Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware Helpers
1 Comment

Adware Helpers

By GoldSparrow in Adware

Threat Scorecard

Popularity Rank: 2
Threat Level: 20 % (Normal)
Infected Computers: 13,991,801
First Seen: January 4, 2013
Last Seen: February 6, 2026
OS(es) Affected: Windows

Adware Helpers is an adware infection that affects computers running the Windows OS and is poorly protected from Potentially Unwanted Programs. There are several ways in which Adware Helpers may enter a computer automatically. Once installed, Adware Helpers may make various potentially unsafe changes to the affected computer, changing its settings and attempting to expose the computer user to low quality marketing or advertising material. Once Adware Helpers is installed, Adware Helpers may make the affected computer nearly impossible to use due to the many intrusive symptoms and myriad of problems that may be associated with Adware Helpers and similar adware threats. Because of this, computer users should get the partnership of a meritorious anti-malware tool to remove Adware Helpers immediately from the affected computer.

Adware Helpers May Make Unwanted Changes to Your PC Settings

There are several problems associated with Adware Helpers. Adware Helpers is considered much more harmful than other adware infections due to the level of the symptoms associated with this adware infection. Adware Helpers uses an inordinately high number of files to install itself on the affected computer and, at the moment of this writing, is distributed globally, affecting computers in countries all around the world. Malware experts found several symptoms that may be caused by an Adware Helpers infection:

  1. Adware Helpers may cause unwanted changes to a computer's settings.
  2. Adware Helpers may cause severe performance problems on the affected computer. Computers affected by Adware Helpers can get stuck frequently or freeze. In some cases, Adware Helpers may damage to the affected computer's boot sector which may be linked to Adware Helpers or to other threat that is also associated with this adware infection.
  3. Adware Helpers may change your Web browser settings, decreasing your security and making it more vulnerable to other forms of threats.
  4. Adware Helpers may change your Web browser's homepage and default search engine, exposing computer users to unwanted websites and advertising material as soon as they launch their Web browser.
  5. Adware Helpers may redirect search results and other browser activity, forcing computer users to visit websites associated with Adware Helpers repeatedly.
  6. Adware Helpers may cause your Web browser to display pop-up advertisements, suspicious error messages, fake system alerts and pop-up windows containing potentially unsafe websites or online content that may expose your computer to other types of threats.

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
Fortinet VBS/Agent.NSW!tr.dldr
AVG Pakes2_c.BIVB
Fortinet Adware/Linkury
Ikarus PUA.MSIL.Toolbar
Sophos Generic PUA AO (PUA)
F-Secure Gen:Variant.Adware.Linkury
McAfee RDN/Generic.dx
Fortinet Riskware/GameBox
Ikarus PUA.GameBox
Antiy-AVL GrayWare[AdWare]/Win32.BrowseFox.bz
McAfee Artemis!1E27FB144AEC
AVG Generic_r.TZ
GData Win32.Adware.Graftor.B
Kaspersky not-a-virus:RiskTool.Win32.GlobalUpdate.dd
AVG Generic6.ADBF

SpyHunter Detects & Remove Adware Helpers

File System Details

Adware Helpers may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. apnmcp.exe 7a7397d866f7b3654dc279f612f7915b 15,117
2. smappscontroller.exe 0737725ccaf3e39321a07f699b092c16 10,743
3. he92324.exe 43154f0af9b3d690e6562c16141944e5 7,437
4. rgAm6.exe 39b3f88b49546d163a04900f625138b9 7,222
5. passport.dll 668702acdfab101d36c168d817720b20 4,245
6. vlc-updater.exe 6312dbb5b688c3a9e6ffa2f8b76c0de5 2,556
7. check-update.exe 95cdac39d14fb5a33dae199cc414c36c 2,177
8. woehptunafhkdu.boehp 7121d807de3d9bd0ab0b11f07cb88b6c 1,104
9. alphapassive.msi ddf9bf09f6aa5a7726863448c53d5c14 564
10. tpyx55wl4yl.exe cf50771b0c37efb1b18b932c5e6de455 418
11. cugigwbq3n3.exe 1f6a196c13f56a297645eec5b68e8e90 415
12. crmsvc.exe 1b738db8087a83d31afce54d3ddfa746 325
13. 9180135.exe 51181fc0f1d99d95c5bffc0f0aa22378 298
14. em43zsg40.exe 4fb6e7664f0495d7abf9dc2bfc4b6ce2 227
15. LWR.exe 864f9b8a42f237540d2a7212db86e66f 225
16. CCleaner.v6.00.9727.exe_Olv7N.exe 51528a04f8f0d12ddb74aa2bd62889fb 194
17. file.exe de664e163fea047ca91ded1b31f7568e 90
18. 243124d579b30a70cae52a7ca1d43b0d.dll 697b339a848572dd37ad98c9e01d5f5a 58
19. update.exe b2855436b37111d6b0e64d4221e7b48a 45
20. DhYimEoQU.exe 1492f048f848431fd781fbd14a452916 42
21. YzA4ZDlhNTBjOTRkN.exe 3ee6b3c07c13d026288a2774770b658a 39
22. wxkYiwjjA.exe 2bf25ffa3ca8fad7cb506b274db42b59 38
23. Y2E0NWI1ZGVlMTE1Z.exe 8a19ba332898c8eea92763628d7f1210 22
24. 257596.exe 9a82e5d731f3a07c1493d806b5ed74ae 21
25. k7s7v5bgfdhnycw.exe 6b7748e77ad639f16b9dfb7e74553d4a 19
26. CpuHeatMapping.exe e87815880b57f0c24aae7618d126b9fa 13
27. instloffer.exe 619efdbf4c7ef6147551a50d1bd40e69 1
More files

Registry Details

Adware Helpers may create the following registry entry or registry entries:
CLSID
{01F45309-5DDE-36CD-B0E6-C9B4BED4752B}
{4DA424B1-5AD8-3EA8-B023-96DAB08B716B}
{4E22700E-7CA9-30A1-9687-4CC130BB6388}
{87E1A3FC-FED3-3FF7-A11C-8443C6251976}
File name without path
wnzipservice.exe
Regexp file mask
%ALLUSERSPROFILE%\Application Data\beleza.exe
%ALLUSERSPROFILE%\beleza.exe
%ALLUSERSPROFILE%\updater\check-update.exe
%APPDATA%\ServiceControl\svcctl.exe
%LOCALAPPDATA%\dsisetup[NUMBERS].exe
%TEMP%\UuU.uUu
%TEMP%\XxX.xXx
%USERPROFILE%\Downloads\This computer is BLOCKED[RANDOM CHARACTERS]
%USERPROFILE%\Local Settings\Application Data\dsisetup[NUMBERS].exe
HKEY..\..\..\..{RegistryKeys}
Software\GamesLOL AiTemp
Software\MagicSearch
SOFTWARE\REALISTIC MEDIA INC.
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
Ebayssistant 1.0
Look Picture Tool
MagicSearch
telezilla
Yahooassistant 1.0
{27097E83-0712-446C-821A-C2DBB0C1CDE1}
{2C1A121C-292F-460D-BA62-3B9886D0DE46}_is1
{6C044E1B-C2BD-4B47-9913-40407FA5854E}
{DFAA6F11-C27B-4EC0-83AE-3AC5B124A899}

Directories

Adware Helpers may create the following directory or directories:

%ALLUSERSPROFILE%\Application Data\QuestBrwSearch
%ALLUSERSPROFILE%\Application Data\bzughXCIBIxiSQVB
%ALLUSERSPROFILE%\Application Data\xpekMjRorgkcLnVB
%ALLUSERSPROFILE%\Pader
%ALLUSERSPROFILE%\QuestBrwSearch
%ALLUSERSPROFILE%\bzughXCIBIxiSQVB
%ALLUSERSPROFILE%\devnull
%ALLUSERSPROFILE%\sigmatechrvp
%ALLUSERSPROFILE%\xpekMjRorgkcLnVB
%APPDATA%\Fusion_ld
%APPDATA%\Fusion_ld2
%APPDATA%\PotPlayerFus
%APPDATA%\SchedTaskSetup
%APPDATA%\spi
%COMMONPROGRAMFILES(x86)%\alphalabtle
%COMMONPROGRAMFILES(x86)%\womanhydafo
%LOCALAPPDATA%\whiteclick llc
%PROGRAMFILES%\EatPizza
%PROGRAMFILES%\NbbDohHftPUn
%PROGRAMFILES%\QuestBrwSearch
%PROGRAMFILES%\ZDE5YjFmMGQxMDdkNz
%PROGRAMFILES%\awda
%PROGRAMFILES%\clipandbuy
%PROGRAMFILES%\fileassociationmanager
%PROGRAMFILES%\name
%PROGRAMFILES%\rZdaClXBU
%PROGRAMFILES%\wannenginput
%PROGRAMFILES%\wannengzip
%PROGRAMFILES%\zaabzoubi
%PROGRAMFILES(x86)%\EatPizza
%PROGRAMFILES(x86)%\NbbDohHftPUn
%PROGRAMFILES(x86)%\QuestBrwSearch
%PROGRAMFILES(x86)%\awda
%PROGRAMFILES(x86)%\clipandbuy
%PROGRAMFILES(x86)%\fileassociationmanager
%PROGRAMFILES(x86)%\name
%PROGRAMFILES(x86)%\oPKmscYuxO
%PROGRAMFILES(x86)%\rZdaClXBU
%PROGRAMFILES(x86)%\smartinline
%PROGRAMFILES(x86)%\wannenginput
%PROGRAMFILES(x86)%\wannengzip
%PROGRAMFILES(x86)%\zaabzoubi
%TEMP%\Fusion_ld
%TEMP%\Fusion_ld2
%TEMP%\PotPlayerFus
%USERPROFILE%\Configuración local\Datos de programa\OneClick
%USERPROFILE%\Configurações Locais\Dados de aplicativos\OneClick
%WINDIR%\system32\config\systemprofile\appdata\local\WhiteClick
%WINDIR%\syswow64\config\systemprofile\appdata\local\WhiteClick
%appdata%\MagicSearch
%appdata%\browser assistant
%appdata%\direct game uni installer
%appdata%\valerie
%appdata%\wssvchost
%programfiles%\Local Net Solutions16
%programfiles%\Local Net Solutions17
%programfiles%\Local Net Solutions18
%programfiles%\Local Net Solutions19
%programfiles%\PriceKiteke
%programfiles%\dataflow
%programfiles(x86)%\dataflow

Cookies

The following cookies may be associated with Adware Helpers:

.adfox.ruluid1
.docplayer.ru
Fexchange.bitcoin.com
get-express-vpn.com
upaidonlinesites.comfonline
ww7.greefl.com

URLs

Adware Helpers may call the following URLs:

"author": "Krasnaya Ploshchad"
-emoney.com
-incoming.email
-top.com
.ahdrold.com
.airtraya.com
.bar:443
.best:443
.biz:443
.cam:443
.cidedwithin.info
.click:443
.club:443
.cybermylife.info
.dadmariseds.info
.fun:443
.gofesm.com
.live:443
.lplesindiv.info
.maroceffects.com
.mp3bars.com
.news-back.com
.newsfacce.com
.online:443
.premiumpushnotification.com
.pushworldtool.com
.putlockerfree.sc
.today:443
.top:443
.tw:443
.usinesmycete.info
.work:443
.xxx:443
//settting.com
/int.special-offers.online/
/speed-open2-com.replyalert.net
/websnewsdate.com
50style.lt
actshydid.site
admntrk.com
adsnapy.com
adteacbarbe.info
ailkeyair.com
alballaim.com
allhugenews.com
allowandgo.com
allowedgutleton.info
app.news
arbrotherujik.info
arisedsore.info
artnewsupdate.info
arwartortleer.com
asinartisationy.info
atchmygf.to
balanceformoon.com
banianspaddi.info
becausaldevel.info/
beeaimaid.com
beretrabinci.info
beriacroft.com
bestdealfor10.life
bestflowingstuff.co
boyughaye.com
budnetoil.com
califiesrease.info
caningsingothen.pro
cc:443
cityskyscraper.com
click.dialog.support
click.unfurlable.com
cloudinguru.com
cnewvi.com
coolestmedia.net
creasonsau.info
cudalbapt.com
cultassoc.info
dailynotifications.com
ddyuei.com
defpush.com
delivesinve.info
dengelmeg.com
dimlitroom.com
directorio-w.com
drecentreshu.info
ecleneue.com
eddorsedepa.info
elfpetsic.com
enninghahanspa.info
ersoncur.info
ertyunbelie.info
ettotropsinhi.info
exclusivenotifications.com
favor1t.com
fiaharam.net
findprivate.online/results.php
findyourpleasure3.life
fitedlamaso.info
funnwebs.com
gamenaps.com
gamesearcher.pro
gelacrabuld.info
gerspriorate.info
gichelfactice.info
girls-datings.com
gleemsomto.com
gleguidat.info
got-a-message.com
gpretarydimin.info
hamtitwet.com
healthinfo7.com
hedincipat.info
hellopushworld.com
heroesofrpg.com
hersinhishowlet.info
horizonprize.com
hourseryangove.info
http://14nuzznszbdp.com/
http://lktoday.ru/
http://seargoo.com
http://wwnc.xyz/
http://www.getmedia.online/
https://alcreasalcon.info
https://api.myhappyads.com
https://banalbjar.com
https://belighterservice.com
https://bikereddint.info
https://blickmelbourne.com
https://blooks.info
https://bodicidealin.info
https://bosspush.com
https://calelderlyi.info
https://check-you-robot.site
https://checksuefriends.info
https://checkvd.com
https://chepotabakam.com
https://cocketexercine.info
https://confirmeo.com
https://crossiblesp.info
https://deal4yousite.com
https://downhindingref.info
https://dragonforwardknife.com
https://easecalcula.info
https://edhappearer.info
https://ertdistakereces.info
https://etablerun.info
https://evengsitolightont.info
https://extremecartoongames.com
https://ficepationals.info
https://findyourpleasure7.life
https://fuckswpe.securelandinglink.com
https://fukizi.com
https://furthelessp.info
https://get.classicgift.download
https://getcontent24.com
https://googleextension.com
https://gottedrableftevent.info
https://guesstimateds.com
https://hdesignegroupco.info
https://herdailylife.com
https://hichesassa.info
https://hiroje.com
https://histleolderlandch.info
https://housinesfoughamne.info
https://investing-reviews.com
https://jugjetwok.com
https://junioneruytew.info
https://lbenjamiemai.info
https://liansatrickth.info
https://liveads.net
https://lyflexicalcl.info
https://mattempts.info
https://metanewssubspush.info
https://metaphyc.info
https://minently.com
https://my.mobitraff.com
https://myceterparagr.info
https://mystemsrespo.info
https://narutogaming.com
https://ncourseac.info
https://neutharefleha.info
https://newlifestylejournal.com
https://notifygear.com
https://offers.weads32.com
https://oidyourseschoose.info
https://ondeletrofi.info
https://opensivepartme.info
https://ousseventi.info
https://outtemportm.info
https://oxinteriorit.info
https://ozsummarun.info
https://phereacades.info
https://play.go2game.co
https://poxaharap.com
https://prostometod.com
https://qubscribe.com
https://rightmovies.icu
https://rseschoosema.info
https://rtionwritty.info
https://rz.push-free.com
https://salregation.info
https://sinwasrechenhes.info
https://sionsrathet.info
https://sisewepod.com
https://skidrowcpy.os.tc
https://skidrowreloade.os.tc
https://sonumal.com/
https://spartertrenhersen.info
https://squasainte.info
https://startrafficc.com
https://stewaysef.info
https://stories-gate.ru
https://streamteam.monster
https://superinterestinginfo.info
https://tedsaliesdirekt.info
https://thathatsparroptont.info
https://thatrussiangirl.com
https://thegoodcaster.com/redirect/
https://thiocarbamylife.info
https://ticcopioidyou.info
https://tiktok-labs.com
https://tranzistor-harakteristiki.ru
https://trendopportunityfollow.ga
https://ularlywednese.info
https://ularunicalr.info
https://uluswozzel.info
https://univerexplo.info
https://up-date.to
https://urancspitte.info
https://urchrevening.info
https://ustinctsretio.info
https://welsworn.info
https://westnews24.com
https://wiohj.com
https://www.fulltv.nl
https://www.krepsinis.net
https://www.viralupdatestoday.com
https://www1.be-notified.com
https://xilbalar.com/imp/
https://yeskapchabest.info
https://younwild.com
https://zpredir1.com
icyyapemu.com
ind1cate.com
initiatefresh.com
insertcoinage.com
instantfwding.com
investment-guides.com
investment-rules.com
irkerecue.com
jooikestreet.com
keterrehepren.info
leefmylife.info
lesindingretne.info
leveryone.info
loading-wsite.com
ltenhalefre.info
markably.info
mediavideo.website
message-alert.center
metedbuenge.info
metouchpush.info
modamania.es
moneymorning.com
moocauby.com
moreinfo.support
motheremutand.info
mychromesearch.com
myhealthyvibe.com
mynewswire.co
n1cely.com
ndextraincomi.info
netedaninghiga.info
news-back.com
news-fbe.com
news-gg.com
news-good.net
news-top1.com
newsfacce.com
newsmagic.net
newsredir.com
newsupdatesky.info
newswe.org
noredwilliont.com
notify-monad.com
nsbacking.com
ntioninstand.info
nythatspartaund.info
oakpyxyea.com
oawhaursaith.com
offersnewurl.com
oksmi.site
onehergotwitran.info
onlinepromotionsusa.com
onlybestpushnews.com
onrussia.info
oraronerethet.info
ouo.io
ouo.press
overiesarticu.info
paymentnotifyfriends.info
pc-torrent.ru
place-web.com
plsppushme.com
pog0da.com
pornohirsch.com
postyourlife.com
predicalflo.info
premiumstory.net
princessmovies.org
prioritynotifications.com
pro-news.net
product.directpower.download
promodayz.com
propu.sh
ptinouth.com
pushark.info
pushisback.com
pushishere.com
pushnotificationtest.com
pushtoday.icu
pushtouchme.info
quallyfounda.info
rameattot.com
randysnaps.com
redfunchicken.com
rednews7.com
renropsitto.info
rephartertonelin.info
revercecaptcha.com
ribngh.com
ricultwitho.info
rinexpende.info
rivilistsp.info
rnewsr.com
robotcaptcha6.info
roboticeretaser.info
routgveriprt.com
rpgbunker.com
rpgmasteronline.com
rsecompa.info
rutadzbeg.site
ryoneropling.info
ryseconomi.info
saturalcorre.info
sbroughhig.info
scansear.com
scientificnewsforyou.com
searchnotifyfriends.info
send-news.net
services.fast-push.com
shebaasot.com
shijacketsqua.info
shlega.com
simparentlydisco.com
solicencers.info
stixeepou.com
strialdeather.info
substand.info
sunlitez.ru
supernewsplus.com
systemalerts.xyz
systemsoft.com
tadchenmujahe.info
talbeinhecrof.info
tantiterhalac.info
technologieairflow.com/extensionInstaller
technotology.com
tert1ary.com
theactualnewz.com
thefaceduck.com
thehypenewz.com
thewowfeed.com
thofandew.com
ticeroftertal.info
tii.ai
tiktok-max.com
time-for-investment.com
tinuntoldrelac.info
tionsnewsupdate.info/
toberlegisti.info
tofideventresfa.info
top10news.review
topviralnewz.com
touchmethen.info
tparticultwestme.info
tyfabricalislat.info
uctbettesvaricaof.info
udderfitteesp.info
uitabletublis.info
unclaimed-moneysearch.com
undoclosetab.info
vakogid.com
vitalfinancemedia.com
vlwcmgb48.ecfwg.xyz
w.ninja
wascorithedin.info
wasterestinfor.info
wea4her.com
wheedran.com
whobabsaim.com
winyourprize36.com
wonfigfig.com
worldtriviacenter.com
www.4club.com
www.redneckrepairs.com
xplaintsatiyab.info
xyz:443
youjamnag.site

Analysis Report

General information

Family Name: Adware Helpers
Signature status: Self Signed

Known Samples

MD5: 3f8004916accf8f6e70ca470d9b9acdb
SHA1: 514f7470fa7c0ee9b5bcf0afd98e093086d42a7b
File Size: 1.83 MB, 1831584 bytes
MD5: ec480f79469aaf5dc264dd6ccc98e737
SHA1: eeed5ec6430b2a9eebdecd40c51002af32297de0
File Size: 2.51 MB, 2513624 bytes
MD5: 23100f8e2da471726e302cd086d15205
SHA1: d3343bb5b57b4779c31e483564a11ea6ce268998
File Size: 2.20 MB, 2195288 bytes
MD5: c92165d6f72e4905caf06e38903697d2
SHA1: 20813fef9510f0b97dc8352c561ae6121ac3d597
File Size: 2.44 MB, 2438776 bytes
MD5: eff8009c08b897a0493c669e099dcb96
SHA1: 30af930a35c193dc09c60da30202d2d7bafa4774
File Size: 2.20 MB, 2195288 bytes
Show More
MD5: 24b053334f5027ec42b857ba55aef126
SHA1: ee7f1074f1345b2543a91192214f99d7d9ad7e69
File Size: 2.18 MB, 2175328 bytes
MD5: 7124133793e3cf993a413389dafc150e
SHA1: 81ec7833706cdf9797dc03730a6a0b2c6cc5daab
File Size: 2.52 MB, 2517411 bytes
MD5: c7f1d9f9abfae6dece6d82d7a12ae75f
SHA1: 00599deb40a2577a229534434ec190ff5212639d
File Size: 149.66 KB, 149664 bytes
MD5: 66b79a9bb1ea880e1975102adcd8528d
SHA1: 7575cd484fa1ff7986c066c53e052490786dea53
File Size: 2.07 MB, 2065648 bytes
MD5: 09ce7726a4503f495d95b51651b0c642
SHA1: fb70031728ea57de374d46be5965d8587e7f398e
File Size: 416.78 KB, 416784 bytes
MD5: e0d2517cbfd73c8e1963913431c12d47
SHA1: 855ce2ad2eab248109036e1a0e6ec74a1069a96b
File Size: 2.20 MB, 2202312 bytes
MD5: 575e86d091702ef69dd7893b7a5cbf66
SHA1: aaa36f92e21fb0648b4977d308423f6f1a6c1159
SHA256: D0475FBD0571E3A8FA5F89E0A1E67920A86BCE17A5FF7DF00C0DA223674F8BB3
File Size: 2.20 MB, 2195288 bytes
MD5: 35a32a1262271559c57a1bb8b30f8569
SHA1: 36268f3b16f08e417110a7eed632fdc11a515f04
SHA256: 60133B03BF1E932ACA46B233416BF32BE83BC2B79F7E4567BF702A645B7524A7
File Size: 3.40 MB, 3401360 bytes
MD5: 9966eb0fd51bd4527657b46cbacf8bf9
SHA1: a1e2068b6b71c682f5ea8d3b3e7d1152a1288326
SHA256: F3A504EDC77110018C428EDB535BBE1F75032401B8AD4AF89430984E9551EFB4
File Size: 16.53 KB, 16528 bytes
MD5: ee7f012b284648faf1d290f271fdb396
SHA1: 6daaaaecd3a35c0ac149faf7069f9e10301b4a8e
SHA256: 962A32E9852D5F39E465CB07D50C6E0F8859BF9629FD48715A90BB4843648FDF
File Size: 426.59 KB, 426592 bytes
MD5: ebc898228dcfa1dd5596937d9e98bf6e
SHA1: 50bc573af1a5d4d4e48590b84f3c4d16dc4667a6
SHA256: 76BCF5D514DB8A5A7F3ADD2CC7B0D73A04D97425F601865D169762952F729AE6
File Size: 1.32 MB, 1321408 bytes
MD5: abd3d9dad48e0649d765c80faa6aedfc
SHA1: 3bced3664dd2a4f185efd6e99de2d23af7240564
SHA256: 235395CCCD722D77F21E41AFA4A6B23CA717CF3B9EC2B8A75AF4351E9C326C55
File Size: 9.75 MB, 9746752 bytes
MD5: 5078c283981114b64abcfd6269ac9295
SHA1: 1811327cb7e09d84f02d4f3b5e4ab6a4fbd2cca3
SHA256: D7AE866C0959D92F5AEF9D720A28E0FC9C8FC563C6836AC3BE1237B39FE2E058
File Size: 2.20 MB, 2202312 bytes
MD5: 6525f6e5c9acb28190733bf3c49f05bf
SHA1: 0b95d606ab9ed28f6b8a6edea69db2b8412b4202
SHA256: 54902F145E35C5CA8C074A5CDD6D4720D96AC140516701ED7BA2717BB26966B7
File Size: 3.06 MB, 3063272 bytes
MD5: 48d718a9a197b9278040554e5b59043a
SHA1: b627cc3f488d157041872c0950b92241bb12c8b5
SHA256: 130E9FF5BDE39567BBFD03A0798303118B288F5D322D1C3F46CA4FBBD872DD39
File Size: 5.11 MB, 5113488 bytes
MD5: 8cddb3fd8fb63986b3b476bfdc353432
SHA1: afaa259fefc60ef288cf56240f30713567ad15d3
SHA256: 5EDCCD3683560ED52B3E9953D5E149B6B6B866103F4AFF823F6473CED9F6CD06
File Size: 2.20 MB, 2195288 bytes
MD5: 10b4321a75082846d59808c5edf1f703
SHA1: 8cd3008c75c34383a48e184846bad9ae1447b018
SHA256: 164E8C203642A4193C1BAABD6DFF555A625B6D768EC6695C12730EFE5F418262
File Size: 255.46 KB, 255464 bytes
MD5: 6d25f89424f6b5edb2d6d44a80e2513b
SHA1: 805d9e6ca223257028a5f761a7932e7ffa909bc3
SHA256: 5AC75525242C4154B486BEB4537349CC7780787F554A7788BF57E74D4A7EE4F1
File Size: 16.53 KB, 16528 bytes
MD5: af0100bc84269bd1cecd0b34297817a7
SHA1: b61876b64edc6dc30ef79e300b47310574cbce3a
SHA256: 9416F55CFBCD20A05FCE8996D1D54821CEA0FCF457D668F32BC6A4CC0B88DBD9
File Size: 16.94 KB, 16944 bytes
MD5: 07ae039b4acc26f086c94a83f93cb5b5
SHA1: 5aae1ed5cfc20d9e121c4e9b8ba6794789a8f12f
SHA256: E5A057FECA8D7D01C8A8995196FF76911208F017921CA868BDC7F110C8AB33AF
File Size: 272.36 KB, 272360 bytes
MD5: 3a0e3909b1d74b9adb8ce1cea9b7952d
SHA1: 0da3c8e358a525a25653af00e0704d517f9b71a6
SHA256: FA33F0E29D79ADEE55AC5F6922A7B987C9196DF78A6518E0BE93D40A2A28B95C
File Size: 766.04 KB, 766040 bytes
MD5: 3ddf6d4d0c88d100eeb1826bfb5974f8
SHA1: af13de9e02b4581ba5dda5500fa45d5047707ccd
SHA256: 0CB4047FA087DAADD6DB6280D45772189873353D0AF2B2BDEA41963D17E9824A
File Size: 3.03 MB, 3025312 bytes
MD5: a3c476024392fd17b4fbd428eb19036d
SHA1: 0be5dbc2a70db3364a64c1ed9f8aa472cd0e6931
SHA256: 48AB3BE733D9465BDF6C979560064DF18A2A37255E1BF1731329293DDE519A52
File Size: 2.52 MB, 2522252 bytes
MD5: 0c6a48faa6b1bc49f18448beedf90040
SHA1: c40b54954ad66b14682bc481e3e860f4c7ca3664
SHA256: AF54112C7C4EECBDF2F857354CDD6AF03A20FD1C77AE59B71081F0EC2EF32B93
File Size: 2.20 MB, 2195288 bytes
MD5: 7e4e6da62a463eca52f74bc5e146946c
SHA1: 171da62ecdb8bca3651b16b896a7bb77f87940c1
SHA256: 49FB2E886BF64BD9338216188B1708F48EB96C76B3F291E6C610074B65C024BD
File Size: 5.00 MB, 4996240 bytes
MD5: 727281e834d0252ec2b1d44454528863
SHA1: 99e5623744350d78c4f3e090589ae151018323c8
SHA256: CB1A73230353F03081703E2B511BF85A852F97D5E8891F3B7A3472E9201381D4
File Size: 2.50 MB, 2503712 bytes
MD5: a0df7a3661f41c306689447a9907ec3b
SHA1: 4cda6e882d6a7f0af0c4fb3407fc0c25dcf5dda2
SHA256: F8CF6E1342E6875B6C5E493236588E9106BDCF114EB2A2EF0FA5603E0D897871
File Size: 2.20 MB, 2195288 bytes
MD5: 8dca10dfdb87821121a54d8890c82494
SHA1: a7a4042a7eb203b663a5b7cf8b72a71f17443610
SHA256: 65FF6D75403B034CCF54BC0B990FC3987F2C1963AC4252FB0C9944AD0AE6790A
File Size: 2.20 MB, 2195288 bytes
MD5: 305a09940b0d90ac6545ef70e8d83abb
SHA1: 54bdf794c7692a562a73b5ed3bffd824fb0106e2
SHA256: BCEF83259BEB4C32D4CBC13EA3B38F806A6938B8FF84415865F2BCC9ACD18A7C
File Size: 3.05 MB, 3052520 bytes
MD5: 2b94924855cb2faa5428d2392a223c9c
SHA1: e0fcee0fadbd0e0407f5b2e21cecd180445f19e8
SHA256: 3929F40A5C5F7DED4C2FD50E48CC27CB38305B220FEFCE559C31F10BC6F0B1E1
File Size: 2.50 MB, 2503712 bytes
MD5: caf43163024476cdd12ea56acd84baba
SHA1: 359094876ad5f521525d327ef249965b18c3e560
SHA256: 7342C49696534D777BC85429F2751ECE85B8B9D765E2FBBDEE24905BE5B251EC
File Size: 1.33 MB, 1329600 bytes
MD5: 82869dd939c4ba4d9d9f985845662267
SHA1: 356665e68a30f96a1105e483efd0236f958ebbe8
SHA256: 84E33A019042DC4EA6B5948D64F782D61EEEFF608CEC8A184980E89084703BDF
File Size: 8.27 MB, 8266144 bytes
MD5: 4cee2953a479f9d06236da6e2802a698
SHA1: 2c709ab7e2c88f60da02deebaf438b7ce6a51c2b
SHA256: D9547236AE4D52F0D1B381035FB4A389EEA375E937CBB2F20951F0BF180EA70A
File Size: 2.20 MB, 2195288 bytes
MD5: 46338fcd02684a3533993a898b1fcf38
SHA1: b0af2b2f67e4a582736fc2abe4c2b917f8c3d866
SHA256: F11AF5291CBBE28D2549EDBE206C459FE2F275F55A9CF31F76D89BE8C61C7762
File Size: 3.62 MB, 3622624 bytes
MD5: e8cd1e0164d7e91ea707be379326976b
SHA1: cae4f5cec46704e2de7ce8d0d17ebe252132d2f6
SHA256: 94EA7085943CD4F7C187A4D81E65DA7D4E4E637251D886C0DA23B2EFF1397962
File Size: 1.51 MB, 1505016 bytes
MD5: 0ff00a5172b85ebc2562dfe25cf9630a
SHA1: c38cc9607c5e223be16e2cf5d6f4158be16a0f1e
SHA256: 5443A0BBE8F79562D4369BCD4F12D7A67D23F89128B01D284BFB4555331FD9D9
File Size: 2.01 MB, 2009768 bytes
MD5: b4b10e3527d078862c39cd41c01c6c0e
SHA1: 4d5a9db391371a92827043d0bea65a8436fc05c5
SHA256: DB51736E5C75EBA2DBF12C1396E06CFB9DE2FA607676E9593540B926F2FA2D8D
File Size: 2.20 MB, 2195288 bytes
MD5: b4038b405350651c178dc355fe4053b2
SHA1: 50180d02475bd5b59d89fa32a4ef8d3ea4e836da
SHA256: 9C9E872223D502E0118C1A6865D525CBA5F524B470235D5F3E72EDD0E527F1D2
File Size: 8.44 MB, 8438216 bytes
MD5: 8a378168dcf800ff3b2df7546b6d81db
SHA1: 9f07fe02e70100502c7c44f6521b337ea02670c4
SHA256: D585EFDF61F3040FD699A0C9242B8BEA2BC30F7F936ADB16CB6AE48C3ADE4AA3
File Size: 8.96 MB, 8963904 bytes
MD5: 7abf1f6558d0403957f286fb5fc83775
SHA1: c26b52ab6b219a11bd078186a3c10aee36aecc8f
SHA256: ECA22F92C45EAC13730C0F4B2A6861AABF4DB12167CC9AFD21485900F89E32C0
File Size: 2.20 MB, 2202312 bytes
MD5: 918d7f6356837b5d9c99d1fce4bd12c9
SHA1: df096931ac839c472713a382b36b441804379de6
SHA256: 729CA2BC7C43E709E04BFF39B87F430C2A6DEE9CF411B095A130F1EC64BE263A
File Size: 1.25 MB, 1246328 bytes
MD5: bcf04181cdf7e63af2e83fa3e77debd5
SHA1: 77e48795c7baecd91773cb7b2eadcc0c6c5d31d8
SHA256: 42E22901B3BDB4EA36EC43A08D1FF090C99924A9EAA1C9543334875C3D3E3260
File Size: 1.25 MB, 1252984 bytes
MD5: 7edf1a2dbca228e04f98be37470558b7
SHA1: c474b728bbd72808323860831bbded1a5f49458e
SHA256: 109343E8EF8D708E4DF785D6D28D1AD86DD775C38B8A9B9E9398DE7E594402E4
File Size: 195.33 KB, 195330 bytes
MD5: 4cfe571ccfbb53a4f88d79124c46e228
SHA1: e1fbb6b572e0b8680d6f0846c3e63714df5b8f1a
SHA256: CC766AFB3451AF2990054D60AD95D23C03F217CB1A8C8B6A69B5D97028A9CFC2
File Size: 1.25 MB, 1251960 bytes
MD5: 0379176ae0a99336ba9fbb34d9131c08
SHA1: c69643e59e2fa34ceefe989a75385b75913efba3
SHA256: 0637A87CF5B9CBD49403916983A7EB2A3898635D13DAD53B0015921318659331
File Size: 1.25 MB, 1252984 bytes
MD5: e221748f4eee0cbe813c2c59ee7dc92c
SHA1: 2c55c55f2520bd7ee0abe76b7aac9addbb6940e6
SHA256: BD1F9D1342DEA40D4B497EE26C031E8DC23990AB74F9C3AF6D6881E882E775DC
File Size: 1.25 MB, 1252984 bytes
MD5: c0d26d4af9f05e93ff16d1b77b0021f5
SHA1: a98eb46fa37c5c074abf600bc852160750e02b85
SHA256: 856C74E109EEAF49503F791D44BBF62E307A39383CAC75CBB46999DE728206E7
File Size: 1.40 MB, 1400816 bytes
MD5: ba0cc3ab34c53e1694b14490360982c2
SHA1: 7c7762dad8e08ba9f9482ec8663e53590c750f7d
SHA256: 30495F743A05DE050C133B74888C20F8C21711FF11D847C49F3EEB17358AC538
File Size: 3.04 MB, 3039488 bytes
MD5: 790b24aadae6e17f7ce650d23dffb726
SHA1: c5e40f0538956b768a07f812bf70505362437a5b
SHA256: D540F1C8094704B9138CA7FAA572AE08730C4A21D0C40B2B88EBBB67CAAB70A0
File Size: 6.54 MB, 6540744 bytes
MD5: 53a847e32987e5bcc2b93d2301aef234
SHA1: 8c7c419f40ce8989aa1af2c57a4cb185bc8bee3d
SHA256: C1341D022011F21009FC21B4E7DD03C234FCAA450BB0DE88351366CF91E91BDC
File Size: 1.25 MB, 1254008 bytes
MD5: 04bca9d27cd53e9c528b74cd2caf4566
SHA1: 07e5ba2d4339cf0d34e3405c0938bc2c08c5ee78
SHA256: 7FA57D34FECFD0ADEA983D2DC8DDD8D18FC0F0C8F319ADFCEFF62368A232C0B3
File Size: 2.20 MB, 2195288 bytes
MD5: 67db9cb488eb8b81ea803bd45829c8c5
SHA1: e5074881453cbb88d4fad8f968632ef84f661bcf
SHA256: F903E9A194961F84BCBB5483BC57F42C8F74082576E22292F4A2A77B9FEF9BC6
File Size: 5.27 MB, 5265084 bytes
MD5: 9b6df849dc768c2325d8793d859eb618
SHA1: fb17883aa9f53824485529e25c0e8986a3f642f9
SHA256: CC17A5A5C449E67D4B13C71B37E59D3F197F505178569EFFE9A5337D65652480
File Size: 1.26 MB, 1257080 bytes
MD5: 6892814e6a4c98913bdbf24b5741ddd4
SHA1: a9a91635de77f36b374b6b495eb71720936e45ba
SHA256: 6FC6BE0E41A7E75E6CD23B7F23227EA2D79B07471FA5C49FB1F0660E848B512E
File Size: 1.31 MB, 1310720 bytes
MD5: ddafe3a3fa87bd1c1afddcf6056dd5ca
SHA1: d8f902ab75066be91aa2e65a9d455b1264ccbd3f
SHA256: 7D16799846B929063AC82BEAB909938E680FAA9262BFDE8A4FD6F4B3816426CE
File Size: 1.25 MB, 1249912 bytes
MD5: 1c88929427590360aaf51f86e5caba27
SHA1: 49f2d69c717340bff9d43fcd3c8f7b3b91e5caa2
SHA256: 4A322B9392625CAA585EF3219B7140ECAB7A5596073CF53765CE752AB772CA61
File Size: 7.45 MB, 7448976 bytes
MD5: e9075a37e28d996b34585e60705d9a0b
SHA1: 184147c577944a18d0f888c7aa4aa0bca45a1209
SHA256: 28283ED62FF2CB798203AFDBDEF5C571663236EC19CC37A71EF7EAC8561051EE
File Size: 8.43 MB, 8430752 bytes
MD5: 0f6908a7ba7af106ec9fe9d9f6a487de
SHA1: c19ad715325867df04374d3eed3487253d041f7e
SHA256: A2CA9B8A649C353BB6607EC4A74436A79B8102480011172F691FD289E257C19E
File Size: 9.82 MB, 9816344 bytes
MD5: 64d164f478bd80f245ddcb4409547f1e
SHA1: fa65f13c65a3c7c560e973b57302102fe8423d70
SHA256: F284628DAF688DEA60E9F12CCBF2EB59102CAF54A445F06755A17F9360587DBA
File Size: 2.20 MB, 2195288 bytes
MD5: 12186271630b553f923ab39a4138505d
SHA1: ffbf37f614105081b95c77d7f412977fd836c068
SHA256: 5A1E7C470986B2CC0B59BC52DE54E97B29D6F3CBC991E01819350D5F4DC3081D
File Size: 2.20 MB, 2195288 bytes
MD5: 3272137853a04a25a56a25d8e2c7197a
SHA1: a0eb54834ba16941ef9de5e6161c1cc1227f7b07
SHA256: 1427B8FEF4855D2F7F3BFC4C0C7EECE6F96A022F79A4FB08A9CE74A7865360E8
File Size: 3.24 MB, 3235848 bytes
MD5: a421f627deeef284cdaa29e0ae98e705
SHA1: cbf11292132ea305243a0e7234d906fd8268b6e7
SHA256: C7935B70D4B5969CE3F32CB4EC9EEBF16D9ECC435357D7288656E620B7EBB8E6
File Size: 1.07 MB, 1074336 bytes
MD5: 0fbb9ca7cc8858b709554d92f8e0faae
SHA1: 8013e7de24231182fdb8d9cf7be5338b4c7208a5
SHA256: C70C78DD31A1B05BEDEFE952C1D9BE7422036A2666F44E347AF841A7F00B75DD
File Size: 2.20 MB, 2195288 bytes
MD5: a42b1d0995036b5261b5611d3dc76e79
SHA1: c077702e2d6a0de0ffd7a193f3c762c44ab890c2
SHA256: 6A277BA5059DF4DCEF13747B25AD22AFCD3C5C8E0420CB66AAE6B92E52A1F183
File Size: 2.20 MB, 2195288 bytes
MD5: 561efe1839cef9106cea8cfc086bc771
SHA1: 402ad2c484442bacc83847555248b8e51ff55171
SHA256: 2D83081C0D69D2F2C15D82D1560687AB502513B789BC39CC808457C6C6966262
File Size: 1.43 MB, 1432368 bytes
MD5: b369911690b721bc2adb508b58d4e3bc
SHA1: da6bbf89a67715380e54aad140ddc5979773b268
SHA256: 427D9B7CF35F32A2249391F253ADB694654406F44CC90B67FDFA7A9539D8F65B
File Size: 8.98 MB, 8978240 bytes
MD5: 20edbf76b3ca71db5bffed63142cc90d
SHA1: 30aa9ac61b5b4510084046b1459e72ef8db4ec12
SHA256: AC0A6BF6CBD78E301231AB17A0EB52B60588CE8CAC470D809DA386827F2C93CD
File Size: 1.25 MB, 1250936 bytes
MD5: de703605ef8fc4a5843b600f33b87935
SHA1: 8b391b5f7c80da7c281043e895b4eaa5ffdcaf3f
SHA256: 6A1484802441B388F4DD8102FEED4CB2640220F7E60C74020468CCCF92E64A8B
File Size: 1.26 MB, 1255032 bytes
MD5: cc24c9778ccda83da3022f78757c3b7a
SHA1: 964d83aff488b50b5b2968d3bd04e54ee87c0495
SHA256: 7EAEB3418EC2E530B5CAED6F2C879A5A5B7E52A08E2DB07060671BCB681DBE5A
File Size: 1.25 MB, 1252984 bytes
MD5: 56bb472dbe6c30f889ad88eaab48cd71
SHA1: 3ee1ef3c5fb803641273f316db780aab417d8871
SHA256: 9133B95772FF91263E043677B02A22B4C7C24AADA532B77C62C18DA53DD7401A
File Size: 6.19 MB, 6194576 bytes
MD5: 69f1580a95a7e9f32cde7d0547c61cd0
SHA1: ca9df411fc257880a53bbe6d1ca4043f1101ec83
SHA256: 246C90146E207EFFA797E0A6C40BFBB7FAF94C884A1D013FA383A64645E7B91E
File Size: 2.20 MB, 2202312 bytes
MD5: 31fe26bc785b4d48de6c6850f788b7d7
SHA1: d488779c62db23308fdee23e115bdd459311024f
SHA256: 3214B42CFFEDBBC9ED1CE1B5F12BA596988467F1D8F14DAB6E94FD8DC5A89859
File Size: 4.82 MB, 4823924 bytes
MD5: 10a0d1684f2197a953eaeb0fac977c68
SHA1: 3993dc0b492e0b9d066c68d5c43f20d99622c489
SHA256: 417963F8EB8C4D57E321D00E90DA652BBD8AFCF3ACD3294F4E5BDA463128D106
File Size: 1.26 MB, 1259749 bytes
MD5: b6f2b10178e246629d6c0e7bf41e01fe
SHA1: 864a67768f0fc29590ae932ce13b6a208b0adb90
SHA256: F75A1D88687EFC7FA59A923B4FA7725814BC651FBBD3FD4BBE0E6230843E1C73
File Size: 2.20 MB, 2195288 bytes
MD5: 191ebdddf59676140660f6559361361f
SHA1: a44c594eacd6f52a5fc3a52b21d861fc825fcdfa
SHA256: EE5189BE47EE0C13FA97341502185B3D7D999322CD1C89EF47F3C1A3DE963EA6
File Size: 2.20 MB, 2195288 bytes
MD5: 37180a61ebc9fa4712f31befb118d841
SHA1: 67b991d864c59e644d9f50c5df1ea85cfccbf5f6
SHA256: A8B922935E247DFB66502D78ECDE1EABAE39BC72FE506BC7D40C90BFDC048870
File Size: 2.20 MB, 2195288 bytes
MD5: 32aa9f4d3a9a465d61dc1c0e4bf0c417
SHA1: af087d83b94b9797f49c789fe4aa92426ef5d94e
SHA256: C9636E2B66881F2E0F507363921AB7E831EF7C22A3073BCE0770A998403ED59D
File Size: 3.03 MB, 3025440 bytes
MD5: 45e8f0bbed8eeefc2760e756287ceed4
SHA1: 145b78379c1f25b7ff8decf1b21ba8267349abe1
SHA256: 6983D7DCB21C0A786369AD8C43D24AA90B795ED465D0BD92C374F6559F5FFCFD
File Size: 2.20 MB, 2195288 bytes
MD5: 898b4e842bb46ff3d6a5d5b885d4f365
SHA1: 540fa5474b231e0094cf1e5947a387d00d93fe0c
SHA256: 370295C70ADDC52C995BFA5A9A0A9777206C9265D805648FF31AF6FAF7A6EC85
File Size: 974.16 KB, 974160 bytes
MD5: b58786b1d44b776e16dbc69cd7d02cf8
SHA1: 1bd794170d9f3fc1f9fb8a97ce8ef13f1af8f4a3
SHA256: DFDDE8BF152980FE0300D28E545290E80E66EC24726CFB01C05EB77C69BFF47F
File Size: 1.01 MB, 1014560 bytes
MD5: acf26114b0ea6dbed1793908a8a31386
SHA1: 9d1366a11500049e2155b5f9179036956b11de9e
SHA256: 93450ACA215EF5A48338EDFDE71318AA2D466F5C723B6B1D0682EAC730B60CF0
File Size: 1.03 MB, 1028096 bytes
MD5: c811adb3a1ff50efa77d46d0d8eead4f
SHA1: 081cbd522f5252702212c348878e0e35b16232a3
SHA256: B9C3D3D52470751DF2F0C6945DAE478655DBD2A5E32922059AB14D46E2AADDC3
File Size: 8.31 MB, 8314784 bytes
MD5: 14a96a3af933a39d15cda3832c6d4a9b
SHA1: 34ae4f90add75c63282f4495583bdabd815544d0
SHA256: BED1E5590D286221F5762EBCE3E6EA04667F6545EA65D37034BE7EE3053A4CDE
File Size: 2.20 MB, 2195288 bytes
MD5: 815cdbc77c400976c6d361e2f78bf41f
SHA1: 48d3034b95858d045f81c337cb79057319c61101
SHA256: 31C43866273437D03D5C0CECCFD4987C33C8430139EA048B8C50D7C4C80D51A6
File Size: 5.87 MB, 5871448 bytes
MD5: aa0658a4b5e3bf48e385f3bb4438158c
SHA1: ab59b7d362fb83991f20e76081c90c5aaf55aad1
SHA256: C049765A749FAE53FE0405E8D34572D7D47FED192D6C7A1308BC7A0070D7F045
File Size: 5.87 MB, 5871480 bytes
MD5: bff06775461065b057ccdbff79fc2819
SHA1: 3976ef48c5e71635f7de8147105f55291b7e04c1
SHA256: 51F9879646E8B8F3EE49F7F0E250CF2C93B2AB9EE76E3F79778BBFBD3659F86F
File Size: 2.50 MB, 2503712 bytes
MD5: ad351c2dc0a487fca5db39aa4d9a443c
SHA1: 41f3e4f75734d303747de6045df592d2c39369f1
SHA256: BD838B7CC5E9FD0866465A30741D4F51CC3979C42EE3A312FB945F34C9D15FBE
File Size: 1.05 MB, 1050128 bytes
MD5: bc158bf053f8f133a78e93106eb11292
SHA1: c0151d23ea3e4b11cab8ad790e6d161bc739aa87
SHA256: A747DF4C792CB01DAAB5682E513C8EB2898497C440FC05D858E4B5FB6C56C7BB
File Size: 1.44 MB, 1440112 bytes
MD5: 69b814fc621ae2d2c9717dbecd8acea6
SHA1: 013dcf46786cbf27de49b22a4abd0435904b0a94
SHA256: 104973A53D1E0CD5FF5738CD29518D22231D8A4CF9430F6A46E5145233D700B7
File Size: 5.87 MB, 5871480 bytes
MD5: 4c5bb7a40eb859cd4b2ef42fa0cee2a0
SHA1: 4c3bae733124f5f06a9aa3f4b253a6ddb9ee6ecf
SHA256: FA79F35D9C7D7E8511346E46B40135CCA896C9A986C5FE0AA15DE72D0A4AC82F
File Size: 195.35 KB, 195347 bytes
MD5: c436cfe26a35acea9c7526b734277947
SHA1: 49709d54c2c9d019ea086a4e2ec875afb297c7f6
SHA256: E7592C865342755EF1AE06CC90A89BBEFE64984F1C9E96AEB25F1F3B2819AD29
File Size: 101.34 KB, 101338 bytes
MD5: 6f4ad98784623a1d8a110cee4efc0606
SHA1: 43265cda22d423e99270f7961cfa42551bc763ba
SHA256: 22E4E4BD07859CB96792315454CE4337E01EBDA5EAA65A69902AA210AB1F2FE8
File Size: 2.44 MB, 2438616 bytes
MD5: b2a777b321b7d42b3cb57d956e6836ba
SHA1: 0bb253625522771bdb2548f6a0c8307217a4537a
SHA256: 91FDBA9F14E735331A003802C93847B6018206FA826BDE7E8B85CCFDE17B1EDB
File Size: 5.87 MB, 5871528 bytes
MD5: a3c29b3a25f6cd23d276e272f9608d5c
SHA1: 59560796f0807eee0560e8ad19759743b95ae292
SHA256: 10DAC356008F14F2478AC747307FA64C57FE549BA7FB33C8BBCF6FA8BF7DAE5E
File Size: 145.71 KB, 145708 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

16 additional icons are not displayed above.

Windows PE Version Information

Name Value
Assembly Version
  • 5.0.0.111
  • 1.92.5.9159
  • 1.92.4.9130
  • 1.92.4.8949
  • 1.0.1.0
  • 0.0.0.0
Comments
  • bjballroom
  • Helps to download updates for the main app.
  • luckynugget
  • quatrovipermit
  • ScreenSaverGift.com
  • This installation was built with Inno Setup.
  • Wirtualna Polska Media SA
  • zodiac
Company Name
  • adaware
  • Adaware
  • Bits Department LLC
  • Burnbytes v0.1
  • Caphyon LTD
  • CD001_Web
  • CD010_Web
  • c Lavasoft Limited. All Rights Reserved.
  • Creative Software Solutions GmbH.
  • Defiant Elbow decision
Show More
  • EPI Software
  • Giant Box decision
  • LLC UK Usadba
  • Pertinent Install
  • POHelper
  • RealTimeGaming Software
  • Relk Install
  • ScreenSaverGift.com
  • template
  • Ultra commit
  • Your Company Name
Company Short Name EPI Software
File Description
  • Abstract Ocean World Screensaver
  • AppWizard Installer
  • Beach Babes Screensaver
  • Burnbytes Setup
  • Clear Aquarium Screensaver
  • Defiant Elbow
  • DirectX Setup (r2110081449)
  • DobreProgramy Installer
  • DownloadHelperTray
  • EpiBrowser
Show More
  • EpiBrowser Installer
  • FilePlanet Installer
  • File that launches another file
  • Giant Box
  • GOMPlayerGlobal Setup File
  • Installer
  • Install Program
  • Outbyte Driver Updater Setup
  • Pertinent Install
  • POHelper
  • Relk Install
  • Rufus Setup
  • Setup/Uninstall
  • SoftCatalog Downloader
  • Software Installation
  • Tartufy
  • template
  • uTorrent Setup
  • Wirtualna Polska Media SA
  • Your Application Description
File Version
  • 136.0.7103.85
  • 132.0.6834.200
  • 132.0.6834.122
  • 130.0.6723.144
  • 130.0.6723.143
  • 130.0.6723.142
  • 128.0.6613.139
  • 51.1052.0.0
  • 21.9.0.0
  • 21.0.1.0
Show More
  • 18.16.13.18
  • 17.01.0-RTG
  • 16.11.4.5339
  • 16.11.3.5155
  • 16.11.2.4733
  • 16.9.2.739
  • 16.8.1.378
  • 14.18.14.16
  • 13.1.7-RTG
  • 5.0.0.111
  • 3.7.7
  • 3.5.2
  • 3.3.3
  • 2.4.0.9052
  • 2.2.174.2916
  • 2.0.0.383
  • 2.0.0.0
  • 2
  • 1.92.5.9159
  • 1.92.4.9130
  • 1.92.4.8949
  • 1.4.2.1
  • 1.1.7.0
  • 1.1.1.1
  • 1.00
  • 1.0.3.4816
  • 1.0.1.3543
  • 1.0.1.1
  • 1.0.1.0
  • 1.0.0.3129
  • 1.0.0.3056
  • 1.0.0.1
  • 1.0.0.0
  • 1, 4, 2, 0
  • 0.1.0
  • 0.0.0.0
I S Internal Description Setup Launcher Unicode
I S Internal Version
  • 17.0.717
  • 17.0.714
Internal Build Number 99584
Internal Name
  • Abstract Ocean World Screensaver.exe
  • Beach Babes Screensaver.exe
  • Clear Aquarium Screensaver.exe
  • dobreprogramy.pl.exe
  • DotSetup.dll
  • DownloadHelperTray.exe
  • epibrowser_proxy
  • eventlog_provider_dll
  • GenericSetup.exe
  • installer.exe
Show More
  • Install Program
  • Pertinent Install
  • POHelper.exe
  • Relk Install
  • setup
  • Setup
  • SoftCatalog_Packaged.exe
  • Template.exe
  • TJprojMain
  • UltraCommit.exe
  • viewer.exe
  • YourApp.exe
Last Change
  • 17e1317f6960e3a0bf9dcc371613c98a6d7db701
  • 4153a898b5edfa6b96867a2143e3dcf674821e80
Legal Copyright
  • (c) Caphyon LTD. All rights reserved.
  • Bits Department LLC, 2020
  • CD001_Web
  • c Lavasoft Limited. All Rights Reserved.
  • Copyright
  • Copyright (c) 2012 Real-Time Gaming
  • Copyright (c) 2013 ScreenSaverGift.com
  • Copyright (C) 2014
  • Copyright (c) 2014 ScreenSaverGift.com
  • Copyright (c) 2022 Defiant Elbow decision
Show More
  • Copyright (c) 2022 Giant Box decision
  • Copyright 2024
  • Copyright 2024 EPI Software . All rights reserved.
  • Copyright 2025
  • Copyright 2025
  • Copyright © 2020
  • Copyright © 2024
  • Copyright © Adaware 2019
  • Copyright © Adaware 2020
  • LegalCopyright "© adaware" string © adaware
  • LLC UK Usadba
  • Pertinent Install(c). Copyrighted 2020
  • POHelper Copyrigth 2022
  • Relk Install(c). Copyrighted 2020
  • Ultra commit 2023
  • Wirtualna Polska Media SA
Legal Trademarks
  • Copyright (c) 2013 ScreenSaverGift.com
  • Copyright (c) 2014 ScreenSaverGift.com
Official Build 1
Original Filename
  • Abstract Ocean World Screensaver.exe
  • Beach Babes Screensaver.exe
  • Clear Aquarium Screensaver.exe
  • DefiantElbowApplication.exe
  • dobreprogramy.pl.exe
  • DotSetup.dll
  • DownloadHelperTray.exe
  • epibrowser_proxy.exe
  • eventlog_provider.dll
  • GenericSetup.exe
Show More
  • GiantBoxApplication.exe
  • installer.exe
  • InstallShield Setup.exe
  • Pertinent.exe
  • POHelper.exe
  • RelkI.exe
  • sdk.dll
  • SoftCatalog Downloader
  • Template.exe
  • TJprojMain.exe
  • UltraCommit.exe
  • viewer.exe
  • YourApp.exe
Product Name
  • Abstract Ocean World Screensaver
  • Advanced Installer
  • AllYouBet
  • AppWizard
  • Beach Babes Screensaver
  • Burnbytes
  • CD001_Web's Installer
  • CD010_Web's Installer
  • Clear Aquarium Screensaver
  • Defiant Elbow
Show More
  • DirectX
  • DobreProgramy
  • DotSetup
  • DownloadHelperTray
  • EpiBrowser
  • EpiBrowser Installer
  • FilePlanet
  • Giant Box
  • GOMPlayerGlobal
  • Grand Parker Casino
  • MicrogamingInstall
  • Outbyte Driver Updater
  • Pertinent Install
  • POHelper
  • Project1
  • Relk Install
  • Rufus
  • Smak
  • SoftCatalog Downloader
  • template
  • uTorrent
  • Wirtualna Polska Media SA
  • Your Product Name
Product Short Name
  • EpiBrowser
  • EpiBrowser Installer
Product Version
  • 136.0.7103.85
  • 132.0.6834.200
  • 132.0.6834.122
  • 130.0.6723.144
  • 130.0.6723.143
  • 130.0.6723.142
  • 128.0.6613.139
  • 21.9.0.0
  • 21.0.1.0
  • 18.16.13.18
Show More
  • 17.01.0-RTG
  • 16.11.4
  • 16.11.3
  • 16.11.2
  • 16.9.2
  • 16.8.1
  • 14.18.14.16
  • 13.1.7-RTG
  • 5.0.0.111
  • 4.6
  • 3.6
  • 2.4.0.9052
  • 2.3.0.23191
  • 2.2.174.2916
  • 2.0.0.383
  • 2.0.0.0
  • 2
  • 1.92.5.9159
  • 1.92.4.9130
  • 1.92.4.8949
  • 1.4.2.1
  • 1.1.7.0
  • 1.1.1.1
  • 1.00
  • 1.0.1.3543
  • 1.0.1.1
  • 1.0.1.0
  • 1.0.0.3129
  • 1.0.0.3056
  • 1.0.0.0
  • 1.0.0.0
  • 0.1.0
  • 0.0.0.0

Digital Signatures

Signer Root Status
Bits Department LLC AAA Certificate Services Root Not Trusted
LID LABS, OOO AAA Certificate Services Root Not Trusted
Bit Wise Publishing, LLC Bit Wise Publishing, LLC Self Signed
Byte Media Sdn. Bhd. Certum Extended Validation Code Signing 2021 CA Self Signed
NEXITEK LTD Certum Extended Validation Code Signing 2021 CA Self Signed
Show More
Creative Software Solutions GmbH Creative Software Solutions GmbH Self Signed
Hastings International B.V. DigiCert Assured ID Code Signing CA-1 Self Signed
Lavasoft Software Canada GlobalSign CodeSigning CA - G3 Self Signed
Byte Media Sdn. Bhd. GlobalSign GCC R45 EV CodeSigning CA 2020 Self Signed
H.B. Leopard Technology Co., Ltd GlobalSign GCC R45 EV CodeSigning CA 2020 Self Signed
LLC UK USADBA LLC UK USADBA Self Signed
LLC UK USADBA LLC UK USADBA Self Signed
Astral Media Inc SSL.com EV Code Signing Intermediate CA RSA R3 Self Signed
SmileMotion PTE. LTD. SSL.com EV Root Certification Authority RSA R2 Root Not Trusted
Byte Media Sdn Bhd Sectigo Public Code Signing Root R46 Root Not Trusted
Invenivia Sectigo Public Code Signing Root R46 Root Not Trusted
Invenivia Sectigo Public Code Signing Root R46 Hash Mismatch
WIRTUALNA POLSKA MEDIA SA Sectigo Public Code Signing Root R46 Root Not Trusted
WIRTUALNA POLSKA MEDIA SA Sectigo Public Code Signing Root R46 Hash Mismatch
HASTINGS INTERNATIONAL B.V. Symantec Class 3 SHA256 Code Signing CA Self Signed
Audit.digital s.r.o. USERTrust RSA Certification Authority Root Not Trusted
Cloudtools Limited USERTrust RSA Certification Authority Root Not Trusted
Projektas 25, MB USERTrust RSA Certification Authority Root Not Trusted

File Traits

  • Installer Manifest
  • Installer Version
  • nosig nsis
  • No Version Info
  • Nullsoft Installer
  • x86

Block Information

Total Blocks: 78
Potentially Malicious Blocks: 0
Whitelisted Blocks: 78
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.LA
  • Agent.M
  • Agent.MH
  • Agent.MI
  • Agent.MU
Show More
  • Autorun.LA
  • Bundle.B
  • ClipBanker.QA
  • Deyma.G
  • DotSetupIo.A
  • FakeAV.AU
  • FakeInstaller.A
  • FakeInstaller.B
  • Injector.AK
  • Injector.XN
  • Keylogger.KC
  • Keylogger.KD
  • Keylogger.KE
  • Kryptik.XXBA
  • Lumma.GFD
  • MSIL.Kryptik.SA
  • MSIL.Remcos.LFA
  • Parite.F
  • Rozena.M
  • Rugmi.IA
  • Shell.B
  • Sheloader.A
  • Spy.Agent.KG
  • StartSurf.AD
  • Stealer.KF
  • Stealer.UH
  • Stealer.UHA
  • Stealer.UHAN
  • Stealer.UHBB
  • Stealer.UHBE
  • Stealer.UHO
  • Stealer.UHR
  • Stealer.UHRA
  • Stealer.UHRC
  • Stealer.UHV
  • Trojan.Agent.Gen.YF
  • Trojan.Downloader.Gen.BQ
  • WindowsExpertConsole.A

Files Modified

File Attributes
\device\namedpipe\crashpad_288_clavrgjygststilq Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_288_clavrgjygststilq Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_4424_gzodmkpwrzkeavab Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_4424_gzodmkpwrzkeavab Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_4432_nmyvifebndvtdsdu Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_4432_nmyvifebndvtdsdu Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pdftoolswebpipe Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
c:\program files Read Attributes,Synchronize,Write Data
c:\program files\burnbytes\burnbytes.exe Synchronize,Write Data
c:\program files\burnbytes\burnbytes.exe.config Synchronize,Write Data
Show More
c:\program files\burnbytes\burnbytes.pdb Synchronize,Write Data
c:\program files\burnbytes\burnbytesupdate.bat Generic Write,Read Attributes
c:\program files\burnbytes\de\burnbytes.resources.dll Synchronize,Write Data
c:\program files\burnbytes\de\is-4fepb.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\de\is-alun1.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\de\is-anhuu.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\de\is-i4fv9.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\de\is-p56ql.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\de\is-ratou.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\de\is-rc5gc.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-10m50.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-113o7.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-14f5i.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-1uaqu.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-2ojsa.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-4gua8.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-6tee9.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-8q8cg.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-8rbqp.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-9bcci.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-9cbpd.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-9djgj.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-ao83g.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-au9mj.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-av6eu.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-b3g9s.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-bv719.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-cmisv.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-cov3u.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-cq39s.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-fc2ea.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-fsh2i.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-hf3l7.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-ia1jf.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-ihpd6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-j8l7v.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-jg582.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-k7vfh.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-lvj0l.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-m6v9n.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-m78g6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-o10au.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-oaaps.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-p2n5j.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-pbsi1.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-pdu7h.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-pfg0h.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-q4pue.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-q7ilk.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-qb99t.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-sc7d5.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-scqb4.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-sksa1.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-tkvnl.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-u2j45.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-uckl1.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-uhbe3.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-vanl7.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\newtonsoft.json.dll Synchronize,Write Data
c:\program files\burnbytes\newtonsoft.json.xml Synchronize,Write Data
c:\users\user\appdata\local\adaware\genericsetup.exe_url_n4k14q2dj2u3l4sm2hsrd3vnfhq5tmvo\1.0.3.4816\ihpeok3e.newcfg Generic Write,Read Attributes
c:\users\user\appdata\local\adaware\genericsetup.exe_url_n4k14q2dj2u3l4sm2hsrd3vnfhq5tmvo\1.0.3.4816\ihpeok3e.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\adaware\genericsetup.exe_url_n4k14q2dj2u3l4sm2hsrd3vnfhq5tmvo\1.0.3.4816\user.config Synchronize,Write Data
c:\users\user\appdata\local\episoftware\epibrowser\user data\crashpad\settings.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\internet explorer\msimgsiz.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\7z2301-x64.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\2025.11.03_18.28.45.468914_installer_pid=4220.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\2025.11.03_18.28.45.468914_installer_pid=4220.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\app.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\app.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\bundleconfig.json Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\bundleconfig.json Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\de Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\de\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\de\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\devlib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\devlib.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\devlib.services.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\devlib.services.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\dynactsbll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\dynactsbll.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\en Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\en\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\en\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\es Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\es\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\es\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\fr Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\fr\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\fr\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\genericsetup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\genericsetup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\genericsetup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\genericsetup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\genericsetup.exe.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\genericsetup.exe.config Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\h2osciter.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\h2osciter.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\htmlagilitypack.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\htmlagilitypack.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\installer.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\it Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\it\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\it\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\microsoft.win32.taskscheduler.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\microsoft.win32.taskscheduler.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\mydownloader.core.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\mydownloader.core.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\mydownloader.extension.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\mydownloader.extension.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\newtonsoft.json.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\newtonsoft.json.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\offerservicebll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\offerservicebll.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\offerservicesdk.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\offerservicesdk.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\pt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\pt\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\pt\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\downloadpage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\downloadpage.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\header-panel.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\header-panel.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\laptop.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\laptop.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\loader.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\loader.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\warning48x48.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\warning48x48.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\installingpage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\installingpage.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\launchcarrierpage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\launchcarrierpage.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\offerpage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\offerpage.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\style.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\style.css Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\suitepage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\suitepage.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\config.tis Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\config.tis Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\eventhandler.tis Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\eventhandler.tis Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\log.tis Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\log.tis Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\translateoffertemplate.tis Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\translateoffertemplate.tis Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\viewstateloader.tis Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\viewstateloader.tis Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\welcomepage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\welcomepage.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\ru Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\ru\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\ru\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\sciter32.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\sciter32.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\shared.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\shared.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\temp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\temp\shsandbox-win32.dll-5.22.1.9999-x86.dmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\7zs0ea0e3e7\temp\shsandbox-win32.dll-5.22.1.9999-x86.dmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs430c688d\app.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs430c688d\app.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs430c688d\bundleconfig.json Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs430c688d\bundleconfig.json Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs430c688d\carrier.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs430c688d\carrier.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs430c688d\de Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs430c688d\de Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs430c688d\de\genericsetup.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs430c688d\de\genericsetup.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs430c688d\dynactsbll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs430c688d\dynactsbll.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs430c688d\es Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs430c688d\es Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs430c688d\es\genericsetup.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs430c688d\es\genericsetup.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs430c688d\externalresource.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs430c688d\externalresource.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs430c688d\fr Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs430c688d\fr Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs430c688d\fr\genericsetup.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs430c688d\fr\genericsetup.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs430c688d\genericsetup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs430c688d\genericsetup.dll Synchronize,Write Attributes

406 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
Show More
HKLM\software\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\50bc573af1a5d4d4e48590b84f3c4d16dc4667a6_0001321408::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.3570"hypervisor="Hypervisor detected (Micros RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\359094876ad5f521525d327ef249965b18c3e560_0001329600::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Jyjpcgpi\AppData\Local\Temp\7zS805D8840\de\devlib.resources.dll RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Jyjpcgpi\AppData\Local\Temp\7zS805D8840\de\devlib.resources.dll\??\C:\Users\Jyjpcgpi\AppData\Local\Temp\7zS805D88 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKCU\software\appwizard::hid FAAD358E-AA7B-442F-893C-251C2902E295 RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\df096931ac839c472713a382b36b441804379de6_0001246328::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Vfnureac\AppData\Local\Temp\~nsu.tmp\Au_.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Vfnureac\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Vfnureac\AppData\Local\Temp\~nsu.tmp RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\e1fbb6b572e0b8680d6f0846c3e63714df5b8f1a_0001251960::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\c69643e59e2fa34ceefe989a75385b75913efba3_0001252984::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Dfotipyp\AppData\Local\Temp\7zS0EA0E3E7\de\devlib.resources.dll RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Dfotipyp\AppData\Local\Temp\7zS0EA0E3E7\de\devlib.resources.dll\??\C:\Users\Dfotipyp\AppData\Local\Temp\7zS0EA0E3 RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\8c7c419f40ce8989aa1af2c57a4cb185bc8bee3d_0001254008::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\a9a91635de77f36b374b6b495eb71720936e45ba_0001310720::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\d8f902ab75066be91aa2e65a9d455b1264ccbd3f_0001249912::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4efc31460c619ecae59c1bce2c008036d94c84b8::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4efc31460c619ecae59c1bce2c008036d94c84b8::blob RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\3993dc0b492e0b9d066c68d5c43f20d99622c489_0001259749::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAdjustPrivilegesToken
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
Show More
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtGetWriteWatch
  • ntdll.dll!NtLockFile
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtQueueApcThreadEx2
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRemoveIoCompletion
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResetWriteWatch
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey

73 additional items are not displayed above.

Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Process Terminate
  • TerminateProcess
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Winsock2
  • WSAConnect
  • WSAGetOverlappedResult
  • WSASend
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • bind
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • gethostbyname
  • getpeername
  • getsockname
  • recv
  • send
Show More
  • setsockopt
  • socket
Network Winhttp
  • WinHttpOpen
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Network Wininet
  • HttpOpenRequest
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetSetOption
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

"C:\Users\Yfabavah\AppData\Local\Temp\is-ECR6U.tmp\514f7470fa7c0ee9b5bcf0afd98e093086d42a7b_0001831584.tmp" /SL5="$1025A,834279,798208,c:\users\user\downloads\514f7470fa7c0ee9b5bcf0afd98e093086d42a7b_0001831584.exe"
"C:\Users\Artqpyvm\AppData\Local\Temp\is-DOB5N.tmp\eeed5ec6430b2a9eebdecd40c51002af32297de0_0002513624.tmp" /SL5="$30140,1583588,832512,c:\users\user\downloads\eeed5ec6430b2a9eebdecd40c51002af32297de0_0002513624.exe"
"C:\Users\Bhccpnyn\AppData\Local\Temp\is-AKIUP.tmp\d3343bb5b57b4779c31e483564a11ea6ce268998_0002195288.tmp" /SL5="$20246,1218980,902656,c:\users\user\downloads\d3343bb5b57b4779c31e483564a11ea6ce268998_0002195288.exe"
"C:\Users\Hybxmfyu\AppData\Local\Temp\is-DNN6J.tmp\20813fef9510f0b97dc8352c561ae6121ac3d597_0002438776.tmp" /SL5="$10252,1532632,780800,c:\users\user\downloads\20813fef9510f0b97dc8352c561ae6121ac3d597_0002438776.exe"
"C:\Users\Qkcskoez\AppData\Local\Temp\is-OAUIP.tmp\30af930a35c193dc09c60da30202d2d7bafa4774_0002195288.tmp" /SL5="$10262,1218980,902656,c:\users\user\downloads\30af930a35c193dc09c60da30202d2d7bafa4774_0002195288.exe"
Show More
"C:\Users\Nodcykgj\AppData\Local\Temp\is-FTDVS.tmp\81ec7833706cdf9797dc03730a6a0b2c6cc5daab_0002517411.tmp" /SL5="$30278,1583588,832512,c:\users\user\downloads\81ec7833706cdf9797dc03730a6a0b2c6cc5daab_0002517411.exe"
"C:\Users\Jouxsmkg\AppData\Local\Temp\is-FCMUK.tmp\7575cd484fa1ff7986c066c53e052490786dea53_0002065648.tmp" /SL5="$301E2,1012762,868864,c:\users\user\downloads\7575cd484fa1ff7986c066c53e052490786dea53_0002065648.exe"
"C:\Users\Nybrejmw\AppData\Local\Temp\is-URDVT.tmp\855ce2ad2eab248109036e1a0e6ec74a1069a96b_0002202312.tmp" /SL5="$30228,1226096,902656,c:\users\user\downloads\855ce2ad2eab248109036e1a0e6ec74a1069a96b_0002202312"
"C:\Users\Mjjitbxj\AppData\Local\Temp\is-GVPNM.tmp\aaa36f92e21fb0648b4977d308423f6f1a6c1159_0002195288.tmp" /SL5="$401E4,1218980,902656,c:\users\user\downloads\aaa36f92e21fb0648b4977d308423f6f1a6c1159_0002195288"
c:\users\user\downloads\36268f3b16f08e417110a7eed632fdc11a515f04_0003401360 c:\users\user\downloads\36268f3b16f08e417110a7eed632fdc11a515f04_0003401360 --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Iyxnkyzt\AppData\Local\EPISoftware\EpiBrowser\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=EpiBrowser --annotation=ver=128.0.6613.139 --initial-client-data=0x244,0x250,0x25c,0x254,0x280,0x7ff630497970,0x7ff63049797c,0x7ff630497988
"C:\Users\Jcqddcnm\AppData\Local\Temp\is-LU7LB.tmp\1811327cb7e09d84f02d4f3b5e4ab6a4fbd2cca3_0002202312.tmp" /SL5="$30232,1226096,902656,c:\users\user\downloads\1811327cb7e09d84f02d4f3b5e4ab6a4fbd2cca3_0002202312"
c:\users\user\downloads\b627cc3f488d157041872c0950b92241bb12c8b5_0005113488 c:\users\user\downloads\b627cc3f488d157041872c0950b92241bb12c8b5_0005113488 --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Aetfchzn\AppData\Local\EPISoftware\EpiBrowser\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=EpiBrowser --annotation=ver=132.0.6834.122 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff6ad4fd2e8,0x7ff6ad4fd2f4,0x7ff6ad4fd300
"C:\Users\Lagznwqf\AppData\Local\Temp\is-LA8IC.tmp\afaa259fefc60ef288cf56240f30713567ad15d3_0002195288.tmp" /SL5="$4020E,1218980,902656,c:\users\user\downloads\afaa259fefc60ef288cf56240f30713567ad15d3_0002195288"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5aae1ed5cfc20d9e121c4e9b8ba6794789a8f12f_0000272360.,LiQMAxHB
"C:\Users\Fuoacynh\AppData\Local\Temp\is-TIB0L.tmp\0be5dbc2a70db3364a64c1ed9f8aa472cd0e6931_0002522252.tmp" /SL5="$20270,1583588,832512,c:\users\user\downloads\0be5dbc2a70db3364a64c1ed9f8aa472cd0e6931_0002522252"
"C:\Users\Ayhsuzew\AppData\Local\Temp\is-NAJD5.tmp\c40b54954ad66b14682bc481e3e860f4c7ca3664_0002195288.tmp" /SL5="$10276,1218980,902656,c:\users\user\downloads\c40b54954ad66b14682bc481e3e860f4c7ca3664_0002195288"
c:\users\user\downloads\171da62ecdb8bca3651b16b896a7bb77f87940c1_0004996240 c:\users\user\downloads\171da62ecdb8bca3651b16b896a7bb77f87940c1_0004996240 --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Afeulupc\AppData\Local\EPISoftware\EpiBrowser\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=EpiBrowser --annotation=ver=130.0.6723.143 --initial-client-data=0x28c,0x250,0x294,0x290,0x298,0x7ff69a17c0e8,0x7ff69a17c0f4,0x7ff69a17c100
"C:\Users\Ummuxzpw\AppData\Local\Temp\is-5NM64.tmp\99e5623744350d78c4f3e090589ae151018323c8_0002503712.tmp" /SL5="$A003E,1573616,832512,c:\users\user\downloads\99e5623744350d78c4f3e090589ae151018323c8_0002503712"
"C:\Users\Yzaesmhx\AppData\Local\Temp\is-P8NFT.tmp\4cda6e882d6a7f0af0c4fb3407fc0c25dcf5dda2_0002195288.tmp" /SL5="$10250,1218980,902656,c:\users\user\downloads\4cda6e882d6a7f0af0c4fb3407fc0c25dcf5dda2_0002195288"
"C:\Users\Ovfpuzje\AppData\Local\Temp\is-M4IGL.tmp\a7a4042a7eb203b663a5b7cf8b72a71f17443610_0002195288.tmp" /SL5="$4005E,1218980,902656,c:\users\user\downloads\a7a4042a7eb203b663a5b7cf8b72a71f17443610_0002195288"
"C:\Users\Oworkdhm\AppData\Local\Temp\is-KO7K9.tmp\e0fcee0fadbd0e0407f5b2e21cecd180445f19e8_0002503712.tmp" /SL5="$2017C,1573616,832512,c:\users\user\downloads\e0fcee0fadbd0e0407f5b2e21cecd180445f19e8_0002503712"
"C:\Users\Bhwnwswk\AppData\Local\Temp\is-L5V48.tmp\2c709ab7e2c88f60da02deebaf438b7ce6a51c2b_0002195288.tmp" /SL5="$30214,1218980,902656,c:\users\user\downloads\2c709ab7e2c88f60da02deebaf438b7ce6a51c2b_0002195288"
.\installer.exe
runas C:\Users\Jyjpcgpi\AppData\Local\Temp\7zS805D8840\GenericSetup.exe C:\Users\Jyjpcgpi\AppData\Local\Temp\7zS805D8840\GenericSetup.exe
"C:\Users\Wlcrucyu\AppData\Local\Temp\is-VLUAR.tmp\c38cc9607c5e223be16e2cf5d6f4158be16a0f1e_0002009768.tmp" /SL5="$2024A,900883,868864,c:\users\user\downloads\c38cc9607c5e223be16e2cf5d6f4158be16a0f1e_0002009768"
"C:\Users\Hffyzfjh\AppData\Local\Temp\is-NHJM9.tmp\4d5a9db391371a92827043d0bea65a8436fc05c5_0002195288.tmp" /SL5="$8004E,1218980,902656,c:\users\user\downloads\4d5a9db391371a92827043d0bea65a8436fc05c5_0002195288"
"C:\Users\Khkuplpw\AppData\Local\Temp\is-1FUIG.tmp\50180d02475bd5b59d89fa32a4ef8d3ea4e836da_0008438216.tmp" /SL5="$20250,7687825,757248,c:\users\user\downloads\50180d02475bd5b59d89fa32a4ef8d3ea4e836da_0008438216"
"C:\Users\Fknovjbo\AppData\Local\Temp\is-D0GNV.tmp\c26b52ab6b219a11bd078186a3c10aee36aecc8f_0002202312.tmp" /SL5="$60210,1226096,902656,c:\users\user\downloads\c26b52ab6b219a11bd078186a3c10aee36aecc8f_0002202312"
"C:\Users\Vfnureac\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\
C:\Users\Pcqbskqi\AppData\Local\Temp\~oxtqcw72xs.tmp (NULL)
"C:\Users\Fmvopnec\AppData\Local\Temp\is-5TD48.tmp\07e5ba2d4339cf0d34e3405c0938bc2c08c5ee78_0002195288.tmp" /SL5="$401F4,1218980,902656,c:\users\user\downloads\07e5ba2d4339cf0d34e3405c0938bc2c08c5ee78_0002195288"
.\GenericSetup.exe
"C:\Users\Hkwbbknz\AppData\Local\Temp\is-E0E2M.tmp\fa65f13c65a3c7c560e973b57302102fe8423d70_0002195288.tmp" /SL5="$600D4,1218980,902656,c:\users\user\downloads\fa65f13c65a3c7c560e973b57302102fe8423d70_0002195288"
"C:\Users\Vqjkssww\AppData\Local\Temp\is-9N78U.tmp\ffbf37f614105081b95c77d7f412977fd836c068_0002195288.tmp" /SL5="$8C0344,1218980,902656,c:\users\user\downloads\ffbf37f614105081b95c77d7f412977fd836c068_0002195288"
"C:\Users\Bcuvgviz\AppData\Local\Temp\is-QE8H1.tmp\8013e7de24231182fdb8d9cf7be5338b4c7208a5_0002195288.tmp" /SL5="$60160,1218980,902656,c:\users\user\downloads\8013e7de24231182fdb8d9cf7be5338b4c7208a5_0002195288"
"C:\Users\Vczweoyx\AppData\Local\Temp\is-DKTAD.tmp\c077702e2d6a0de0ffd7a193f3c762c44ab890c2_0002195288.tmp" /SL5="$402E4,1218980,902656,c:\users\user\downloads\c077702e2d6a0de0ffd7a193f3c762c44ab890c2_0002195288"
C:\Users\Phzhngjw\AppData\Local\Temp\~ll639bnu6j.tmp (NULL)
"C:\Users\Gbzqvjrr\AppData\Local\Temp\is-7JB21.tmp\3ee1ef3c5fb803641273f316db780aab417d8871_0006194576.tmp" /SL5="$A0044,5391922,122368,c:\users\user\downloads\3ee1ef3c5fb803641273f316db780aab417d8871_0006194576"
"C:\Users\Ssxpeaux\AppData\Local\Temp\is-GDLPK.tmp\ca9df411fc257880a53bbe6d1ca4043f1101ec83_0002202312.tmp" /SL5="$5032A,1226096,902656,c:\users\user\downloads\ca9df411fc257880a53bbe6d1ca4043f1101ec83_0002202312"
"C:\Users\Ldmwikae\AppData\Local\Temp\is-T02PS.tmp\864a67768f0fc29590ae932ce13b6a208b0adb90_0002195288.tmp" /SL5="$5033E,1218980,902656,c:\users\user\downloads\864a67768f0fc29590ae932ce13b6a208b0adb90_0002195288"
"C:\Users\Xqyrsejw\AppData\Local\Temp\is-QBG54.tmp\a44c594eacd6f52a5fc3a52b21d861fc825fcdfa_0002195288.tmp" /SL5="$60050,1218980,902656,c:\users\user\downloads\a44c594eacd6f52a5fc3a52b21d861fc825fcdfa_0002195288"
"C:\Users\Cwrpjfij\AppData\Local\Temp\is-AOQ20.tmp\67b991d864c59e644d9f50c5df1ea85cfccbf5f6_0002195288.tmp" /SL5="$80336,1218980,902656,c:\users\user\downloads\67b991d864c59e644d9f50c5df1ea85cfccbf5f6_0002195288"
"C:\Users\Oilbgcpb\AppData\Local\Temp\is-61QDE.tmp\145b78379c1f25b7ff8decf1b21ba8267349abe1_0002195288.tmp" /SL5="$7005A,1218980,902656,c:\users\user\downloads\145b78379c1f25b7ff8decf1b21ba8267349abe1_0002195288"
"C:\Users\Kakbtvuo\AppData\Local\Temp\is-2O3SV.tmp\34ae4f90add75c63282f4495583bdabd815544d0_0002195288.tmp" /SL5="$30338,1218980,902656,c:\users\user\downloads\34ae4f90add75c63282f4495583bdabd815544d0_0002195288"
"C:\Users\Ozvixsli\AppData\Local\Temp\is-NB0GD.tmp\48d3034b95858d045f81c337cb79057319c61101_0005871448.tmp" /SL5="$B0320,4808123,844800,c:\users\user\downloads\48d3034b95858d045f81c337cb79057319c61101_0005871448"
"C:\Users\Hndsupdd\AppData\Local\Temp\is-T6SL8.tmp\ab59b7d362fb83991f20e76081c90c5aaf55aad1_0005871480.tmp" /SL5="$40380,4808123,844800,c:\users\user\downloads\ab59b7d362fb83991f20e76081c90c5aaf55aad1_0005871480"
"C:\Users\Isexzuqb\AppData\Local\Temp\is-636UH.tmp\3976ef48c5e71635f7de8147105f55291b7e04c1_0002503712.tmp" /SL5="$3037A,1573616,832512,c:\users\user\downloads\3976ef48c5e71635f7de8147105f55291b7e04c1_0002503712"
"C:\Users\Ktjjdcze\AppData\Local\Temp\is-JMCBI.tmp\013dcf46786cbf27de49b22a4abd0435904b0a94_0005871480.tmp" /SL5="$702D6,4808123,844800,c:\users\user\downloads\013dcf46786cbf27de49b22a4abd0435904b0a94_0005871480"
"C:\Users\Votonhxi\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\
"C:\Users\Pksnajwt\AppData\Local\Temp\is-TD215.tmp\43265cda22d423e99270f7961cfa42551bc763ba_0002438616.tmp" /SL5="$5036A,1532632,780800,c:\users\user\downloads\43265cda22d423e99270f7961cfa42551bc763ba_0002438616"
"C:\Users\Jolvdcss\AppData\Local\Temp\is-NBBV5.tmp\0bb253625522771bdb2548f6a0c8307217a4537a_0005871528.tmp" /SL5="$4037E,4808123,844800,c:\users\user\downloads\0bb253625522771bdb2548f6a0c8307217a4537a_0005871528"
"C:\Users\Hvdyuprg\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\

1 Comment

ralph palmer Reply

help is needed. nothing works for me. have been tryiing all I know for three days.I was told it would be easy to get rid of safe search. not true.

Trending

Most Viewed

Loading...