DangerousSec.Generic

By CagedTech in Malware

Threat Scorecard

Popularity Rank:	43
Threat Level:	100 % (High)
Infected Computers:	213,774

First Seen:	December 13, 2021
Last Seen:	April 24, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	DangerousSec.Generic
Signature status:	No Signature

Known Samples

MD5: 5e1c8047c964bde2746a52d8f53dc2d6

SHA1: 7c1551f0ed16b07911789db68cd394394cb15648

File Size: 5.41 MB, 5411096 bytes

MD5: 4ecb7d38047977d8208948305790fe04

SHA1: fd96336dc66f206aeb971216dd5be2fb55931c38

File Size: 5.43 MB, 5426280 bytes

MD5: 72ad124d7337240b27e877f73ee6d834

SHA1: 57566f26c37e05f6fc0b2e5858ea4fd52116b19d

File Size: 7.05 MB, 7049216 bytes

MD5: 0081cd5c87ad4b04df2ce9cf430fb598

SHA1: 7410e8d109f4b966fd152ddb138089672470eb25

File Size: 914.91 KB, 914910 bytes

MD5: a130e0bf2dffce3d28d2d50b1db331e5

SHA1: d53514b375f0679816ae6b2e606232045e0aac9b

File Size: 8.25 MB, 8245248 bytes

MD5: c92fa850321714b572e9c987d7643189

SHA1: 08bc805c04aabe1a7b0bfe240582223e26120bf5

File Size: 3.36 MB, 3357660 bytes

MD5: 536becad50e26b4d6b33e3be7e84c769

SHA1: 12b45606077ad210bb743cc509f4e6acf3980999

File Size: 61.87 KB, 61865 bytes

MD5: 8caa243e0e98964847f1a276b50a9fb0

SHA1: 4a04496e358610da6eee7d63c8f69aa94a16d953

File Size: 5.52 MB, 5518848 bytes

MD5: 64f8410979ac31503d01e09ed8458223

SHA1: 4cf1618d171f542dcf3027f8a5cecc0f25ff0b8c

File Size: 5.57 MB, 5567268 bytes

MD5: 6d8c1c76db62ffad6128b66d434ec1b9

SHA1: 579491960bec7bf44534b3771485dc2451ee6e3e

File Size: 9.61 MB, 9611264 bytes

MD5: 5d4793ae3dbe958d37370d7968468df1

SHA1: 5fe5750b1f421a046e9322bbd602485a92b9d87f

File Size: 5.96 MB, 5958144 bytes

MD5: f0afaea27be312380a2f87c871268281

SHA1: d86981e6a9eb7e079fb31046e36b619aee506e0d

File Size: 6.09 MB, 6088704 bytes

MD5: 391fddc83f43c76baa935621d363a34b

SHA1: f5959554f3ce96556512f782a08e065da4740f91

File Size: 441.86 KB, 441856 bytes

MD5: 0f243d6e156f63d1a4065ea8eb04742d

SHA1: 17b114a5006d17ffa043843050bac7c781ca95fe

File Size: 7.04 MB, 7036928 bytes

MD5: 3522859ef9fc99022c2434072c13227c

SHA1: e8d101f816f7062a8916ad136760b2a1ef39c824

File Size: 9.91 MB, 9914368 bytes

MD5: 1edf4a5b3b8047bc85280c61340a651b

SHA1: 5547c93a611e7569ca8782ea5afa16408edbdcd9

File Size: 5.68 MB, 5679104 bytes

MD5: 3f39f4d400afcfa531a8417f88c18a37

SHA1: a2b782a93f6cac5cc6242032f3e2ed68ee7a342c

File Size: 9.89 MB, 9891328 bytes

MD5: 0dc5b57bb9e5806e7821ffe11194ffb3

SHA1: c216cc4a415c1af15132681d1c9811d22fa732fd

File Size: 5.81 MB, 5810430 bytes

MD5: 62c2b626e245f7ca51a5c6bfed9aef51

SHA1: 88753fe11a8393143711bc4d9584d63f959a6fe2

File Size: 8.65 MB, 8648704 bytes

MD5: 011c277c3d63f567667e44269faeef22

SHA1: 5910160e3d57139b3c684be0083cb48b05f751bd

File Size: 9.89 MB, 9887744 bytes

MD5: f8071ac8f85fbc5f51006bb748987087

SHA1: 1a55ea9b9d6544a1a6395a13cc74601a9eccb4ee

File Size: 4.22 MB, 4217666 bytes

MD5: c645722af4d2e9bbad83be500a634354

SHA1: c714768192fbecb8e2cc4c56571c9b7777f2e252

File Size: 717.34 KB, 717344 bytes

MD5: 5aa1cdc4d131fa936c7ac09ecbfd071c

SHA1: eca8b2d4413783526af2bef5c10755ab9541d51c

File Size: 1.88 MB, 1878861 bytes

MD5: bb127d651361fdccefd900f0297906a0

SHA1: e27b127843d1d1a2261dc4cbedba3a549298134b

File Size: 101.38 KB, 101376 bytes

MD5: 22b7fa9d7ece61a0e0a7a0e9b130e311

SHA1: 00329bc46fab8e69da98e11894e7249fc4b5199f

File Size: 1.73 MB, 1725440 bytes

MD5: e421d03770e7524f2075d6f0acb23c4b

SHA1: 7b8335e3cbb7950988c4e58c36757bc6ec24f373

File Size: 4.42 MB, 4419072 bytes

MD5: a2090a6afe492dcc0a92b9a2c6848d7e

SHA1: ceecf8b5911611381e5e048ede40eb372e0bf62f

File Size: 5.46 MB, 5457688 bytes

MD5: 734481abd4edcc21d5f7ef521f0d1b00

SHA1: 275c8099cec15b75299e670469db53e61978194d

File Size: 7.58 MB, 7579648 bytes

MD5: fe1eb41d1945b84c0347c11b6ed10581

SHA1: 3fa547196233bb8686d4a2d6d861b00799af3970

File Size: 1.33 MB, 1332196 bytes

MD5: a763add53fb74071c6eefe33bc93bd63

SHA1: f5284df9db6602848b3033efe77e7ef5a6eb5851

File Size: 5.32 MB, 5318936 bytes

MD5: 6d35126385490fefe586bef22b786bac

SHA1: 4395f8f34890f488347210c66d3f6dccf828b785

File Size: 1.94 MB, 1937094 bytes

MD5: 22e0affa2a906b350ec40e76d017980b

SHA1: a429ad1fe35ad688e4cbab4a24a9656a326fedca

File Size: 1.87 MB, 1871562 bytes

MD5: d5f2885bb9509ff80d9a2692db9d0674

SHA1: e62d8dc1e4784cdfb36499bc6a9b92374ab808e7

File Size: 5.88 MB, 5880320 bytes

MD5: 4e8b67994fa175efbb476c7644587c1e

SHA1: fe6e124e51758bb800994925fbbcdd6a91b9264a

File Size: 7.58 MB, 7581696 bytes

MD5: 115524ef4a933c745273ae05fcb76889

SHA1: 58c94afdfcf2a8bd5ffff59b940c83c407a17bf3

File Size: 9.33 MB, 9327104 bytes

MD5: aa7921af76c401475cc7b79de81424c1

SHA1: f4b6bd0cf7a91ca0c020c9cbbd0bf2b8b33fcaca

File Size: 4.75 MB, 4752896 bytes

MD5: 3249ed9b1dbe5509ea560170262e0abb

SHA1: d89745f571e13816b1b521cd81005fa509ef7e51

File Size: 9.02 MB, 9017856 bytes

MD5: fbd5712275cb10e5bfeacd53ab7789f7

SHA1: a3ea3d0b978e981156d823e53d623f07a751519d

File Size: 9.84 MB, 9837568 bytes

MD5: b7a0026dff6e318b58ddfa9a4ab8b539

SHA1: a2298c10985be2c3c3c16cb962df1cc1fb143b72

File Size: 5.51 MB, 5511784 bytes

MD5: 2d2e5146f9e77dac37db62b4a06fcdd1

SHA1: 84ed620c9c55fe61f441fb9912a980ae3ba77e8d

File Size: 9.96 MB, 9963400 bytes

MD5: 651c6afd5314b422095a5cab14e62575

SHA1: 63daaa2e3f7611020b434158166b8f7e90a86926

File Size: 5.60 MB, 5603840 bytes

MD5: 046d98b185a41d3029971a28e417b969

SHA1: a86d003ac58cd7cd7056d5418691deb9c7b5c6ba

File Size: 9.04 MB, 9043968 bytes

MD5: 237998b469a31c2cd66ae432ce3738c2

SHA1: 481e2e454d3396d78ffe85e2ad6618a9a085b285

File Size: 8.09 MB, 8091432 bytes

MD5: 1d7267b923e524a0f1493e2a271c557b

SHA1: a1d1fbd380c84f1a8bb5adfc105a05897163ea22

File Size: 6.60 MB, 6601728 bytes

MD5: 81cf661886e521cab3adbb3cd5b4f2cd

SHA1: ace4d1a5cb546d98daa4254c148bb01b4b32680f

File Size: 117.76 KB, 117760 bytes

MD5: ba9c75297e97736b61c932d9f1ae0d1d

SHA1: af4fa0875d991cf554909eee64e20a5c19b7da43

File Size: 5.62 MB, 5623808 bytes

MD5: 27fe4d6e30ef48eadc12f8fa7be7c6ff

SHA1: 8ec64fcd5e8bec8f5f75fbfe9ba795b89900723c

File Size: 9.05 MB, 9047552 bytes

MD5: 93e3027ec7023125d787bf8279559044

SHA1: 3c8dbd9ae613ad4f9583ed79edc2e01ad2a6fafb

File Size: 7.48 MB, 7476224 bytes

MD5: d129447306ebad8edd213d057944bd99

SHA1: 7828eac617d761e1a8d6f18c350c9538b5967aea

File Size: 9.36 MB, 9362432 bytes

MD5: 13a68e7ab6690baa4667e164bf454b86

SHA1: 9668aabba9c5f51ae742c8f647d85d03bb0fcd96

File Size: 6.00 MB, 5995008 bytes

MD5: fd5529963eb4735c32cb7e80cb899772

SHA1: 89f58d6c2b8ae7461fd2872e4390c2c75af8a69a

File Size: 151.55 KB, 151552 bytes

MD5: 84e3ff1dc69b0007c3a27fb1303481d8

SHA1: d0b8b03ff9293d0c4b15264f2d5ec4c6b279eda2

File Size: 174.08 KB, 174080 bytes

MD5: ed1a015bbe6ef48ce69547411a68572e

SHA1: ed1379750d9427f8e2ed0238ccbed20d8caa49fa

File Size: 131.58 KB, 131584 bytes

MD5: 36b05b5575e0b5cf3ad1e5fc378175f0

SHA1: 0671416378c8619e618c8b7f6eebc29409c35166

File Size: 4.60 MB, 4603904 bytes

MD5: 8006d9c0da61b054698fcf143317b3d1

SHA1: d6956522121f07bc26456bfebbefd8e2124ac120

File Size: 7.40 MB, 7400960 bytes

MD5: 0814b2bb159b7723342dc3f14d0fa789

SHA1: 48b33a48ade4a4edb1de807b073dd882815001c6

File Size: 5.73 MB, 5731840 bytes

MD5: bb36b045210f87e6ad515a8599e0f6a3

SHA1: fdbc44b9fa62cdeeaf5545d3380626c5b8f72cee

SHA256: 72DDD9DCC8D79F564A047397493E624624302AA0FC7ADDEAF70F39291255344A

File Size: 9.19 MB, 9194496 bytes

MD5: f6517d91f4ff14afc707f3a5daccb062

SHA1: e42a21d4ef79874f29878f1a70482f75b003f261

SHA256: 7A1955C774D6C52159FD26602E6F80B6A0AC2BCC69E428EFB8323AC322A3BDF2

File Size: 5.72 MB, 5724544 bytes

MD5: e8ac5c45a1c427f9665622fc25bf3d54

SHA1: bf4d5c0f6febe6893dc476173a480ac6f96cab00

SHA256: 08A1FCAD50F8FA7A362BA1C8EA759016E0C216A1BDC6457CBB6863A0711D125B

File Size: 6.39 MB, 6389037 bytes

MD5: a0183f02511b1fc88a1932529247e8c3

SHA1: ea7391cd0dafa0ca29efbddc4667b21729758a9a

SHA256: 075C79F3B6C92DD8A94F64D9935728EAAC8900611D52406A2B7B96697B70ABF4

File Size: 4.43 MB, 4429824 bytes

MD5: 15d6195abb10ae54154ae74e288f76b3

SHA1: 8704d1eb3e991daa0ca79d560f83381499e8a7f3

SHA256: 26A0D3B01BD36F9DEC7F6F2687726AB70D4581133D6FC88F4154CA5ECBC23B91

File Size: 3.13 MB, 3134464 bytes

MD5: 435a349246ce278dfe1246a4425f175b

SHA1: c933cb3048b0e3cbb0170d32bbccd91a2aecc10b

SHA256: ED2F5C3B88DD9BEBA1C9E546D7C84BF4BA815D133D1659472D29C37232C43F6C

File Size: 6.62 MB, 6619136 bytes

MD5: 01f2c014d7a861ae16b4e2dc78837c50

SHA1: 1037e57b0080579083f715901ee9d9457fcd2bf0

SHA256: 0BD8F5747108FE258B84580C166CBD4F066B5CB107ADAD3710530E60E1B44287

File Size: 334.28 KB, 334276 bytes

MD5: 8cc4ee02cce13aa0f392c153b1bf26c2

SHA1: a71746b75d84ab3bc2fa9579aede3b634cca1a51

SHA256: 01BACB2D90C97003400846A5D7E45987B4D20776EBEEA74FB9EB195C64F8E620

File Size: 495.10 KB, 495104 bytes

MD5: dad29d82264a6297a5c3181dba3df227

SHA1: 9b2a3c4ec4b59dc125f62a39864dfbde8af08943

SHA256: 2E112B4A0C5553CC83869927F7FDEB36495F1902FC00CAD7BD82282F5DDF4A37

File Size: 6.69 MB, 6686720 bytes

MD5: 6e49fb27c357437310aa02eca2693ad6

SHA1: be9507ca970e8d652891dd7178060c08214b4369

SHA256: AE0848397A870F52D5BEA418E714A124E8416EB84CA9BA2866B4DF96D6B685CD

File Size: 5.87 MB, 5869242 bytes

MD5: 0d1ba8008ec9e7126bb16bab278953b2

SHA1: 6ccf18db131d9a7612f81da75001bbe564bc38a2

SHA256: 2E51230845379685B426E5E3A2D851322DCD12CC0345F3D75E0BFAE606B909DE

File Size: 1.83 MB, 1828352 bytes

MD5: fc9fac8a04bb4eaed2356adca448dfd8

SHA1: aa553c368724f0d7a8088d71615a3dab0109b124

SHA256: 094ACBB9601F6B88810B0A57A856CAC7400B10AEE5D3FC6B37574C6BDF969749

File Size: 5.44 MB, 5435392 bytes

MD5: d20c33d021b6d0724a2e75bd87775245

SHA1: 1a5aafa8540392a5016fa25a3d6cf6f46ba717bb

SHA256: B10AC9483C555E345A0700D4E06AAFCA08D88A340917F96A9A5AFAE1C258E1AF

File Size: 9.73 MB, 9728000 bytes

MD5: a5032ab459f41ce9a96fb924e3d4bd9f

SHA1: 3febe6ecba3b204b3226882d2418bdfc00046990

SHA256: 411E5764684556BA1F414B08A30AFFD9307E8215CD395F08878E638C843E86D9

File Size: 2.48 MB, 2482176 bytes

MD5: b770eb901cbb36b4fc54440ad1599fbd

SHA1: 607f7af6e19aa64cd1e6598b07104bf6bde7ab91

SHA256: C9FE3E0715C79B9B32DE3FD150A95A4232E597B80FA17FC26F6D3EAC45736C49

File Size: 7.23 MB, 7227904 bytes

MD5: a5e248c303441a72dee1b0e1e232de7e

SHA1: bec2f0d5bfde522c559d3382760463e1d4c11647

SHA256: 83D758B8547A298DEB99D263A93460E8345E9C33C50F3A803786C758277F8D79

File Size: 3.08 MB, 3076096 bytes

MD5: 4c1e0ca935bca3506cead56fe7721056

SHA1: 102c080ddd262b819c3d0623d7fbf4f5071776bf

SHA256: 1B39913B2447D903222556FBBCB6365C4FADCC30B1EBEEFCF63A741F2A22C338

File Size: 598.02 KB, 598016 bytes

MD5: efffb571017118289d126f6eb8eb12f2

SHA1: b5a7ac3a91cef2a3e18beb74b196021e8f8a0103

SHA256: F39FEA25C4165F23C51BB8E25BE0785453A8DF09BBDBBAB88C14C244D700E5E4

File Size: 945.15 KB, 945152 bytes

MD5: 786e7ae27d79a91556b7278e6f19059f

SHA1: 40780b6e5952e00890b5eff723819c8430008ae8

SHA256: 2B764D7D455DF53C6951940A8C8E8161E618CE798389BF57779061DFF0E9148E

File Size: 4.37 MB, 4373504 bytes

MD5: c792d64edd2a6af80873b799a4a262ac

SHA1: aa77d51a0f1820bc27c97ead373f2dd6f0bc9a04

SHA256: 1B6F95745687D138CABB7A17AE3B8FBCA630ED84E8C912C02A379C00B0B7D7DC

File Size: 8.82 MB, 8823296 bytes

MD5: 8a0cbb49a1da8502aefeac13b64a93ea

SHA1: 4e90d9ad72fde853e4b1288d0e6efce94e1fb0fd

SHA256: 024A83719186D54946CC198EF03A16A517A778A92E5097A551BC588928DAB625

File Size: 6.16 MB, 6162432 bytes

MD5: dbbf2f496dd3f7be6bbbbfaa1d27aa04

SHA1: e44e300302dbce1c2dad6f518ea3c0cdb88fc4f4

SHA256: 068AE727C47A2FD7360E8C6949818E6EC8C144EBE2922E4501A4BCCFBDC015BB

File Size: 860.16 KB, 860160 bytes

MD5: 88a341ee035951c2e64cfea09712c3c5

SHA1: 26cf6409ad7cb9903ab2a76c2da1488995e7ca7c

SHA256: 29ED4455EDB84B4F2674E8725CB9242F81C34F75E4FAFD86FAC63B47484DD611

File Size: 6.20 MB, 6200887 bytes

MD5: f6bd6fd9af9aebbf04ef44fb8ef5f910

SHA1: 55958749c5adc108de2444b2986bc7da2a881392

SHA256: 5BF9C968BDA22B4966A276376C89490CE2333F5F445C3F62F64D33955841985E

File Size: 2.28 MB, 2280930 bytes

MD5: 2512b37991755e013f4096ee31f715c0

SHA1: e36c5c8030e8d79afe62df727e819bb5a0839906

SHA256: 359744A45DC5783E462CB1889C23C8E4A79E043CB7BD6FB0A75FD01BECAA21DB

File Size: 219.60 KB, 219600 bytes

MD5: 0a5045ed5c9a6824692bc376eafb2e07

SHA1: 418c5e30dc1ef8b56bcee41dac6c28ac13fde56d

SHA256: AC7B600AC4727C6F711880E52CBCD96899F0C4E4F18351C991CF1F10EC2E6A7E

File Size: 138.49 KB, 138489 bytes

MD5: 5af1781d4fb3e39919c2b8dada1b7e13

SHA1: b6484ad2affc50f49900509edbf9bdf08cf2f5d6

SHA256: B4F4C4AB2977BF5995A4944D423AB88B4A4B8FC3E54306421E7B09A71F25C1FD

File Size: 9.89 MB, 9893888 bytes

MD5: 1fdb19dc2da5fce6907fc03a07e63adb

SHA1: cd141cc7f5610e81df707633fd44ecb362aee2de

SHA256: 6F8D48C29CF268DD513EE79A78A523DA18572525D892EAF80102E32276E5646B

File Size: 7.37 MB, 7372480 bytes

MD5: 47ab1f372782c962dcd978022ed5785a

SHA1: 62fd82c15b013fc3f66fc52f1ad812bca766fb1f

SHA256: AB164151B36D1A61E1C64E2DFD21A0B5233FCE50357D693CF922EDA9E3353483

File Size: 2.81 MB, 2808779 bytes

MD5: ba01c831d768e2741ad2f7877530e2a7

SHA1: d3d77dc13f9c3b9c4826962f707b715ce3c8dcb3

SHA256: 9BEB2F3F8CB71AD79EBD3993DF6480327D08218EDE79E40714987051EF4F97EF

File Size: 3.98 MB, 3981240 bytes

MD5: 5e34eaeb1d12dda85d4cf45d981fc49b

SHA1: 0d3259d7fea3c50c09d6ead20fa94027ade09156

SHA256: A7AE8B6802C99E32D7B4801EAAE7A930B4161B69BD6E7BD23268463A9606A4DF

File Size: 4.55 MB, 4546048 bytes

MD5: c99f6a50d52a709ed29f2fadc700241e

SHA1: 9182ed5d068f42c25267ca0fbdf4f616790c4472

SHA256: FFFA61B3B3319EA1BEA163B6B8257045694D7E96B9E198EAA0831DE4416F6C6E

File Size: 9.45 MB, 9449984 bytes

MD5: ad78df28c0cacedda0a975003d69b58c

SHA1: 2437af95589d1a2fb86aa03e5d2d4aaa7f383599

SHA256: 5B9CE6301D70CBCBC2FF5FCE7C3E70497EBF126AE6F48037A41A5350C157676C

File Size: 1.01 MB, 1005056 bytes

MD5: 028a1aeabbcc2dcf4b19a04806e12183

SHA1: cd950ac7a22f2afdb50e3327b83c41537c1b04d2

SHA256: E558BE0F23997B18C146199752FF08B4334460B1EE47009E9D67ED188789DE1A

File Size: 7.95 MB, 7950000 bytes

MD5: b093c8ff5871d1acc808b2f0755848b7

SHA1: 2bad0ed4a0b0ef6ef3d504327c8e8fb96771e052

SHA256: 74F65689265E829E42AF0EF755640BB0B44B56C17E21CA69B062F9E86F34248D

File Size: 2.21 MB, 2207744 bytes

MD5: da16328a20bebaf20672b58aea9789db

SHA1: 4bb3fb5f16f4a59ec7bf037390a7de754021725a

SHA256: E7B4FBF6EEF2659C698A384B38C5C8487D7C2C1870A882D075EAFEF14F628A53

File Size: 6.48 MB, 6478336 bytes

MD5: 9f9b459d45496133ba7351ecb2943d53

SHA1: 60f101bfc22f4bc6fd4213281ba1f44fa0a5e6e1

SHA256: E771430E4031E3D324631ABEF7BF4FC7F4E48B58F7961D0A5B775A849BAF0653

File Size: 5.98 MB, 5983233 bytes

MD5: 7dc63564843a3f7f3f33544e7a7e5762

SHA1: 4d92bf632927d6d4897c7359cd308bab29cbf07c

SHA256: 4D5A12B4724089C24010AA67AAEE722C010D55C1B659B48658A8ACB06DE8C0A7

File Size: 6.39 MB, 6387200 bytes

MD5: e798a33fd7d825ecdce37e2c9ce10afc

SHA1: 7a59826ab15aaf42068679b017629e216be6e9c3

SHA256: 44889BAC2415B0A713043964399FFCDB396A9FAFF918D96D9E2B66B6D8026B26

File Size: 5.14 MB, 5139968 bytes

MD5: c692a69a87ce8b96ed08ec7b2a213c6c

SHA1: eca095d1f3d3e8b9d9073a87069c502fbb5d4c10

SHA256: 790159263331A8E310E5636AF25075F3BF3119CA8B7226248C1A4735FABA23B3

File Size: 438.27 KB, 438272 bytes

MD5: 27f64ef6c278f8558aeff65706fc8c85

SHA1: ac51efe0aedb7cbd88f490f94508750a62df5c6b

SHA256: 74C6706693CA759986F5057EE09F2E2059022C77C6A65F6F096953771E32F580

File Size: 8.04 MB, 8036352 bytes

MD5: 42bd644c37d4cee50240d1bb696d2241

SHA1: 96dddf2c72608917096c71620a1148fd7db7a5eb

SHA256: B9BD27AD4A92B45B44CAF9BA6C022BE153EC652C118BAD18927E78BC480A31A8

File Size: 413.70 KB, 413696 bytes

MD5: a7d5cf5f82ef0d7995c6a72219a890d8

SHA1: 068a06d188572582d8996d775ea37660cc091990

SHA256: 857A50A6754A4DC7EC356CD99E15B9BEE75C56ADEE71E525D3F8699242F6598D

File Size: 9.74 MB, 9744896 bytes

MD5: d16047060b3cca6d2e71c0cd253ccc7b

SHA1: 77d6f13b40e6dd13e269adf830d2883b9ad895b2

SHA256: 4AEA115B3925E7C59D848D96AC62AD48C4EE6D4B9A2793855D6591E744003682

File Size: 5.70 MB, 5701120 bytes

MD5: 7ac86a53198e81e81def2d4ae74b035a

SHA1: d3c1c922ce7fd6cde2f163a1a90138858d871c06

SHA256: 5173129E240BE8E4D82B8CBB66C808C9FF4B4F711D4FC8158A5513A791AE1F20

File Size: 291.34 KB, 291344 bytes

MD5: de405801f381f45618bda519886f3677

SHA1: afcfcba053ee8f63fa04f6c5b7df4653ccd88acf

SHA256: 6CE7D874A634C014A61B4825BD7548480CCEB174CD0DA3E27F2121F7D9A4873E

File Size: 7.05 MB, 7050240 bytes

MD5: b1ff73bde71040022434cc6dd8f63ef1

SHA1: 727cc44874e351ae8af034ce5ebc731dd9bfb95d

SHA256: EC1B9B3EDF5F2CA3D152FF0AFBBBE380EE698A88E26E10BD5778929CDB66E551

File Size: 1.25 MB, 1245184 bytes

MD5: 3b01a8d6ae00690df0d33c918cbe8638

SHA1: c1518969455cb7a023e71ec10403f4ffde5128d2

SHA256: FDE4C3F6A65325F08820E5ECD7258CD5FF424A132B428282CB9A4315EE460461

File Size: 5.93 MB, 5929129 bytes

MD5: c84304c303c781f67a8f3fee2ce1e6dc

SHA1: 195820f0114f603a4e738cb269d0d4305bb30a58

SHA256: 6C8480A1F6A5AADAEE1E7681B366ABECCA665513039475CF773C2DCB64AEA907

File Size: 1.45 MB, 1445888 bytes

MD5: 505dd287e81770273b031390aef66187

SHA1: f43472c8a0e09a2dbf09bfd761b4afebce8f7334

SHA256: 48CC818C12ED16688D67C79096FC0D321160301327638E0D5337934427275FBC

File Size: 32.57 KB, 32568 bytes

MD5: 88c26301cebe3d0a7e49c0f34da27368

SHA1: 42ac76ef198ffc0a0abce46d7283cf63f5ca2051

SHA256: B705CD90FD42F3697BB6C558694BF2801D0BC70C4391CF835324AE4264573225

File Size: 4.42 MB, 4423168 bytes

MD5: 9c46ab0e19c30742f21a9fee44f2a401

SHA1: 096e605f1a84ebe0c0060e18333036e3e2133055

SHA256: 17CEF1BDD381E5B033865FFC21188F6F932A561C127C5342845C1DE245A44155

File Size: 2.14 MB, 2138112 bytes

MD5: 982333cdd27723bb2930ba83d8192905

SHA1: 4af3a5eda20b0d82cb373f132304171f39b0de5c

SHA256: 95B9F040BC8A86C0F8DB449EF3ABC83D9B93B0E8C004AE0EE5962D5FFE7A6E18

File Size: 1.46 MB, 1458044 bytes

MD5: 5ca4835017a59d76ffb654fb1addd8e4

SHA1: 5ec0064731861fee93e1b69f29a45a1a40deb82f

SHA256: 68178A3C38EF0BE0DD31D2DC57447E3AD53F2BBB868A84B1C335C085FEAE43DF

File Size: 5.75 MB, 5751808 bytes

MD5: c48b29cb582013b7f68826f586f000ae

SHA1: a7309dfe39df8845b406c218804891bfd03514f7

SHA256: E4D662BE07188F132AED7AD490699D68CA0999FCE00FDFEF03EC08ADA29473F1

File Size: 175.10 KB, 175104 bytes

MD5: 04c4cdeef8f8015a8f44aa1f45a0218c

SHA1: 4ab206f7f1c888591e1441cd897f02b258f1aa33

SHA256: BA90C2A528A85F07FC9658D1BEBBE412DEC1E9982A9CF9F6B437B0D4D3B0FD74

File Size: 481.28 KB, 481280 bytes

MD5: ee12094bb7b1815cab501bc2c708f344

SHA1: df841a9fc4c2059a548819f7eea5f3b1e8201436

SHA256: 976DDD33C4FF6954C6AF70BFF38A60E2F434E9BAC2639421BE7C2C7871771E03

File Size: 9.32 MB, 9318400 bytes

MD5: 68cc89583c8ac84d58c331447ed124df

SHA1: 5947ebaf4e5ddaa713010c3360f15815166ebd49

SHA256: A36A574A390AE479ABBA452CCB8A5F2F070FAB48093CDB2A10C88B6552B1C180

File Size: 9.82 MB, 9823560 bytes

MD5: 5755644ce55373c8bd680cbfea70f603

SHA1: f347913200f96ebfbf588fccd53938956c5160e1

SHA256: 1A928A939915E08519D4E4088650AA55AB0992115EED92C74513A7D44672FC42

File Size: 156.67 KB, 156672 bytes

MD5: 5e803c96e6419645d078946eac462ab7

SHA1: d6feebe9984073f7e0befd6c78782a56a5fbca1b

SHA256: 04E5493C76852987A63A3419082A6725B18349B0BECEF77D3DC48304DD0A7C14

File Size: 245.76 KB, 245760 bytes

MD5: c2f6f78cd80408917f42678803494814

SHA1: 4dea8fb19d485f2b17dace50a05e6f7d4d7ddbf0

SHA256: 7E8608FF766933D351C5D1E760583BD079B36CB5E38BE96F0F2675872E18B11B

File Size: 719.62 KB, 719615 bytes

MD5: 2a04a9911002df066c9933ebc049c130

SHA1: 4c2e0a0a352de306846526d1bdcb35e2cbefeae5

SHA256: 24DE5885401BEFA92A3DA317616A7772F0283FC69134DCC5478CE0103482C1F9

File Size: 1.36 MB, 1357825 bytes

MD5: 0e9f8f7fc4c9bc6a6948cef5d0b05210

SHA1: 78fe47dbe08e8d72e0857c7c11216d2076044a56

SHA256: 626057371E13C758970BC3CF9AE37BC4A72395A8E84EB75A45AFCFE621C4FA55

File Size: 1.95 MB, 1948184 bytes

MD5: 691b4bd30eb2ef5ef1b50f21ff09ac89

SHA1: b3d0493a118e6e7cc5162880f3699bf6a6e749d7

SHA256: CF3CF8E67FFAE4CE46FAA79D16BF8E0B519FE7972F6A5498970545EBC7B6F9FB

File Size: 1.83 MB, 1826816 bytes

MD5: 68e3cdd42f3338f98f39f5065b0a54c0

SHA1: adce3c77563fbb961ecbdd1db1d3e6d62c4330bb

SHA256: 3197C8047F648C254AF565DF3A27D0F8D60FEE69678A385B88824E427526BEA9

File Size: 953.63 KB, 953632 bytes

MD5: 98f6fd654a85a5c484bb2a1886fc12dc

SHA1: c65bb2765e565d6a42b0efbb5c56ec1d1a62e071

SHA256: 1F98CDBEB6EBBA8C68BD89518C7A3194E360DC43FC44F7F60928BB646AAF23EF

File Size: 1.05 MB, 1048576 bytes

MD5: e71b30761ec0a761a1d38ee96a06349e

SHA1: 0f0aa7d2a4c9b530b3c8692d42c4a1e02a79e294

SHA256: AB9B998B8DA75FEC1E3284B2BE1385633C0696B8453EA161F24945141972C8DE

File Size: 13.31 KB, 13312 bytes

MD5: ed5116a4f9a0d1ce9c7fe36a544def52

SHA1: 5519c35f2b97fb10a5bf31bfd2534b4146d42674

SHA256: 8DBF5AB112383876B87B096E717014AFA3626B20CBBD772B195029A6D33A0506

File Size: 5.64 MB, 5639168 bytes

MD5: d7fa928c83883560752c705c58a37675

SHA1: 8f7761f6076ba587ae1ea75f3fc4aa90a9ccf9dc

SHA256: 81130F155AEFE5D044DB98092CBF2A293019CADB74808869F78F3F612F854276

File Size: 5.82 MB, 5822499 bytes

MD5: e9c5a60f40e30b7c38befacf8b204ad6

SHA1: 4c9a875f059a1cffec44adbd178a5862f8008c93

SHA256: F659B8F0D170F7EE704F20E73EEEC4380FCF188315BFA79EB494BE405230563A

File Size: 9.09 MB, 9086344 bytes

MD5: a80ab6bc9a6a9672cb13028e92d6db36

SHA1: 6995d4311396ba9608b5700c7634a8e2f4248913

SHA256: DC2C31F3FBD285FEAF066F0FA71845A82737E3829CE9B4060C1633537F9392D7

File Size: 1.42 MB, 1421313 bytes

MD5: b101daf4905c0795f9153fcfe6819138

SHA1: d63351bf832f50303ce54edab104d08581eb8fab

SHA256: 7D625099975B7B537E8F73CF1D8220AADD8A97EC1D493A838AC426FBB1DB09DA

File Size: 7.43 MB, 7431680 bytes

MD5: 2ba714936ba58babae00740f2f3fd8d6

SHA1: f3e516561f3f4000ce797a6e910876b9b0a51a4c

SHA256: F178AF583C412F77527F01C69AFBA8DEF67AC2EA516A679148DEF5BC410B5863

File Size: 7.08 MB, 7079768 bytes

MD5: 3825bdbc7f77b372bdc41e717793b77d

SHA1: 3a9929033d65545d7d7d6d6ddf72b4179206471b

SHA256: BF2307323A1A7BAEC9786C707443999A1A811ACF4F280A09B53EB8C7C0C8EF49

File Size: 6.24 MB, 6239232 bytes

MD5: 00ac776faca9396db9fcea490ed2a99d

SHA1: de318c59db2bbaafa632069e2c186ffb804d7eb2

SHA256: AF97B4F680740A645EDCB400FA88378510BBF86D5A82FAA82C59A5942B474C6F

File Size: 6.12 MB, 6117376 bytes

MD5: 86fd8ba2932adacb3ddadbd7a1a5fe04

SHA1: 2a9c951763362b42bc41224864a6b8f61d8154a1

SHA256: A76EED00151D0BA89302A557693307F486B01BFB4195CB47538B0E02EC09D1A9

File Size: 4.35 MB, 4347904 bytes

MD5: a9bbe92ab57a3799dfe21fcf5b1ea595

SHA1: f9d38015bd679cad81bfde8a7d83756fc363a79d

SHA256: 108145B1EE59119DB1A409703156A5D07786EDB798C639822BB4C1EC134DB960

File Size: 4.36 MB, 4364371 bytes

MD5: eeaff7e85cdb68d95d61274dbb9b638f

SHA1: cc987d1b8dacf55fec1c6a02d7c9dcb4dce1f61b

SHA256: 3D875457149C17DF0C1678F19AADF02E66C398B403F7444EA15D4EBF374B15D9

File Size: 6.78 MB, 6779664 bytes

MD5: b872a1c0fadca8f6b4eec06a8548c2d1

SHA1: 5b556c7522d63ad6c324eae4cb8a7e16cbf9e055

SHA256: C28FF3DC63E5D78EEF347A99E71F319803B2B5A33D840E62BAF407C9E932C3ED

File Size: 2.83 MB, 2833867 bytes

MD5: 988150fa04d875e9aff6136853a6eb37

SHA1: f09e3b655620a8f136f732293ca794f968098d85

SHA256: 831EEAB3083997ACA9F0A443BFCBB673D2528712CA3F1B32E881F607BFE0AF1F

File Size: 5.59 MB, 5586944 bytes

MD5: 7c7d142eb263cf036ff491395c941837

SHA1: e6065a7e7563360e584c9df47aebf9bfdc8472d8

SHA256: B6A38A1789CF54DABEA118729650EFEDCB26A3D1C5D4D7F65063346C27B04DE4

File Size: 4.08 MB, 4084224 bytes

MD5: ca87218fe0d303ff2351cdb0232f379a

SHA1: 262becd9264f4211c70145751c496e4f40282fff

SHA256: D42E20B35C6269DA6F47AE72EE5AABE1E6A282CC5948144B8D2FEAE4C986B31A

File Size: 326.66 KB, 326656 bytes

MD5: a048cb77f9d133d17a17d3a138d7aa8e

SHA1: b06d81ea6b5f38f978701a970567d4fe243e05f6

SHA256: 90C42ADADD6DBD2F6E62A27155392D7A205D167DB3E0A126342002CDE2F3252B

File Size: 1.15 MB, 1145344 bytes

MD5: 74fbfe9d3dcd549255e739c368e1d4a8

SHA1: 4006acdff112651b5d70d838d4b32cb2010c0b7a

SHA256: D72BA1F6E4081FAF3A6467FCCF82C92646EE17E9116FFCE68C1F3453D84C0520

File Size: 4.19 MB, 4193280 bytes

MD5: 189a1772f7653134f6155efbb5350e3b

SHA1: 9424bf2da1bfc1cf349ffdb51d5d4b64fbb100ff

SHA256: 73F821C4CD36AEDFB7289AD1F917D9C68119098C9FBB640BE8863B194D70F679

File Size: 5.30 MB, 5300224 bytes

MD5: 27e98440b1973cb6b227ece16cffc085

SHA1: 876431a4b1513c5378fd48185ecf0af1623525ce

SHA256: 37D64E81D40B70EF5E18732DD9DE74EE5CBFA0CF889BCF33D6EB39C7CC58F0FB

File Size: 1.20 MB, 1198080 bytes

MD5: 16d38f8dc2694ea4399ef97111c6d5fb

SHA1: 254b5e6579fd618eccb139863b61fc6d5df266f1

SHA256: AF510E884D3733AEC4AE0E1153ACAAC18E9A9CDD8F2B6ACEEBA82E1BA781F990

File Size: 57.34 KB, 57344 bytes

MD5: 6a25d64f163564516009423403b880ab

SHA1: eb4cae0a7cbff8607279a4f06bf82907ad33dec0

SHA256: D3C28C9BF419DCD446A14B6FB236B875C6154A7A8577F097811CF1382381E13A

File Size: 67.58 KB, 67584 bytes

MD5: 67710f00a914a6bab28c421a55764bf1

SHA1: 0e0ee8e00bc529434404bb0857dd26ac9ef58455

SHA256: 7318D8BA13163A478DBC19F16C0A742F84721121BD8016BE27A228A5B1AAC86B

File Size: 1.07 MB, 1067008 bytes

MD5: b0748bf4027747e91924c8b0a6052944

SHA1: 68e003700e4e35fe98383d79c3989d80efcbd954

SHA256: F37251E942FDF04C102EA5CFFC5F0C108DCD78A1AB8F038B420AA629860E898C

File Size: 3.31 MB, 3306245 bytes

MD5: b9430509814933546e2f38c11bd2a899

SHA1: b11c5418e9ab8c62d6aed9646378b851e22a65c8

SHA256: 43C7B5D59C58F478BF25D2153A0C93A63B07343D8AE41F18707C6A122F3C5257

File Size: 1.69 MB, 1688219 bytes

MD5: 01a0466716ead85d74b25fc46a20c497

SHA1: 22ac19cab65a436bc747247bde4b213a892a29a2

SHA256: 98BD276768472486E354D6F4BE1BF7CAD4DDBD197C48109AC42002DDB2A8AF6A

File Size: 8.96 MB, 8960000 bytes

MD5: 39cb1d1efa42b2385bdad1d7ed3fe7a2

SHA1: b81ea1d2415c3ce707513749953f8a16aa13cce1

SHA256: 77FFC45851805EF5B625BD77A8FA65B9C73D78FB1591E768FC651796FA2ECEA8

File Size: 5.96 MB, 5963312 bytes

MD5: acf1d81e8c825b758ba40a4ae023904c

SHA1: d34660d7840bdd1bbba126cede4aeb48e8a26b00

SHA256: A704885DB4AF8E2618D855686BFEDA45F3E81CA34806A076612B014954E204E7

File Size: 6.69 MB, 6685696 bytes

MD5: 8e75825b55eed6590b69ed242032480b

SHA1: c838ee9fc17b77dd2abc228e560d5fb111059404

SHA256: 2C7E11E7994339EE794DEB9C37564D8E522F3EF803382CFBB2BD197444AC5BA6

File Size: 6.83 MB, 6834688 bytes

MD5: 9a4a8491296cbd98d6195500029c8f3d

SHA1: 09679cb94d4593cadbe71ae8f6000cbc3d8dfae6

SHA256: 067E9B3947CF2FE706804D821556D1E4789E8179ADB14A10FC4ED5C6AEB2A7AD

File Size: 6.40 MB, 6402048 bytes

MD5: 0c3003e6c2177e10e2bd3a4107c02656

SHA1: 7e86feae4a01312d9370de688314e09c8c07144b

SHA256: 6139843507953E7199CF74108F07F5FFB6EFB885CAF0205FBA01390236B00547

File Size: 5.80 MB, 5797376 bytes

MD5: 19397c4aa32100a5936338f60e5885d5

SHA1: c52cdd180d732e702e8e204a601f0e3195dc6727

SHA256: 0BD3EDE0D9F8513AF569B91EF9C99FE38C35B585566C1AF5EE874A2D4A828793

File Size: 5.58 MB, 5582848 bytes

MD5: 4a8b7c511494cf7e2ede715efe690658

SHA1: 6020dc51b7560c0d2b5388b1ef386bb07384cbbf

SHA256: B6F6D70FC40E79F213119441E6CC05ACBB222A3ECE6CFB1D4295C922DBC1E00F

File Size: 6.87 MB, 6865288 bytes

MD5: 2d4f632c6209692b3d4f0b36dd49c0d0

SHA1: 0618b1605aa7333c66f5c43f6fcd5bdfa2f227ff

SHA256: B13DD519D5ECA035AA105AE564E6D49240B0B8FF04C8184961B297B44C3A4CE5

File Size: 455.68 KB, 455680 bytes

MD5: 5a0aef10b872286f495635028a969768

SHA1: dd2895368e97bfbe14ecb034feeaa78f1a3b4f22

SHA256: EB655BA60C8DCB3DBFDC26B6B1E5FD84210E37F91B4EFEE157BA4189ABA4B0AB

File Size: 9.82 MB, 9823624 bytes

MD5: 36f4a9c1b281b624742d28022bf8ff7a

SHA1: f74a29c88a9277feb8615bc8fbe6cb8b0e27faf3

SHA256: CAA097CA8F955A8D43B430CFBA6011072DAFE5A8409BE42D3F7771F9773B1EDC

File Size: 773.63 KB, 773632 bytes

MD5: cc0ff174955c3588c9467364e0a36769

SHA1: 77fc30e017399a6ce91bc5966da2401d3f7c14eb

SHA256: 66F620484982EEE34279CABEDE56C15597DA90F4893F72EEF2E885CDA2EDFCA8

File Size: 7.44 MB, 7438774 bytes

MD5: 21df4b6e33b0a8d5440a0884059eabe0

SHA1: 3ac45e6e6cf4a31af437ad6d5de5a857b1d01c66

SHA256: EA371B6953C1CD3E69BE149CDA2EABA46623BBF7725C85AF770559044F1FFA05

File Size: 6.86 MB, 6863240 bytes

MD5: a7cd2b4d4aad5f6b19dc9258f48af222

SHA1: a28c234e777c6f45c5ba14d6658b733aec0738d4

SHA256: EECADF5A75ABA3952BA015D4E95F04269A2AAD197396E15D1F63089DFFE97AA0

File Size: 1.73 MB, 1726767 bytes

MD5: cf6c0bfead4b36b28310427ec631d70d

SHA1: 5638274b956aa7bdefef860c6f03706634f6f0ff

SHA256: 1F05342E4FE05B810359561E14C9B2C105FD230C9BFF16B6A43026239CF0BC1F

File Size: 3.17 MB, 3174400 bytes

MD5: b4bb73292f98e7c77613715d772b306b

SHA1: cafa809bbc0f283b05f5b4b0fdfa7285365fe0c7

SHA256: F838E58EE22CA5881462C68AFEB78F8F9B7C0F39BE5AF9C38316344ED1DE2EE4

File Size: 1.48 MB, 1478656 bytes

MD5: 7c4beca0b5c165b0f481f8408900015c

SHA1: 5841cf3638ba423f88b76bb6701e63d188b373f7

SHA256: 74A378CF3C43E64419F7C860FC2B53788F0A5DEA84DF353CA9767AB6DCDC168F

File Size: 6.59 MB, 6590976 bytes

MD5: 581d756d59f664ca4036bc7ab314b289

SHA1: e981e6b0dc616c2683c9a914e37526821a540c22

SHA256: C65A3DF315ECE3C45509A2639FCD9396A17F0E9627354300F34B4495000717DC

File Size: 498.18 KB, 498176 bytes

MD5: 1b3894933ce707c0b4247c4b997559d3

SHA1: 02ae5c3b8617c205fa626de82d8c1e001529ddd8

SHA256: 5CCF6C53DAF3018AFCC36537687693C92A2B6BF3D46DE99BBCCD41DBDA5C1BEE

File Size: 8.86 MB, 8863744 bytes

MD5: 45c9859773e69e4dd165c4ecf6e920cf

SHA1: 463e6b40afd2667cb9d9a8892d9629043613d852

SHA256: FC7852A410FA59AD5F88CEFF1F6F8E427B98035406106EA4A5BEDF4D77F3EE2A

File Size: 5.59 MB, 5591040 bytes

MD5: 8a16622b8f9c5cc6fc945b68d4f6d588

SHA1: ed06e0ecacd8202e7387ff374e845caa76abe059

SHA256: 7CD35CF684ABB984B7500FC8E61442ED4057695A50FFBCDD9BD2D68A1A8D2ED8

File Size: 7.36 MB, 7358344 bytes

MD5: 0744d006eb82c0de4cf4ccca14210ab7

SHA1: 1a4263a1682b19c6c2997471422fd60c3f7218c1

SHA256: 462A453926AB58BD608F5B8659518B278502FF501E99E102E5A711745AD91157

File Size: 65.02 KB, 65024 bytes

MD5: ef0f2db69f82cfed6821af946f39d6d5

SHA1: e92a1aa4803d892f607a44d373705cdaa1de8405

SHA256: B976566104D7279310BFD0190A1661F1A65F3F8EA63638E01390DB83F1DD1FA6

File Size: 6.57 MB, 6574195 bytes

MD5: 014f888c0c619a508dd571b64043d42b

SHA1: ebcf653ce93bf993639e47ebd8b7563bdeb760c5

SHA256: 07A5BACBDF847CEBA1FC90B36DD05140E5765B415CA54ACD3811A20310B137FA

File Size: 7.84 MB, 7837586 bytes

MD5: dbee6a02da18f97e0c5c018b6edbcabf

SHA1: fd6905e15a4c816ea56663078cdec4c69bd228af

SHA256: 7DB2E5134DAFF5A68E54E5FE7972B0FAC77A33B633DD3195DBC482338BDEDCBB

File Size: 8.19 MB, 8191959 bytes

MD5: 429426b8105f2690dcd58b4d2c6cf9aa

SHA1: 6291b815df026d5aa9c41c43dd3ea269cc9caf47

SHA256: 4033F9FD65AD0B1F10F9DEB6DF906BC2A91D94401416DAF9B390639C18F16C4C

File Size: 7.26 MB, 7259136 bytes

MD5: e88a786e62eb2140cf351a6b73ae9047

SHA1: 0ae6616f9f63fde442d8f402bc55fe49c95c5ba3

SHA256: E398F160FE2F6381AB1F2A07E842C9C9B5A560021C176C2E1C1024F1C78E43A7

File Size: 6.68 MB, 6684672 bytes

MD5: 76b9570326e64fd4ac59537781d65f8b

SHA1: 30ef183b878a7d65915a1bad1eae2ea1b7c9d2f9

SHA256: 5DBA357625F8CA32C182954D780C37986CF440F1D94307CE580C865F8702F88D

File Size: 9.62 MB, 9615872 bytes

MD5: 234eb655d645fbde1f085da24dd6886c

SHA1: 3383b61bbd6e4bac5ce5e191387909928c4535c8

SHA256: A9543C850ADB5540C14DE5B9D30898E085515ED8AEBB06293A3992C176CE7FBE

File Size: 674.30 KB, 674304 bytes

MD5: 6b7270539a5ea4695587af0ec94a0e17

SHA1: fbd0d0ac51ba795b19140f1d269584029d38776a

SHA256: 58CA3A8DF2548BF401427129BC474B19D1B76C52947EEA1FF822C4285CC4866A

File Size: 3.05 MB, 3046184 bytes

MD5: d90c19b7404e2c0997eaf028d08729fb

SHA1: 6f5f132304ece5fc9dc7506d1b2dc7fc6388d392

SHA256: 395A51637E9459304AD075162A38794FDAA15A6023399FAFFA0BA940B2885E7A

File Size: 118.88 KB, 118878 bytes

MD5: c28fcc596bf0fef69dc57dae03042ac8

SHA1: 2e46761b836e25cae8c87d0ab5dab10d188a7d5e

SHA256: 608D6ED9939E8432DE8FE645FD434BBA4D5BB4FFE16ED125A618C596942F9BF3

File Size: 1.88 MB, 1875968 bytes

MD5: 8d5a091546053b3bd47d41ad70acda96

SHA1: cad526435ba0bdfa7966b64b64803a2d96bebfc8

SHA256: BEF9273F94193CFD741C111B894DC3B5403A623F0F4F58626DB0F33D100A0615

File Size: 3.08 MB, 3081728 bytes

MD5: 522129157c84c76c4647a607068ec2ad

SHA1: 8f7054aefa89a8ada99663bd16b06380db5730fa

SHA256: AB2851BEFD76CC7F0D97151C61D792BA49361706E6845A6ED3B32A11F064503B

File Size: 7.89 MB, 7886971 bytes

MD5: 400fea0334d82f44be7fa900e8b5603a

SHA1: 27550822cf1e499c718c8e0a2a11fcc49064dec7

SHA256: 72A1DFC818FC794E0F97DA65D861C2D03C127EE1C8DD193774EF316AA4FE55BA

File Size: 6.76 MB, 6763008 bytes

MD5: 6a020fa26ac863a154a9a4a0b04ee802

SHA1: 63bc76d565bd9ad030b9798d0fd3d94cac8cd088

SHA256: E31251A1F59B22F0E9A94F1B45281567523784011C555C978AB6F1E236D6B2AD

File Size: 382.46 KB, 382464 bytes

MD5: 390ac5b45a5b614316a298ffd4c63803

SHA1: fda800901aadecd6adb1e0d2145141f31d6e6e33

SHA256: D8F9C05BEFC8392986C4C347691B8C3AFA5EFFBE2D5D78AA342B629FA15776BD

File Size: 3.18 MB, 3181056 bytes

MD5: aeb5b795d35cba640fc64c8ad7dc6e5d

SHA1: 35a951615942488b5c72e45860aca26c2c000a07

SHA256: 23BB8B05F7FE668523B5C820FE30CDA3BFB350318040F4CE0901E4837C80D39B

File Size: 4.95 MB, 4953600 bytes

MD5: 70cee96279968f0858bfa1723cbc87c7

SHA1: 7c2b73e365a7ed7e3e99f4542f84aef03733f614

SHA256: 1843DAA6F2BE3DF461E07A7991A533402087B6A5DBD4E76304C9B61B82A6F388

File Size: 9.72 MB, 9718272 bytes

MD5: 63e0ee30b150c1aa9cec4d7f8fef9027

SHA1: be16a8a1edee6d5e3b64fb24f6cb44c4ad616414

SHA256: 4D56C9736B40A1F947CBAE1939586582B73502BC07E2F31FBE7ECFF9FF62D682

File Size: 6.73 MB, 6731144 bytes

MD5: 3be9efc4084697c58951a6d8d38b5f4c

SHA1: e0c51ebfd0dcd97cf669d225c16fd1f09c81a1e3

SHA256: 6CB6BD0873F5B9F0A16BD540C91D6F3D35332E60111D6B75AE823C326F758A5C

File Size: 5.25 MB, 5252608 bytes

MD5: 9e1a4608797f0b57d8e1c7e5693fda32

SHA1: 4baf7af1a2a66000aaecbc23edcbc9725e546a69

SHA256: 7012F4832981B4A6AA87B117A931E94F396EDFADC4EF8F8D722995B9E006323A

File Size: 8.56 MB, 8560640 bytes

MD5: e062fd470ce6ea578e125d8e47fa1a58

SHA1: aaf3e22fbaef6d96c58e7eafaf5b11573c2b30b9

SHA256: 927FE5FD51CC8D2005E424448556F6A21518DDD69E2C2028A68629407DCE462D

File Size: 1.62 MB, 1623041 bytes

MD5: 02b957a6a6ec42ba1e58ced2f797919b

SHA1: 2ce8f04341aeb209825d50f78d19ca0b30962f24

SHA256: 25597C301AEE5CD1FB1B986FFB330BE7A8A53635A202A1F8B089E0F6A61A91AE

File Size: 7.19 MB, 7193600 bytes

MD5: 4c596f13ae9225d88f9a41008fa52aa1

SHA1: 60eb2b89f05b02edbe2befce0d5b8595ba0427b8

SHA256: C509F64AFD6C0B29709F252A5AA37A37F9EA67DF6B285EC22615B04D61E99D8F

File Size: 7.76 MB, 7761920 bytes

MD5: 582b79044006e592505e3b7328756570

SHA1: 106f0b3deaa4ff191ea4d1463848be148861099c

SHA256: E94D162F95787293A82EC734D6D2B477B882C4DE3CFFAF39311BD3AED29E88FE

File Size: 2.75 MB, 2749899 bytes

MD5: a27d295378ef66d910f402f3c75723f6

SHA1: 2e5ceeebb6b2da59c8ed0157b3067133faf00bae

SHA256: C2B792E839533257457994C96024247CA3CACEBC5BD936A6C605B7EAE7CCBC05

File Size: 9.38 MB, 9379840 bytes

MD5: d1bd152e91af9312b56dd02ff9a48d6e

SHA1: 633de74eec6c65e41891db700c72bd13258eb90b

SHA256: E96539AA0ACA88CBF18B19284E0F5942B9353E90AED10AE7C051BE36027C9ECB

File Size: 9.88 MB, 9884672 bytes

MD5: 7271cbbabea6764f68a8f2141bac0825

SHA1: defcbc196f5649170a436830cf054c985ca9bbf2

SHA256: E2D9F04171F5C46F9A3844D738EF819FDFCFB43CB7CCA86B43A348FB89930423

File Size: 3.45 MB, 3449384 bytes

MD5: 4a848de1539913f76b851a75f5e8615e

SHA1: 6234b95160cce77612a5c509a76a50fe4e68d132

SHA256: BC4DCE9551EF359423AC38E880A5BFAACAF2872F74BB17F38B8A2F3D9304B30D

File Size: 558.08 KB, 558080 bytes

MD5: b7d0c016d4b2732e291c1610e3d5290c

SHA1: 94d1028c2796b8cf9660425349c15729468c5776

SHA256: 0D01E269D83DBB95A58F4ADA87023A59DF4F6C503785B155DEB16220955F2B93

File Size: 9.86 MB, 9857024 bytes

MD5: 65f6da917a096e0cdd0438b70fc328b6

SHA1: 330e4c72582e3f44edb9462f1aa790a0465ffcdc

SHA256: 67EFD00045C1E6ADB1101721C801DF671BF43D7AC8C7E9C8E57320483B44D7CF

File Size: 782.34 KB, 782336 bytes

MD5: 5c461df7483f89cbcf46adc068a9041f

SHA1: d24bbf74f04383f527491c86a286d68a7abda086

SHA256: 0AFBD1989083E7FF3CDA02F65D84437F0815C00209E23FCAFFFD8FD8B9CAE292

File Size: 3.42 MB, 3416576 bytes

687 additional samples are not displayed above.

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application

File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

1030 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Assembly Version	7.63.0.175 3.5.0.0 3.0.0.0 2.0.1.0 1.1.0.0 1.0.3.0 1.0.0.0
Author	Fabrício S. Caetano, Giovana D. Barbosa, Paulo R. M. Carvalho
Build Timestamp	Thu Oct 16 17:13:35 2003 EST
Build Type	Retail
Comment	Build Date: 09/18/2024 - 11:51:56
Comments	# py-clash-bot py-clash-bot is an open-source automation tool that allows you to automate your Clash Royale gameplay on Windows and macOS using an emulated Android phone. The bot uses advanced image recognition, mouse control, and Android emulation to perform a comprehensive range of tasks automatically, letting you focus on strategy while it handles the daily grind. _Join our [Discord server](https://discord.gg/nqKRkyq2UU) for support, updates, and community discussions!_ ## ✨ Features ### 🎮 Battle Automation - Trophy Road 1v1 Battles - Automatically fight in trophy road ladder matches - Path of Legends 1v1 Battles - Battle in the competitive Path of Legends mode - 2v2 Battles - Team up with clan members for 2v2 matches - Random Decks - Randomize your deck selection before each battle - Smart Battle Management - Skip fights when chests are full, disable win/loss tracking ### 🎁 Rewards & Collection - Card Mastery Rewards - Collect mastery rewards earned from battles - Card Upgrades - Upgrade your current deck after each battle ### ⚙️ Advanced Settings - Emulator Support - Works with MEmu, BlueStacks 5, and Google Play Games emulators - Render Mode Selection - Choose between OpenGL, DirectX, and Vulkan rendering - Real-time Statistics - Track wins, losses, chests opened, and more - Performance Monitoring - Monitor bot runtime, failures, and account switches ## 🚀 Setup Instructions py-clash-bot supports three emulators. Choose the one that works best for your system: ### Option 1: MEmu Emulator 1. Download MEmu 9.2.5.0 - Get it from the [official site](https://www.memuplay.com/) or use this [working installer](https://drive.google.com/file/d/1FDMa5oKIhbM_X2TGHg6qSi3bnIuIXcPf/view?usp=sharing) (version 9.2.5.0 recommended) 2. Install MEmu - Run the MEmu installer 3. Download py-clash-bot - Get the latest release from [https://github.com/pyclashbot/py-clash-bot/releases](https://github.com/pyclashbot/py-clash-bot/releases) 4. Install py-clash-bot - Run the installer 5. Create the VM - Start the bot once to let it automatically create the "pyclashbot-96" MEmu emulator 6. Install Clash Royale - Install Clash Royale manually on the "pyclashbot-96" emulator via Google Play Store 7. Complete setup - Open Clash Royale manually, complete the tutorial, and optionally sign in to your account 8. Close MEmu - Close the MEmu emulator completely 9. Start automation - Start the bot, configure your settings, then click "Start" to begin automation Troubleshooting MEmu: - Switch render mode to Vulkan, DirectX, or OpenGL if experiencing issues - Delete the VM and let the bot create a new one - Enable UEFI in BIOS if needed ### Option 2: BlueStacks 5 Emulator 1. Download BlueStacks 5 - Get it from the official site: https://www.bluestacks.com (ensure BlueStacks 5, not X/10) 2. Install BlueStacks 5 - Run the BlueStacks 5 installer 3. Download py-clash-bot - Get the latest release from [https://github.com/pyclashbot/py-clash-bot/releases](https://github.com/pyclashbot/py-clash-bot/releases) 4. Install py-clash-bot - Run the installer 5. Create the instance - Start the bot, choose `Emulator Type: BlueStacks 5`, select a render mode (OpenGL/DirectX/Vulkan) under BlueStacks Settings and then click "Start" to let it automatically create the "pyclashbot-96" Bluestacks 5 emulator Instance. Alternativly open the BlueStacks Multi-Instance Manager and create a fresh Pie 64-bit instance and retry it will automatically rename/configure it as "pyclashbot-96" 6. Install Clash Royale - Install Clash Royale manually on the "pyclashbot-96" emulator via Google Play Store 7. Complete setup - Open Clash Royale manually, complete the tutorial, and optionally sign in to your account 8. Close BlueStacks 5 - Fully close the BlueStacks 5 emulator 9. Start automation - Start the bot, choose `Emulator Type: BlueStacks 5`, select a render mode (OpenGL/DirectX/Vulkan) under BlueStacks Settings, then click "Start" Troubleshooting BlueStacks 5: - Open the Bluestacks Multi-Instance Manger -> Click on Instance (Blue, Bottom left) -> Choose Fresh instance -> Choose Android Version Pie 64-bit -> Click on Next -> Click on Create, then click Retry in the bot or restart it fully. - Try switching render mode (OpenGL/DirectX/Vulkan) in the bot and start again - Restart your PC and let the bot try it again ### Option 3: Google Play Games Emulator 1. Download Google Play Games Emulator - Get it from [https://developer.android.com/games/playgames/emulator](https://developer.android.com/games/playgames/emulator) 2. Install the emulator - Run the Google Play installer 3. Initial setup - Boot the Google Play Games Emulator once. This will trigger a Google sign-in flow in your web browser - complete this process. If prompted to allow USB debugging, click "Accept" 4. Download py-clash-bot - Get the latest release from [https://github.com/pyclashbot/py-clash-bot/releases](https://github.com/pyclashbot/py-clash-bot/releases) 5. Install Clash Royale - Download Clash Royale manually from the emulator 6. Complete setup - Start Clash Royale manually, complete the tutorial, and optionally sign in to your account 7. Optional: Set display ratio - Go to Google Play Emulator > Developer Options > Display Ratio > 9:16 (Portrait) for optimal look 8. Close emulator - Close the Google Play emulator completely 9. Start automation - Start the bot, configure your settings, then click "Start" to begin automation ## 🍎 macOS Setup On macOS, py-clash-bot supports BlueStacks. The setup is similar to Windows but requires an additional security step. ### BlueStacks for macOS 1. Download BlueStacks - Get it from [https://www.bluestacks.com/mac](https://www.bluestacks.com/mac) 2. Install BlueStacks - Run the BlueStacks installer 3. Download py-clash-bot - Get the latest DMG from [https://github.com/pyclashbot/py-clash-bot/releases](https://github.com/pyclashbot/py-clash-bot/releases) 4. Install py-clash-bot - Open the DMG and drag py-clash-bot to your Applications folder 5. Allow the app - On first launch, macOS will block the app since it's not signed. Go to System Settings → Privacy & Security and click "Allow" or "Open Anyway" for py-clash-bot 6. Create the instance - Start the bot and click "Start" to let it automatically create the BlueStacks instance 7. Install Clash Royale - Install Clash Royale manually on the emulator via Google Play Store 8. Complete setup - Open Clash Royale manually, complete the tutorial, and optionally sign in to your account 9. Close BlueStacks - Fully close the BlueStacks emulator 10. Start automation - Start the bot, configure your settings, then click "Start" to begin automation ### Important Notes - Language Setting - Ensure Clash Royale is set to English for optimal bot performance - Tutorial Completion - The tutorial must be completed manually before starting the bot - Account Setup - Sign in with SuperCell ID or create a new account as needed ## 🔧 Emulator Debugging Having trouble with your emulator? This section provides troubleshooting tips for common issues with all supported emulators. ### BlueStacks 5 Emulator Debugging - Use BlueStacks 5 only (BlueStacks 10/X are not supported) - Ensure install path exists: `C:\Program Files\BlueStacks_nxt` - If startup fails, create a clean "Pie 64-bit (Android 9)" instance in Multi-Instance Manager (no Google account yet), then click Retry in the bot so it can auto-configure - Switch render mode in the bot (OpenGL/DirectX/Vulkan) if you see black screens or poor performance, then start again - Fully close BlueStacks if it becomes unresponsive; the bot will relaunch it ### Google Play Games Emulator Debugging - Use the correct version - Make sure you're using the DEVELOPER Google Play Games emulator, not the BETA version. Download it from [https://developer.android.com/games/playgames/emulator](https://developer.android.com/games/playgames/emulator) - Watch for login prompts - Google Play makes a popup in your default browser for the Google sign-in prompt. Sometimes you might miss this during emulator boot, and it'll hang forever. If you're experiencing booting issues, check for a login prompt in a minimized browser window! - Adjust rendering settings - If it's still not rendering properly, try adjusting render mode settings at System tray > Google Play Games emulator > Graphics settings > Vulkan device override OR Graphics > Graphics stack override - Installer download fix - If you're having trouble downloading the emulator installer, this tested solution works: Open your task manager, click File, press "Run new task", drop the installer path, and press "Run as admin" ### MEmu Emulator Debugging - Hardware requirements - MEmu is more hardware intensive, so if you're on a low-end machine try using Google Play Games emulator instead - Black screen or boot issues - If it's showing a black screen or never fully booting, try adjusting render mode via the ClashBot settings, then start the bot to apply those settings - BIOS requirements - MEmu REQUIRES your BIOS to have UEFI and Hyper-V enabled! - Enable UEFI: [https://www.youtube.com/watch?v=uAMLGIlFMdI](https://www.youtube.com/watch?v=uAMLGIlFMdI) - Enable Hyper-V: [https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/get-started/install-hyper-v?tabs=powershell&pivots=windows](https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/get-started/install-hyper-v?tabs=powershell&pivots=windows) - Version conflicts - Some old versions of pyclashbot create corrupt instances of MEmu. If you're switching between versions and MEmu is breaking, try deleting your existing MEmu VMs, or reinstalling MEmu entirely ## 🎯 Demo <img src="https://github.com/pyclashbot/py-clash-bot/blob/master/assets/demo-game.gif?raw=true" width="50%" alt="Game Demo"/><img src="https://github.com/pyclashbot/py-clash-bot/blob/master/assets/demo-gui.gif?raw=true" width="50%" alt="GUI Demo"/> _Left: Bot automation in action \| Right: User interface and controls_ ## 🤝 Contributing We welcome contributions from the community! Whether you have ideas for new features, bug reports, or want to help with development, there are many ways to get involved: - Report Issues - Open an issue on [GitHub Issues](https://github.com/pyclashbot/py-clash-bot/issues) - Feature Requests - Suggest new automation features or improvements - Code Contributions - Check out our [Contributing Guide](CONTRIBUTING.md) - Community Support - Help other users on our [Discord server](https://discord.gg/nqKRkyq2UU) ## ⚠️ Disclaimer This tool is designed for educational and automation purposes. Please ensure you comply with Clash Royale's Terms of Service and use responsibly. The developers are not responsible for any consequences resulting from the use of this software. --- Made with ❤️ by the py-clash-bot community _Automate your Clash Royale experience and focus on what matters most - strategy and # py-clash-bot py-clash-bot is an open-source automation tool that allows you to automate your Clash Royale gameplay on Windows using an emulated Android phone. The bot uses advanced image recognition, mouse control, and Android emulation to perform a comprehensive range of tasks automatically, letting you focus on strategy while it handles the daily grind. _Join our [Discord server](https://discord.gg/nqKRkyq2UU) for support, updates, and community discussions!_ ## ✨ Features ### 🎮 Battle Automation - Trophy Road 1v1 Battles - Automatically fight in trophy road ladder matches - Path of Legends 1v1 Battles - Battle in the competitive Path of Legends mode - 2v2 Battles - Team up with clan members for 2v2 matches - Random Decks - Randomize your deck selection before each battle - Smart Battle Management - Skip fights when chests are full, disable win/loss tracking ### 🎁 Rewards & Collection - Card Mastery Rewards - Collect mastery rewards earned from battles - Card Upgrades - Upgrade your current deck after each battle ### ⚙️ Advanced Settings - Emulator Support - Works with both MEmu and Google Play Games emulators - Render Mode Selection - Choose between OpenGL, DirectX, and Vulkan rendering - Real-time Statistics - Track wins, losses, chests opened, and more - Performance Monitoring - Monitor bot runtime, failures, and account switches ## 🚀 Setup Instructions py-clash-bot supports two emulators. Choose the one that works best for your system: ### Option 1: MEmu Emulator 1. Download MEmu 9.2.5.0 - Get it from the [official site](https://www.memuplay.com/) or use this [working installer](https://drive.google.com/file/d/1FDMa5oKIhbM_X2TGHg6qSi3bnIuIXcPf/view?usp=sharing) (version 9.2.5.0 recommended) 2. Install MEmu - Run the MEmu installer 3. Download py-clash-bot - Get the latest release from [https://github.com/pyclashbot/py-clash-bot/releases](https://github.com/pyclashbot/py-clash-bot/releases) 4. Install py-clash-bot - Run the installer 5. Create the VM - Start the bot once to let it automatically create the "pyclashbot-96" MEmu emulator 6. Install Clash Royale - Install Clash Royale manually on the "pyclashbot-96" emulator via Google Play Store 7. Complete setup - Open Clash Royale manually, complete the tutorial, and optionally sign in to your account 8. Close MEmu - Close the MEmu emulator completely 9. Start automation - Start the bot, configure your settings, then click "Start" to begin automation Troubleshooting MEmu: - Switch render mode to Vulkan, DirectX, or OpenGL if experiencing issues - Delete the VM and let the bot create a new one - Enable UEFI in BIOS if needed ### Option 2: Google Play Games Emulator 1. Download Google Play Games Emulator - Get it from [https://developer.android.com/games/playgames/emulator](https://developer.android.com/games/playgames/emulator) 2. Install the emulator - Run the Google Play installer 3. Initial setup - Boot the Google Play Games Emulator once. This will trigger a Google sign-in flow in your web browser - complete this process. If prompted to allow USB debugging, click "Accept" 4. Download py-clash-bot - Get the latest release from [https://github.com/pyclashbot/py-clash-bot/releases](https://github.com/pyclashbot/py-clash-bot/releases) 5. Install Clash Royale - Download Clash Royale manually from the emulator 6. Complete setup - Start Clash Royale manually, complete the tutorial, and optionally sign in to your account 7. Optional: Set display ratio - Go to Google Play Emulator > Developer Options > Display Ratio > 9:16 (Portrait) for optimal look 8. Close emulator - Close the Google Play emulator completely 9. Start automation - Start the bot, configure your settings, then click "Start" to begin automation ### Important Notes - Language Setting - Ensure Clash Royale is set to English for optimal bot performance - Tutorial Completion - The tutorial must be completed manually before starting the bot - Account Setup - Sign in with SuperCell ID or create a new account as needed ## 🔧 Emulator Debugging Having trouble with your emulator? This section provides troubleshooting tips for common issues with both supported emulators. ### Google Play Games Emulator Debugging - Use the correct version - Make sure you're using the DEVELOPER Google Play Games emulator, not the BETA version. Download it from [https://developer.android.com/games/playgames/emulator](https://developer.android.com/games/playgames/emulator) - Watch for login prompts - Google Play makes a popup in your default browser for the Google sign-in prompt. Sometimes you might miss this during emulator boot, and it'll hang forever. If you're experiencing booting issues, check for a login prompt in a minimized browser window! - Adjust rendering settings - If it's still not rendering properly, try adjusting render mode settings at System tray > Google Play Games emulator > Graphics settings > Vulkan device override OR Graphics > Graphics stack override ### MEmu Emulator Debugging - Hardware requirements - MEmu is more hardware intensive, so if you're on a low-end machine try using Google Play Games emulator instead - Black screen or boot issues - If it's showing a black screen or never fully booting, try adjusting render mode via the ClashBot settings, then start the bot to apply those settings - BIOS requirements - MEmu REQUIRES your BIOS to have UEFI and Hyper-V enabled! - Enable UEFI: [https://www.youtube.com/watch?v=uAMLGIlFMdI](https://www.youtube.com/watch?v=uAMLGIlFMdI) - Enable Hyper-V: [https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/get-started/install-hyper-v?tabs=powershell&pivots=windows](https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/get-started/install-hyper-v?tabs=powershell&pivots=windows) - Version conflicts - Some old versions of pyclashbot create corrupt instances of MEmu. If you're switching between versions and MEmu is breaking, try deleting your existing MEmu VMs, or reinstalling MEmu entirely ## 🎯 Demo <img src="https://github.com/pyclashbot/py-clash-bot/blob/master/assets/demo-game.gif?raw=true" width="50%" alt="Game Demo"/><img src="https://github.com/pyclashbot/py-clash-bot/blob/master/assets/demo-gui.gif?raw=true" width="50%" alt="GUI Demo"/> _Left: Bot automation in action \| Right: User interface and controls_ ## 🤝 Contributing We welcome contributions from the community! Whether you have ideas for new features, bug reports, or want to help with development, there are many ways to get involved: - Report Issues - Open an issue on [GitHub Issues](https://github.com/pyclashbot/py-clash-bot/issues) - Feature Requests - Suggest new automation features or improvements - Code Contributions - Check out our [Contributing Guide](CONTRIBUTING.md) - Community Support - Help other users on our [Discord server](https://discord.gg/nqKRkyq2UU) ## ⚠️ Disclaimer This tool is designed for educational and automation purposes. Please ensure you comply with Clash Royale's Terms of Service and use responsibly. The developers are not responsible for any consequences resulting from the use of this software. --- Made with ❤️ by the py-clash-bot community _Automate your Clash Royale experience and focus on what matters most - strategy and f # py-clash-bot py-clash-bot is an open-source automation tool that allows you to automate your Clash Royale gameplay on Windows using an emulated Android phone. The bot uses advanced image recognition, mouse control, and Android emulation to perform a comprehensive range of tasks automatically, letting you focus on strategy while it handles the daily grind. _Join our [Discord server](https://discord.gg/nqKRkyq2UU) for support, updates, and community discussions!_ ## ✨ Features ### 🎮 Battle Automation - Trophy Road 1v1 Battles - Automatically fight in trophy road ladder matches - Path of Legends 1v1 Battles - Battle in the competitive Path of Legends mode - 2v2 Battles - Team up with clan members for 2v2 matches - War Battles - Participate in clan war battles automatically - Random Decks - Randomize your deck selection before each battle - Random Plays - Play cards randomly (ideal for low-end machines) - Smart Battle Management - Skip fights when chests are full, disable win/loss tracking ### 🎁 Rewards & Collection - Chest Management - Automatically unlock and open chests earned from battles - Battlepass Rewards - Collect battlepass rewards (works for non-battlepass owners too) - Card Mastery Rewards - Collect mastery rewards earned from battles - Daily Challenges - Automatically claim daily and weekly challenge rewards - Level Up Rewards - Collect level up chests and rewards - Bannerbox Chests - Open bannerbox crates for additional rewards - Trophy Road Rewards - Collect rewards from climbing the trophy ladder - Season Shop - Automatically spend currency from 2v2 battles and events ### 🃏 Card Management - Card Requests - Automatically request cards from your clan - Card Donations - Donate cards to clan members - Free Donations - Donate cards without spending gold - Shop Management - Buy daily free shop offers and gold offers - Card Upgrades - Upgrade your current deck after each battle - Bulk Upgrades - Upgrade all cards in your collection ### ⚙️ Advanced Settings - Account Switching - Switch between multiple accounts using SuperCell ID - Dual Emulator Support - Works with both MEmu and Google Play Games emulators - Render Mode Selection - Choose between OpenGL, DirectX, and Vulkan rendering - Real-time Statistics - Track wins, losses, chests opened, and more - Performance Monitoring - Monitor bot runtime, failures, and account switches ### 📊 Comprehensive Statistics The bot tracks detailed statistics across three categories: - Battle Stats: Wins, losses, win rate, cards played, battle counts by mode - Collection Stats: Requests, donations, chests unlocked, rewards collected - Bot Stats: Runtime, failures, account switches, and performance metrics ## 🚀 Setup Instructions py-clash-bot supports two emulators. Choose the one that works best for your system: ### Option 1: MEmu Emulator 1. Download MEmu 9.2.5.0 - Get it from the [official site](https://www.memuplay.com/) or use this [working installer](https://drive.google.com/file/d/1FDMa5oKIhbM_X2TGHg6qSi3bnIuIXcPf/view?usp=sharing) (version 9.2.5.0 recommended) 2. Install MEmu - Run the MEmu installer 3. Download py-clash-bot - Get the latest release from [https://github.com/pyclashbot/py-clash-bot/releases](https://github.com/pyclashbot/py-clash-bot/releases) 4. Install py-clash-bot - Run the installer 5. Create the VM - Start the bot once to let it automatically create the "pyclashbot-96" MEmu emulator 6. Install Clash Royale - Install Clash Royale manually on the "pyclashbot-96" emulator via Google Play Store 7. Complete setup - Open Clash Royale manually, complete the tutorial, and optionally sign in to your account 8. Close MEmu - Close the MEmu emulator completely 9. Start automation - Start the bot, configure your settings, then click "Start" to begin automation Troubleshooting MEmu: - Switch render mode to Vulkan, DirectX, or OpenGL if experiencing issues - Delete the VM and let the bot create a new one - Enable UEFI in BIOS if needed ### Option 2: Google Play Games Emulator 1. Download Google Play Games Emulator - Get it from [https://developer.android.com/games/playgames/emulator](https://developer.android.com/games/playgames/emulator) 2. Install the emulator - Run the Google Play installer 3. Initial setup - Boot the Google Play Games Emulator once. This will trigger a Google sign-in flow in your web browser - complete this process. If prompted to allow USB debugging, click "Accept" 4. Download py-clash-bot - Get the latest release from [https://github.com/pyclashbot/py-clash-bot/releases](https://github.com/pyclashbot/py-clash-bot/releases) 5. Install Clash Royale - Download Clash Royale manually from the emulator 6. Complete setup - Start Clash Royale manually, complete the tutorial, and optionally sign in to your account 7. Optional: Set display ratio - Go to Google Play Emulator > Developer Options > Display Ratio > 9:16 (Portrait) for optimal look 8. Close emulator - Close the Google Play emulator completely 9. Start automation - Start the bot, configure your settings, then click "Start" to begin automation ### Important Notes - Language Setting - Ensure Clash Royale is set to English for optimal bot performance - Tutorial Completion - The tutorial must be completed manually before starting the bot - Account Setup - Sign in with SuperCell ID or create a new account as needed ## 🔧 Emulator Debugging Having trouble with your emulator? This section provides troubleshooting tips for common issues with both supported emulators. ### Google Play Games Emulator Debugging - Use the correct version - Make sure you're using the DEVELOPER Google Play Games emulator, not the BETA version. Download it from [https://developer.android.com/games/playgames/emulator](https://developer.android.com/games/playgames/emulator) - Watch for login prompts - Google Play makes a popup in your default browser for the Google sign-in prompt. Sometimes you might miss this during emulator boot, and it'll hang forever. If you're experiencing booting issues, check for a login prompt in a minimized browser window! - Adjust rendering settings - If it's still not rendering properly, try adjusting render mode settings at System tray > Google Play Games emulator > Graphics settings > Vulkan device override OR Graphics > Graphics stack override ### MEmu Emulator Debugging - Hardware requirements - MEmu is more hardware intensive, so if you're on a low-end machine try using Google Play Games emulator instead - Black screen or boot issues - If it's showing a black screen or never fully booting, try adjusting render mode via the ClashBot settings, then start the bot to apply those settings - BIOS requirements - MEmu REQUIRES your BIOS to have UEFI and Hyper-V enabled! - Enable UEFI: [https://www.youtube.com/watch?v=uAMLGIlFMdI](https://www.youtube.com/watch?v=uAMLGIlFMdI) - Enable Hyper-V: [https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/get-started/install-hyper-v?tabs=powershell&pivots=windows](https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/get-started/install-hyper-v?tabs=powershell&pivots=windows) - Version conflicts - Some old versions of pyclashbot create corrupt instances of MEmu. If you're switching between versions and MEmu is breaking, try deleting your existing MEmu VMs, or reinstalling MEmu entirely ## 🎯 Demo <img src="https://github.com/pyclashbot/py-clash-bot/blob/master/assets/demo-game.gif?raw=true" width="50%" alt="Game Demo"/><img src="https://github.com/pyclashbot/py-clash-bot/blob/master/assets/demo-gui.gif?raw=true" width="50%" alt="GUI Demo"/> _Left: Bot automation in action \| Right: User interface and controls_ ## 🤝 Contributing We welcome contributions from the community! Whether you have ideas for new features, bug reports, or want to help with development, there are many ways to get involved: - Report Issues - Open an issue on [GitHub Issues](https://github.com/pyclashbot/py-clash-bot/issues) - Feature Requests - Suggest new automation features or improvements - Code Contributions - Check out our [Contributing Guide](CONTRIBUTING.md) - Community Support - Help other users on our [Discord server](https://discord.gg/nqKRkyq2UU) ## ⚠️ Disclaimer This tool is designed for educational and automation purposes. Please ensure you comply with Clash Royale's Terms of Service and use responsibly. The developers are not responsible for any consequences resulting from the use of this software. --- Made with ❤️ by the py-clash-bot community _Automate your Clash Royale experience and focus on what matters most - strategy and album designing software America's Favorite Word Game Author: arnor@playstation2.idv.tw B"H beta release Coded and (c) Speed Guide, Inc. - webmaster@speedguide.net / outsorcing@gmail.com Compiled by Frederik A. Winkelsdorf (opendec.wordpress.com) for the Indy Project (www.indyproject.org) Show More DirectShow Sample Disciples II v2.02 Distributed by WildGames Fixed by RadiXX11 Flavor=Retail https://fastcopy.jp Insanely cool music recording software! Made in Ukraine Magick Checker Launcher OnDemand Server (TS2000i Edition) SubServer library Only to be used in BLH/CLS releases Panda3D - Open Source Game Engine Poster printing software SealOnline_Journey SpiderBackup STB DownLoading Tool System.Web.Routing.dll This installation was built with Inno Setup. version 0.9.0.0en www.stabile.com.br xiaomiauth.orh zygamedb 版权所有（C）2016 系统之家
Company Name	']['hunderHome 3DO @christianmuhi7 Acoustica, Inc Adobe Systems Incorporated Alexander Roshal Antibody Software Limited Aquino Developments S.L. ATMaple AudioEngine Pro Show More AudioPro Systems Auspicious Flame decision BellSoft Biostar BlueStack Systems Botmaster Labs Brother Industries, Ltd. Bubbasoft BugSplat Bytessence Bytessence Software Carnegie Mellon Entertainment Technology Center CHENGDU YIWO Tech Development Co., Ltd Cherax CloudStorage Technologies CloudSync Services LLC Cocosenor COMPUSERVE Controller Technologies, Corp. CORE CrystalIDEA Software cyanide Database Pro Systems decontev detect.ac Digital Wave Ltd Diskeeper Corporation DJR Don HO don.h@free.fr DotFix Software EaseUS Elcomsoft ElcomSoft Co.Ltd. Eliseu Ferreira Araujo Junior Embarcadero Technologies, Inc. Euroscan Fantaisie Software FastCopy Lab, LLC. Fighting For Fun Firewall Dynamics Flashback/TEAM-53 FreeTP.Org FreeTP.Org - Backseat Drivers Multiplayer Fix FreeTP.Org - Chained Backrooms Multiplayer Fix FreeTP.Org - Door Kickers 2 Multiplayer Fix FreeTP.Org - Drug Dealer Simulator 2 Multiplayer Fix FreeTP.Org - Dying Light 2 Multiplayer Fix FreeTP.Org - Dying Light Multiplayer Fix FreeTP.Org - Elden Ring Multiplayer Fix FreeTP.Org - HELLCARD Multiplayer Fix FreeTP.Org - Hollow Knight Silksong Multiplayer Fix FreeTP.Org - House Flipper 2 Multiplayer Fix FreeTP.Org - Icarus Multiplayer Fix FreeTP.Org - Kill It With Fire 2 Multiplayer Fix FreeTP.Org - MISERY Multiplayer Fix FreeTP.Org - MycoRelic Multiplayer Fix FreeTP.Org - Nuclear Option Multiplayer Fix FreeTP.Org - PICO PARK 2 Multiplayer Fix FreeTP.Org - Prison Architect Multiplayer Fix FreeTP.Org - Raft Multiplayer Fix FreeTP.Org - Ratty Catty Multiplayer Fix FreeTP.Org - Satisfactory Multiplayer Fix FreeTP.Org - Sid Meiers Civilization VI Multiplayer Fix FreeTP.Org - Storage Hunter Simulator Multiplayer Fix FreeTP.Org - Stormworks Multiplayer Fix FreeTP.Org - Topple Tactics Multiplayer Fix FreeTP.Org - Travellers Rest Multiplayer Fix funkitron Gas Powered Games Glorylogic Green Point Software UK Ltd Helpful Scissors decision H Hayat htrhrt http://libusb-win32.sourceforge.net Hyperionics Technology IBM ICQ, Inc. Info System Tecnologia em Sistemas Ltda Inprise Corporation INUI Gaming INUI Gaming FZ LLC ISL Online Ltd. Java(TM) Platform SE 8 John Long Team. JoWooD Productions Software AG KEIL Lotus Development Corp. Macromedia, Inc. Made by Sarah 75 additional items are not displayed above.
Company Short Name	ShaoxingYaogangNetwork
Compiled Script	AutoIt v3 Script: 3, 3, 6, 1
Developer	Mad Doc Software, LLC
Email	support@bytessence.com
File Description	.NET Framework .NET Host Resolver - 8.0.10 7z Setup SFX (x86) 168 Keygens for EA Games ACVUpscaler Advanced Audio Processing Engine AggregatorHost Ak MFC Application AMD64 Wow64 CPU Anti-Cheat DLL Show More AnyToISO Converter AOPR Application Archiwizer WinRAR ArmyMen2 AudioToText Aurora Analytics Platform Auspicious Flame Automated Clash Royale Backseat Drivers Base64 encoder/decoder plugin for Notepad++ BDA Sample Application Benz Monster Biblia América PRO BlockCipher BlueStacks GLCheck Utility Borland User's Components BusinessLayer Bytessence RegistryCleaner StartupManager plugin cfg CG70 CG100X Chained Backrooms Cherax Loader Client Protection Cocosenor BitKeyTuner ControlCenter Launcher CopyTrans Photo CTF Loader CyclingManager DBD Tools DCOMUTIL20 decontev IPC libraray Detect SS Device Pairing Application DinkeyChange Disciples II v2.02 DKTABPROVIDER.EXE Door Kickers 2 Drug Dealer Simulator 2 Dungeon Siege: Legends of Aranna Game Executable Dying Light Dying Light 2 Ea Setup EaseUS BitWiper EaseUS Fixo Elcomsoft Forensic Disk Decryptor Elden Ring Embarcadero RAD Studio for Windows engine with tekkenScrip integration Enterprise Database Management Tool Enterprise Network Security Solution EpicFix EXE区段添加 Externa FastCopy Flash Player 5.0 r30 FontDraw Font Manager Free Audio Editor freebudget 5 setup GameInst Application GameInterop Game Window Capture Hook Game Window Capture Hook Library gp GTAVUpscaler HELLCARD Helpful Scissors Hidden Object Chronicles Poisoned truth Collector's Edition HKLZ Hollow Knight Silksong House Flipper 2 HPInc. Verifier HyperSnap Icarus ICQ Library IDSLoaderFord iigw_api_client INFO COOK - Back-Up Installer for Blasterball 2 Revolution Installer for Crystal Maze IPHOX MENTOP LITROP ISO Tools ISSC OpenGL Win32 Hooking DLL iTubeGo J1850 Flash Executable Java(TM) Platform SE binary Java launcher Kill It With Fire 2 LDAP RnR Provider DLL 128 additional items are not displayed above.
File Title	java muyk OOBENetworkConnectionFlow
File Version	Version 20250523.7fa0305 Version 1.1 V3.28 4528 2029.5 2024,05,29,1 2022.3.53.14634578 2021.3.21.3956873 2021.3.21.1524151 2011.4.26.676 Show More 2003, 10, 23, 1 131,0,2003,0329 26.0.32429.4364 24.0.0.0 23.0.1.0 21.0.0.0 16.19.15.2 14.32.31332.0 14.09.0001 13.5.0.0 12.8.0.0 12.6.0.0 12.5.0.0 12.0.19041.1 (WinBuild.160101.0800) 12.0.781.0 11.0.0.0 10.95.6225.4576 10.19.3163.897 10.0.26100.7309 (WinBuild.160101.0800) 10.0.26100.3323 (WinBuild.160101.0800) 10.0.22000.194 (WinBuild.160101.0800) 10.0.19041.3636 10.0.17763.7919 (WinBuild.160101.0800) 10.0.17763.4644 (WinBuild.160101.0800) 10.0.17763.1697 (WinBuild.160101.0800) 10.0.17763.1 (WinBuild.160101.0800) 10.0.6.634 10.0.6.630 10,0,19041,3636 9.97.9225.3724 9.6.7.5 9.5.4.0 9.2.3.0 9.00 9, 7, 10, 10 9,0,3,0 8.5.0.16 8.05.0103 8.0.0.2 8,0,3410,10 8,0,1024,46610 @Commit: 81cabf2857a01351e5ab578947c7403a5b128ad1 7.63.0.175 7.36.6505.3834 7.21.2682.0 7.13.1 7.13.0 7.11.0 7.10.0 7.1.0 7.0.0.2 6.91.7094.4964 6.24.1 6.21.1 6.21.0 6.11.2.10 6.11.0 6.10.1 6.10.0 6.5.17.2 6.5.0.1005 6.2.3.5 6.1.7601.24520 (win7sp1_ldr_escrow.190828-1732) 6.1.7601.18015 (win7sp1_gdr.121129-1432) 6.1.0 6.05.0002 6.0.26.167 6.0.0 6,0,23,0 5.90.0 5.61.4212.4711 5.50.4132.500 5.7.11.0 5.7.1 5.0 5,0,30,0 4.150.11.1001 4.79.5654.9062 4.71.0030.1 4.9.3.3 4.9.0.0 4.6.0.2627 4.1.6.445 4.1.4.439 4.1.1.0 4.0.5.37 4.0.2.0 4.0.0 4.0 4, 32, 0, 0 4, 2, 78, 1 97 additional items are not displayed above.
Full Version	24-internal-adhoc.User.cristalixopenjdk 23.0.1+13 21-internal-adhoc.darin.jdk21
Internal Name	.NET Host Resolver - 8.0.10 7ZSfxMod Activator.exe ACVUpscaler AggregatorHost.exe Ak anytoiso.exe ArmyMen2 Arsenic.dll audiosync Show More aurora Auth.exe BDASample BenzMonster.exe Biblia América PRO BlockCipher.exe BrCcBoot BugSplatNative.dll BusinessLayerLocal.dll CD DVD Label Maker CG70.exe CG100X.exe checker.dll Cherax.exe cloudstorage Cocosenor BitKeyTuner CShield.dll CTFMON CyclingManager datavault DBDTools.exe DBGHELP.DLL DCLUSR$) DCOMUTIL20 default Detect SS DevicePairing DinkeyChange Disciples II DKTABPROVIDER EaseUS BitWiper elr_efdd.dll engine.dll EnterpriseConsole.exe EpicFix.dll Externa.exe FastCopy FBA fff-ea168.exe filling firewalldyn Fixo Flash Fmgr FontDraw.exe FreeAudioEditor.exe fsquirt.exe GameInst gp graphic-hook GTAVUpscaler GxDownloaderIII Hidden Object Chronicles Poisoned truth Collector's Edition HKF HprSnap IAC.Base.dll IDSLoaderFord.exe iigw_api_client.dll Interventi locali j1850fla.exe java java.exe jli jvm libeay32 libiCloudKit.dll LogTransport Lotus ScreenCam lzma Macromedia Flash Player 6.0 Magick Launcher.exe manager mc2xml MiniTool Power Data Recovery Mixcraft MPxConverter MUIUtils MyScript Editor Nature12.exe nenn64.dll Net Noise OdsSubServer OpenVPN Connect operatray Panda3D.exe PlagiusLib.resources.dll POBEdit Portals.exe Preferences 61 additional items are not displayed above.
Legal Copyright	(C) 2006 WildTangent, Inc. (c) 2008 Trutia Alexandru (c) 2009 Alexandru Trutia (c) 2022/2022 by 4EVER (c) 2023 Unity Technologies ApS. All rights reserved. (c) 2024 Fantaisie Software (C) 2024- VMP.IR (c) 2025 Unity Technologies ApS. All rights reserved. (C) Copyright IBM Corp. 1998, 2002. (c) Stellar Information Technology Pvt Ltd. All rights reserved. Show More 2002-2009 S. Meyer; 2010 T. Robinson 2005-2011PRO Eliseu F A Jr 2007 - 2014 Safengine 2008-2023 (c) CrystalIDEA Software. All rights reserved. 2023 Matthew Miglio @ Microsoft Corporation. All rights reserved. All rigth reversed Aquino Developments S.L. Ardolino Antonio Botmaster Labs bp^Razor 1911 Bytedance Copyright (C) 2021 Changguang Technology. Copyright @ 2023 Copyright (C) 1995-2025 Hyperionics Technology Copyright (C) 1998-2002 Gas Powered Games. All rights reserved. Copyright (c) 1998-2007 ICQ, Inc. Copyright (C) 1999-2005 Igor Pavlov Copyright (C) 2000 Copyright (c) 2000-2002 Microsoft Corporation Copyright (C) 2001 Copyright (c) 2001-2021 Copyright (C) 2003-2006 Copyright (c) 2003-2008 Fighting For Fun Copyright (C) 2004 Copyright (C) 2004-2013 VitSoft ® Copyright (C) 2004-2021 Copyright (c) 2004-2023 EaseUS.ALL RIGHTS RESERVED. Copyright (C) 2004-2024 SHIROUZU Hiroaki and FastCopy Lab, LLC. All rights reserved. Copyright (C) 2004-2024 VITSOFT.NET Copyright (c) 2007-2022 Tenorshare CO.,Ltd. Copyright (C) 2008 Copyright (C) 2008-2024 Cocosenor. All rights reserved. Copyright(C) 2009-2013 Brother Industries, Ltd. Copyright (c) 2014 fQETQlo. Rights granted under license. Copyright (C) 2016 Copyright (C) 2016 Mediatek Copyright (C) 2016-2026 cfg.com Copyright (C) 2019 - 2023 Copyright (C) 2020 Copyright (C) 2021 Copyright (c) 2021 by decontev. All rights reserved. Copyright (C) 2022 Copyright (c) 2022 Auspicious Flame decision Copyright (c) 2022 Helpful Scissors decision Copyright (c) 2022 uwRyDBlZPN. Under copyright protection. Copyright (C) 2023, FreeTP.Org Copyright (C) 2024 Copyright (c) 2024 iTubeGo Studio. All rights reserved. Copyright (C) 2024 RelaxGames Ltd Copyright (C) 2024 YourCompany Copyright (c) 2024 YT Saver Studio. All rights reserved. Copyright (C) 2025 Copyright (c) 2025 Chengzhu Li. All rights reserved Copyright (C) 2025, H Hayat Copyright (C) 2026, FreeTP.Org Copyright (C) Andrew Nazarov. 1999-2003 Copyright (C) detect.ac 2024 Copyright (C) GZSkins 2018 Copyright (C) ISL Online Ltd. Copyright (C) Microsoft Corp. 1981-2000 Copyright (C) Microsoft Corp. 1995 Copyright (C) Opera Company 1996-2007 Copyright (C) Sarah 2025 Copyright 2007 Adobe Systems Incorporated and its licensors. All rights reserved. Copyright 2007 by Don HO Copyright 2011 BlueStack Systems, Inc. All Rights Reserved. Copyright BugSplat 2020 Copyright Monotype Imaging Inc. 2000-2007 Copyright © 1991-2009 by Pierre-e Gougelet Copyright © 1994, 1996 Lotus Development Corporation Copyright © 1996-2000 Macromedia, Inc. Copyright © 1996-2002 Macromedia, Inc. Copyright © 1997,98 Inprise Corporation Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved. Copyright © 1999 Copyright © 1999-2024 ElcomSoft Co. Ltd. Copyright © 2000 pSi Copyright © 2001 Copyright © 2001 & 2002 by EPSITEC SA Copyright © 2004 Techland Copyright © 2004-2024 Simon Tatham Copyright © 2005 Simplyware Copyright © 2005-2012 Oleg N. Scherbakov Copyright © 2015 ElcomSoft Co. Ltd. Copyright © 2018 - 2025 Copyright © 2021 Copyright © 2022 Copyright © 2022-23 Proxima Software. All rights reserved. Copyright © 2024 Copyright © 2024 68 additional items are not displayed above.
Legal Trademark	htreht Nvidia
Legal Trademarks	(c) FBA, (c) Flashback best analisator @christianmuhi7 All41 All rights reserved. AudioPro Systems trademark. AudioSync is a registered trademark. AudioWave and logo are trademarks. Botmaster Labs Compuserve Database Pro is a registered trademark. Show More FFMpeg is a trademark of Fabrice Bellard Firewall Dynamics trademark. Flash Green Point Software UK Ltd HASBRO and its logo are trademarks of Hasbro and are used with permission. SCRABBLE, the distinctive game board and letter tiles, and all associated logos are trademarks of Hasbro in the United States and Canada and are used with permission. © 2003 Hasbro. All Rights Reserved. Info System Tecnologia em Sistemas Ltda John Long Team. Macromedia Flash Player MediaConverter Technologies trademark. Mixcraft is a registered trademark of Acoustica, Inc. NoRG (tm) Razor 1911 RonyaSoft SealOnline_Journey © 2024 - Created by Samuel Mc Kagan SecureData Solutions trademark. Speed Guide Inc Stabile Engenharia Ltda. StreamGuard Security trademark. STSPrint Software® BARCODE Studiolineindia SWEEP®, InterCheck®, and SAVI® are trademarks of Sophos® Plc. SYSLX-TEAM UMT Team VideoStream Labs trademark.
Legal Trademarks1	Elcomsoft™
Legal Trademarks2	All Rights Reserved
M S Q A Version	03.10.1601
Original File Name	glcheck.exe
Original Filename	.NET Host Resolver - 8.0.10 7ZSfxMod_x86.exe Activator.exe AggregatorHost.exe Ak.EXE anytoiso.exe ArmyMen2.exe Arsenic.dll audiopro.exe aurora.exe Show More AuspiciousFlameApplication.exe Auth.exe BDASample.EXE BenzMonster.exe Biblia América PRO BitKeyTuner.exe BlockCipher.exe BrCcBoot.exe BugSplatNative.dll BusinessLayerLocal.dll CDDVDLabelMaker.exe cfg.exe CG70.exe CG100X.exe checker.dll Cherax.exe cloudstorage.exe cloudsync.exe CShield.dll CTFMON.EXE CyclingManager.exe datavault.exe DataWiper.exe DBDTools.exe DBGHELP.DLL DCLUSR40.BPL detect.exe DevicePairing.exe DinkeyChange.dll DKTABPROVIDER DSLOA dynsimpleipc.dll EaseUS Fixo elr_efdd.dll engine.dll EnterpriseConsole.exe EpicFix.dll Externa.exe FastCopy.exe FBA.exe fff-ea168.exe filling firewalldyn.exe Fmgr.exe FontDraw.exe FreeAudioEditor.exe fsquirt.exe GameInst.exe graphic-hook.dll HelpfulScissorsApplication.exe Hidden Object Chronicles Poisoned truth Collector's Edition HKF.exe HprSnap.exe IAC.Base.dll IDSLoaderFord.exe iigw_api_client.dll Interventi locali.exe itubegow.exe j1850fla.exe java.dll java.exe jli.dll jvm.dll libeay32.dll libiCloudKit.dll LogTransport.exe lzma.dll Magick Launcher.exe manager.EXE maxdila mc2xml.exe mediaconverter.exe mediaprocessor.exe MPxConverter.exe MUIUtils.dll MyScriptNotes.EXE Nature12.exe nenn64.dll Net.DLL Noise+.dll OdsSubServer.DLL Old Files Cleaner OpenVPNConnect.exe OPERATRAY.EXE Panda3D.exe pfcvideo-cli.exe PlagiusLib.resources.dll POBEdit.exe Portals.exe powerdatarecovery.exe 65 additional items are not displayed above.
Private Build	6 03272008 DDBLD284I December 30, 2012
Product Name	.NET 3DO ArmyMen2 7-Zip SFX ACVUpscaler Advanced Office Password Recovery Ak Application Anti-Cheat AnyToISO Converter Arsenic AudioEngine Processing Runtime Show More AudioToText Aurora Auspicious Flame Backseat Drivers Benz Monster Biblia América PRO Blasterball 2 Revolution BlockCipher BlueStacks Borland Package Library Brother ControlCenter BugSplat Windows Native Library BusinessLayer Bytessence RegistryCleaner Card Manager cfg CG70 CG100X Chained Backrooms Cherax Loader CloudStorage Sync Platform CloudStream Sync Framework Cocosenor BitKeyTuner Compuserve CORE wave_inject Crystal Maze CShield cyanide CyclingManager DBD Tools DCOMUTIL20 decontev IPC libraray Detect Screen Share Tool DinkeyChange DirectX 9 SDK Disciples II v2.02 Diskeeper (TM) Disk Defragmenter Door Kickers 2 Drug Dealer Simulator 2 Dying Light Dying Light 2 Ea EA Games Generic Multi Keygen EaseUS BitWiper EaseUS Fixo EbayRSAHTTP Elden Ring EpicFix.dll EPSITEC & eGames WildWheels EXE区段添加 Externa FastCopy Flash 5.0 Flashback best analisator FluidSIM-Pneumática Install Program FontDraw Font Manager Forensic Disk Decryptor freebudget Free Studio GameInst Application GameInterop Game Window Capture Gas Powered Games Dungeon Siege gp GTAVUpscaler GxDownloaderIII HELLCARD Helpful Scissors Hidden Object Chronicles Poisoned truth Collector's Edition HKLZ Hollow Knight Silksong House Flipper 2 HPInc. Verifier HyperSnap v.9 IBM Developer Kit for Windows, Java 2, 1.3.1 Icarus ICQ iigw_api_client Interventi locali negli edifici in muratura IPHOX MENTOP LITROPr ISO Workshop ISSC Server 4.0 iTubeGo J1850Flash Kill It With Fire 2 libusb-win32 - Test Program LogTransport Application Lotus ScreenCam Mail - The Point manager Application 121 additional items are not displayed above.
Product Short Name	ShanOcr
Product Version	Version 20250523.7fa0305 Version 1.1 V3.28 v1.5 PureBasic 6.12 LTS (Windows - x86) 2029.5 2022.3.53f1 (df4e529d20d3) 2021.3.21f1XD1.1.886b (3c60896e046b) 2021.3.21f1XD (1741b7bb35fe) 2008.1.22 Show More 2003, 10, 23, 1 24.0.0.0 24,11,26,1015 23.0.1.0 21.0.0.0 16.19.15.2 14.32.31332.0 14.09.0001 13.5 12.8.0.0 12.6.0.0 12.5.0.0 12.0.19041.1 12.0.781.0 10.95.6225.4576 10.19.3163.897 10.0.26100.7309 10.0.26100.3323 10.0.22000.194 10.0.19041.3636 10.0.17763.7919 10.0.17763.4644 10.0.17763.1697 10.0.17763.1 10.0.6.634 10.0.6.630 10.0 10,0,19041,3636 9.97.9225.3724 9.5.4.0 9.2.3.0 9.0 9,0,3,0 08/21/08 8.9.8.5 8.5.0.217 8.05.0103 8.0.10 @Commit: 81cabf2857a01351e5ab578947c7403a5b128ad1 8.0.0.0 8,0,3410,10 7.63.0.175 7.36.6505.3834 7.21.2682.0 7.17.15.7 7.13.1 7.13.0 7.11.0 7.10.0 7.1.0 7.0.0.2 6.91.7094.4964 6.24.1 6.21.1 6.21.0 6.11.2.10 6.11.0 6.10.1 6.10.0 6.5.17.2 6.5.0.1005 6.2.3.5 6.1.7601.24520 6.1.7601.18015 6.1.0 6.05.0002 6.0.26 6.0.0 6,0,23,0 5.90.0 5.61.4212.4711 5.50.4132.500 5.7.11.0 5.7.1 5.3.7.5 5,0,30,0 5 4.150.11.1001 4.79.5654.9062 4.71.0030.1 4.9 4.6.0.2627 4.1.6.445 4.1.4.439 4.1.1.0 4.0.0 4.0 4, 32, 0, 0 4, 2, 78, 1 4, 2, 5, 7 3.9.7.682 91 additional items are not displayed above.
Program I D	com.embarcadero.AudioToText com.embarcadero.EbayRSAHTTP com.embarcadero.EXE区段添加 com.embarcadero.GameInterop com.embarcadero.PlayerHook com.embarcadero.RoopFace com.embarcadero.SubFun com.embarcadero.WizTree
Programmer	Ramlan H
Special Build	31.05.2003 Czech MODULO ECF - EMISSOR DE CUPOM FISCAL
Squirrel Aware Version	1
Website	http://www.bytessence.com

Digital Signatures

Signer	Root	Status
FIRMA DE CODIGO JAVA SECRETARIA GENERAL DE ADMINISTRACION DIGITAL	AC Componentes Informáticos	Hash Mismatch
CShield	CShield	Self Signed
Open Source Developer, Dominik Reichl	Certum Code Signing 2021 CA	Hash Mismatch
Dactyi	Dactyi	Self Signed
Valve	DigiCert Assured ID Root CA	Hash Mismatch

ISL Online Ltd.	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
AnyDesk Software GmbH	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Discord Inc.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Discord Inc.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Flexera Software LLC	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Hangzhou Shunwang Technology Co.,Ltd	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
NVIDIA Corporation	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
NetEase (Hangzhou) Network Co., Ltd	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Oracle America, Inc.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Sony Interactive Entertainment LLC	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Tencent Technology (Shenzhen) Company Limited	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
Tenorshare Co., Ltd.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
VMware, Inc.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Wondershare Technology Group Co.,Ltd	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
AnyDesk Software GmbH	DigiCert Trusted Root G4	Hash Mismatch
BeamNG GmbH	DigiCert Trusted Root G4	Hash Mismatch
Hangzhou Saifan Technology Co., Ltd.	DigiCert Trusted Root G4	Root Not Trusted
Hangzhou Shunwang Technology Co.,Ltd	DigiCert Trusted Root G4	Root Not Trusted
TeamViewer Germany GmbH	DigiCert Trusted Root G4	Hash Mismatch
Tencent Technology (Shenzhen) Company Limited	DigiCert Trusted Root G4	Root Not Trusted
Tenorshare Co., Ltd.	DigiCert Trusted Root G4	Root Not Trusted
Wondershare Technology Group Co.,Ltd	DigiCert Trusted Root G4	Hash Mismatch
Zoom Video Communications, Inc.	DigiCert Trusted Root G4	Hash Mismatch
ExGuard Development	ExGuard Development	Self Signed
4399 NET LIMITED	GlobalSign	Hash Mismatch
Ashampoo GmbH & Co. KG	GlobalSign Code Signing Root R45	Root Not Trusted
Surfshark B.V.	GlobalSign Code Signing Root R45	Hash Mismatch
win.rar GmbH	GlobalSign CodeSigning CA - SHA256 - G3	Hash Mismatch
BugSplat	Go Daddy Secure Certificate Authority - G2	Hash Mismatch
MICRO-STAR INTERNATIONAL CO., LTD.	MICRO-STAR INTERNATIONAL CO., LTD.	Self Signed
Microsoft Corporation	Microsoft Code Signing PCA 2011	Hash Mismatch
Microsoft Windows	Microsoft Windows	Self Signed
Microsoft Windows	Microsoft Windows Production PCA 2011	Hash Mismatch
Microsoft Windows Publisher	Microsoft Windows Production PCA 2011	Hash Mismatch
MohCode-MLoFmI	MohCode-MLoFmI	Self Signed
Passware, Inc. Limited	Passware, Inc. Limited	Self Signed
SURFTANK LTDA	SSL.com EV Code Signing Intermediate CA ECC R2	Self Signed
James Burnell	SSL.com Root Certification Authority RSA	Root Not Trusted
detect	SSL.com Root Certification Authority RSA	Root Not Trusted
BELLSOFT	Sectigo Public Code Signing Root R46	Hash Mismatch
Kkirmghth Qrntzi X Rwcgqy Voupyvah	Sectigo Public Code Signing Root R46	Hash Mismatch
Martin Tofall	Sectigo Public Code Signing Root R46	Hash Mismatch
Shishi Hanghao Ecommerce Ltd	Shishi Hanghao Ecommerce Ltd	Self Signed
WindSolutions LLC	Thawte Code Signing CA	Self Signed
WildTangent Inc	Thawte Premium Server CA	Root Not Trusted
WildTangent Inc.	Thawte Premium Server CA	Root Not Trusted
Simon Tatham	USERTrust RSA Certification Authority	Hash Mismatch
Diskeeper Corporation	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
NVIDIA Corporation	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Shanghai Bo Yi Information Technology Co. Ltd.	VeriSign Class 3 Public Primary Certification Authority - G5	Hash Mismatch
decontev	decontev	Hash Mismatch
duduck Encrypt	duduck Encrypt	Self Signed
voices38	voices38	Self Signed
www.ktr4t90ci5hd.io	www.ktr4t90ci5hd.io	Self Signed
№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®	№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®®	Self Signed

File Traits

.adata
.NET
.petite
.UPX
.vmp0
00 section
2+ executable sections
ASPack v2.12
Autoit
big overlay

BINinO
CAB SFX
CryptUnprotectData
Default Version Info
dll
Enigma
fptable
GetConsoleWindow
HighEntropy
imgui
Installer Manifest
Installer Version
JMC
MZ (In Overlay)
NewLateBinding
No Version Info
ntdll
packed
PECompact v1.4x
Py-installer
RAR (In Overlay)
RARinO
RijndaelManaged
themida
themida section variant
UPack (Generic)
UPack 0.39
upx
UPX!
UPX scrambler 1_x
UPX x64
vb6
VirtualQueryEx
vlizer
vmp
vmp section variant
vmp variant
WinRAR SFX
WinZip SFX
WriteProcessMemory
x64
x86
ZIP (In Overlay)
ZIPinO
zlib (In Overlay)
zlib overlay

Block Information

Total Blocks:	466
Potentially Malicious Blocks:	0
Whitelisted Blocks:	459
Unknown Blocks:	7

Visual Map

? ? ? ? ? ? ? 2 0 0 1 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 3 1 1 0 1 2 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.ASC
Agent.DSJ
Agent.EDA
Agent.HGG
Agent.IFSE

Agent.LPQ
Agent.PS
Agent.PSA
Agent.XDC
Agent.XVI
Autoit
BHO.GE
BadIIS.GA
Bancos.B
Banker.AN
Banker.TH
Bitcoinminer.BDA
Bitcoinminer.BDB
Bitcoinminer.DJE
Brontok.A
Casbaneiro.A
Cerbu.HA
CoinMiner.ZA
Coiner.B
Coinminer.GCLA
Coinminer.GII
Dapato.AK
Delf.Spy.D
Deyma.G
Ditertag.A
Downloader.Agent.AIA
Downloader.Agent.AIB
Downloader.Agent.BTIA
Downloader.Delf.L
Downloader.HG
Downloader.I
Ekstak.AN
Emotet.GFA
Emotet.RECL
Emotet.REQ
Emotet.UA
FakeAlert.X
FakeInstaller.B
FareIt.LA
Farfli.DC
Farfli.FR
Filecoder.CU
Filecoder.CUA
Filecoder.CUB
Filecoder.IFA
Fugrafa.T
Gamehack.AAD
Gamehack.JI
Gamehack.TRA
Injector.DGB
Injector.GPB
Injector.IB
Injector.KDG
Injector.KFAD
Injector.KI
Injector.KZK
Injector.KZP
Injector.LIA
Injector.PMB
Injector.XN
Kagee.A
Kasperagent.A
Kryptik.ATAS
Kryptik.CBS
Kryptik.CBXB
Kryptik.DTGC
Kryptik.DVU
Kryptik.FRK
Kryptik.GDG
Kryptik.GDGA
Kryptik.GSF
Kryptik.GSJ
Kryptik.JSB
Kryptik.KPO
Kryptik.PAH
Kryptik.PK
Kryptik.WI
Kryptik.WL
Kryptik.WN
Kryptik.WP
Kryptik.XXBA
Kuaizip.EA
Lamer.CF
Lamer.CHB
LegendMir.B
Lumma.JA
Lumma.XC
MSIL.Bulz.TH
MSIL.DllInject.X
MSIL.Downloader.Agent.GT
Magniber.K
Meduza.A
Nanobot.MB
Netsky.B
Nitol.DA

51 additional families are not displayed above.

Files Modified

File	Attributes
	Generic Read,Write Data,Write Attributes,Write extended,Append data
	Synchronize,Write Attributes
\\	Generic Read,Write Data,Write Attributes,Write extended,Append data
\\	Synchronize,Write Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\4031f9c281859e1248a10cb45eh20c25	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\dart_dff370b1-62d9-11f0-a9ea-6ee908e31812_1	Generic Write
\device\namedpipe\dart_dff370b1-62d9-11f0-a9ea-6ee908e31812_2	Generic Write,Read Attributes
\device\namedpipe\dart_dff370b1-62d9-11f0-a9ea-6ee908e31812_3	Generic Write,Read Attributes

\device\namedpipe\dart_dff370b1-62d9-11f0-a9ea-6ee908e31812_4	Generic Write,Read Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\pshost.134178456901167824.6440.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ie0lso7.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ie0lso7.exe	Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ijkdrh7.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ijkdrh7.exe	Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ivz02qf.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ivz02qf.exe	Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$re0lso7.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$re0lso7.exe	Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$rjkdrh7.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$rjkdrh7.exe	Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$rvz02qf.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$rvz02qf.exe	Synchronize,Write Attributes
c:\autoexec.bat	Synchronize,Write Attributes
c:\program files (x86)\.ztd52c.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\windows mail\wab.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\windows mail\wab.exe	Synchronize,Write Attributes
c:\program files (x86)\windows mail\wabmig.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\windows mail\wabmig.exe	Synchronize,Write Attributes
c:\program files (x86)\windows photo viewer\imagingdevices.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\windows photo viewer\imagingdevices.exe	Synchronize,Write Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\program files\cuassistant\culauncher.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\cuassistant\culauncher.exe	Synchronize,Write Attributes
c:\program files\microsoft update health tools\expediteupdater.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\microsoft update health tools\expediteupdater.exe	Synchronize,Write Attributes
c:\program files\microsoft update health tools\uhssvc.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\microsoft update health tools\uhssvc.exe	Synchronize,Write Attributes
c:\program files\rempl\sedlauncher.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\rempl\sedlauncher.exe	Synchronize,Write Attributes
c:\program files\ruxim\dtudriver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\ruxim\dtudriver.exe	Synchronize,Write Attributes
c:\program files\ruxim\plugscheduler.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\ruxim\plugscheduler.exe	Synchronize,Write Attributes
c:\program files\ruxim\ruximics.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\ruxim\ruximics.exe	Synchronize,Write Attributes
c:\program files\ruxim\ruximih.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\ruxim\ruximih.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\classification\sensece.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\classification\sensece.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\mssense.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\mssense.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseap.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseap.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseaptoast.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseaptoast.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensecm.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensecm.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensedlpprocessor.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensedlpprocessor.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensegpparser.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensegpparser.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseidentity.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseidentity.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseimdscollector.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseimdscollector.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseir.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseir.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensendr.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensendr.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensesampleuploader.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensesampleuploader.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensetracer.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensetracer.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensetvm.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensetvm.exe	Synchronize,Write Attributes
c:\program files\windows defender\configsecuritypolicy.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\configsecuritypolicy.exe	Synchronize,Write Attributes
c:\program files\windows defender\mpcmdrun.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\mpcmdrun.exe	Synchronize,Write Attributes
c:\program files\windows defender\msmpeng.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\msmpeng.exe	Synchronize,Write Attributes
c:\program files\windows defender\nissrv.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\nissrv.exe	Synchronize,Write Attributes
c:\program files\windows defender\offline\offlinescannershell.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\offline\offlinescannershell.exe	Synchronize,Write Attributes
c:\program files\windows mail\wab.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows mail\wab.exe	Synchronize,Write Attributes
c:\program files\windows mail\wabmig.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows mail\wabmig.exe	Synchronize,Write Attributes
c:\program files\windows photo viewer\imagingdevices.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows photo viewer\imagingdevices.exe	Synchronize,Write Attributes
c:\program files\windows security\browsercore\browsercore.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows security\browsercore\browsercore.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.3dbuilder_10.0.0.0_x64__8wekyb3d8bbwe\builder3d.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.3dbuilder_10.0.0.0_x64__8wekyb3d8bbwe\builder3d.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.549981c3f5f10_4.2308.1005.0_x64__8wekyb3d8bbwe\cortana.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.549981c3f5f10_4.2308.1005.0_x64__8wekyb3d8bbwe\cortana.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingfinance_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.money.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingfinance_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.money.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingnews_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.news.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingnews_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.news.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingsports_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.sports.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingsports_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.sports.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingweather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.msn.weather.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingweather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.msn.weather.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.copilot_1.25121.60.0_x64__8wekyb3d8bbwe\agentisolationenvironment.agentproxy\agentproxy.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.copilot_1.25121.60.0_x64__8wekyb3d8bbwe\agentisolationenvironment.agentproxy\agentproxy.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.copilot_1.25121.60.0_x64__8wekyb3d8bbwe\agentisolationenvironment.agentrelay\agentrelay.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.copilot_1.25121.60.0_x64__8wekyb3d8bbwe\agentisolationenvironment.agentrelay\agentrelay.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.copilot_1.25121.60.0_x64__8wekyb3d8bbwe\copilot.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.copilot_1.25121.60.0_x64__8wekyb3d8bbwe\copilot.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.copilot_1.25121.60.0_x64__8wekyb3d8bbwe\copilotcontext.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.copilot_1.25121.60.0_x64__8wekyb3d8bbwe\copilotcontext.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.copilot_1.25121.60.0_x64__8wekyb3d8bbwe\copilotwidgets.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.copilot_1.25121.60.0_x64__8wekyb3d8bbwe\copilotwidgets.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.copilot_1.25121.60.0_x64__8wekyb3d8bbwe\createdump.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.copilot_1.25121.60.0_x64__8wekyb3d8bbwe\createdump.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\appinstaller.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\appinstaller.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\appinstallerfulltrustappserviceclient.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\appinstallerfulltrustappserviceclient.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\authenticationmanager.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\authenticationmanager.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\configurationremotingserver\configurationremotingserver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\configurationremotingserver\configurationremotingserver.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\configurationremotingserver\createdump.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\configurationremotingserver\createdump.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\winget.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\winget.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\appinstaller.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\appinstaller.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\appinstallerfulltrustappserviceclient.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\appinstallerfulltrustappserviceclient.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\authenticationmanager.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\authenticationmanager.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\configurationremotingserver\configurationremotingserver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\configurationremotingserver\configurationremotingserver.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\configurationremotingserver\createdump.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\configurationremotingserver\createdump.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\winget.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\winget.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\appinstaller.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\appinstaller.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\authenticationmanager.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\authenticationmanager.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\configurationremotingserver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\configurationremotingserver.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\createdump.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\createdump.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\wingetmcpserver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\wingetmcpserver.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\winget.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\winget.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\appinstaller.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\appinstaller.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\appinstallerprotocolshim.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\appinstallerprotocolshim.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\authenticationmanager.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\authenticationmanager.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\dotnet\configurationremotingserver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\dotnet\configurationremotingserver.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\dotnet\createdump.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\dotnet\createdump.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\dotnet\wingetmcpserver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\dotnet\wingetmcpserver.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\winget.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\winget.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.gethelp_10.2409.22951.0_x64__8wekyb3d8bbwe\createdump.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.gethelp_10.2409.22951.0_x64__8wekyb3d8bbwe\createdump.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.gethelp_10.2409.22951.0_x64__8wekyb3d8bbwe\gethelp.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.gethelp_10.2409.22951.0_x64__8wekyb3d8bbwe\gethelp.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.gethelp_10.2409.32612.0_x64__8wekyb3d8bbwe\createdump.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.gethelp_10.2409.32612.0_x64__8wekyb3d8bbwe\createdump.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.gethelp_10.2409.32612.0_x64__8wekyb3d8bbwe\gethelp.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.gethelp_10.2409.32612.0_x64__8wekyb3d8bbwe\gethelp.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.gethelp_10.2409.33293.0_x64__8wekyb3d8bbwe\createdump.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.gethelp_10.2409.33293.0_x64__8wekyb3d8bbwe\createdump.exe	Synchronize,Write Attributes

1763 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\policies\system::disableregistrytools		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::bron-spizaetus	"C:\Windows\ShellNew\bronstab.exe"	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\winlogon::shell	Explorer.exe "C:\Windows\eksplorasi.exe"	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disablecmd		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\explorer::nofolderoptions		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::tok-cirrhatus	"C:\Users\Nqkdzvtl\appdata\local\smss.exe"	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidefileext		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::showsuperhidden		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disableregistrytools		RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	貀횕Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\classes\shockwaveflash.shockwaveflash\shell\open\command::		RegNtPreCreateKey
HKLM\software\classes\shockwaveflash.shockwaveflash\defaulticon::	0þ,1	RegNtPreCreateKey
HKLM\software\classes\.swf::	ShockwaveFlash.ShockwaveFlash	RegNtPreCreateKey
HKLM\software\classes\.spl::	ShockwaveFlash.ShockwaveFlash	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\norg\pobedit::version	0.904	RegNtPreCreateKey
HKLM\software\classes\.f3d::	f3dfile	RegNtPreCreateKey
HKLM\software\classes\f3dfile::	POBEdit settings file	RegNtPreCreateKey
HKLM\software\classes\f3dfile\defaulticon::	c:\users\user\downloads\3fa547196233bb8686d4a2d6d861b00799af3970_0001332196.exe,0	RegNtPreCreateKey
HKLM\software\classes\f3dfile\shell\open\command::	c:\users\user\downloads\3fa547196233bb8686d4a2d6d861b00799af3970_0001332196.exe /data "%1"	RegNtPreCreateKey
HKLM\software\classes\.f3k::	f3kfile	RegNtPreCreateKey
HKLM\software\classes\f3kfile::	POBEdit key file	RegNtPreCreateKey
HKLM\software\classes\f3kfile\defaulticon::	c:\users\user\downloads\3fa547196233bb8686d4a2d6d861b00799af3970_0001332196.exe,0	RegNtPreCreateKey
HKLM\software\classes\f3kfile\shell\open\command::	c:\users\user\downloads\3fa547196233bb8686d4a2d6d861b00799af3970_0001332196.exe /key "%1"	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ጾꉑǛ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::samsungelectronicsviewer	C:\ProgramData\BiostarChecker\AppleWorkshop.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::bron-spizaetus	"C:\Windows\ShellNew\RakyatKelaparan.exe"	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\winlogon::shell	Explorer.exe "C:\Windows\KesenjanganSosial.exe"	RegNtPreCreateKey
HKLM\system\controlset001\control\safeboot::alternateshell	cmd-brontok.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::tok-cirrhatus-1266	"C:\Users\Vzqsvlmd\appdata\local\br3555on.exe"	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::tok-cirrhatus	(NULL)	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317	Û	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324	#	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	é	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://affiliate.free.rongrean.com/logo.gifhttp://demo.mosiva	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey
HKCU\software\apcr::u1_0	鱞댶	RegNtPreCreateKey
HKCU\software\apcr::u2_0	⏑	RegNtPreCreateKey
HKCU\software\apcr::u3_0	権ă	RegNtPreCreateKey
HKCU\software\apcr::u4_0		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\ronyasoft\proposter\registrator::installtime	械	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	⑫ȁᗳ龡^å紘Ç獖}ê⦘·ê좟Ê	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\twhqnqifxfdppwwgyyjjjb::fsdelriqewfoclujey	xswhczsotjblkptxtyoldsd	RegNtPreCreateKey
HKCU\software\jssazyjcpmzslqzqeoijnk::wljeewduifatznkxzxjmkyco	ifcyzwspzlcgxnecderei	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	睹ᢋ㎃ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	戭Ƽ䰤ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	镙ƽ䰤ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	࿛ǻ䰤ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ᬦǼ䰤ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	蛢ȅ䰤ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	蛢ȅ䰤ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	詑෗䵋ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	꺜ෘ䵋ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ࡁผ䵋ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	超ฮ䵋ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	蕓ะ䵋ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\classes\clsid\{815713a6-f9d3-4ce9-ab5a-b3d6250ed01e}::	.Document	RegNtPreCreateKey
HKLM\software\classes\clsid\{815713a6-f9d3-4ce9-ab5a-b3d6250ed01e}\inprocserver32::	ole32.dll	RegNtPreCreateKey
HKCU\software\proxima software\fontdraw\1.0\options::lastsessionresult		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\notepad.exe	㜞繘呓ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disabletaskmgr		RegNtPreCreateKey
HKCU\software\user914\1214104697::1919251317	0	RegNtPreCreateKey
HKCU\software\user914\1214104697::-456464662		RegNtPreCreateKey
HKCU\software\user914\1214104697::1462786655		RegNtPreCreateKey
HKCU\software\user914\1214104697::-912929324	#	RegNtPreCreateKey
HKCU\software\user914\1214104697::1006321993	Ċ	RegNtPreCreateKey
HKCU\software\user914\1214104697::-1369393986	http://aspricot.com/images/logos.gifhttp://asirtech.com/logos	RegNtPreCreateKey
HKCU\software\user914\1214104697::549857331		RegNtPreCreateKey
HKCU\software\user914::u1_0	⠺첖	RegNtPreCreateKey
HKCU\software\user914::u2_0	ᖍ	RegNtPreCreateKey
HKCU\software\user914::u3_0	権ă	RegNtPreCreateKey
HKCU\software\user914::u4_0		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㓰噺姎ǜ	RegNtPreCreateKey
HKCU\software\microsoft\systemcertificates\ca\certificates\31600991ed5fec63d355a5484a6dcc787ead89bc::blob		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ᐜ㥽宎ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	渻㦁宎ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	탴㧛宎ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	낂㧝宎ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	姚㧣宎ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	姚㧣宎ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	Ŭ쥞彟ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	⏣틲愕ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	틵愕ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	抒팺愕ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75	沍 ⬉ʾ䠱O᤹˃噀ñ቎Ĥ᝹ʁ뽹ɞ傄ë駃óߙĤ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75	沊⬉ʾ䠱O噀ñ᝹ʁ뽹ɞ傄ë駃óߙĤ	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\authentication\logonui\facelogon::credprovuncompletedinstances		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af521\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::wextract_cleanup0	rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Xuaebogg\AppData\Local\Temp\IXP000.TMP\"	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	괄䤊禑ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires\2.0::cdpath	c:\users\user\downloads\	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires\2.0::pid	00000-000-0000000-00000	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires\2.0::installtype	1	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires\2.0::installationdirectory	c:\users\user\downloads\	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires\2.0::zone	http://www.zone.com/asp/aoe2redir.asp	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires\2.0::version	2	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires\2.0::launched	1	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires\2.0::exe path	c:\users\user\downloads\	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires\2.0::versiontype	RetailVersion	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires\2.0::installedgroup	1	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires\2.0::langid		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires\2.0::processor speed	Ċ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires\2.0::custom mouse		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires\2.0\eula::firstrun		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires ii: the conquerors expansion\1.0::zone	http://www.zone.com/conquerors	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires ii: the conquerors expansion\1.0::version	1	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires ii: the conquerors expansion\1.0::launched	1	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires ii: the conquerors expansion\1.0::pid	53532-442-9107722-25172	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires ii: the conquerors expansion\1.0::exe path	c:\users\user\downloads\	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires ii: the conquerors expansion\1.0::cdpath	c:\users\user\downloads\	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires ii: the conquerors expansion\1.0::versiontype	RetailVersion	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires ii: the conquerors expansion\1.0::installedgroup	3	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires ii: the conquerors expansion\1.0::langid		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\microsoft games\age of empires ii: the conquerors expansion\1.0\eula::firstrun		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directplay\applications\age of empires ii::guid	{FB69A260-5031-11d3-A2D4-006097BA6550}	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directplay\applications\age of empires ii::launcher	Empires2.Exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directplay\applications\age of empires ii::file	Empires2.Exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directplay\applications\age of empires ii::commandline	lobby	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directplay\applications\age of empires ii::path	c:\users\user\downloads\	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directplay\applications\age of empires ii::currentdirectory	c:\users\user\downloads\	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directplay\applications\age of empires ii - the conquerors expansion::guid	{5DE93F3F-FC90-4ee1-AE5A-63DAFA055950}	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directplay\applications\age of empires ii - the conquerors expansion::launcher	\age2_x1.Exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directplay\applications\age of empires ii - the conquerors expansion::file	\age2_x1.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directplay\applications\age of empires ii - the conquerors expansion::commandline	lobby	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directplay\applications\age of empires ii - the conquerors expansion::path	c:\users\user\downloads\	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directplay\applications\age of empires ii - the conquerors expansion::currentdirectory	c:\users\user\downloads\	RegNtPreCreateKey
HKU\.DEFAULT\software\microsoft\microsoft games\age of empires ii: the conquerors expansion\1.0\eula::firstrun		RegNtPreCreateKey
HKCU\software\apxdmbrsiayidoytzzzo::esjljlhjeijjezvvxydsdsqc	rvkvcptulydjtijgxsjars	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	⺷㠯絞ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	癕㠰絞ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ᩈ썎綋ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	몴썒綋ǜ	RegNtPreCreateKey
HKCU\software\plfgagwmeglzqxhzfzhdiiu::pfbbyquaosidzcrntylzi	vydovbyulisfcwr	RegNtPreCreateKey
HKCU\synthriderz::url protocol		RegNtPreCreateKey
HKCU\synthriderz\shell\open\command::	"c:\users\user\downloads\a094a27c878d516b6a66e01cbaa1f7ca1a402d85_0005900800" "--install" "%1"	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	⟛鱳绢ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	鱷绢ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	蜀鳙绢ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	輓鳛绢ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ⷖ鳨绢ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ⷖ鳨绢ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	중莃ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㳶줔莃ǜ	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317	扱	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	Č	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://ecosukces.nazwa.pl/images/button.gifhttp://nurstravel.	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey
HKCU\software\apcr::u1_0	윣렴	RegNtPreCreateKey
HKCU\software\apcr::u2_0	♄	RegNtPreCreateKey
HKCU\software\apcr::u1_1	腖ֆ	RegNtPreCreateKey
HKCU\software\apcr::u2_1	唱牥	RegNtPreCreateKey
HKCU\software\apcr::u3_1	ᥜ獦	RegNtPreCreateKey

379 additional registry modifications are not displayed above.

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAccessCheckByType ntdll.dll!NtAddAtomEx ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAllocateLocallyUniqueId ntdll.dll!NtAllocateReserveObject ntdll.dll!NtAllocateUuids ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcCancelMessage Show More ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePort ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcDisconnectPort ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCopyFileChunk ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateLowBoxToken ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateUserProcess ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteAtom ntdll.dll!NtDeleteKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFindAtom ntdll.dll!NtFlushBuffersFile ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtGetContextThread ntdll.dll!NtGetNlsSectionPtr ntdll.dll!NtGetWriteWatch ntdll.dll!NtImpersonateAnonymousToken ntdll.dll!NtLockFile ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtNotifyChangeMultipleKeys ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtPrivilegeObjectAuditAlarm ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFile ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken 258 additional items are not displayed above.
Network Winsock2	WSARecv WSAStartup
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserNameEx GetUserObjectInformation
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Process Shell Execute	CreateProcess ShellExecute ShellExecuteEx WinExec WriteConsole
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Terminate	TerminateProcess
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetReadFile InternetSetOption
Network Winhttp	WinHttpConnect WinHttpOpen WinHttpOpenRequest WinHttpQueryHeaders WinHttpReceiveResponse WinHttpSendRequest
Network Winsock	bind closesocket freeaddrinfo getaddrinfo gethostname getsockname setsockopt socket
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Network Urlomon	URLDownloadToFile
Keyboard Access	GetAsyncKeyState GetKeyState
Network Icmp	IcmpCreateFile IcmpSendEcho2Ex
Service Control	OpenSCManager OpenService StartService

Shell Command Execution


							explorer.exe


							C:\Users\Nqkdzvtl\appdata\local\smss.exe


							C:\Users\Nqkdzvtl\appdata\local\winlogon.exe


							OpenNewWindow shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}


							at /delete /y


									at 17:08 /every:M,T,W,Th,F,S,Su "C:\Users\Nqkdzvtl\appdata\Roaming\Microsoft\Windows\Templates\WowTumpeh.com"


									C:\Users\Nqkdzvtl\appdata\local\services.exe


									"C:\Users\Gowlnxwr\AppData\Local\Temp\is-ATAMO.tmp\1a55ea9b9d6544a1a6395a13cc74601a9eccb4ee_0004217666.tmp" /SL5="$2005C,3951103,54272,c:\users\user\downloads\1a55ea9b9d6544a1a6395a13cc74601a9eccb4ee_0004217666.exe"


									"C:\Users\Cpzcioko\AppData\Local\Temp\is-6J08P.tmp\eca8b2d4413783526af2bef5c10755ab9541d51c_0001878861.tmp" /SL5="$20266,1384367,152064,c:\users\user\downloads\eca8b2d4413783526af2bef5c10755ab9541d51c_0001878861.exe"


									"C:\Users\Ttbxuzeh\AppData\Local\Temp\is-JPQ74.tmp\4395f8f34890f488347210c66d3f6dccf828b785_0001937094.tmp" /SL5="$C01E2,1442652,152064,c:\users\user\downloads\4395f8f34890f488347210c66d3f6dccf828b785_0001937094.exe"


									"C:\Users\Isyoleil\AppData\Local\Temp\is-72CPI.tmp\a429ad1fe35ad688e4cbab4a24a9656a326fedca_0001871562.tmp" /SL5="$2002C,1377073,152064,c:\users\user\downloads\a429ad1fe35ad688e4cbab4a24a9656a326fedca_0001871562.exe"


									reg query HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\BuildLayers\DesktopEditions /v BuildArch


									C:\Users\Vzqsvlmd\appdata\local\smss.exe


									C:\Users\Vzqsvlmd\appdata\local\winlogon.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ed1379750d9427f8e2ed0238ccbed20d8caa49fa_0000131584.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\48b33a48ade4a4edb1de807b073dd882815001c6_0005731840.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9b2a3c4ec4b59dc125f62a39864dfbde8af08943_0006686720.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\102c080ddd262b819c3d0623d7fbf4f5071776bf_0000598016.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e44e300302dbce1c2dad6f518ea3c0cdb88fc4f4_0000860160.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b6484ad2affc50f49900509edbf9bdf08cf2f5d6_0009893888.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cd141cc7f5610e81df707633fd44ecb362aee2de_0007372480.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cd950ac7a22f2afdb50e3327b83c41537c1b04d2_0007950000.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4d92bf632927d6d4897c7359cd308bab29cbf07c_0006387200.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f43472c8a0e09a2dbf09bfd761b4afebce8f7334_0000032568.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\096e605f1a84ebe0c0060e18333036e3e2133055_0002138112.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a7309dfe39df8845b406c218804891bfd03514f7_0000175104.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5947ebaf4e5ddaa713010c3360f15815166ebd49_0009823560.,LiQMAxHB


									C:\Users\Fjjnadro\AppData\Local\Temp\58D209FC.exe


									C:\Users\Fjjnadro\AppData\Local\Temp\1AD311F6.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d6feebe9984073f7e0befd6c78782a56a5fbca1b_0000245760.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4dea8fb19d485f2b17dace50a05e6f7d4d7ddbf0_0000719615.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d63351bf832f50303ce54edab104d08581eb8fab_0007431680.,LiQMAxHB


									(NULL) regsvr32.exe   -s 		 J3E5Pg7C.WX


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\262becd9264f4211c70145751c496e4f40282fff_0000326656.,LiQMAxHB


									"C:\Users\Bubxsvbc\AppData\Local\Temp\is-DSRV8.tmp\b11c5418e9ab8c62d6aed9646378b851e22a65c8_0001688219.tmp" /SL5="$10276,1194045,152064,c:\users\user\downloads\b11c5418e9ab8c62d6aed9646378b851e22a65c8_0001688219"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\09679cb94d4593cadbe71ae8f6000cbc3d8dfae6_0006402048.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\dd2895368e97bfbe14ecb034feeaa78f1a3b4f22_0009823624.,LiQMAxHB


									"C:\Users\Zaxpyxqj\AppData\Local\Temp\is-E1LSK.tmp\77fc30e017399a6ce91bc5966da2401d3f7c14eb_0007438774.tmp" /SL5="$20136,6945996,152064,c:\users\user\downloads\77fc30e017399a6ce91bc5966da2401d3f7c14eb_0007438774"


									"C:\Users\Gfufwjia\AppData\Local\Temp\is-7L14T.tmp\a28c234e777c6f45c5ba14d6658b733aec0738d4_0001726767.tmp" /SL5="$E004C,1232423,152064,c:\users\user\downloads\a28c234e777c6f45c5ba14d6658b733aec0738d4_0001726767"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cafa809bbc0f283b05f5b4b0fdfa7285365fe0c7_0001478656.,LiQMAxHB


									"C:\Users\Fvfdzcwx\AppData\Local\Temp\is-9CH7Q.tmp\ebcf653ce93bf993639e47ebd8b7563bdeb760c5_0007837586.tmp" /SL5="$200FA,7343257,152064,c:\users\user\downloads\ebcf653ce93bf993639e47ebd8b7563bdeb760c5_0007837586"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0ae6616f9f63fde442d8f402bc55fe49c95c5ba3_0006684672.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6f5f132304ece5fc9dc7506d1b2dc7fc6388d392_0000118878.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2e46761b836e25cae8c87d0ab5dab10d188a7d5e_0001875968.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\35a951615942488b5c72e45860aca26c2c000a07_0004953600.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b7db9cb2f2485420ea6db88ee5c7a7522e804363_0003486208.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\07d7572dbc84f13d11389a3d070440a85d9ce302_0001478656.,LiQMAxHB


									C:\Users\Dbsuflii\AppData\Local\Temp\0D295C05.exe


									C:\Users\Dbsuflii\AppData\Local\Temp\4CE163FF.exe


									(NULL) C:\Users\Qhfvinug\AppData\Local\Temp\RarSFX0\kmsultimatefree.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\49c740eb830c23c225781ed95d616f4902a43e05_0001198080.,LiQMAxHB


									"C:\Users\Iqiojixo\AppData\Local\Temp\is-T3JQV.tmp\b24342b50cc9073b1fe7716e4cab6ba888f1ff52_0001714270.tmp" /SL5="$50052,1219995,152064,c:\users\user\downloads\b24342b50cc9073b1fe7716e4cab6ba888f1ff52_0001714270"


									C:\WINDOWS\system32\schtasks.exe schtasks  /query /tn MicrosoftEdgeUpdateTaskMachineUPAS


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /sc minute /mo 1 /tn MicrosoftEdgeUpdateTaskMachineUPAS /tr C:\Users\Noecovfw\AppData\Roaming\WindowsSystemDiagnostics.{D20EA4E1-3957-11D2-A40B-0C5020524153}\spooIsv.exe /f


									C:\WINDOWS\system32\PING.EXE ping  127.0.0.1 -n 5


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4b969eef2d20f45ef3a89f8e0419f7fc8cc65d5e_0009149160.,LiQMAxHB


									"C:\Users\Lchuryxs\AppData\Local\Temp\is-PHEGO.tmp\491b3aca1ed46fa27d71f4555fbffc7939bbdc15_0001728186.tmp" /SL5="$30142,1233887,152064,c:\users\user\downloads\491b3aca1ed46fa27d71f4555fbffc7939bbdc15_0001728186"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bbb7997f4010b1fd2281ee36b292997a851da3e2_0000102912.,LiQMAxHB


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /sc minute /mo 1 /tn MicrosoftEdgeUpdateTaskMachineUPAS /tr C:\Users\Kjmypbcf\AppData\Roaming\WindowsSystemDiagnostics.{D20EA4E1-3957-11D2-A40B-0C5020524153}\spooIsv.exe /f


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5ac423df746f79bc9331388bb20e5f7a8988b614_0000124184.,LiQMAxHB


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /sc minute /mo 1 /tn MicrosoftEdgeUpdateTaskMachineUPAS /tr C:\Users\Fblwbloq\AppData\Roaming\WindowsSystemDiagnostics.{D20EA4E1-3957-11D2-A40B-0C5020524153}\svchost.exe /f


									"C:\Users\Fswtpxld\AppData\Local\Temp\is-42N70.tmp\bfa756d2cb50b70592b887a613388167fb1cb905_0001712501.tmp" /SL5="$601E8,1218154,152064,c:\users\user\downloads\bfa756d2cb50b70592b887a613388167fb1cb905_0001712501"


									"C:\Users\Vwdudwkf\AppData\Local\Temp\is-T4V95.tmp\3f32c18a5566246c5120232a98420e9d5e161b2f_0001733597.tmp" /SL5="$901EA,1239310,152064,c:\users\user\downloads\3f32c18a5566246c5120232a98420e9d5e161b2f_0001733597"


									open C:\Users\Ndwzoeoy\AppData\Roaming\Proxima Software\FontDraw\1.0\Errors\


									open C:\Users\Ndwzoeoy\AppData\Roaming\Proxima Software\FontDraw\1.0\Errors\crash [2025-11-12 20.10.47].txt


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3ad45355341a1b9c243c40d8d115c68c9772e07d_0007026176.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e4aa00cf0c9d0fc5cde4370c1363eac673741f95_0001198080.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\748e58863a939024b77387c98ee4a11e70fd0a65_0000039951.,LiQMAxHB


									(NULL) C:\Users\Fdrppcol\AppData\Local\Temp\ansyufassaj.exe


									(NULL) C:\Users\Fdrppcol\AppData\Local\Temp\dh2873hd732.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\53708ae0b53f99c1258e4de1cae14068eb8f73a5_0000494592.,LiQMAxHB


									"c:\users\user\downloads\4cd2e4edfdfb0de23aecba4ff7927a6832d24e2b_0000881443" -sfxwaitall:0 "FastCopy\FastCopy64.exe"


									(NULL) FastCopy\FastCopy64.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ed78eb27c2fbe88e183ae6619252af8e4413fc37_0002404352.,LiQMAxHB


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /sc minute /mo 1 /tn MicrosoftEdgeUpdateTaskMachineUPAS /tr C:\Users\Wbxcfaam\AppData\Roaming\WindowsSystemDiagnostics.{D20EA4E1-3957-11D2-A40B-0C5020524153}\spooIsv.exe /f


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2f83b2281b925778a9edeb71106a913d877474c3_0001478656.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\46fdf961bd2431e3dc6a608bcc3552fd2beb7d0b_0007953008.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7aad3ba1832c2cfa62b1c92b8b382696cc5ee3a5_0000245760.,LiQMAxHB


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn MyApp /tr C:\Users\Kmfsqdyg\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f


									WriteConsole: Access is denied


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e6847690014d93c597907bc2647aa58102239e42_0001198080.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0afdce3ff000be2b682e123e6815acc2f9aac7bd_0009834672.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9f47a305bec5200dc77a6c14111d357b78243c35_0008984296.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\49cd8cff761a370e4928a1fd8257abf5c667ba99_0003614208.,LiQMAxHB


									C:\Users\Jcvtrrwt\AppData\Local\Temp\5D3F21E8.exe


									C:\Users\Jcvtrrwt\AppData\Local\Temp\1B0275D9.exe


									C:\Users\Jcvtrrwt\AppData\Local\Temp\183541D0.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9d6c9e55ebdfd837b44015ecfa085ca6c5cc4e73_0000983552.,LiQMAxHB


									C:\Users\Dyprwxxj\AppData\Local\Temp\5EAC4549.exe


									C:\Users\Dyprwxxj\AppData\Local\Temp\21024D43.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d13135ed6bd895de58235023bc2841add3e2997f_0004450816.,LiQMAxHB


									"C:\Users\Wegnxrpp\AppData\Local\Temp\is-DJA6G.tmp\f3587200f31eec9f6f69da0a02a60ea6d13321e5_0005106381.tmp" /SL5="$13071E,4299694,780800,c:\users\user\downloads\f3587200f31eec9f6f69da0a02a60ea6d13321e5_0005106381"


									"C:\Users\Wegnxrpp\AppData\Local\Temp\is-FVT05.tmp\Consectetur.exe" 7e5d29b1a3f369786a11a0559163e9ac


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\17b7ce50b9acc0e51307636c923d47da05c5b2ba_0002031616.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\642343eb7fe79b326ec90464cf166cb45380bcc1_0003892736.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bfb2949f55faa719170bf448f0f5df3850cbcce3_0000584704.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6f4383d4447ccbe264353654b2bfeb9dc5410a2b_0008923136.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\432f624610bbc687032f36f3eafdce415d997349_0000060416.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\06c27bc49292ee4cee7fd349257274f64080a8bd_0001205248.,LiQMAxHB


									"C:\Users\Rjvfwams\AppData\Local\Temp\is-70V1E.tmp\037d03a7367ffed5e833c9bc7144aa91ef5f87fc_0002943494.tmp" /SL5="$190022,2448836,152064,c:\users\user\downloads\037d03a7367ffed5e833c9bc7144aa91ef5f87fc_0002943494"


									C:\Users\Xuaebogg\AppData\Local\Temp\IXP000.TMP\dasetup.exe


									"C:\Users\Ceamqkte\AppData\Local\Temp\nseB9D0.tmp\nsBA5E.tmp" "C:\Users\Ceamqkte\AppData\Local\Temp\nseB9D0.tmp\WT039283WinBej2-lminstall.exe" 68215154


									"C:\Users\Ceamqkte\AppData\Local\Temp\nseB9D0.tmp\WT039283WinBej2-lminstall.exe" 68215154


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\17603762a73718eadf837e3f67ca8c1c9f2a1d5f_0000093612.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\80a3b80ac0ce6a2b12131b3a57024725833c646c_0000147456.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f2d0bcee72e2c0b8512b3bb9589bdd789f9d5303_0009461275.,LiQMAxHB


									C:\WINDOWS\system32\timeout.exe timeout  /t 5 /nobreak


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\28d5c9adc6b3959c36ef0d2232353345e36bf1d8_0007437312.,LiQMAxHB


									"C:\Users\Emqekowa\AppData\Local\Temp\is-U5CGR.tmp\8450a488538964ae71a2b65a02d685d218206534_0001558662.tmp" /SL5="$110068,1064380,152064,c:\users\user\downloads\8450a488538964ae71a2b65a02d685d218206534_0001558662"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bcb03f3cda160fccfe814c4255549b1bb9da367e_0001393152.,LiQMAxHB


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /sc minute /mo 1 /tn MicrosoftEdgeUpdateTaskMachineUPAS /tr C:\Users\Xkcjvrgh\AppData\Roaming\WindowsSystemDiagnostics.{D20EA4E1-3957-11D2-A40B-0C5020524153}\svchost.exe /f


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8f02ad7afeda6424dc56174e7d2b035b02e4de30_0000136192.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\aab22441460119bcec45391ec8f8b9d1c80c9116_0007075328.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7fb162cc773060c4219eceb8423ed72b8d14737f_0008471040.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b63077a03de33c16cc6c0884130c471abf8f788b_0000245760.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b2c4f788a2b0a353ef81cdd0d7fbef41fc7d3f9e_0006654464.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5750842b4c39ade92b90956c2c52a8d9f842526f_0005713752.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\688274d79521b249ef13d2e855a5663ab663026d_0004692416.,LiQMAxHB


									"C:\Users\Iavxiwdu\AppData\Local\Temp\is-INA4P.tmp\cf596f02a249da293c123ef47dacfe68b210eaea_0001567102.tmp" /SL5="$602B8,1072899,152064,c:\users\user\downloads\cf596f02a249da293c123ef47dacfe68b210eaea_0001567102"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3ca78ac255f5fa01b2252c725e3db6ac42aa7353_0006027776.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c7588149e89e59e5c2e95e2664fdc447c7d30c3a_0009491352.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e478d5e85588ea6aaad0d2fd6a127199771c4bfb_0003374080.,LiQMAxHB


									C:\Users\Szpuprfn\AppData\Local\Temp\682F4400.exe


									C:\Users\Szpuprfn\AppData\Local\Temp\653B0FF7.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c8833c454f9024c9a72551a3397ed1784cec1a51_0002680320.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\71a17717f76534be368e1f611e57d1d15799a264_0005518848.,LiQMAxHB


									"C:\Users\Vlivheym\AppData\Local\Temp\is-S5I5G.tmp\0ce8cf01ea98d90996b104987b39b146f638e444_0001705668.tmp" /SL5="$40362,1211380,152064,c:\users\user\downloads\0ce8cf01ea98d90996b104987b39b146f638e444_0001705668"


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /sc minute /mo 1 /tn MicrosoftEdgeUpdateTaskMachineUPAS /tr C:\Users\Agvflaje\AppData\Roaming\WindowsSystemDiagnostics.{D20EA4E1-3957-11D2-A40B-0C5020524153}\svchost.exe /f


									"c:\users\user\downloads\Compilers\pbcompiler.exe"  /STANDBY


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\de68962eae238bc860c13872e0cf59b153aaf37c_0002177536.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a20e81a18c788a2c3dba1fcf9c28ad90b9945603_0007199744.,LiQMAxHB


									"C:\Users\Gppyumpv\AppData\Local\Temp\is-B2V8J.tmp\c500a322483d412a7c9a55319d83314e9e401dce_0002226206.tmp" /SL5="$6029C,1730985,152064,c:\users\user\downloads\c500a322483d412a7c9a55319d83314e9e401dce_0002226206"


									(NULL) i68Regenerator


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2bcbd23b5659fcb942eec7253d6baef6c19c916b_0000241664.,LiQMAxHB


									C:\Users\Nucryali\AppData\Roaming\win\update.exe "C:\Users\Nucryali\AppData\Roaming\win\update.exe"


									C:\Users\Nucryali\AppData\Roaming\win\harvester.exe "C:\Users\Nucryali\AppData\Roaming\win\harvester.exe"


									C:\WINDOWS\system32\cmd.exe "cmd" /C "net session >nul 2>&1"


									C:\WINDOWS\system32\net.exe net  session


									"C:\Users\Ukdmrqnv\AppData\Local\Temp\is-BESRS.tmp\a0ec665319d0c0564cd4535ebaae5c48c970f4c8_0001832956.tmp" /SL5="$50328,1338498,152064,c:\users\user\downloads\a0ec665319d0c0564cd4535ebaae5c48c970f4c8_0001832956"


									C:\Users\Noqperjv\AppData\Local\Temp\is-K09JL.tmp\is-RDCA6.tmp /SL4 $402E0 c:\users\user\downloads\0d1aea329c4be713e8875a755ba80e4527c843ea_0007262777 7246855 68096


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2dedf96eb8206215e6c8ce8e8482f835de432703_0000176128.,LiQMAxHB


									"C:\Users\Fnvafawx\AppData\Local\Temp\ShanOcr_uninst.exe" --p="c:\users\user\downloads"


									"C:\Users\Leqjzmvv\AppData\Local\Temp\is-HCTPM.tmp\def81837f99da926b0f45b589c0a3ddba07c8a98_0007255183.tmp" /SL5="$502AA,6760648,152064,c:\users\user\downloads\def81837f99da926b0f45b589c0a3ddba07c8a98_0007255183"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2ee2df57809d92d68dc7fff68bd8e87f0eae18b5_0005549568.,LiQMAxHB


									"C:\Users\Kjgvnogk\AppData\Local\Temp\is-6CU2J.tmp\4b1ed4e61481bee2f33ab753843a5de99911011b_0001726328.tmp" /SL5="$3031A,1232015,152064,c:\users\user\downloads\4b1ed4e61481bee2f33ab753843a5de99911011b_0001726328"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\751a162d842cb7548e8777a27beb9d54b5176464_0000090112.,LiQMAxHB


									"C:\Users\Klttvnjh\AppData\Local\Temp\is-FUOM7.tmp\ff9eb133a5f4f4564f31e4a91dceb3485dbc2324_0001695245.tmp" /SL5="$A0364,1200848,152064,c:\users\user\downloads\ff9eb133a5f4f4564f31e4a91dceb3485dbc2324_0001695245"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9ace90094365940649dcedb1823e98c128dc6c94_0006063104.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\03cbf3f8bae3aa603bc06f1923406ecbc88d4263_0001205248.,LiQMAxHB


									"C:\Users\Wmyjuwpo\AppData\Local\Temp\is-F4ODP.tmp\ce5d2bd8430d90d22ed40e8bf1c7e3f6c8ceac98_0007540585.tmp" /SL5="$30290,7046129,152064,c:\users\user\downloads\ce5d2bd8430d90d22ed40e8bf1c7e3f6c8ceac98_0007540585"

29 additional execution are not displayed above.

DangerousSec.Generic

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed