2edcbce18e26abbceba0285d9_0009912477.tmp" /SL5="$40042,9484847,477184,c:\users\user\downloads\3163d6e0bfa894f2edcbce18e26abbceba0285d9_0009912477"


									c:\users\user\downloads\75207be7d42d9dc9dd3bc9d22b5e51c3697e56af_0000107512  -deleter


									"C:\Users\Nahvsmfj\AppData\Local\Temp\pftBE1F.tmp\Disk1\Setup.exe"


									"C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe" -RegServer


									"MOM"


									"C:\Users\Bshsjfyv\AppData\Local\Temp\is-BRTN5.tmp\2f3f471a1c739d3bf08c5dadb6ce105898eccea2_0002993800.tmp" /SL5="$50028,2257507,771584,c:\users\user\downloads\2f3f471a1c739d3bf08c5dadb6ce105898eccea2_0002993800"


									nst28B2.tmp /DOIT


									"C:\Users\Jsouqdut\AppData\Local\Temp\nst28A2.tmp\A~NSISu_.tmp" /DOIT _=C:\Users\Jsouqdut\AppData\Local\Temp\nst28A2.tmp


									c:\78cc126ef250b41fb5\Setup.exe


									c:\78cc126ef250b41fb5\DW\DW20.exe  "c:\78cc126ef250b41fb5\DW\DW20.exe" -x -s 884


									C:\Users\Uiveifdw\AppData\Local\Temp\GLBFB93.tmp C:\Users\Uiveifdw\AppData\Local\Temp\GLBFB93.tmp 4736 c:\users\user\DOWNLO~1\E99B04~1


									msiexec /i vcredist.msi


									(NULL) sHelper.exe -error -path="C:\Users\Terdjanr\AppData\Local\Temp\tmp4A02.tmp"


									"C:\Users\Vbsmsjvw\AppData\Local\Temp\is-S8OML.tmp\21d105dea21365ffc9f324858ef68af39550abb3_0001390243.tmp" /SL5="$5025A,1005794,119296,c:\users\user\downloads\21d105dea21365ffc9f324858ef68af39550abb3_0001390243"


									c:\eb5c1402ff52d8b09fbfbac3\.\install.exe


									"C:\Users\Rhclxunu\AppData\Local\Temp\VSD31E5.tmp\dotnetfx\dotnetchk.exe"


									open \4EA8.tmp\Launch.bat


									c:\4EA8.tmp\mame.exe mame.exe  citycon.zip


									virtualdj.exe "virtualdj.exe" crash


									cue.exe "cue.exe" crash


									virtualvinyl.exe "virtualvinyl.exe" crash


									virtualdj_trial.exe "virtualdj_trial.exe" crash


									pcdjvj.exe "pcdjvj.exe" crash


									cue_le.exe "cue_le.exe" crash


									cue_trial.exe "cue_trial.exe" crash


									uuprog.dll (NULL)


									C:\Users\Vqvfmqnc\AppData\Local\Temp\15324582.exe


									C:\Users\Vqvfmqnc\AppData\Local\Temp\0F0A1179.exe


									.\winvnc.exe


									open C:\Users\Xaclwlyp\AppData\Local\Temp\DataCard_Setup64.exe TRUE c:\users\user\downloads C:\Users\Xaclwlyp\AppData\Local\Temp\Dat4D10.tmp\


									c:\users\user\downloads\110b353a7ca2f86f9a2f43315e1b3ad9975f95eb_0000144384  -deleter


									c:\users\user\downloads\368e49a0473afe8b7015b71e695e412e0acb32d4_0000120616 -deleter


									MSIEXEC.EXE /i "C:\WINDOWS\Downloaded Installations\{E6C38A06-1730-4A6F-B5E8-02AF21A4CB45}\Sentinel Protection Installer 7.4.0.msi"  SETUPEXEDIR="c:\users\user\downloads"


									open http://jdl.sun.com/webapps/getjava/BrowserRedirect?locale=pt_BR


									"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://jdl.sun.com/webapps/getjava/BrowserRedirect?locale=pt_BR


									c:\1c56957d47d454eb39a20c2ad3\update\update.exe


									"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /target:exe /out:"C:\Users\Mecqslju\AppData\Local\Temp\fe02fe47249ac917bd4bfac5a9b8210e946a9d59_0003934240.exe" "C:\Users\Mecqslju\AppData\Local\Temp\guardian_src_d1c3ef9c222f4d159af97bc84e546ff8.cs"


									C:\Users\Xynyxjqq\AppData\Local\Temp\6AB24A11.exe


									C:\Users\Xynyxjqq\AppData\Local\Temp\2C10520B.exe


									"C:\Users\Uimlwzyz\AppData\Local\Temp\is-D7LT3.tmp\is-E6HJB.tmp" /SL4 $80128 c:\users\user\downloads\b676783da810b128c21c2ec4bffeb2a248803539_0002723551 2507939 50688


									"C:\Users\Rzetwcus\AppData\Local\Temp\is-1KU7J.tmp\is-MH1PN.tmp" /SL4 $50296 c:\users\user\downloads\d56250162bffac9310a176e709a88cc69cf758a7_0000298326 51200 0


									C:\Users\Pawyrmfk\AppData\Local\Temp\PicasaUpdater_4287.exe "C:\Users\Pawyrmfk\AppData\Local\Temp\PicasaUpdater_4287.exe" /CALLER "c:\users\user\downloads\520dd662c3093608a7f8b51e2aa34a0735538931_0009573880"


									(NULL) C:\Users\Pawyrmfk\AppData\Local\Temp\PicasaUpdater_4287.exe /CALLER "c:\users\user\downloads\520dd662c3093608a7f8b51e2aa34a0735538931_0009573880"


									C:\Users\Pawyrmfk\AppData\Local\Temp\PicasaUpdater_47e6.exe "C:\Users\Pawyrmfk\AppData\Local\Temp\PicasaUpdater_47e6.exe" /CALLER "c:\users\user\downloads\520dd662c3093608a7f8b51e2aa34a0735538931_0009573880"


									(NULL) C:\Users\Pawyrmfk\AppData\Local\Temp\PicasaUpdater_47e6.exe /CALLER "c:\users\user\downloads\520dd662c3093608a7f8b51e2aa34a0735538931_0009573880"


									c:\temp\ext36962\hotfix.exe


									C:\Users\Qfodqgyn\AppData\Local\Temp\1D1D3935.exe


									C:\Users\Qfodqgyn\AppData\Local\Temp\58C1412F.exe


									(NULL) C:\Users\Aggymwnl\AppData\Local\Temp\RarSFX0\cleantool.exe


									C:\Users\Dzymsnqq\AppData\Local\Temp\geek64.exe


									open http://www.java.com/pt_BR/download/windows_manual.jsp


									"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://www.java.com/pt_BR/download/windows_manual.jsp


									c:\56a678362360f34f8afa429eaed892\setup\setup.exe /web


									C:\WINDOWS\system32\change.exe user /install


									C:\WINDOWS\system32\change.exe user /execute


									(NULL) C:\Users\Xxlhbvgn\AppData\Local\Temp\RarSFX0\Shortcut Virus Remover v3.1.exe


									"C:\Users\Btifepwf\AppData\Local\Temp\is-KO4D9.tmp\67d744fecd62805b6ac26fc09ab2af58e371ceb2_0001440620.tmp" /SL5="$70300,1196998,54272,c:\users\user\downloads\67d744fecd62805b6ac26fc09ab2af58e371ceb2_0001440620"


									"C:\Users\Snuhiicg\AppData\Local\Temp\is-VOG25.tmp\adf90b42363cb0bd7ed1ac051e38720f7638e2e1_0007442451.tmp" /SL5="$40346,6854242,168448,c:\users\user\downloads\adf90b42363cb0bd7ed1ac051e38720f7638e2e1_0007442451"


									C:\Users\Wprnxaiz\AppData\Local\Temp\5F02633D.exe


									C:\Users\Wprnxaiz\AppData\Local\Temp\218F6B37.exe


									C:\Users\Tohtliyx\AppData\Local\Temp\3C5A4DBC.exe


									C:\Users\Tohtliyx\AppData\Local\Temp\782321AD.exe


									C:\Users\Tohtliyx\AppData\Local\Temp\391229A7.exe


									"C:\Users\Cdechfml\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									C:\Users\Kildnetz\AppData\Local\Temp\irsetup.exe C:\Users\Kildnetz\AppData\Local\Temp\irsetup.dat


									(NULL) C:\Users\Muqpfwvz\AppData\Local\Temp\RarSFX0\TunerPro_Free_rus.exe


									"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /target:exe /out:"C:\Users\Opcfefvf\AppData\Local\Temp\befecbf182f8c847be4329d602e52db287ab5eac_0004563456.exe" "C:\Users\Opcfefvf\AppData\Local\Temp\guardian_src_7b8222cb783d456394dc5907dfa09c91.cs"


									C:\Users\Ywfndsiz\AppData\Local\Temp\684C5063.exe


									C:\Users\Ywfndsiz\AppData\Local\Temp\60171C5A.exe


									C:\Users\Ywfndsiz\AppData\Local\Temp\29322454.exe


									(NULL) C:\Users\Kkcnfxqm\appdata\local\temp\acdsee.exe /kill


									"C:\Users\Hupywsva\AppData\Local\Temp\is-3PQHO.tmp\857e58ab9d669b1cc8f58d16e1a6e5792aa2ab90_0001229445.tmp" /SL5="$50358,766112,138752,c:\users\user\downloads\857e58ab9d669b1cc8f58d16e1a6e5792aa2ab90_0001229445"


									c:\users\user\downloads\f6700f9036e0892fd4424b63dafb6cd723fadbba_0000271360  -deleter


									javaw.exe -version


									open http://jdl.sun.com/webapps/getjava/BrowserRedirect?locale=pt_BR&host=www.java.com:80


									"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://jdl.sun.com/webapps/getjava/BrowserRedirect?locale=pt_BR&host=www.java.com:80


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2144db1f4a75f57909dde9f21f7ff1681580ea1e_0000026112.,LiQMAxHB


									"C:\Users\Ytfqwsga\AppData\Local\Temp\Nero.tmp\Setup.exe"


									(NULL) MSIEXEC /I "pX" TRANSFORMS="c:\users\user\downloads\"


									open http://www.java.com/pt_BR/download/


									"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://www.java.com/pt_BR/download/


									C:\Users\Plarztdf\AppData\Local\Temp\73846291.exe


									C:\Users\Plarztdf\AppData\Local\Temp\30F76A8B.exe


									C:\Users\Mcrpgoft\AppData\Local\Temp\3C655F16.exe


									C:\Users\Mcrpgoft\AppData\Local\Temp\7DF46710.exe


									c:\b91034c92f7d98d00add\UPDATE\update.exe


									C:\Users\Xezszadh\AppData\Local\Temp\IXP000.TMP\setup.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4889435b8903779ae164011bb2afe80655f739ae_0001687551.,LiQMAxHB


									"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /target:exe /out:"C:\Users\Ctbznnzf\AppData\Local\Temp\c656df6c41ac050e2f66a1a3431d552b2ba638a6_0004058624.exe" "C:\Users\Ctbznnzf\AppData\Local\Temp\guardian_src_a063a78bdaec4a97a8fa40fc08ce78a1.cs"


									"C:\Users\Aowpvmcv\AppData\Local\Temp\is-A6L30.tmp\is-ORGEE.tmp" /SL4 $50310 c:\users\user\downloads\0c460a0ea09a57bc67c0e41572b2f74915e509b9_0000743469 511279 50688


									C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 772


									"C:\Users\Kiytqjyp\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"  _?=c:\users\user\downloads\


									"C:\Users\Titxiczr\AppData\Local\Temp\is-80UI5.tmp\is-40BCU.tmp" /SL4 $D0300 c:\users\user\downloads\df05743524dae72a2644fedb46e942aa9dd89471_0004471899 4164125 50688


									cmd.exe /C "C:\Users\Sveeqlpj\AppData\Local\Temp\delme1.bat"


									WriteConsole: Could Not Find c


									WriteConsole: Access is denied


									WriteConsole: The batch file c


									C:\Users\Mjqoyzwh\AppData\Local\Temp\appun-1.exe


									c:\4bc93f095b6cac74a5322b83\Setup.exe


									c:\4bc93f095b6cac74a5322b83\DW\DW20.exe  "c:\4bc93f095b6cac74a5322b83\DW\DW20.exe" -x -s 944


									C:\Users\Tarkpjpi\AppData\Local\Temp\IXP000.TMP\msiinst.exe /i instmsi.msi MSIEXECREG=1 /m /qb+!


									(NULL) .\\setup.exe


									C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 860


									"C:\Users\Jhxqlfle\AppData\Local\Temp\is-E53H8.tmp\13547cb22587d0071efa47b1f1fa0d3bec0cf8da_0004824944.tmp" /SL5="$502E8,4255686,161280,c:\users\user\downloads\13547cb22587d0071efa47b1f1fa0d3bec0cf8da_0004824944"


									"C:\Users\Sijchcbn\AppData\Local\Temp\is-1DV0M.tmp\2270b71bb1dc4c59dc22c252d132c8fac204797e_0002989680.tmp" /SL5="$30350,2599669,119296,c:\users\user\downloads\2270b71bb1dc4c59dc22c252d132c8fac204797e_0002989680"

16 additional execution are not displayed above.

HEUR.Malware.Patched.Generic

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed