Troj/Agent-XNN

By LoneStar in Trojans

Threat Scorecard

Popularity Rank:	163
Threat Level:	100 % (High)
Infected Computers:	412,257

First Seen:	August 29, 2012
Last Seen:	February 5, 2026
OS(es) Affected:	Windows

Troj/Agent-XNN is a dangerous backdoor Trojan. Using Troj/Agent-XNN, criminals can gain access to your computer and carry out a variety of malicious tasks. For example, a Troj/Agent-XNN infection can be used to install other malware on the victim's computer or to steal private information stored on that computer. Troj/Agent-XNN commonly spreads via email scams, usually in the form of a malicious email attachment contained in a ZIP archive. Troj/Agent-XNN in particular has been linked to an email spam scam that is distributed in the form of a fake Facebook notification. To prevent Troj/Agent-XNN infections, ESG malware analysts advise protecting your computer with advanced security software and making sure that your anti-spam filter prevents email messages containing Troj/Agent-XNN from ever reaching your email inbox in the first place.

Table of Contents

How the Troj/Agent-XNN Email Scam Works

A Troj/Agent-XNN infection will usually begin with an email message claiming that a Facebook friend added a photo of you to their profile. This notification is similar to Facebook's real email notifications, so it can be easy to be tricked by it if you are an inexperienced computer user. However, unlike Facebook's real email notifications, this malicious email will try to convince you to download an attached ZIP file. This ZIP file is actually the Troj/Agent-XNN Trojan, despite the fact that it will be named differently. Troj/Agent-XNN will usually be disguised as a ZIP attachment with the name 'New_Photo_With_You_on_Facebook_PHOTOID[random number].zip' and will be included in an email message claiming that a Facebook friend added a photo of you to an album. Facebook does not allow computer users to view photos as attachments, so this is definitely a scam, despite the fact that the email message spoofs a Facebook-related email address and it uses language, logos and design that are very similar to official Facebook notifications.

The Troj/Agent-XNN Scam is Only One of Many Fake Facebook Email Scams

ESG malware analysts have reported previously on numerous other email scams that disguise themselves as Facebook notifications. Due to the fact that this social network has a high number of members that are relative newcomers to the Internet and that computer users are likely to want to see their pictures, these have proven to be quite effective at distributing malware. It is also important to avoid these kinds of email messages if they contain embedded links, since previous versions of this scam use links to take computer users to attack websites rather than including malicious file attachments.

SpyHunter Detects & Remove Troj/Agent-XNN

File System Details

Troj/Agent-XNN may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	msiitu.cmd	5f950b263c20bf28c37423256fb2281b	2
Name: msiitu.cmd MD5: 5f950b263c20bf28c37423256fb2281b Size: 62.46 KB (62464 bytes) Detections: 2 Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: February 17, 2020
2.	file.exe	a733e0c3c3621231b542864b450b50b4	0
Name: file.exe MD5: a733e0c3c3621231b542864b450b50b4 Size: 33.91 KB (33912 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: September 3, 2012

Analysis Report

General information

Family Name:	HEUR.Malware.VMProt.Generic
Signature status:	No Signature

Known Samples

MD5: 7894e3881767601d5c5b641b8fe44555

SHA1: cec600a161a6f47206de27d4481334457ec40368

File Size: 5.52 MB, 5524992 bytes

MD5: e0bfc2fe18aaeae3497d5d3abffd93f9

SHA1: c1dba193a566d37d2aac6eb5de0ea27d4eb36bc9

File Size: 4.61 MB, 4605952 bytes

MD5: c693c94b0176197fd33d94e8325d41ba

SHA1: dfbf5db0b343c0bd19e4b18ec602e985afb1f0f2

File Size: 8.82 MB, 8815639 bytes

MD5: dc861b18e667f0ba87925c70a5c32964

SHA1: 2a422af391b697abc53a567b49fac0b128f1929d

File Size: 6.28 MB, 6276608 bytes

MD5: b88fe93b22deec933085b40606ec5be3

SHA1: 798ac168d8e74d004cfb1e088f5e6b346e259f8c

File Size: 4.73 MB, 4734935 bytes

MD5: 85cd7c7d39e78225d65fa48ef6fefe49

SHA1: 01ad8cd5c192bedc369c8f87889f9a003e030203

File Size: 5.99 MB, 5988352 bytes

MD5: b58552cdb23571c32f734f89b37d5bcf

SHA1: 07496a1476d0aa6d1ff382ec748844ed72323074

File Size: 5.96 MB, 5964800 bytes

MD5: 1b799cafc8f11a6d0f64e867bdb7765d

SHA1: 0f257511114c012a075656a5e7755e7be5cfb0ca

File Size: 7.33 MB, 7327232 bytes

MD5: 6da725f6bfc47855b88328afff8c539f

SHA1: fee2928aecc0654f1e73a66a038fc27c773ca39d

File Size: 6.23 MB, 6234112 bytes

MD5: 114c78bca85bad90aa0dc843693d76fe

SHA1: 974b60f5758cc670cc6666606e89fd3bbc333d19

File Size: 2.11 MB, 2107507 bytes

MD5: fef2d9552dec734f010b737bfe298326

SHA1: 0231f905f4f34868909a2c84e3c9c8e3c53d00c5

File Size: 5.50 MB, 5496832 bytes

MD5: e260fead472fe282918f6462f2c19c17

SHA1: fe6624f0374f93c325099453fa1b16aa50b397c1

File Size: 1.40 MB, 1395990 bytes

MD5: 6dd76444111bfb5762d97d8fbffc6da8

SHA1: 766f583af0d4d0f589fb26bf40566e026e4fe666

File Size: 599.04 KB, 599040 bytes

MD5: cfc86bb6687145ea286cb6c7bc8f21c3

SHA1: c6b4fb335b2678c815ce0291902b4c38a9c4f8d3

File Size: 5.61 MB, 5611168 bytes

MD5: b3995f12e6937f3388c9d27200fd8976

SHA1: 08e9019324fd4f47d5f84ea4ae63ad851013ee74

SHA256: DA8F235FB95ED15EE297D83C54AF13389849EC6D16CCE8A73B3D86E77861AED5

File Size: 5.44 MB, 5441024 bytes

MD5: 82c83f4a8c8e64fafa02de8a19bde7b1

SHA1: 34d504c04aa2ad2c88d9e344811f5a3e4353178a

SHA256: F2561E80AFD8780B2203A8C7E20D3E2E650A3C764EC24CC38516D5CB291BF7A5

File Size: 966.66 KB, 966656 bytes

MD5: 1f9c35027e232bca6288e4fcdad175c5

SHA1: bf3f346ff9def14f5758d3af00ba5e417661b60c

SHA256: 729D9155C9F1165CABE1077979A33D6FE9B24CE1E659016BE4F5D730EE7F960C

File Size: 6.94 MB, 6938112 bytes

MD5: 159dbd19453dc340c7b1e6c0142f49f9

SHA1: d44886ad83c9b305a3d572038fa8b6b07f5ad7cc

SHA256: 0B0E48DF506BFD6D747E144480BD4AC233879428062D387931CF12B1C6684EE7

File Size: 7.63 MB, 7629824 bytes

MD5: 162c5a7ce847c90fbbfeed4ca268f474

SHA1: e9fa9b683ccf78b622e29b8f660d59d9d52c4696

SHA256: CD3B53888D6231E668454B425F9CA61D6504C381B1F4A60B351245835D95FDC1

File Size: 1.45 MB, 1449472 bytes

MD5: 01a302d5a10fcdd90668a818ce9faf65

SHA1: 4af7a5d623f83b9f1dcbaa393d76869f62a979bc

SHA256: 834C07BD6F437F0FCDBAFF5A596D793443DAFC2A7812165DA45439DB051EBE69

File Size: 9.44 MB, 9443925 bytes

MD5: cee5a3c53d9ab6796aff98e4a764328c

SHA1: 2117c136d582c6ee20a29b2cf6f4b18865c65fa9

SHA256: 6D28F0C21A2858DB7D864AE5CEF27AE14F5A20D7FC13EE91580D1493C5BEE54F

File Size: 1.46 MB, 1456136 bytes

MD5: cd855a302f32f5cd95312361b2b831ec

SHA1: 43fc5b38be704375067768aa592fec8de56417c2

SHA256: 15AB64B08721D8042173D2ACB36350949D40A903ECF98C794A1551FC07521133

File Size: 6.63 MB, 6630400 bytes

MD5: 4d66ee5c922f9ed2704a12b1bc228c29

SHA1: 2509e0d11594dd6cc3c96c7ef6e2a93b0fd876d3

SHA256: D5FD07F869D7A6582B394C3ABF88FDDD9E84A0E98FC07ECFB9D49AF5B3766A24

File Size: 5.66 MB, 5661184 bytes

MD5: bdc8dee9cc04e1117157ef73c83ef733

SHA1: ec76d0f778a1085404916040de4de071d19a4ba9

SHA256: 40FDBE16CD681217ACC71316322AA81A77DCBF6586A0BB8FF1201B725E84CFC3

File Size: 1.82 MB, 1823744 bytes

MD5: 9ab45a9a402502d894000c17f59d774b

SHA1: d178cf829c81912259f97dbcfc6d57443b0da5cc

SHA256: B7A6A9E914E1816D34B170010803C2DA98DB48CC66DBB095F23DFE9FA1E76099

File Size: 6.28 MB, 6278656 bytes

MD5: 7b0e1d04558fcc34c99bbc96e866e729

SHA1: f3995faac08081807652e2af63e2085feb17b99e

SHA256: E2844D1A04C89434A4720281B6A53BB3DD79B827FCED644477343BEF5422435A

File Size: 6.14 MB, 6137856 bytes

MD5: f294f21322f503820cb84c3ab1cb06fb

SHA1: e67a39d9240e60f95060d45f88d5888f1f51dc4b

SHA256: AE96F3DFC4CEC60A78615115178C710D2C9FF63F999C542178AF769C7761B13F

File Size: 6.01 MB, 6012928 bytes

MD5: 0b6fe79a4c6343cc71212906a21c773c

SHA1: 3a6d6a9666967348d54f161b502276d8f7ee3071

SHA256: 7E23E071DBBCFB8B2E1E964EC37C244DD2A4416B6BB1CD4F4176BDAF80837F0C

File Size: 196.61 KB, 196608 bytes

MD5: 1adad400434b02e34b9a57e45e33ca61

SHA1: 0b856bf34bd7772d5bb7315ab11b1a948579a7b5

SHA256: 98E3A33A4C59D9BC54F429E8676C388F60ECA21FB2D904F2EB588565E53B50F8

File Size: 361.98 KB, 361984 bytes

MD5: 3be78f9fc25ea69eaa895da3ca34a3f5

SHA1: 00c2fd4f55e90ff9800d69b40584523af15390aa

SHA256: F1615412A1FCC51F2267883806C42883108DDBAE8D3702FB8CFB4F6857F1B731

File Size: 7.03 MB, 7032320 bytes

MD5: 4114b82d0c742f672fca3af8a4eea48f

SHA1: 803636eb1b2e1193ef8f767aa653097a414e6a46

SHA256: 0D5C4D312DA7B1531479F20027A461558835478A6E13AD6813D7FC7920F60392

File Size: 509.44 KB, 509440 bytes

MD5: 8c68676cf10abf8e5a4fb8ba64f691e0

SHA1: 9131066dafed8775bf7c01db80c0f3e3b4b5249a

SHA256: C85E14C13067AE885A344B6B8E916B8EDCE71DABF9A89CCBC82F9A2F1CE29E20

File Size: 2.74 MB, 2739712 bytes

MD5: 4b5622ce47cd39dd827613f154055af7

SHA1: 7f835ab0a1db2b7589af36f81e875d861dba5962

SHA256: FFFE3F4EA460BDA00C3C9486DDD8B030B38A6DEC8B67E975F2CECA67EF977CE9

File Size: 5.02 MB, 5019648 bytes

MD5: af13be8cd0e13385068cbeadeff91e7e

SHA1: 631448f5ba4e5b9401e3bb4e0a913b249f6fa72a

SHA256: BFFD23BCE89C933C5E1818A35F4E55B0CA676D50905E9D62C8E237D61CBEE85F

File Size: 8.21 MB, 8211968 bytes

MD5: 48ddeb073a1ed62d12e3bff5f8f3aebc

SHA1: 51cebe745a7c580ad55ab463ed797f6512979866

SHA256: CAC8AB00BB545FA30026FE16776B8F7498840A3DA49F3BCB378C535E7EF57AC1

File Size: 3.64 MB, 3635712 bytes

MD5: 7b9e1a0d5e35762f6d6b96aa716f753f

SHA1: c27a5ae4dea6c557dfb22e28c49d6eab8cb60f33

SHA256: 22B559C01710E504B6EA3EFD6896C4840BE37EACBBE74C4CF09A641C88654EA0

File Size: 6.73 MB, 6731264 bytes

MD5: 4adfef212febf8740878c4fbf39185dd

SHA1: 3970d1e98ae23f3aaed315e045b96d55e360de8d

SHA256: 4F4D4BBB5A68C5181B046761B5C8EB26B795A850870C0CD3729290C2E95FF700

File Size: 1.11 MB, 1112131 bytes

MD5: 3f382e9c280c0243e7f205509fa564f4

SHA1: 786045d2760502dc2f02cc40026ddecf2600e3a8

SHA256: AFED5B3D1D3198E1E15033299658930719C80B55A246E52447D9A5B93D804029

File Size: 2.02 MB, 2019840 bytes

MD5: 6c373875a11351bf7ebd891953eba3cc

SHA1: d07c4e6217e0d86ea2ba3657f5a9dd083b0bdf91

SHA256: 158D500512E724FB7A67ED4CB38E1755A7FA34C7583981B0F415762B677FC59A

File Size: 6.31 MB, 6310912 bytes

MD5: f797c021e35c7a267d6ac25e0e81413c

SHA1: 80369feed092b3b719e3b48a0c06a09c36fa62f5

SHA256: 958BF6E6A7F83EA6309B6543C3F23912E62EC5B3355F9DDA71C533931FD1F9A0

File Size: 8.80 MB, 8795648 bytes

MD5: e6e679a06ae5c821421219de0f47b662

SHA1: dd01e1a6a70da7fbc88bbb1784041234634f36bf

SHA256: 32681C528597B6C2165840CA41C54E34506FCB11AFFB30376FE3B4D196E47003

File Size: 3.47 MB, 3467776 bytes

MD5: 17f64b13295b5dca4c9059642ccef675

SHA1: ca7931e5154cc9894df70d1190cf2bd2c74d4e56

SHA256: 713923C4BC4A5CE0D245E2D079D21CC3D31C37A1352C1E366B8415F63C604620

File Size: 5.51 MB, 5513216 bytes

MD5: 2c55627127add010f1b4408016cace40

SHA1: e6a023e9646dd051455a4b17bcddeae476fdf6aa

SHA256: E1DA9079046DDF2976491B1D5E30911CF7ED5184F4558BA3458D7BE1ADAD6B4D

File Size: 6.60 MB, 6601728 bytes

MD5: 510631df7ad0c5862a546431542e94b2

SHA1: eb5521eb874fe97c59a12a94f7bcbda4246b908f

SHA256: B89A901676A40FF93AC2304ECCE138EC30D2C5C505D35BA771D4EAABEBFED74D

File Size: 8.91 MB, 8908800 bytes

MD5: 28d87878f67efeddcb11d2521fa1a55d

SHA1: 981a36c780c4f0ac1bf7651ef78c6bf2194b6bfb

SHA256: B38093C3A702EE35378615933BE9DCCE3DC78921E40AB9BE0AD47EA270FAEF66

File Size: 404.99 KB, 404992 bytes

MD5: 20ffdf5fb96ceefaa368d21af4a71d4d

SHA1: 5887644ac48fcb8ea75e0582f14864fe41679427

SHA256: 69DFF802F853A79DACFC459BB4D6B99C4090F8079E51DE5C29591C260AD49CC8

File Size: 7.47 MB, 7467520 bytes

MD5: 67db3715c9e302ebcd9902f392b77755

SHA1: f80da4b4f0a8dcbf87f899cb987672bbc3ffd9c6

SHA256: 8C88E9AB398740AEC7D794E871692DE3AB2ABDE56AC9333E4558DD9F60867055

File Size: 3.86 MB, 3863552 bytes

MD5: a8864d68fb587f9bacdc4581e06ef2d7

SHA1: b267dcc969dcd5bd6820fe29fbf3941c8c048d24

SHA256: B0393A1AC374AD6AB504E88129DD7E6F731F6E806431889EA11AA86009D3657D

File Size: 7.09 MB, 7091200 bytes

MD5: 45c8c634f92cf489343e173d2b75d12e

SHA1: 5432904347d39184eff367171e4e4b3c3cced5e9

SHA256: 05F325BCE9FBA1614FBE3F9ECBA1B6E0D4920F9B3FC7FA830D9F8BDB3C476B63

File Size: 77.82 KB, 77824 bytes

MD5: 960a5d9febd7bd99568a4711c588c3ee

SHA1: f700223dfe5b59d2443e17836cd5745b40ddac55

SHA256: A77047C9D2E5D5D676CCD10E7F5C0D8E31EADCBFFDFD66097BC65D6FF165CFC4

File Size: 392.70 KB, 392704 bytes

MD5: 59d5d44160ea599321fd96effc952361

SHA1: 85cc83ca6de76b27860b6710a8fc24fd62648cc8

SHA256: C5031808EB7FE8AE105A088D5A84CD43C5FD34636ED0D8E5DF5C4B6237DD822F

File Size: 5.55 MB, 5552640 bytes

MD5: bb85b0563da5791c595ae5319d9c1a97

SHA1: dffe33593361e5266597dcd0b1627fcb606d30a1

SHA256: 4407F45F3D648D68F69BF176D1A2162FED8DDDBB3C4B3DFDE65902177901E873

File Size: 7.49 MB, 7490493 bytes

MD5: eb2c73967ad904afda523d68742617d1

SHA1: 3ac3080ff96444b411557273eea80dd1e60d1555

SHA256: 2D3FF00ACA69738FED3BCC3950E83F6B44B1103FD72F199CDA138020DC985347

File Size: 552.45 KB, 552448 bytes

MD5: 35dba5594ee78d26419b39485972030c

SHA1: 7d968e5ed5c9725818f9b4dc27422ba195ee6ec1

SHA256: 2361778B78D5B6477CFA50FCAD2463BB5DF2EC48E0E98C7A6F9224F3009A112E

File Size: 6.72 MB, 6716935 bytes

MD5: dc1ee2e964ed1e79667cc8f6ce5e29c5

SHA1: 8bd1a6e3559986303840409457614f9ab5a9a698

SHA256: 69B4E6E9A764FF539B663C5484508AF41EFA2FA031958ADF6906537C46718AEC

File Size: 1.46 MB, 1457664 bytes

MD5: 64691820aa3171ff01cb9ce12d8a6ad1

SHA1: fe461eece545cb22ba4f46e053b4cf8e0ea7a1be

SHA256: 206CF0CD7A66D3CEE53323EAD7F28600ACBCE0333FC4EBF27AA72537DB2193E2

File Size: 20.48 KB, 20480 bytes

MD5: 669883c6811581114f2e4602ff178cf5

SHA1: be285545ea697a26578886b5fb0e87d6f6e5eb39

SHA256: 0DE588C73E443A5E8D7BDAAAC44BE6DF7D8DE8DC52614647364B177A67707CE3

File Size: 9.35 MB, 9348096 bytes

MD5: 669dcfd846746ebfe0e9629962518d02

SHA1: b60fbfa4ea864baf7adaae8db4b11f10d15831c2

SHA256: 1AE3C27D471AB18278BB9F827732A382F8A23FEBD57B309B6696B9DD613C2DB5

File Size: 8.40 MB, 8398848 bytes

MD5: c604bd9c0651756b437e8f2f961fe171

SHA1: e82a8d67f1fd494a6aaa120ce511d5bcf9a655ee

SHA256: 9A7C898F6B6E8EE8E5E5777FAE549348541A241639FBC97BA93332FD0F9F0498

File Size: 4.04 MB, 4039680 bytes

MD5: ac2bc15917faa4b3301e86a12266e5ed

SHA1: 091f71055c0c02e9bf76272e30da8025cbd0f7af

SHA256: 07842CB89F488B45CEB594A7027C35F30B87437FBF08BF1750535B6B4D492E41

File Size: 2.00 MB, 1999872 bytes

MD5: 44cc052e859bb3a1c4545cd6dff03b41

SHA1: 5d478f78934a0e5c9c6492868a5ba4a5bf6e2be5

SHA256: BB5AACEDE7E27F50EAE4653915757EAEA8769F4B4C831E90F2F928E3D3353924

File Size: 351.69 KB, 351690 bytes

MD5: 9a9dfd68a23b249105a9f3e9d2fd061a

SHA1: 0c939b6b0ee5af102192a5bab145e0d53b9c7bef

SHA256: 40F5DCFD2E6DA6F6E08617C217349D30EAB27F3AB8D34C56B0DA0884CDE8DF8C

File Size: 6.94 MB, 6938112 bytes

MD5: 07c4b396097c09b8c8bc8d1d8556c348

SHA1: fe691446d90b650ee08b2987c874975dab8d6171

SHA256: 68FE8ED89586BFE54D0ABA4D74D68E2529A6FE8E82067A1337DCAEB4B4AAA59B

File Size: 1.31 MB, 1314241 bytes

MD5: 62d85b6d8ee4103cdd969eabc4dfc6b1

SHA1: eed386e01d2454776f672d09ab6f58c5e4ec1c73

SHA256: D4B7EC80B2E1D7AB40459DB3CD6966FCF08A6E8BFA05F7BFB556902E2B8D70E7

File Size: 6.24 MB, 6242304 bytes

MD5: a70f99664824bbf57f275c2a5efcfcef

SHA1: dcedeb0f0c95bfcdb48dec2fd568026cfc828f07

SHA256: 5B66FBEC863FFE1BF3DFE19F7F2838064929D2C1FD933857155A15B8E68754DC

File Size: 1.70 MB, 1703936 bytes

MD5: b49bac1702479eba0fd68a646985893b

SHA1: 196be60406cafd588d36f2b25ffda3dd1ec78ef7

SHA256: 6D0559884B255DD6D55EED47C037EAAC9EF1D7D51816F9226330FCF1258D7BED

File Size: 278.02 KB, 278016 bytes

MD5: fca623d72f16db74f589f178c765b194

SHA1: 11d3c312b6cbf156efc91919e850e0966443f487

SHA256: 5FF1A0A7BECF99E6638AC97E27B5D707525732556F43FE7E293C798AE74F7F7A

File Size: 2.77 MB, 2771968 bytes

MD5: d0e1bc8c24452b519e645fc496f1e685

SHA1: aa16de3a9410b1d4ed83c5675dc6d1565aa61810

SHA256: 34685D644B5398737E3137AC67B8699E87AF6EDA639D6FA76EFEF4D5EAC69ACF

File Size: 6.32 MB, 6317568 bytes

MD5: 3b04ca34ec8c5a44d5288eeaffbe6a46

SHA1: ef5668fe3044eded3ef334c877d42fef3b5ef876

SHA256: 421DB61DF98AB5BAA2A7A0F71D23A3ADC512CA20113CFA541DA1BB71E8FA5EF1

File Size: 5.50 MB, 5499392 bytes

MD5: 19189756bc04a7c252678ef892206762

SHA1: 15bedd376d9816d9180294b8534cfcdceefeac8c

SHA256: 43FC052206188558A704FA636A483AD35F524249BBD5DF69D259E9BAC760DD6E

File Size: 7.02 MB, 7023616 bytes

MD5: 0b0ebda8596139e4ae2cfb54e4241292

SHA1: 9c594e0cc9e7260f96603a140aecdcef8d26819e

SHA256: 7E2D4DCAB0CDF4C625C18819931E8D391FC8BEF615CAB247D1B16A6159E47FB6

File Size: 7.12 MB, 7115776 bytes

MD5: 1154faa9df3b961c20511b8d3bc08a81

SHA1: 31a25e355e514a9ab6f8288fca1465bc4949351e

SHA256: A3C33ED95A6B139C8B54991F80814D0A2DAC5EA9F9E2D3CCA3D4290133A675DF

File Size: 90.11 KB, 90112 bytes

MD5: 87a58787d954b8a991b78825abd1c50d

SHA1: 9d4f669fb10c4885e3cc2bb5aea10fb7c1713a90

SHA256: E3DAF288C4DE2802C641B721532AAE48222FD083E804D0CED000E427724E8747

File Size: 9.30 MB, 9298944 bytes

MD5: 23dbf502e90f6626bb754a450a18f5f6

SHA1: ac51b54fb3c4e111c8be56e983e95b359b000f90

SHA256: 208AFEED57B4F25783AF68E188825A307E82C6ED8FA8FB298D485B51CBFF1333

File Size: 368.64 KB, 368640 bytes

MD5: 634d1584fbdbdc30344d2adc35c6844e

SHA1: 86b8d7bc99687559b364a808ac51e86cb0985427

SHA256: 0AD0DC5954B2D5FB9C4F0F114FD8B7FC199AE8370C805713479D21C76F0A3086

File Size: 420.35 KB, 420352 bytes

MD5: 4a1db0efb27b943a3a37ad8256ebb839

SHA1: af05d1ff7a3100d50bdebfdf0e588335168126ee

SHA256: 9B41499E35D404A262BB068CF5FB3DB8087BC0FCB2FCC43E346E81582EAEA565

File Size: 8.97 MB, 8969057 bytes

MD5: 524e79bc29c06682771e2be902d7abbf

SHA1: 8902891c0ba406bec8fe3fbe342610554c1672cd

SHA256: 9E1C8B86B2F746F8DDD5A3A05D98103497A373CC086401BAEE8A1F7619497182

File Size: 378.37 KB, 378368 bytes

MD5: d877929daeb6cadf34e6f51cc8fc581d

SHA1: a08e6ea8c10a63ef523633d1e8cc5326ad8fe3af

SHA256: A6C19AE5EAA42534C899D2AB5A9E1F7D0D25189D7A8F026C1FC707EAC17DFCC4

File Size: 7.57 MB, 7567872 bytes

MD5: eb8820cad2ad84c009943f48687c1d7a

SHA1: 2908c83982ad04d067b9467f31b447d5de330033

SHA256: 1C55F04ADF83ED15E781B518A3892A37424EF68C22BB760946FD8A3CAF2C5451

File Size: 7.64 MB, 7643136 bytes

MD5: e94af76495d370777493b8f1bf560b79

SHA1: a332195ac3c1dabe2967135c8b2c5131a8e934d8

SHA256: 20F4885B393FA960877DCCB4EF9616486FE02CD2B5BA531CAB2B25960DBD4433

File Size: 5.65 MB, 5650944 bytes

MD5: 163f73e4d995484fe6283f7610e98a36

SHA1: daf095c6a512659d8383f3f39759029ce3b1dc3c

SHA256: 61109F34B9C3484D3F5439198D23594B64DD88F1CF77674C2986018C55256B2C

File Size: 6.94 MB, 6938112 bytes

MD5: 22336ea9178b1bbf0298024137579e17

SHA1: 06756f15649c2e49a8b979beaf196460f60d67eb

SHA256: 41F95491B43E05EB196BBD8AC235FFFCFC39044D2936D1E5496FF224B3E6D894

File Size: 6.14 MB, 6144000 bytes

MD5: 4c2f8c03bbb68bb1ec5ce990402fb2d1

SHA1: 3162ce2e30d088e208f0241554f612a693ae5b8a

SHA256: D5E6321FF3E5BC89958B57394A5366A5F7E631CA0246545F65C4596CA954B3D4

File Size: 1.82 MB, 1815552 bytes

MD5: 7ca75f064e9b8b03ed42a996d58f7350

SHA1: 6de38e39ef0ccfdb61015a01be8aa410d79df6e8

SHA256: 0BF596C34AE9A06B9E240C837115265457755F58A005D4F23413332EF201927B

File Size: 392.70 KB, 392704 bytes

MD5: ae14ad70583848c690e0231a2bfbb9e8

SHA1: 516f9dae5e93f5ded6cc25ada39a3bd01d01b4bd

SHA256: 0AD719E7F1D1B498AEFDEE472B2F45ED0D122D39BB91C38414EA26D581B3FB3A

File Size: 263.68 KB, 263680 bytes

MD5: 2d78cd43e6bf9c2261580d69ef037a14

SHA1: a7a3c29b8daf7bbea1962f2658e52b7a9db491e0

SHA256: 02ADBC849ED5AFC2159480880B1BDCB70C4955E19D3FD0D27A543F0D4C65FF38

File Size: 6.43 MB, 6434816 bytes

MD5: 7c814c3a309295242743f2643f2750bd

SHA1: bd87c13ff9fe2001d39380387aace458124ccdbb

SHA256: F23FD6DD17EEB4926E9973593EBE088C03D0B2377A476FA6EF80A73AC9FC667D

File Size: 6.75 MB, 6751744 bytes

MD5: 4b8ffad35bc277e284da6e1d4269b295

SHA1: 235a62ff2718b63706245549c62980a35cb3876e

SHA256: 148E383006C6DF602D821B0A7FBE25EFB602BD04529E511B8D4C2C28AFAE77DE

File Size: 275.97 KB, 275968 bytes

MD5: 629c50fb048ffdc5ff1b0b89d54509bb

SHA1: 83007e7db58b8797ee62b1e9148efb196664f7ad

SHA256: 2F7CDAAC2075833267507D6E746981643292860BDEDC249542AC037A8B32D5F8

File Size: 6.33 MB, 6334976 bytes

MD5: 8ca4a578459d08a2dcfe0e80da8db34c

SHA1: d4052fddf09a03bf8aa558cb9a6ecd1cf212910b

SHA256: A81B8165665F21381A83A8EDC513FCA1D3D5967B0BA1005713277A14CF2DC41F

File Size: 1.27 MB, 1265664 bytes

MD5: 4f6098e4e6658009be0b4c66dff4c2a3

SHA1: c07794642b5fe3bcf029eecdd33dd98d6961b531

SHA256: 1B5B6BD262779C3BB9A9A44BA3048A73BD0D2048A3CC1E724CCE8D9F41E3C3E3

File Size: 6.33 MB, 6334976 bytes

MD5: ef3a906c2b21409b4a593fafa0fc7945

SHA1: 0402eef18e954de1e76c8d1efb6148a773457195

SHA256: 15B5FB440629E9A0FF141E275B5A268EB800B383C9F1EAEFF929FD3757FFC600

File Size: 686.90 KB, 686904 bytes

MD5: 9116699c474fa3ff0ebd3122aa4523f4

SHA1: b91cb7382fbb64cf0d38a8a21c8520c9ec4a40eb

SHA256: 28B1AE0122C3F9230888DE2F79FFC68E44E1A3DD15121C61722D93F706AB35F5

File Size: 389.61 KB, 389612 bytes

MD5: 6d22f431a773e85af9255ec1f2769332

SHA1: f360c0d3ac664de4597ef155a014b25735c9418a

SHA256: 6BB3E1A79FEBF3BD724847463742936A8C393031A7F4775CCA580EBF89547B6D

File Size: 9.57 MB, 9569280 bytes

MD5: 3cf4435ac1ec55adc2f54d9fffde3227

SHA1: ca6748b244029fb04924bfbf414e491c5af1de2f

SHA256: C0DCCDD5EA7C4CB8FB1415D0C6622E705D3A0D49B3352EB25DACB65CB4D0E856

File Size: 5.63 MB, 5628416 bytes

MD5: c850d89679f6d9fd8a3cca506cec02b4

SHA1: eaa4796210a87fd15ec17b81b950eac01b38f738

SHA256: 9127F9A2F9B304C6DF620B5AF0D32299C7CBDF2F4D5ABECD55440684D440855D

File Size: 5.62 MB, 5619712 bytes

MD5: ec0fb11ee64c70616570e5d37f456f11

SHA1: ca2e7bce6e3bb688f5559e7f0c1595ca4c1a7e7d

SHA256: F13AA7C60D9FBED047A7C1488BFC2A40F263C3423DF86958646443FE02ECB580

File Size: 5.29 MB, 5291520 bytes

MD5: 75ad18135345f3be635faf4a3041961f

SHA1: 6eb07b80db95cc6f9a968766a99fd5484c456683

SHA256: 935C6CBB43A9B096268D5FC377C3EEEC93FB9127FB49F920BEF7B9EF99BCBF58

File Size: 1.23 MB, 1232896 bytes

MD5: 56a72afce752ed06f4422eed73890847

SHA1: 38ede7cb342c045a0ffcd60f6756cc9dbe37d1c2

SHA256: C2979E4F8C2B0061C1662D15833F397CEF221E57FCFCD41655B0A4A05D494208

File Size: 6.64 MB, 6640128 bytes

MD5: 932fc69e2971091d33c75c971f50681e

SHA1: 14d004336982bf8868abd887115d95da4b7c5acd

SHA256: DAE7F8D65FCA7C14E4AA7939018ADBA55200AEFE5DD870982EA447AC40174274

File Size: 7.16 MB, 7155712 bytes

MD5: 48d97053d57128594e5aa69c7c0cb126

SHA1: 54099e26850578c7631fa7be592044f10bf25c88

SHA256: 23E93A99E2B9F8866CB924F5BA45DEA32A09645E74B8CA742ED7D80281355830

File Size: 751.76 KB, 751759 bytes

MD5: 8131e6d355b6d6c297a402eacb6defba

SHA1: f5e37f5b14044614d1f6ef79e2a6b4086a679064

SHA256: 607E003351AB32F249CEFE5AA8F7BFB0A74A8B7F7B97F55F5142756DE3165442

File Size: 8.65 MB, 8653824 bytes

MD5: b787eab7ecf592dcee554f9892b1fb64

SHA1: 5001be5cfb585ac13a7f5aba3ec03971ea8e4698

SHA256: 2B6FB5368B77A3D8E566ADE877AB62E69812910CAD9A1315311AD2F443B6FE52

File Size: 2.73 MB, 2726400 bytes

MD5: 138aa12a9ce587e81d6cdfee2a02656b

SHA1: 67b09455923553cef19f96996b6a1ada2c8d08a3

SHA256: 99AF334F73B5BC05CCAA49AA633C78456FAB2F6E3CCD995EE0B264490C77960F

File Size: 6.33 MB, 6326272 bytes

MD5: 3d6d4ed489b9bd4996a0ad2f6867882c

SHA1: 197e6c7f03629726e5f18c8e48329720da1c56d1

SHA256: 9B3A793F49ED5E905FBF94EE0090DA1F2F3162DACBDFF613826835B4F9C1535C

File Size: 7.56 MB, 7558656 bytes

MD5: bd3a45fb07f81d4bb1682bfcffeaab8f

SHA1: 003a9fb9c5579e3e7997ac2d18fa29edceccc901

SHA256: 40AE50E77A42616627E3CE5D504028EA9B74D9FD3314BFD52324C2C08261F1B2

File Size: 1.87 MB, 1874432 bytes

MD5: 495766576d27dc68a75a49582dbd07d7

SHA1: 69c15b3348dada34026b07d31a8947626127951c

SHA256: F5141F0E29CFB8DFB1204833F22D7FBA0152B442E843434F352F43348E5F873D

File Size: 652.29 KB, 652288 bytes

MD5: c292c85f41980a3765f798e8d0a6c4a7

SHA1: b5a17f6dab14a9559eb451cdc8633323f21a90c9

SHA256: E025F9BF7298848FA92DBAC20BE17113F0F9AC7FA258AB47EE4EF7DCE01A87B3

File Size: 1.28 MB, 1282560 bytes

MD5: 193fd0e45c364aaff562278536147001

SHA1: 718a61901c0c1c1a99404dc2114ac57f037ea5ab

SHA256: 18F7D800C7ECAC474B680558F1B04F4F795E199FE0F2C57B2054D16C8D99C3BA

File Size: 3.91 MB, 3910144 bytes

MD5: 0af8d1ad766f7b08c81ecb163ab6e174

SHA1: 02086ce402cca0a51967b0a95111d788c4b9f38b

SHA256: B3737F93D63F8A018F0A7FB98965AB6A441BAAC66968784BF2AA1C94EA405897

File Size: 5.51 MB, 5511290 bytes

MD5: 465eacb4188e140161af289fa73c7abc

SHA1: ffd6ea6249e7524215ea5f70699f998afe6e65df

SHA256: 74E9AF0B21B63977BE120332BD116E5C6B2200A539C041B400495E9809E18735

File Size: 5.67 MB, 5673472 bytes

MD5: 852993c2a3fd95bdbac5d3ef4d6ef510

SHA1: 95e7ae4f59ac5ee2bdbaba9f6d7f610cfec6ad39

SHA256: 0CBDF747529CA8E6ACAF8764C913F196C9CCBB7638B1389A24617949CE9C14F4

File Size: 6.27 MB, 6267904 bytes

MD5: d522c0cca3b106b91399b32017c63e1a

SHA1: aa49bdccfec6017152f5a67d4a06e5cf5a066ed5

SHA256: E6437A448ED218EE103C8B7B564DF9A60A7EA3011FCB75331E2BB918DDA9410A

File Size: 6.33 MB, 6330880 bytes

MD5: f096ede1b1f3f654471b5094a50faad5

SHA1: a9bd47c0f6f687956fdfec4ad475700795792f87

SHA256: 75BE3D3B4AFE1471F3FB7688ED7906423FF5D220173C1DBFE3BE5AFD4578A4FA

File Size: 404.99 KB, 404992 bytes

MD5: 8cd6526949e46a4f4376f310945225e7

SHA1: 478ad8209e6cb5f9eab2abac4d8308dd82157fcf

SHA256: 070658365084079291E0FD8BB0076B6F19046B8A90B2F071D67998409B779C06

File Size: 5.62 MB, 5619384 bytes

MD5: 5262b5dd505477aa5015427099848e84

SHA1: 9fccd3944ae3e084f45aaf1c9e3ae3df8ec131cb

SHA256: 30FE2DBC95713CAE5AC53EF019BB55DBB1F40D80F7615BB559B78580A1272BB8

File Size: 6.31 MB, 6309888 bytes

MD5: 112ece00a648699d170a62ffec7bca42

SHA1: 69a644b8e37b67d173484e662c17be624d15df53

SHA256: 469CA27997694BD48735E79494BEBBE4894ED28E65652C89C927FC7295949FE0

File Size: 4.63 MB, 4630016 bytes

MD5: b5d86db632d2b54865dab3a8b07fe4b8

SHA1: 336a44cd1bd088d34a6e5c57c581811bb2a669bd

SHA256: CF55DE56A1B60DD77C92C71E9753F1593D9B2F1085C86EFBA726C75D1EF57B62

File Size: 2.62 MB, 2615900 bytes

MD5: 5b9d80d3297c531ff14405185ae5c91a

SHA1: 8f1a325a808bad9e27c4a708dad0d57001218a67

SHA256: 1D82EE817F0D4C7E04F9AE1D7F63989EB4A218EC5E11E0803CF39E901C72E48B

File Size: 1.28 MB, 1281536 bytes

MD5: 8077181a3608728119ce333981d2d917

SHA1: 80eeff801080c2908ac15b22757e71d202bd55f5

SHA256: A3D5EB9491D0AC5BA7BB7BB3F44D4D2F459CFBD1BA4007CEBD03D18FAE0CF3EF

File Size: 2.86 MB, 2862592 bytes

MD5: 980237c6a5506ac8325bcd62b0012f8d

SHA1: 55bcfeb8b0c19ade7736988752d79782b476cbd3

SHA256: 2B5877256138044C2E92E46FDAFC3EFA499BA272320750A7655DEC622A2A1A99

File Size: 416.26 KB, 416256 bytes

MD5: ed5f39a276f610ea0c8b6a2e47748ec9

SHA1: 21e428af8bc2e4dbf74360004b1f2945efc6b158

SHA256: 5584DC72EE019173BCB345BF02E8B1B001F5C2F8AFEAF5061BCDBCB13F64EFA4

File Size: 8.99 MB, 8989184 bytes

MD5: a4f92c44fe6757f4335590653737c0be

SHA1: 34d141179bc5bbe6f7a898b91cf08e760981c211

SHA256: E0B30ECAC7080519603494CC12867DC962DFEF75100D4F9CBB630888791DF477

File Size: 6.48 MB, 6475041 bytes

MD5: c417c71b5615a87ff252512ba7ba8363

SHA1: cf37ee40a7a45dbcfa0854cef6668b2c2bab86b8

SHA256: 5357E2FB2E71BEA36D57808A6968C1421F6F26CA7E88F9EF3CB5ED67B5CEEFF1

File Size: 5.64 MB, 5644800 bytes

MD5: b4eb1c2bd14c5707f9ef4c6568f0cec9

SHA1: dc3566997e53d35340ae662961485c220de27a13

SHA256: 524E7F28953DF1E2A39839CC1B846DE55C2D2F248CF6832584A9C60DA35325E6

File Size: 1.42 MB, 1415920 bytes

MD5: d04cb365e378d488956f526b89ca1d6b

SHA1: 444ece099ef59e8dae956f46ed758d8bd825b7c0

SHA256: 749F7D741BA353D2733B790A528CFC08BA39BC960C54F98BAD299563DBF77EC8

File Size: 5.46 MB, 5458432 bytes

MD5: 75dd381e3ae6b0867c11980c7e73dc89

SHA1: 7fdd88c122a09bde49aa07ad576697de70a70109

SHA256: 858FA242F4EBF5B8431914B143FA1935DEEDF7391CCDCFDE91027B998F209B3E

File Size: 1.31 MB, 1314816 bytes

MD5: ce315459d1e3675e4211ce29681250d5

SHA1: 504154d34fa1c7dd147b9c58f16de36eb6cc8df8

SHA256: EE3CB9527E63428F748768483A3EEDFF0D704E78F98638E761CC99734489EE13

File Size: 579.07 KB, 579072 bytes

MD5: 9d0cc7b6d2c540e3a1b1d4df1d1a6894

SHA1: 6493855f3a47fd6a56cc4534e76bb327cf784a4c

SHA256: 8381A5F3350A152BB3E0BC1D8DFA77ABB32E8AE8445F53180E7754422C805026

File Size: 3.43 MB, 3428352 bytes

MD5: 7f23ee381ca8dbc0391d55042b9bd86c

SHA1: 2ea75bb897fc4a0289cfc39274a5031e1abaab62

SHA256: D15FFAB1DB52952AD35220FB955957E9F91B6C5F7BC3AC9ABF3F564EFBA1A0CF

File Size: 2.28 MB, 2275328 bytes

MD5: 7901a37cffecebc8c048fcc433a95b66

SHA1: 56aa1f72b44463bea790055c9bd082bfd93f8f9d

SHA256: 7AF50907DF4047A948BE168DB4451F1A65ADCB607AD9453D518B678423B69FB7

File Size: 2.10 MB, 2101250 bytes

MD5: f8c3a93cd7d7ce039aa83fa3fdff0d2c

SHA1: f69ff8690f78b8c99ffcb7b856a885c36fa6028e

SHA256: 1F893134098C844913C7649AC91D01A40DE9CD3E01ADC716F6CDA73EFB98CC87

File Size: 7.58 MB, 7578112 bytes

MD5: 0fd964394f16f381cb5087caf2037f54

SHA1: 06aa68af2561d7ce09ceea9b20475e31e6698c14

SHA256: 76A89522791A8609CE506BA7C4C8E45BCB78E7E21018979201190F9245E17E49

File Size: 3.10 MB, 3095552 bytes

MD5: 72ec7d04c0df3d713a3ea23ec9cdc8bc

SHA1: 3c2d01a035eea4400a218bd79b0d2cae3eaf9739

SHA256: D40A7FE1AEBD585C8A06203F7941F4869BA11111F91FE7554EDE476EF1AFDDC0

File Size: 675.22 KB, 675222 bytes

MD5: 01a3c0160ed0ca8107323cd90734764d

SHA1: 2756efa88f343c3e6701d7ba18da31e8ff9ee153

SHA256: A8D7E2333D08E7A51CE433D30FD5F67EED0E9DE9E198531B3531FFA97D46AF8D

File Size: 5.83 MB, 5825024 bytes

MD5: 1aa0d40a5ad61ba82befb63e0c869583

SHA1: 537d71a99be28981f81de48a4c7626725602f9f8

SHA256: 367D821D04D35BF9303FF5F34902B22CA7FCA0D9B9B8C05C635A9848B0B5F4AC

File Size: 9.45 MB, 9448448 bytes

MD5: c48795f36f648874adc490d8d76fed52

SHA1: 65b893aa1cc7ac7e586a32829d3175ad7add441a

SHA256: D3EFFEE13E31CA25B938EF903E681C846802ABA4AACF63787D9CBC417A3FA3BC

File Size: 6.25 MB, 6254080 bytes

MD5: 8e436c93b6e07a151fcb67fe4af78607

SHA1: cf5ea0ae4075dab38c6e3dfe8a4ec5236b582b45

SHA256: 77406E6ABE0D6583240119E98000AF8A422B9F11E5706139BF5637EBDB6B129E

File Size: 8.03 MB, 8031232 bytes

MD5: 31bc8ecea0f562cdce7a20f973290845

SHA1: b0d0d50f8cc70e592e6822475b9ca03ca38393cd

SHA256: CC03F3F260DB8BE1D4F2E841F74222902DFD17A33EB9D85E21C431D1BB90B407

File Size: 4.88 MB, 4876907 bytes

MD5: a78e6c2e3a2b94e41dbc2366e6050185

SHA1: 22aa2b9c38c63371d8ffe02811c0ef5eec2ce3f2

SHA256: 28CFC2507BD1CC5C70648A983F8517BBE8E77AFA30BE4C17809C838E86EF2EAA

File Size: 7.12 MB, 7120384 bytes

MD5: 6ad77e4cb4f28fb66b8f9e1687659283

SHA1: fd750b55f8b6e77d47e4a040bbf5db40e83fe61d

SHA256: 574062037CD88FCEA9735E6FD48A6112FAE1C59A5D48F7415FF7116576CF7A42

File Size: 7.75 MB, 7754752 bytes

MD5: 9e5875d0bd6505462a0de6a02dd773a9

SHA1: bf468a2faf57cfa8a8cdb9c790c23378169d1266

SHA256: 9FA065949B75CEB0B7EE5A8B3002A7E32A89E9B436E487B2AF4012E13DD52FF1

File Size: 7.80 MB, 7804416 bytes

MD5: 8b4582e4188767fbb0a3442e7eceb13e

SHA1: 2fd7e5a07b5638cc4edbb60dd0d0006711382f4a

SHA256: 84CF41F8F4799259EBC0E47A11020A06BDAD2893FAECE6E31DE0A06E615007FF

File Size: 7.12 MB, 7121920 bytes

MD5: d6a4b35a199448d8d23d016a8c2b778b

SHA1: 916af7e91fe77f57c9e135685568474e3bf99d36

SHA256: F4AAADDC045B6E3535CF823EAA8566F813787E3C7066908DB943E5A52C4E4B7E

File Size: 5.66 MB, 5662263 bytes

MD5: 621c510112a9d85770b409d7539f484f

SHA1: bc48370a49c2c586b53fcfd710244680aa8deb12

SHA256: 82B2A3A8797B10E648929BB5C89CE7547B6F2FCE279747BE779F177B97EDBBB1

File Size: 5.63 MB, 5627392 bytes

MD5: d40c1bd4d960702a0166db0c6964adac

SHA1: 15cb47a52d11c55c732a4c6f8477f59ad82f7f0b

SHA256: A0E9F1154B42BC0A1A12CBF14C0DCCC2A10696B3195D8ABEBEC48499BBFF1F14

File Size: 2.21 MB, 2209280 bytes

MD5: 74802c160c9b3249f9132fe37772ba35

SHA1: 6f2963bdfb6921a2501c8d49e53ba1d44c2ad30b

SHA256: 84F2B1D9AC2AA5A59C0DDAFC1CFF3110D22559964C4892AC58B54E962BA91DA6

File Size: 6.46 MB, 6461952 bytes

MD5: 71a338494112df2d7998327c21ed4287

SHA1: 41c6957f9852c0e80bb36b0e3a78d8eff391ade0

SHA256: 6F0E4CB18BCC58D18FE3F4749DE82B5046A2E3DA2742DB7D7504CFA912E8AB09

File Size: 3.04 MB, 3035136 bytes

MD5: e43f9693f340bd52b4f5df0417028eda

SHA1: fe1d1e829131cf2ebee02b8f282b6db91f9b9560

SHA256: 1813DE5A769F4675C6394DD7B049B18AAB6D6A488AEA2B09E62F9E0528D83E65

File Size: 6.26 MB, 6256128 bytes

MD5: 0e3bff8d1106e6f00e71d3120838806c

SHA1: cbca60abf762c3205bbbac322ee06c1af026a907

SHA256: 27E1B3A693D81A7DEFED4FA68C4F104B2D980B707BA1631EA38CC8CB1B7A2D7B

File Size: 1.35 MB, 1354240 bytes

MD5: fcc4014be0904e1cfa6939912db2a1b0

SHA1: 224947f2dc32e111bcd74a7eb4655f512c52f906

SHA256: A6F580AD9B771D64C018ACC1C804E68089D33EB394FF06ADB1DF59E8F33ED7B1

File Size: 8.80 MB, 8802816 bytes

MD5: 0a790833187bc2275a8f2e44078dc89a

SHA1: 2e6603eddb5ba35605d40f9f784393d01c384cfa

SHA256: 190B3EF49DAA752566EB768D84E61444E0AFD8B9493C92D5D91CEDAE5C8FC812

File Size: 5.73 MB, 5731328 bytes

MD5: 2b81d20519f206b3a2c63d9dcd7bb724

SHA1: 14fefc5362ef3be3d2f59b834d5ad5a33118056c

SHA256: CA4918747CF647870399F082849146C4DE0EBB1D88C50FF0831A580DC1F7B99E

File Size: 1.39 MB, 1392128 bytes

MD5: 37f12c55172b93ce3b42744c2dca7b02

SHA1: 8f97fc0c07fc159f69392dba1064e6b5dafbd687

SHA256: 15CFD490832D85740F2B3D0BF163317CFC6EB7F18CD83A9BECC6D0A6D53EF7AC

File Size: 5.74 MB, 5739008 bytes

MD5: 5de119434f1c772159c47c4610e478f8

SHA1: 169008d298589c74eb0233451d5a98b4a7ed510b

SHA256: 8637294DFA3676B197CF2D465CD1E1ABB2F9507F9A1B74F294AF29951023A26B

File Size: 6.33 MB, 6334976 bytes

MD5: d114e4815563247ddaf3b2755c899b82

SHA1: cb44ed57f19817e6e43a1a68ddb30a66eedd8afe

SHA256: DBDA5C67F36A6B5664B78CD9647CB3E9F6391E670950F23386DB19C1263B7296

File Size: 5.56 MB, 5555200 bytes

MD5: e3427b7d381f104c237293083c9adbb3

SHA1: 0e262f31f2d6f39bd8d031836c9b5656c1e8d16f

SHA256: ACAF835C9A6F7CF819B8ACE823C7F4A66F1940D2FBB5CD37DE7215B0E96EDA87

File Size: 2.09 MB, 2090496 bytes

MD5: 433eb8991e87852958578e2bf5c233ea

SHA1: f710259379ed922ddc18b08d262abb06a314e654

SHA256: B71E02B98AB67F856965C2F0ECCEAE0C27D3AE8E801B193363C5A2A1ED462B09

File Size: 7.12 MB, 7123968 bytes

MD5: abb41d8b40910893bd596290e95c078c

SHA1: 39bbd3beb5d08e400186a6af959805d939491781

SHA256: 3EF3E63CBD8AC70F0E4DC40CCF560DCDC5AC2DAC9DAF6612411B8C2C8D2A2486

File Size: 5.59 MB, 5592576 bytes

MD5: 8c68f183264ff2bd31479730ad950295

SHA1: 2e0af0f895f8473db9406c7d45779fbdbbf44ddd

SHA256: 8FFECDE75805FFBFD1D807CF72918471B083788D65CD17E9A7D924CF34824978

File Size: 3.93 MB, 3929088 bytes

MD5: cc11594206093928cdc9832a75c05a20

SHA1: 677c7c3b11130b9180eed97f135d5cdf495b01a9

SHA256: 46E9246AEF2797858D638ADB7899BB9C13CFE68969F4E455EE8AC2498085DFB4

File Size: 7.02 MB, 7022592 bytes

MD5: 83f5ac37216c1a0ef4199a0463f8a925

SHA1: 69dc46fa7c44e0d3f4767b49622e8ab5fe7ec985

SHA256: D4FF075652A120FDE27E001E05DDF8B43B898BC969C4BB7C93849B363E1B6D0F

File Size: 640.51 KB, 640512 bytes

MD5: cf7dba271bd8b0ba46bf6e93bb6bbc05

SHA1: 045439f3305d3fdd353646540a82d312e9791944

SHA256: 96ACA01F9BC12AF85ECDB00A682FD27A0446BC1DC3793DD4B2DD8E9F24C7A180

File Size: 1.93 MB, 1929728 bytes

MD5: b96440a070582e2c1d5c5ddc66808e70

SHA1: 08d50a10e6fc3a8137f049f05df95a3e2ef451d8

SHA256: D5D9016AB116705FDAFAEEAFBD20B645C8F7306F2F45B2279D12829CA838B1F0

File Size: 6.34 MB, 6343687 bytes

MD5: ce5da276d5be840704a2ea220c1dcf2a

SHA1: a74b3923409b0f2abdf3ead1088482814dad18e6

SHA256: 3444A37645BCF9C5BF5ACC9C4FF68BDBFC73C88265B37A858D262115C7F6C4CD

File Size: 6.28 MB, 6275438 bytes

MD5: 153cd7e6b9a7ce89b73337d310f11bd6

SHA1: 5159570ac8a5a23b0ebc7131acddd6bf612ff523

SHA256: BEDFB0DAC6F87EFA7CA09268835CABD5CAE085BC972BB4A1E092A347D97D0589

File Size: 8.61 MB, 8610304 bytes

MD5: 0f22d2df540bb4a062368ebcde660f3f

SHA1: 2d636d6bda7a8f47fbcf4c02330f893020858a9a

SHA256: 8FC0A30CF91D9A29F9EABED472AD54D6868AD3E0B93C2E134986790BD0475858

File Size: 4.48 MB, 4475066 bytes

MD5: 8f654b7d48ac9e274c85e4af2fab20ef

SHA1: 6091bc853d80ccb950a56b6e5431b3783df4c746

SHA256: 9A77774FF4F3B30A882354F6CE39162B6F19186757AB3E8693AE1633B6158276

File Size: 380.12 KB, 380125 bytes

MD5: 7169c5207689881a5255291515d2072e

SHA1: 41173ef453d83a85fa6f01248fd7e8a901717506

SHA256: F76EAE5096DE41C7257C3B46A3CC2DD0667481D890EBC9EE015267462F43927C

File Size: 6.24 MB, 6236113 bytes

MD5: f956850298632b8877fe1fd173ff06e1

SHA1: cbfe2010fbddf6fa09878366f46ef136d92ddc29

SHA256: FDAAD54263BF081B27CA337502BBC5F275348F20B7A36837CFB29A1F67EE6183

File Size: 4.88 MB, 4876859 bytes

MD5: 549b22427b4d9b5f9eea8047b58b3694

SHA1: 39b6c9fc54aaf576eb52cc2797ce6b675b6ffad1

SHA256: 49991EC3DF9A7F6366CD6791BA0E18D7F5903FC97E358A80EFBC6730793ED030

File Size: 5.26 MB, 5261118 bytes

MD5: da242156893b349bbc41a2d31e1e8fdc

SHA1: a8fa4037b11586ce4b1507ec01398698c7efed70

SHA256: 610B0965564DEB02ED74E972AEC5A83288B00ABEF60EE4B121367FBC0277E102

File Size: 4.99 MB, 4987392 bytes

MD5: f03274d98b3035419066ad3400d47065

SHA1: 496f91f39672f7a015eef94cb5021775fdb48a84

SHA256: 75E7B10DFEED51F7320F9A23A7DA6F787484792EBF1478517425D4140AA524B2

File Size: 6.78 MB, 6780416 bytes

MD5: c2eff2a516e4818b6726839870bb0569

SHA1: e09fc2d4c0aab0199336413d208198ac0fcc6583

SHA256: 329EA81ADBD60368E8528FD7D268892113E24A98418DBE6E3DB87A6978087131

File Size: 6.33 MB, 6334976 bytes

MD5: 341d3def92e969e7d7a9376852562398

SHA1: db8f058f657ca4940d0526a8f30c84ad963571a7

SHA256: 68454B92D8A7F8714321E040ADDCB979B99C50144562CBCC8F30D0338CA7D598

File Size: 890.37 KB, 890368 bytes

MD5: dcc6bab09de956b584826f6de104415b

SHA1: 25e7a04221f3b425d105e08b6b12273630f7e6b1

SHA256: C36B56D0B573CF848F185C6212A52A3AEE32059AF01FBC82CABCA191C7995B90

File Size: 6.90 MB, 6900736 bytes

MD5: 02178b99d1ff0ed45afb4d52e79be6af

SHA1: 8686b99798eba1c82570d08c893ff35247682f57

SHA256: B7FD233D18734C9052EBDD410BF15A533AD34738D666B3694731693C9C3578FA

File Size: 1.91 MB, 1913344 bytes

MD5: 1ae0c80c9100c579067a34392199638e

SHA1: 010661519122cf64c150ae778e5773f671708a8c

SHA256: 6B44DD2FDCB922D0CC0E5E2F4C3BF674C070744CB89A981290A98D742AEB874A

File Size: 871.96 KB, 871958 bytes

MD5: 0edc578b302bdfcbee745be1b533cd42

SHA1: 59105106e4f11131402ac625194a7c2214bd38d9

SHA256: 7B069F38A4C7A378693A859B705DDB74215DD77DCD1FDFBBFA816B074ECD7EF9

File Size: 2.16 MB, 2157289 bytes

MD5: e62793b4914884c39d5cc464ccd2e757

SHA1: d3bb0c99ce754f66d1bb4996214310eb974ecda8

SHA256: E21E54331040954790EF977449889DA768EA1E29CCB9F45EA89D1BB5DFF8235C

File Size: 6.94 MB, 6938112 bytes

MD5: a5a248ac89aafc3c17af0f32e1d35eb9

SHA1: f6c2c8f57f55f5962bb8d1d15aabd372b9375220

SHA256: 38709A49403EF0380DBD06A73BFF64B1FF26A95B0A82FB7BC1BC898F8E4D827A

File Size: 3.35 MB, 3346944 bytes

MD5: 318e639fc0964b147be37fa2cb260be9

SHA1: 22c04165c59e3909851f46eb1e9ca241b9e98b66

SHA256: D04DFDC6A23CF2441E653D5B8E4293F01B82847789D443F37C9DE4494F355238

File Size: 1.12 MB, 1123407 bytes

MD5: ab26ba4d210f0107e3380d65fdb418a0

SHA1: 7419ca49a03462d6efa0b3771a1bfcc92d8c2f4a

SHA256: 7240CE4C3B869FF8720EAF607A2D5104842B497C49968C4575440A7A6D8D9ACE

File Size: 6.84 MB, 6844416 bytes

MD5: 3f9270fc494e5e898869e3a911baf898

SHA1: 22fdbf2593963c2368ec2b647c74a546679ca439

SHA256: 5560AD00A72DA2049F8EC5109850D09403839A33C96DCEEBC63A45EE20B52D1F

File Size: 6.37 MB, 6372864 bytes

MD5: b773c10a70cf4497c67064bbb580cc00

SHA1: 2fc0326045e859ef60b224a9ab11a4ca75aeeb31

SHA256: E4C60913980D4C1B2B09D3FBD9CD9CCC385F37D935B5980E4D3E7501B857318F

File Size: 9.56 MB, 9556992 bytes

MD5: 7d8fb60a8edfa05a6380a57658d2e26a

SHA1: 76acb8659c104d0a9ffc3dc74a1254882c125514

SHA256: CDAED02C986DC785566544A42EC6B172196F45306BACF6C40D36A7DB24E18F69

File Size: 441.93 KB, 441934 bytes

MD5: 3916805d550f3639db7866d06dc60a79

SHA1: b36c36358df50638c2e075fbeaacfad46457670a

SHA256: F61FC595339C7C7768FDB7C71825670D28F38A5D20A97C2DFD3928FBD8367E00

File Size: 8.12 MB, 8118272 bytes

MD5: d52b1c821ba628406856af4484f5a54d

SHA1: e90d4f762edd1ef80b1aeea28ce6bdcc9fc65701

SHA256: 55F8D06CCA53F3B7F06DFFB699F8C5F7A98E4F9D4DA6559C378A846E1C739976

File Size: 195.51 KB, 195507 bytes

MD5: f694d81c52240eca511a73c9d4728bbe

SHA1: 4ecd9a3792337f2aa1a4089ab52185affe5197ee

SHA256: 143270B32448D32DB43403524D587900A67558073FFC48736455128F99D44CDA

File Size: 9.77 MB, 9771104 bytes

MD5: b48759d93184443eead934cebad487f9

SHA1: c46aa6c353348f889b119eb1c225cc6923b912e9

SHA256: BD502F3EF38C46E9BA7774067F36AEE410ECEC2191A610D299F94DF6E517FFF0

File Size: 4.88 MB, 4875776 bytes

MD5: 23d70dbef778906b27c60ceb2f334b3f

SHA1: f499e1225a9ccd5bbec975383ffb966b64fb14fd

SHA256: F0DE89C71E8BFE5B8AF82D461C99491D73F8B9D555B826C22304DD6BF8EFBCBD

File Size: 3.81 MB, 3806208 bytes

MD5: 64b21ae724cf90ceaecc0910dfd0bdba

SHA1: 147647c29f209554279beced903e5bb5c424d810

SHA256: 21C8315A6FE0A190A5E43E913115F4D153076082940B9DA23C50EBEA50FF8725

File Size: 3.34 MB, 3337292 bytes

MD5: 9393cdd845a9a8356d2d93d519531951

SHA1: 4650344363fe31f4ce14b949194e8e92d88620fb

SHA256: E06EA621E1F83E9935E618FD6A879B00146C0EDBD7023F242EA345B6A6F0DD68

File Size: 5.46 MB, 5463235 bytes

MD5: f6b5b55b5ceb6885d02db89423d35675

SHA1: d4026d18fadd51519ae6926e978aab44b067290c

SHA256: 04EF056ED263B465479DF38E672ECF98482C307D9052CB183D698935B1F4127D

File Size: 8.11 MB, 8108544 bytes

MD5: 1983b4521d22a1737653c25dbcea5904

SHA1: e36004d67e1b3e56a9d1ffb38d5facc7d770d5f8

SHA256: 1A743FD28C2492E30D5DD61B7E911A138C84C592CFA4C0EA86D73128954669E7

File Size: 6.21 MB, 6214325 bytes

MD5: 0493c0785b4b16ab424f6cec11560db8

SHA1: 7c8cc3472e9b2ca9f6d5c8aa86c1a3533f4c9b74

SHA256: E2D410D8133C21157DD99F5982E2E3F6A3A889DA28EF1B888C1BF0E25827A8E7

File Size: 715.99 KB, 715985 bytes

MD5: 79f7e4d47b1b88fcc74c2a54a064fa4a

SHA1: 0891b5e037e7c155ada2473d618b9aba634eda85

SHA256: 52A547625F6CCDB28023CAA03577415F0EB884E097CD8A603200DDE194200B15

File Size: 1.95 MB, 1950305 bytes

MD5: d3f30d6f81957b662a4ec1f467573a5c

SHA1: a936c1568ce9612646f67e7507fbbad59c65a735

SHA256: 629C6F9E494834DD99B0E01D8911CA17FFCE5009E794FDB5B46E9D8A1A442248

File Size: 6.21 MB, 6209536 bytes

MD5: 3a6077797e127129e1eedd60dfbefc50

SHA1: ca3cd3564de667e99bea55827e392c558aaadcc3

SHA256: 04B1B512670E91A92E06C2ED29F786F65ED01A8C95D39432AA45C59C050F3CDE

File Size: 6.46 MB, 6455296 bytes

MD5: ab48be6248f0d1ad0fe248ece3f4782e

SHA1: 09f3ffb0c553dd2c6803f1043c6079b96db39705

SHA256: 455AC5082586A400AC9A0F2727FA52ECC0D16B69B04BA0496E1AC9E236EBBC03

File Size: 5.46 MB, 5463040 bytes

13 additional samples are not displayed above.

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable

File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

142 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Assembly Version	25.5.26.1 19.2.6.0 8.4.10417.60001 3.0.0.0 2.0.0.0 1.9.42.0 1.7.5.0 1.5.0.1 1.2.1.0 1.1.5.2 Show More 1.1.3.0 1.0.0.0 0.0.0.0 0
Comments	AMISCEUI Asterisk Password Recovery Tool Installer BaiduYunguanjia Installer Blazers DevExpress iAldazActivatorA5 rhythm just a click away! Sentinel LDK Admin API SpiderPRO A12+ TeraBox Installer Show More This installation was built with Inno Setup. Ultimate iOS Ramdisk Activator V0.3 USB Redirector Technician Edition Installer service VBA Password Bypasser Tool Installer
Company Name	-[ by Akozdem!R ]- @ChristianMuhi7 Alcohol Soft Baidu cGPSmapper CzkApi Flextech gsm4crack.blogspot.com iAldazActivatorA5 IBS.cr Show More Igor Pavlov LuSlower Software Macgo International Limited Microsoft MuEMU ppy RosBot.Com SimplyCore LLC Sorna Corporation SWA V2 Thales Group. Thegrideon Software TODO: <Company name> Two Pilots Ultimate iOS Ramdisk Activator V0.3 三六零科技集团有限公司
File Description	7G SCN by Samik 7z Setup SFX 360数据恢复大师 Alcohol Setup AlephHisi AmericanCut AMISCEUI ApiCZK Asterisk Password Recovery Tool Installer BaiduYunguanjia Installer Show More Blazers Setup ByMrGarabato cGPSmapper Free Setup CounterBot csrss DevExpress exelon firefox Fluxus_IDE FrpFdl iAldazActivatorA5 iigw_api_client Innostor MPTool Application KHServer Launcher LibVidHMDll Login Menu MHPClient NNAR2RRegClient osu! ProfileManager Project1 Pulsarunlock read Information Software Reviewer router Scanner Eren SendScreenshotWithDiscordWebhook ShortTestMonitoring sntl_adminapi_net_windows SpiderPRO A12+ SWA V2 TeraBox Installer testMFC DLL TODO: <File description> tpsControllerLib TPS_Tool_V2 Ultimate iOS Ramdisk Activator V0.3 USB Redirector Technician Edition Installer service VBA Password Bypasser Tool Installer WindowsFormsApp1 WinISO 7.1.1 Installer www.TNCTR.com Z3x Easy-JTAG Cracked by Gsm4crack Setup
File Version	25.5.26.01 19.2.6.0 19.00 8.4.10417.60001 7.33.0.7 7.1.1.8357 4.30.8.7117 4.7.0.7 3.6.0.0 3.0.0.0 Show More 2.19.4.18 2.0.0.0 2, 11, 2, 47 2,3,0,3330 1.42.6.158 1.42.2.150 1.41.2.137 1.32.0.1 1.28.0.3 1.26.0.2 1.16.0.18 1.9.42.0 1.9.8.7612 1.7.5.0 1.5.0.1 1.3.3.7 1.3.0.0 1.2.1.0 1.1.5.2 1.1.3.0 1.00 1.0.0.1131 1.0.0.1 1.0.0.0 1.0 1, 0, 0, 1 0.0.0.0
Hash	6764c09e75bfbca66364f8b754a6e018c513629ac82d6c5989aea171d9392d41efc6387d7f6895f94e4b5f732a6a40c152e3009b6aeebcc8b5dbfe569830fe92 d8a0d88b61a27f45aaf9d4f4b939f9022ae94a35771a6784974a69a2440c793852ed8fdb85e5137060b3611c05baa298b539f0f950c2212bcd8c325069f09370
Internal Name	7G SCN by Samik.exe 7zS.sfx Alcohol52_FE_.exe American Cut.exe amisceui.exe CounterBot.exe CzkAPI.dll DevExpress.dll DiskMain.exe exelon.exe Show More firefox.exe Fluxus_IDE.exe FrpFdl.exe Get-User-ip-country-screenshot.exe iAldazActivatorA5.exe iigw_api_client.dll Innostor MPTool KHServer.exe Launcher.exe LibVidHMDll.dll Login Menu.exe MHPClient mohamed_soft_kirin.exe MXData.dll MyCPlusPlusApp.exe NNAR2RRegClient.exe osu!.exe ProfileManager.dll Pulsarunlock.exe read Information Software.exe Reviewer.exe router.exe Runtime.dll Scanner Eren.exe ShortTestMonitoring.exe sntl_adminapi_net_windows.dll SpiderPRO A12+.exe Steal1.exe SWA V2.dll testMFC TJprojMain tpsControllerLib.dll TPS_Tool_V2.exe UMT_IPHONE.exe usbredirectortechssrv.exe Win WindowsFormsApp1.exe www.TNCTR.com
Legal Copyright	(C) 三六零科技集团有限公司 All Rights Reserved. 2024 LightCloud.click. All rights reserved. Baidu. All rights reserved. Copyright (c) 1999-2018 Igor Pavlov Copyright(C) 2000-2008 Copyright (C) 2005-2014 Blazers Copyright (c) 2007 - 2022 SimplyCore LLC. All rights reserved. Copyright (C) 2008 Copyright (C) 2009 by Akozdem!R Copyright © 1907 Show More Copyright © 2013 All Rights Reserved Copyright © 2019 Copyright © 2020-2021 DevExpress Copyright © 2021 Copyright © 2022 Copyright © 2023 Copyright © 2024 Copyright © 2025 Copyright © 2025 Copyright © 2026 all right reserved pulsarunlock Copyright © Gerson Aldaz 2025 Copyright ©IBS 2016 Copyright © MuEMU.pl 2015 Eternal Sage © 2024 Flextech. All rights reserved. ppy 2007-2015 TODO: (c) <Company name>. All rights reserved. © 2001-2022 Macgo International Limited © 2004-2008 Thegrideon Software © 2004-2011 Thegrideon Software © 2022 Thales Group. All rights reserved. © 2023 Ultimate iOS Ramdisk Activator 版权所有 (C) 2016
Legal Trademarks	Asterisk Password is a trademark of Thegrideon Software Copyright (c) 2007 - 2022 SimplyCore LLC. All rights reserved. iAldazActivatorA5 RosBot Sentinel® is a trademark of Thales Group. Ultimate iOS Ramdisk Activator V0.3 VBA Password Bypasser is a trademark of Thegrideon Software
Original Filename	7G SCN by Samik.exe 7zS.sfx.exe Alcohol52_FE_.exe American Cut.exe amisceui.exe CounterBot.exe CzkAPI.dll DevExpress.dll DiskMain.exe exelon.exe Show More firefox.exe Fluxus_IDE.exe FrpFdl.exe Get-User-ip-country-screenshot.exe iAldazActivatorA5.exe iigw_api_client.dll Innostor MPTool.EXE KHServer.exe Launcher.exe LibVidHMDll.dll Login Menu.exe MHPClient.dll mohamed_soft_kirin.exe MXData.dll MyCPlusPlusApp.exe NNAR2RRegClient.exe osu!.exe ProfileManager.dll Pulsarunlock.exe read Information Software.exe Reviewer.exe router.exe Runtime.dll Scanner Eren.exe ShortTestMonitoring.exe sntl_adminapi_net_windows.dll SpiderPRO A12+.exe Steal1.exe SWA V2.dll testMFC.DLL TJprojMain.exe tpsControllerLib.dll TPS_Tool_V2.exe UMT_IPHONE.exe usbredirectortechssrv.exe Win.exe WindowsFormsApp1.exe www.TNCTR.com
Private Build	2,3,0,3330
Product Name	-[ by Akozdem!R ]- 7-Zip 7G SCN by Samik 360数据恢复大师 Alcohol 52% AlephHisi AmericanCut AMISCEUI Asterisk Password BaiduYunguanjia Installer Application Show More Blazers ByMrGarabato CounterBot csrss Czk2025 DevExpress exelon firefox Fluxus_IDE FrpFdl iAldazActivatorA5 iigw_api_client Innostor MPTool Application KHServer Launcher LibVidHMDll Login Menu MakeUp Pilot MuEMU MHPClient NNAR2RRegClient osu! ProfileManager Project1 Pulsarunlock , powered by alephgsm.com read Information Software Reviewer router Scanner Eren SendScreenshotWithDiscordWebhook ShortTestMonitoring sntl_adminapi_net_windows SpiderPRO A12+ SWA V2 TeraBox Installer Application testMFC Dynamic Link Library TODO: <Product name> tpsControllerLib TPS_Tool_V2 Ultimate iOS Ramdisk Activator V0.3 USB Redirector Technician Edition VBA Password Bypasser Win WindowsFormsApp1 WinISO Z3x Easy-JTAG Cracked by Gsm4crack
Product Version	25.5.26.01 19.2.6.0 19.00 8.4.10417.60001 7.1.1.8357 4.30.8.7117 4.2 3.0.0.0 2.19.4.18 2.0.5.0 Show More 2.0.0.0 2, 11, 2, 47 2,3,0,3330 1.9.42.0 1.7.5.0 1.5.0.1 1.3.3.7 1.2.1.0 1.1.5.2 1.1.3.0 1.00 1.0.0.1131 1.0.0.1 1.0.0.0 1.0.0 1.0 1, 0, 0, 1 1, 0 0.0.0.0
Program I D	com.embarcadero.Project1
Special Build	2,3,0,3330

Digital Signatures

Signer	Root	Status
Alcohol Soft	Alcohol Soft	Self Signed
Thegrideon Corp.	Thegrideon Corp.	Self Signed
Thegrideon Corp.	UTN-USERFirst-Object	Self Signed

File Traits

.adata
.NET
.vmp0
00 section
2+ executable sections
Agile.net
big overlay
CryptUnprotectData
Default Version Info
dll

Enigma
Fody
fptable
Gdrive
Goliath
HighEntropy
imgui
Installer Version
NewLateBinding
No CryptProtectData
No Version Info
ntdll
packed
RijndaelManaged
Run
upx
VirtualQueryEx
vmp section variant
vmp with ShellExecuteA, no signature
vmp with VirtualProtect, no signature
WriteProcessMemory
x64
x86
Yano
ZYXDN

Block Information

Total Blocks:	3,546
Potentially Malicious Blocks:	13
Whitelisted Blocks:	2,296
Unknown Blocks:	1,237

Visual Map

0 ? 0 ? ? 0 1 ? ? 0 ? ? 0 0 0 ? 0 0 0 0 0 ? ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? 0 0 ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? 0 x x x ? x ? ? ? ? x ? ? ? 0 ? ? ? 0 0 ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? 0 ? ? ? 0 ? ? 0 0 0 ? ? 0 ? ? ? ? ? 0 ? 0 0 0 ? ? 0 0 ? 0 ? ? ? ? 1 0 ? ? ? ? 0 0 ? 0 ? 0 ? 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? 0 1 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? 0 0 0 ? ? 0 0 0 0 0 ? ? 0 ? 0 0 ? ? ? ? 0 0 ? ? ? 0 0 ? ? ? ? ? ? 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 ? 1 ? 1 ? 0 ? 1 ? 1 ? 0 0 0 0 ? 0 ? 1 ? 0 0 ? ? ? ? 0 0 0 0 1 0 0 ? 0 ? 1 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? ? 0 0 0 ? ? x 0 ? 0 ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? 0 ? ? 0 0 ? 0 0 1 0 0 1 0 0 ? ? ? 0 0 0 ? ? 0 ? ? ? ? 0 ? 0 0 ? 0 0 0 0 ? 1 ? ? ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? 0 0 ? 0 0 ? ? ? 0 ? 0 0 ? ? ? ? 0 ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? 1 ? ? ? 0 ? ? ? ? 0 0 0 0 ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? 0 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? 1 ? 0 ? ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 1 0 0 0 ? ? 0 ? ? ? ? 0 ? ? ? ? 0 0 0 ? ? ? 0 ? 0 ? 0 ? ? ? ? ? ? 0 ? ? ? ? 0 0 0 0 0 0 0 ? ? 0 0 ? 0 ? ? 1 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? 1 ? 1 ? ? 0 ? 0 ? ? 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 ? 1 ? ? ? 0 ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? 1 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? ? 1 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? 0 ? 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 ? 0 ? ? 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 ? ? 0 ? ? 0 ? 0 0 0 ? 0 ? 0 ? 0 0 0 ? 0 0 0 0 ? ? ? 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 ? 0 0 0 0 ? ? 0 0 ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 0 0 0 1 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? ? 0 ? 0 0 0 0 0 ? 0 ? ? 0 0 ? ? ? ? 0 ? ? ? ? 0 0 0 0 ? ? ? ? 0 ? 0 ? ? ? ? 0 ? 0 ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 ? 0 ? ? 0 ? 0 ? ? ? ? ? 1 ? ? ? 0 ? 0 ? ? ? ? ? 0 ? ? 1 ? ? ? ? 0 0 ? ? 0 0 ? ? ? 0 0 ? 0 ? 0 0 ? ? ? ? ? 1 0 ? ? ? 0 ? ? ? ? ? ? 1 0 ? ? ? ? ? ? ? 0 ? 0 0 ? ? ? x ? ? ? 0 0 ? 0 0 0 ? 0 ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? 0 ? 1 ? ? ? ? 0 ? ? 0 ? ? 0 ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 1 ? ? ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? 0 0 0 0 0 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 ? ? 0 ? 0 0 0 0 0 0 ? ? 0 ? 0 0 ? ? 0 ? 0 ? ? 0 ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 1 ? ? 0 0 ? 0 0 0 1 0 ? 0 ? 0 1 0 ? ? 0 0 ? ? 0 ? 0 0 ? 0 ? 0 ? 0 ? ? ? ? ? 0 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? 1 ? ? ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? 0 ? 1 ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? ? ? ? 0 0 ? ? ? x ? ? ? ? ? 0 0 ? ? 0 ? 0 0 0 ? ? ? 0 0 ? ? ? ? 0 ? ? ? 0 0 ? ? ? ? 0 ? ? 0 0 0 ? ? ? 0 ? ? ? ? 0 ? ? 0 0 0 ? ? ? ? ? ? 0 ? 1 ? 0 ? ? ? 1 ? 1 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? 0 ? 0 ? 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? 0 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 ?

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.EDA
IEHelper.B
Lamer.CF
Stealer.BBA
Wapomi.F

Files Modified

File	Attributes
\device\harddisk0\dr0	Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496
\device\harddisk0\dr0	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\pshost.134058563232850113.4328.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
c:\loader_log.txt	Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll	Synchronize,Write Data

c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000	Generic Write,Read Attributes
c:\program files\uninstall information\ie.hkcuzoneinfo\ie.hkcuzoneinfo.dat	Synchronize,Write Attributes
c:\program files\uninstall information\ie.hkcuzoneinfo\ie.hkcuzoneinfo.ini	Synchronize,Write Attributes
c:\program files\uninstall information\ie40.useragent\ie40.useragent.dat	Synchronize,Write Attributes
c:\program files\uninstall information\ie40.useragent\ie40.useragent.ini	Synchronize,Write Attributes
c:\programdata\microsoft\crypto\rsa\machinekeys\cc42c58af27f364880ac7079b8c709ed_bfeb5820-9643-42ad-a79f-071dff4d8e64	Generic Write,Read Attributes
c:\programdata\tor	Synchronize,Write Attributes
c:\users\user\appdata\local\launcher\631448f5ba4e5b9401e3bb4e0_url_i4jgjwbcmleml5j1tyceb1lilbeuuivr\1.1.5.2\ssp2ayep.newcfg	Generic Write,Read Attributes
c:\users\user\appdata\local\launcher\631448f5ba4e5b9401e3bb4e0_url_i4jgjwbcmleml5j1tyceb1lilbeuuivr\1.1.5.2\ssp2ayep.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\launcher\631448f5ba4e5b9401e3bb4e0_url_i4jgjwbcmleml5j1tyceb1lilbeuuivr\1.1.5.2\user.config	Synchronize,Write Data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_256.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\7zs03719111\libcurl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\libcurl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\libcurlpp.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\libcurlpp.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\libgcc_s_dw2-1.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\libgcc_s_dw2-1.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\libstdc++-6.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\libstdc++-6.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\libwinpthread-1.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\libwinpthread-1.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\setup_install.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\setup_install.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue16052d8f5d8.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue16052d8f5d8.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue1627c64b8c1f9.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue1627c64b8c1f9.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue16483b6bee0b96311.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue16483b6bee0b96311.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue16641261fb.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue16641261fb.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue166b6e4b60.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue166b6e4b60.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue167f622ec8c293435.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue167f622ec8c293435.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue168380dc8969a2b.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue168380dc8969a2b.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue168db2965d6998382.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue168db2965d6998382.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue16a0c817e97.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue16a0c817e97.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue16cdb07056db765a.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue16cdb07056db765a.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue16fcd5878f34.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs03719111\tue16fcd5878f34.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4467.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4467.tmp\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4467.tmp\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_233ghtwt.3f2.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_i4fitce2.c1k.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dup2patcher.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\extract_ids.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-885f2.tmp\setup.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-olmvu.tmp\916af7e91fe77f57c9e135685568474e3bf99d36_0005662263.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-tjh15.tmp\39b6c9fc54aaf576eb52cc2797ce6b675b6ffad1_0005261118.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbeb2.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsn3843.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsna8bf.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsna90e.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsna90e.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna90e.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna90e.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbec3.tmp\alcsetup.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nswbec3.tmp\alcsetup.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbec3.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbec3.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nswbec3.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbec3.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbec3.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbec3.tmp\setuphlp.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy3883.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsy3883.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy3883.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy3883.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\alcohol.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\alcohol.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\axcmd.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\axcmd.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rgif833.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgif833.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgif8b1.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgif8b1.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgif9fa.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgif9fa.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgifae5.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgifae5.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmp4352$.tmp	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\tmp4969.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\tmp49c7.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\yshow3d.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\documents\terror\logs\terror.log	Generic Write,Read Attributes
c:\users\user\downloads\iozzh6f.exe	Synchronize,Write Data
c:\users\user\downloads\launcher.ini	Generic Write,Read Attributes
c:\users\user\downloads\rsqwz0x.exe	Synchronize,Write Data
c:\windows\appcompat\programs\amcache.hve	Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve	Write Attributes
c:\windows\system.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKLM\software\microsoft\rfc1156agent\currentversion\parameters::trappolltimemillisecs	㪘	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey

HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	槍籯Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::enablenegotiate		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::migrateproxy		RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie40.useragent\regbackup\0::ef29a4ec885fa451	,,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie40.useragent\regbackup\0.map::ef29a4ec885fa451	,33,HKCU,Software\Microsoft\Windows\CurrentVersion\Internet Settings,User Agent,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie40.useragent\regbackup\0::2ba02e083fadee33	,Software\Microsoft\Windows\CurrentVersion\Internet Settings,IE5_UA_Backup_Flag,5.0	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie40.useragent\regbackup\0.map::2ba02e083fadee33	,33,HKCU,Software\Microsoft\Windows\CurrentVersion\Internet Settings,IE5_UA_Backup_Flag,	RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie40.useragent::backupfilename	C:\Program Files\Uninstall Information\IE40.UserAgent\IE40.UserAgent.DAT	RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie40.useragent::backupfilesize		RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie40.useragent::backuppath	C:\Program Files\Uninstall Information\IE40.UserAgent	RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie40.useragent::installinffile	C:\Users\Vuwdvhny\AppData\Local\Temp\RGIF833.tmp	RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie40.useragent::installinfsection	BackupUserAgent	RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie40.useragent::backupregistry	y	RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie40.useragent::componentversion	6.0	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::user agent	Mozilla/4.0 (compatible; MSIE 8.0; Win32)	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::ie5_ua_backup_flag	5.0	RegNtPreCreateKey
HKLM\software\microsoft\advanced inf setup\ie complist::ie40.useragent		RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::87c588e072d89776	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones,,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::87c588e06bc3a637	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones,SelfHealCount,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92a9d51066	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92b0ce2127	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,DisplayName,Computer	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b929be372e4	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,PMDisplayName,4Computer [Protected Mode]	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9282f843a5	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,Description,Your computer	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92cdb9d562	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,Icon,"shell32.dll#0016	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d4a2e423	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,LowIcon,&inetcpl.cpl#005422	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92ff8fb7e0	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,CurrentLevel,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e69486a1	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,Flags,!	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92610c9a6e	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,1200,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b927817ab2f	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,1400,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9207bd81f7	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b921ea6b0b6	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,DisplayName,Local intranet	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92358be375	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,PMDisplayName,@Local intranet [Protected Mode]	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b922c90d234	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,Description,This zone contains all Web sites that are on	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9263d144f3	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,Icon,"shell32.dll#0018	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b927aca75b2	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,LowIcon,&inetcpl.cpl#005423	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9251e72671	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,CurrentLevel,Ԁ	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9248fc1730	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,1200,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92cf640bff	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,1400,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d67f3abe	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,2500,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e7618018	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,Flags,Û	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b922e753505	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92376e0444	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,DisplayName,Trusted sites	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b921c435787	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,PMDisplayName,>Trusted sites [Protected Mode]	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92055866c6	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,Description,¢This zone contains Web sites that you trust	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b924a19f001	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,Icon,*inetcpl.cpl#00004480	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b925302c140	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,LowIcon,&inetcpl.cpl#005424	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92782f9283	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,CurrentLevel,က	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b926134a3c2	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,Flags,G	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e6acbf0d	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1200,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92ffb78e4c	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1400,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b920de75d7a	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1001,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9214fc6c3b	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1004,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b923fd13ff8	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1201,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9226ca0eb9	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1206,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92698b987e	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1207,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b927090a93f	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1208,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b925bbdfafc	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1209,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9242a6cbbd	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,120A,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92c53ed772	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,120C,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92dc25e633	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1402,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b921f52f294	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1405,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b920649c3d5	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1406,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b922d649016	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1407,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92347fa157	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1408,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b927b3e3790	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1409,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92622506d1	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,140A,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9249085512	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,140C,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9250136453	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1601,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d78b789c	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1604,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92ce9049dd	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1605,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92a7ee95f1	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1606,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92bef5a4b0	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1607,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9295d8f773	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1608,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b928cc3c632	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1609,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92c38250f5	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,160A,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92da9961b4	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,160B,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92f1b43277	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1802,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e8af0336	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1803,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b926f371ff9	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1804,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92762c2eb8	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1809,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b923a39ad48	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1812,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9223229c09	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1A00,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92080fcfca	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1A02,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b921114fe8b	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1A03,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b925e55684c	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1A04,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92474e590d	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1A05,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b926c630ace	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1A06,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9275783b8f	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1A10,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92f2e02740	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,1C00,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92ebfb1601	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2000,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b928285ca2d	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2001,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b929b9efb6c	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2004,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92b0b3a8af	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2005,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92a9a899ee	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2007,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e6e90f29	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2100,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92fff23e68	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2101,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d4df6dab	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2102,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92cdc45cea	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2103,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b924a5c4025	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2104,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9253477164	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2105,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92903065c3	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2106,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92892b5482	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2107,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92a2060741	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2108,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92bb1d3600	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2200,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92f45ca0c7	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2201,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92ed479186	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2300,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92c66ac245	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2301,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92df71f304	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2302,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9258e9efcb	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2400,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9241f2de8a	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2401,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92288c02a6	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2402,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92319733e7	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2600,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b921aba6024	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2700,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9203a15165	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2701,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b924ce0c7a2	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2702,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9255fbf6e3	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2703,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b927ed6a520	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2704,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9267cd9461	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2708,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e05588ae	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,2709,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92f94eb9ef	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,270B,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9270ef12f0	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,270C,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9269f423b1	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,270D,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9242d97072	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,140D,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b925bc24133	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,120B,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92801da494	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92990695d5	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,DisplayName,Internet	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92b22bc616	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,PMDisplayName,4Internet [Protected Mode]	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92ab30f757	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,Description,This zone contains all Web sites you haven't	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e4716190	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,Icon,&inetcpl.cpl#001313	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92fd6a50d1	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,LowIcon,&inetcpl.cpl#005425	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d6470312	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,CurrentLevel,ᔀ	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92cf5c3253	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,Flags,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9248c42e9c	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1200,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9251df1fdd	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1400,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e2b5eb9b	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1001,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92fbaedada	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1004,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d0838919	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1201,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92c998b858	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1206,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9286d92e9f	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1207,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b929fc21fde	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1208,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92b4ef4c1d	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1209,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92adf47d5c	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,120A,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b922a6c6193	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,120C,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92337750d2	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1402,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92f0004475	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1405,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e91b7534	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1406,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92c23626f7	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1407,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92db2d17b6	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1408,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92946c8171	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1409,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b928d77b030	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,140A,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92a65ae3f3	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,140C,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92bf41d2b2	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1601,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9238d9ce7d	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1604,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9221c2ff3c	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1605,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9248bc2310	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1606,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9251a71251	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1607,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b927a8a4192	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1608,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92639170d3	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1609,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b922cd0e614	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,160A,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9235cbd755	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,160B,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b921ee68496	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1802,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9207fdb5d7	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1803,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b928065a918	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1804,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92997e9859	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1809,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92d56b1ba9	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1812,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92cc702ae8	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1A00,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92e75d792b	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1A02,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92fe46486a	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1A03,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92b107dead	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1A04,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92a81cefec	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1A05,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b928331bc2f	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1A06,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b929a2a8d6e	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1A10,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b921db291a1	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,1C00,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9204a9a0e0	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2000,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b926dd77ccc	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2001,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9274cc4d8d	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2004,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b925fe11e4e	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2005,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9246fa2f0f	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2007,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9209bbb9c8	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2100,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b9210a08889	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2101,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b923b8ddb4a	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2102,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b922296ea0b	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2103,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92a50ef6c4	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2104,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b92bc15c785	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2105,	RegNtPreCreateKey
HKCU\software\microsoft\advanced inf setup\ie.hkcuzoneinfo\regbackup\0::11bc9b927f62d322	,Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,2106,	RegNtPreCreateKey

348 additional registry modifications are not displayed above.

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAccessCheckByType ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAllocateLocallyUniqueId ntdll.dll!NtAllocateUuids ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePort Show More ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreateNamedPipeFile ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateUserProcess ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFindAtom ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtGetContextThread ntdll.dll!NtGetNlsSectionPtr ntdll.dll!NtGetWriteWatch ntdll.dll!NtImpersonateAnonymousToken ntdll.dll!NtLockFile ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeDirectoryFileEx ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtPrivilegeCheck ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFile ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationAtom ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject 257 additional items are not displayed above.
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserNameEx GetUserObjectInformation
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent NtQuerySystemInformation
Network Winsock2	WSAConnect WSASocket WSAStartup WSAttemptAutodialName
Network Winsock	closesocket freeaddrinfo getaddrinfo gethostname recv send setsockopt
Network Info Queried	GetAdaptersAddresses GetAdaptersInfo GetNetworkParams
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Process Shell Execute	CreateProcess ShellExecuteEx WriteConsole
Process Terminate	TerminateProcess
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Network Winhttp	WinHttpOpen
Cert Store Read	CertEnumCertificatesInStore
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Keyboard Access	GetKeyState
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetOpenUrl

Shell Command Execution


							"C:\Windows\System32\arp.exe" -a


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e9fa9b683ccf78b622e29b8f660d59d9d52c4696_0001449472.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2117c136d582c6ee20a29b2cf6f4b18865c65fa9_0001456136.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3a6d6a9666967348d54f161b502276d8f7ee3071_0000196608.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\51cebe745a7c580ad55ab463ed797f6512979866_0003635712.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\786045d2760502dc2f02cc40026ddecf2600e3a8_0002019840.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e6a023e9646dd051455a4b17bcddeae476fdf6aa_0006601728.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5432904347d39184eff367171e4e4b3c3cced5e9_0000077824.,LiQMAxHB


									.\setup.exe /VERYSILENT /NORESTART


									"C:\Users\Vpnofyyi\AppData\Local\Temp\is-885F2.tmp\setup.tmp" /SL5="$40068,6818683,53248,C:\Users\Vpnofyyi\AppData\Local\Temp\7zS4467.tmp\setup.exe" /VERYSILENT /NORESTART


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8bd1a6e3559986303840409457614f9ab5a9a698_0001457664.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\dcedeb0f0c95bfcdb48dec2fd568026cfc828f07_0001703936.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\31a25e355e514a9ab6f8288fca1465bc4949351e_0000090112.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9d4f669fb10c4885e3cc2bb5aea10fb7c1713a90_0009298944.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ac51b54fb3c4e111c8be56e983e95b359b000f90_0000368640.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a332195ac3c1dabe2967135c8b2c5131a8e934d8_0005650944.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\06756f15649c2e49a8b979beaf196460f60d67eb_0006144000.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a7a3c29b8daf7bbea1962f2658e52b7a9db491e0_0006434816.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\69c15b3348dada34026b07d31a8947626127951c_0000652288.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\80eeff801080c2908ac15b22757e71d202bd55f5_0002862592.,LiQMAxHB


									(NULL) setup_install.exe


									C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell  -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath  "C:\Users\Qkbcrvgy\AppData\Local\Temp"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6493855f3a47fd6a56cc4534e76bb327cf784a4c_0003428352.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2ea75bb897fc4a0289cfc39274a5031e1abaab62_0002275328.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\22aa2b9c38c63371d8ffe02811c0ef5eec2ce3f2_0007120384.,LiQMAxHB


									"C:\Users\Vtliuizm\AppData\Local\Temp\is-OLMVU.tmp\916af7e91fe77f57c9e135685568474e3bf99d36_0005662263.tmp" /SL5="$30234,5401658,53248,c:\users\user\downloads\916af7e91fe77f57c9e135685568474e3bf99d36_0005662263"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\15cb47a52d11c55c732a4c6f8477f59ad82f7f0b_0002209280.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\41c6957f9852c0e80bb36b0e3a78d8eff391ade0_0003035136.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cbca60abf762c3205bbbac322ee06c1af026a907_0001354240.,LiQMAxHB


									C:\WINDOWS\system32\mode.com mode  con cols=70 lines=20


									WriteConsole: Access is denied


									C:\WINDOWS\system32\certutil.exe certutil  -hashfile "c:\users\user\downloads\8f97fc0c07fc159f69392dba1064e6b5dafbd687_0005739008" MD5


									C:\WINDOWS\system32\find.exe find  /i /v "md5"


									C:\WINDOWS\system32\find.exe find  /i /v "certutil"


									"C:\Users\Uydjqbru\AppData\Local\Temp\is-TJH15.tmp\39b6c9fc54aaf576eb52cc2797ce6b675b6ffad1_0005261118.tmp" /SL5="$30364,5010788,58368,c:\users\user\downloads\39b6c9fc54aaf576eb52cc2797ce6b675b6ffad1_0005261118"


									(NULL) C:\Users\Mhbbwgrs\AppData\Local\Temp\RarSFX0\Alcohol.exe


									C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 812

Troj/Agent-XNN

Threat Scorecard

EnigmaSoft Threat Scorecard

How the Troj/Agent-XNN Email Scam Works

The Troj/Agent-XNN Scam is Only One of Many Fake Facebook Email Scams

SpyHunter Detects & Remove Troj/Agent-XNN

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed