HEUR.Crypted

By Domesticus in Malware

Translate To:

Threat Scorecard

Popularity Rank:	1,426
Threat Level:	90 % (High)
Infected Computers:	18,185

First Seen:	July 24, 2009
Last Seen:	February 6, 2026
OS(es) Affected:	Windows

HEUR.Crypted is a detection method for malicious files intentionally encrypted in order to avoid detection from antivirus programs and software security, and remain concealed on system processes. HEUR.Crypted is packed using illegitimate software.

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
TrendMicro	TROJ_PACKED.BWB
Sophos	Mal/Packer
McAfee	Generic.dx
Ikarus	Trojan.Win32.Pakes.asp
F-Secure	W32/Packed_Nspack.A
ClamAV	PUA.Packed.NPack-2
CAT-QuickHeal	Win32.Packed.NSAnti.r
Authentium	W32/Onlinegames.gen
AhnLab-V3	Win-Trojan/MalPacked.Gen
Prevx1	High Risk Cloaked Malware
Panda	Trj/Agent.LDV
NOD32	probably a variant of Win32/Genetik
McAfee+Artemis	Generic!Artemis
K7AntiVirus	Trojan.Win32.Malware.1
Ikarus	Virus.Win32.VB.KP

SpyHunter Detects & Remove HEUR.Crypted

File System Details

HEUR.Crypted may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	VKNT.EXE	0b11cd29fd4de17d656cbc5d51158f9e	1
Name: VKNT.EXE MD5: 0b11cd29fd4de17d656cbc5d51158f9e Size: 82.94 KB (82944 bytes) Detections: 1 Type: Executable File Group: Malware file Last Updated: April 11, 2020
2.	4645.exe	ad29ec71990f3e98b3f626ef4085c85e	0
Name: 4645.exe MD5: ad29ec71990f3e98b3f626ef4085c85e Size: 14.78 KB (14788 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
3.	msmsgsd.exe	3633e644be329a6d2f2c26239abc11f1	0
Name: msmsgsd.exe MD5: 3633e644be329a6d2f2c26239abc11f1 Size: 84.95 KB (84956 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
4.	18808.exe	a12b70910fbc04120f1b0334fa4b7e28	0
Name: 18808.exe MD5: a12b70910fbc04120f1b0334fa4b7e28 Size: 14.78 KB (14788 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
5.	pscmain2.exe	052372ae4c00b9f4039ea172801ec0be	0
Name: pscmain2.exe MD5: 052372ae4c00b9f4039ea172801ec0be Size: 258.04 KB (258048 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
6.	tefmdw.dll	97253c24382729740dc4e8542b33d077	0
Name: tefmdw.dll MD5: 97253c24382729740dc4e8542b33d077 Size: 161.28 KB (161280 bytes) Detections: 0 Type: Dynamic link library Group: Malware file Last Updated: December 11, 2009
7.	lphctj5j0e539.exe	67702c7c36a2de193ea0d4302994ceec	0
Name: lphctj5j0e539.exe MD5: 67702c7c36a2de193ea0d4302994ceec Size: 110.08 KB (110080 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
8.	ntdll64.dll	d796e719a5fb52312fc028acd618a4db	0
Name: ntdll64.dll MD5: d796e719a5fb52312fc028acd618a4db Size: 57.85 KB (57856 bytes) Detections: 0 Type: Dynamic link library Group: Malware file Last Updated: December 11, 2009
9.	lsass.exe	267f3144e0a056a9f92aa99bde27b024	0
Name: lsass.exe MD5: 267f3144e0a056a9f92aa99bde27b024 Size: 102.98 KB (102984 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009

Analysis Report

General information

Family Name:	HEUR.Malware.Xored.Generic
Signature status:	No Signature

Known Samples

MD5: f8ad1720bac2c3620b966ca7c94786bb

SHA1: 3e9c12845b2f9a5dd81d9362e7cb65b5b9b0adaf

File Size: 1.78 MB, 1782215 bytes

MD5: 5af34a54f822300eba66fd602d7172da

SHA1: 2e1062d0b6332bfed9f05bd61d82e8853f776dc6

File Size: 299.46 KB, 299463 bytes

MD5: edb9eac4c7f938e1fdb0e71ea51723bb

SHA1: 20fec37c7e05b589732740335a36ef67372c6b3b

File Size: 1.93 MB, 1928647 bytes

MD5: d9b4f1c9a951bbe3d1834643cbb928a9

SHA1: 6860f452cd35b1824e66ebc6cbc5933b2c603688

File Size: 2.48 MB, 2480071 bytes

MD5: 293e8153e77088317d169d4eb0e2f83f

SHA1: 8568cf0ce2565efa77f4fb02c9c211d03b53fbdf

File Size: 1.32 MB, 1319367 bytes

MD5: 843d1b687b4187b161ed41bce6966fd4

SHA1: a16d588d162816c8e4a255ab274088b5025a355e

File Size: 135.62 KB, 135623 bytes

MD5: e1e5003cb64706dc812d28185f61e50c

SHA1: a51db073f9898f96a25b5f84bb6ae2ddbaeb92ff

File Size: 618.97 KB, 618967 bytes

MD5: fd7845cc8f1e3b5aea2eca1731c722db

SHA1: 7f292a8a31faaff3b7af3649704834fadd08d1e0

File Size: 424.90 KB, 424903 bytes

MD5: b7469651e6e6edefa7ae2f19c9394a42

SHA1: 31842e03b1f0ba59825962c5d40b812e6fe74318

File Size: 161.74 KB, 161735 bytes

MD5: bd5cc246c07aacfa4a8584eb7e9b8a5e

SHA1: 28fbaf0a543d15b9f2c64218e8203a56226c81c7

File Size: 197.06 KB, 197063 bytes

MD5: 5297d0c096e1af78a85f9c582ab37971

SHA1: 7be1aa0c912967edec370ab97796ae39280b8456

File Size: 238.02 KB, 238023 bytes

MD5: efdbfd44f542c1ab3aed543235eefe5b

SHA1: 0958f5499dacc588477548fe3b6efbe0694350be

File Size: 410.19 KB, 410187 bytes

MD5: e2dd807e5abcf5f083c3840e3117cda5

SHA1: 138614c09909000aa1fbb0f76198df1762e0b744

SHA256: E34E416733B39BF7B4E0AFF13680CAD55860FD6A4E76DDC45E62D81A60F2B344

File Size: 176.07 KB, 176071 bytes

MD5: 2a613ff6eb8df5f8058ba90c76e9ea71

SHA1: e59841c45fed6054e20ca7a160f9f7ac6b29b890

SHA256: 489B775AEF01730853A0FE63E24B9D3D45793126F79C74618EF44F47A066756C

File Size: 131.58 KB, 131583 bytes

MD5: c740d7e00eac9de2f4065c102f4ce38e

SHA1: b2d24a0f979be276f6f765f8dc6e7430625bdb91

SHA256: 05EE5228D4A147D424900259BAB8277B448DD2A1EE1E48B7B740799F313B7596

File Size: 6.97 MB, 6969287 bytes

MD5: be3930954bbbee98eb8368e1a66e025c

SHA1: 49de7eec32ce1f9344f319bc0c3062d67bde0092

SHA256: 8FEF5FCB8A1888766826F12545A091BCFACFC0476EE77D430050F23E628D4C32

File Size: 143.94 KB, 143936 bytes

MD5: 126e61c837667e476d57c3ba22d0c7e6

SHA1: 4ecf3de5feb393732acd10eca82f7bb35c88ca2d

SHA256: C34DB190A61EE79277748A9719FA993D119C9EC374D8AFF9C0F520D36F433C1B

File Size: 161.74 KB, 161735 bytes

MD5: b4573fc930b914c38efe4a5e621c7729

SHA1: 20426843a4e8e0a457db8885700609a73a3c7d7e

SHA256: EA751F4C5D4DD6AE2D5F6AD7CDF0FCB5AA47F7B13AF8058CB3B9937078DB68B6

File Size: 6.38 MB, 6381511 bytes

MD5: ca26713271e9d23d7c9cfc3f5f870e07

SHA1: a4fc0180a602996dbd9ec26c766ddf6efdaa5da6

SHA256: E6FAE3DCEB892F367EE443503437B419089B997B0B6CB75B0F479FDA5767F13A

File Size: 1.78 MB, 1781703 bytes

MD5: 723ab012ce336df100cc236e6d32fcac

SHA1: 4894493c37de6e57047d4c9122e34f57a8d04823

SHA256: E2398A46CAB0DE862DF90BE0480E24B727768E2336A9BE0CDAD2BCF05C50F1CE

File Size: 4.09 MB, 4094919 bytes

MD5: 899f17142a997b9db0b95eac7f99b154

SHA1: aecba96908bde98a1251f39665310164e65daa4f

SHA256: 0AD2CE6C5D4DC09E443F2E3E4A4395BD7814999CAEBCA76685E5F2E589D98B97

File Size: 1.58 MB, 1584583 bytes

MD5: 0f54577171572d0a6c2f05fd51e4a703

SHA1: 2b8e1b02cf1dde8da736758415fafe75b679910b

SHA256: E1C0DD8FD59354EFCC93C7D75DA2EE107F27B1DC7B2CCA1E6C05C0A71E014E7D

File Size: 176.07 KB, 176071 bytes

MD5: 556055b21d0f798b34057094465d8ad8

SHA1: cdb99d981324c7584512c08e9e628a9a4621effb

SHA256: 1972AA432356C24535A01686B9A3AE84B6D4B827ADEFA11B769075D1F795E4DF

File Size: 1.17 MB, 1171399 bytes

MD5: 4383c683bba9082039d7fbe00ae326bc

SHA1: ad7c3e7956d870cad02373a558906685c49c9743

SHA256: 1DAB788C0C63B09A1973A3E1A8B37351D290E9F584668ED3BAE5BBAFB48FC0C4

File Size: 1.03 MB, 1034695 bytes

MD5: 052769f269fca48015b90790bf2f3f89

SHA1: 14771b4949b49fded14ee739e85b9f5c1772ba9d

SHA256: A2B3DECE2079D2B7F5B5936C98DA126CA8B0E1D500F8F39034221A05B75D9524

File Size: 221.64 KB, 221639 bytes

MD5: a927ea91dd07fa113a17c11b70b233d1

SHA1: 3c2c21786ce4c45484f50f81301af3ecaf2701e6

SHA256: CDC7C608C79E6590FE394A2C94718E29E164578CEB25B166706209A97550689E

File Size: 5.07 MB, 5072839 bytes

MD5: 0aabf166d4ac9a8c78a16921377f6a41

SHA1: f6117d506182e908667c54d7c78912332f260a28

SHA256: 774FA8FADABBB34E69EF3215B0A5C7B12B55F21D5B832621248A9BC8C6085A7C

File Size: 245.70 KB, 245703 bytes

MD5: 171fdf534e067b724aab904f7e32e694

SHA1: a027a4e21288daefa09724b7b30bb6f6cf07edea

SHA256: 6E91C9448DAC3DC2B8305D50F5E463501D91F13E5F520A3045C4C94B347955FC

File Size: 747.46 KB, 747463 bytes

MD5: 023b13848fc2a2ce109cddad6b735bd8

SHA1: 693eeab0a40e6f5abf36c78d6a7d8227d80889b1

SHA256: FDFABA029C2D166820F228E2A215F23C52CC103A2C8CFCECBBE1DEC67F567ACE

File Size: 186.82 KB, 186823 bytes

MD5: 218f352f79dfd09c3474fc3c28a130f3

SHA1: b9498a4cef617654a9263acb136523ecded439ac

SHA256: 4482A4823F45AA6B72D1A3ADAF9161031627FA4A3135F40A9AD1E30270F53CBB

File Size: 2.48 MB, 2480071 bytes

MD5: 60ce3279742b8c0cbe49f7acd7ea2117

SHA1: 96b1bcef81707d65b3dd0317b01b9abafbde42eb

SHA256: 98DED91520E3CE2D84DB0F6F73F4E67B379B8551AF94CA5FE7FEEE75EF63C472

File Size: 1.32 MB, 1319367 bytes

MD5: 6ddc899f21a99158d3cd2817d02e06c9

SHA1: 208d96fe7a16385d61a63ef9157fcbb6f2539945

SHA256: 88FE8CEB42CDA823BEB9ACC8E423D9FA845CF7BCAFD856273AE62F16B63AC61B

File Size: 3.42 MB, 3421639 bytes

MD5: 8518856c7b07030e8aba70df5f77a510

SHA1: 04e47155cfe100ec5c6d946b9b2f4370ed534598

SHA256: 1B71DD573B13E3A48CD2AB4207B3B0E358978914FDBC226DD73D586BD4395DEF

File Size: 672.71 KB, 672711 bytes

MD5: 08a3544b6e6e3c8fa72fbc97807b27dd

SHA1: f926668f86d1e690b7742473ea1a845b33b7e32b

SHA256: 6F3225264A167DEF2453235424F58D01B4E192A03C9339C8A2BCDF167D347DFE

File Size: 130.50 KB, 130503 bytes

MD5: 1ae8cc640c3b17c5569764b8c56c7394

SHA1: aa9fdb0e51341e5cf51c881d67baa2831db78f6d

SHA256: B9BC931B22637E1691FDCE9B9E0804EDA78364460BF61C809CFD5FB0C16A73D6

File Size: 132.55 KB, 132551 bytes

MD5: a07c95043a18e234e89a6307ce008f25

SHA1: 0df459139c6b186c57e1446f547707095b97c3dd

SHA256: 233094D6CD744588B742FE6D87486C50C91D10DECE433178C357A66CEFA99E46

File Size: 176.07 KB, 176071 bytes

MD5: 4b7fdf89e175a9125b6a0bf962ba1d42

SHA1: a4ed90aa7930a99c37e28cd367fcdb4c82b7c89b

SHA256: AFD3E1BE497DF08F067F3702210498BC6F393357312E45B89DA42F420B79D70F

File Size: 3.67 MB, 3666887 bytes

MD5: d0e3754d44e4e344b85acfa309722661

SHA1: ed565964f90326d6373220bc844174ec28ceb486

SHA256: 9BDAF546792AB1EB92EF9007EBEF7B4FE0F726A78D0AB9A18350A703597933AA

File Size: 176.07 KB, 176071 bytes

MD5: ef48822611295848df6c790c55433f7b

SHA1: d762f0315b45027d4d2d98f105ff00e9798334bd

SHA256: 050FCF016056AFEA235A110A13B89DA5E159F8224E732C4FAB37DC0D96F3A693

File Size: 773.58 KB, 773575 bytes

MD5: aba8ef9881ab9dcd633b85bda3771103

SHA1: 2acf375ce42618608641d28f0315d57e8fac69c9

SHA256: 3CC44EC8578E2146C8287BD71A96255CF3E7424958CD794D13DEF356412A2BFC

File Size: 114.63 KB, 114631 bytes

MD5: c027d58619ec7801956e9bcdfb826117

SHA1: 0e747420ba1826b5ab4b0fcbf9b998da7b4ad4ef

SHA256: 9FC7CC56C70D627572EC5E6F146319DC9133C5112E9710B0168F2FF6AD048C0A

File Size: 176.07 KB, 176071 bytes

MD5: 91caa89044de0ba0547d6d37676b085b

SHA1: 4f9ab255fde19fb7a35e00b7d9466cd97d50b1c1

SHA256: 6EDE917438E43D7ADA386AE8776A79030D59110B84D4E9C74F92F67F5BC2A20D

File Size: 136.65 KB, 136647 bytes

MD5: 03d64406fd23750a2140bae64a02345a

SHA1: 1a47eb483199c9a2467b9dbac6af53adba0ae767

SHA256: 65D65E720DBB7F9A42F4346713E2BE4D4EC618851A446C05BD259AFBF3904140

File Size: 1.57 MB, 1573831 bytes

MD5: 688ecfec71b372e41a2a1c9623040591

SHA1: 3e29b99243b025719f114c776f990b3bb0764955

SHA256: FBB300D434ECCBFB2DE55DF46DE59FC3ABE6C1FDAE891D18AA71AC1D0973C49B

File Size: 421.83 KB, 421831 bytes

MD5: 2f16472e511ece35300d4687b14878c9

SHA1: 9f3a42dae2d3bc86bd73b3b01ffa480d0529c7c4

SHA256: 87A153F1261479495A0AB612BD7D2389323F022012F4D6BDCD9D7DC4F10180A8

File Size: 1.04 MB, 1038791 bytes

MD5: fa07fde01310800e81a13b33c631a1a8

SHA1: 1ae33c286a066ec1272af196e4fc931834e5c945

SHA256: 490851F2C68BE307765AC9ECE2C3EF0F882F58C386B09D74B0F745E1281F4FE9

File Size: 1.70 MB, 1696711 bytes

MD5: 897564fa176513503024bda13d5f2067

SHA1: 905125040cf6b02d2740e1cf82b7534ed315656b

SHA256: B6444181F8158BD3A671E31F598AAD773B2063BA38BFDD80B52536A84818E0C2

File Size: 1.66 MB, 1664455 bytes

MD5: 904bbc2ece6734c6151bfa5c092bc277

SHA1: 0b433a2c0c9d3d5eb939f236e60c675098790912

SHA256: D8302C63558EAC657D3470CCB46599AAA905C6828ABFA039CCFC682430A5F823

File Size: 143.94 KB, 143936 bytes

MD5: 77ef111440a02eb2b0e3dd0e4674feb9

SHA1: 9c9e1811757662ed55c568eb48463bde50ff8ade

SHA256: 17DCBA32B75564B3B512405575E32492793DC40D37812C12F70F08576136C294

File Size: 1.32 MB, 1316807 bytes

MD5: c1e023a7baae26e44b36dfe58d7f19b3

SHA1: 4ec5b29ee1afe2d49c732f4aab97ce9a1a3d9ff0

SHA256: 59CC9CEF46D140F100F128C03E91C81CF33F9A45D5AD8F3ED60B897932461E90

File Size: 1.50 MB, 1495495 bytes

MD5: 38d5128de7f3dff2dc473b983660785d

SHA1: 9da473af4625db7b49be847d1edfa16af9b3ed01

SHA256: 0E9A963139D70266CAD77FE26B80B48F242305CB69249DBC3863F24ED12C03A5

File Size: 1.12 MB, 1117127 bytes

MD5: 972f27b3dc72bc3f810590cddf82d196

SHA1: 74c34d2692d564a7e9db813a4e44109100fb97c3

SHA256: 96487B64B43DD7D6D2423B2FE6601A2C9F0D28047E820F971136BEBF5C0F40F4

File Size: 1.57 MB, 1569223 bytes

MD5: 5e9afa87bf34a6f5094d47267b84633f

SHA1: 52e31d302bc0d9a5c61e38bb282e4903f36f80ce

SHA256: 6887500FE8C6136F4C6AEBF166B77A8BD94CDCC61A47B0536DB719279CB9AF71

File Size: 303.56 KB, 303559 bytes

MD5: f3745b995d9dae3c4e2e1c47f707b59f

SHA1: 35e4fad042684f2e21722fcde0980ff5969e5552

SHA256: 91B289E5DCB0C0398E9B0196DA634F36E970B562EBA14FB2CEA0F5183B961CA6

File Size: 502.21 KB, 502215 bytes

MD5: 900e34bc0310e89a7d84bb9718a226cc

SHA1: 6ba6f0b17263f81b3d719df7d779adb728870eab

SHA256: ED4A954498B9836B154D686FE3A00B654E8346528CA5B9EB9AC4B95A2D056B5A

File Size: 344.52 KB, 344519 bytes

MD5: 3341b163dae61bd0f20216c2e7e940ae

SHA1: a8355eaa9aafbe032ac2e78b8ff738086dac38e9

SHA256: 5B603C2B9C56DD1990A5714BEB0620F403BC6745824E54DA8F02A064C075122E

File Size: 1.36 MB, 1355207 bytes

MD5: e04f5e183741d7e675e2d92d9ce87393

SHA1: 4b8ec5f38e1e8c3d489b7ad9588bb6f444af692e

SHA256: D75DC6CA8B72F1C25128072A3AD807991DC97EFFFD0A43ED4394D1E5CF6DF873

File Size: 214.98 KB, 214983 bytes

MD5: 67d6c3e4162c6d926f9021d3de6a123e

SHA1: 764a360728eaffae9a69ed70e629107d0409a4a2

SHA256: 305BE8884689DF2144927536DD41BE50F838007B1D09F101E215E2548719971F

File Size: 2.60 MB, 2600391 bytes

MD5: 26c415769fae0e42cb73809c5521c97b

SHA1: 429dbed8bd24e12a25d37553a2b69a034b0ee348

SHA256: F99379138D185D1B2374461E091AE48A233F9EB8412B373019E6CE83674C4FCD

File Size: 1.70 MB, 1704391 bytes

MD5: 827c360e0c76c54200e54fcf07b4df0e

SHA1: dc9758346d51d65fcb0a9558346aaa1016397dd1

SHA256: 964D3D7AC2549726A1B5ACD5A811613CF301530CC57CE46F8C8DBF846584C7CA

File Size: 434.12 KB, 434119 bytes

MD5: d11bedcde53358f5ffb0404880dbe851

SHA1: 51a08d9a984f6f63c3d6bee4b5043ce10cd7233f

SHA256: 76A3B98FA1DE384AF19E270E8CFF715C731675624FC02C38692B25DED75258EA

File Size: 136.65 KB, 136647 bytes

MD5: 9646d933c99ab40fa52b516c5b8bd536

SHA1: 59f1fa59a9b0e191d2b79ca173cf39f6d5fd0cb7

SHA256: 8B85D84143705D1E5D1024580A5AF95AF25AD8D2F12FF3A9E17A29C9F25C41D9

File Size: 504.26 KB, 504263 bytes

MD5: fdc898e5dab81918b6d926682b44dbfe

SHA1: 65c282f7d2b3a7bfd6bc74cdd104b70e326e53d8

SHA256: 8E4A2E203124EF149C01CC949F525DD3CDD2011BFD1F26C8F7DCF103E2FC3BE2

File Size: 850.38 KB, 850375 bytes

MD5: a8c49706dd8e6eccd10b852b303ec593

SHA1: 4ca59d383428eac78e424bc57265d4ce5210c59d

SHA256: 30AC6154B845FFB8E8FDF8E3561D1379EB9481986D428DA1EBBE93EA090C8197

File Size: 161.74 KB, 161735 bytes

MD5: 2b211d53aaa3b72115de79ff164499be

SHA1: 0c1dbd92f041354ba2fd376fbb6dba8a24c4b7c1

SHA256: 85013FCFC89E4D304D2A900528543BF09120DFF2B42A7D3F34C6EBC3D8E449EA

File Size: 1.28 MB, 1275847 bytes

MD5: 0b70869a144d057d867aaf4e2e0f1f5b

SHA1: f1e93d088de0d5b44f291590b2edd3734ea777bf

SHA256: CB292FCDAA283285656CC629C6EAF12E83279B8187FAC520CDF0680C8BAB62C8

File Size: 114.63 KB, 114631 bytes

MD5: c4b194dc21ee4f4204fbdc2ca6d8ac8e

SHA1: 63f0250d3aafcb80eb74a1aba75c07e1b7cefcfe

SHA256: 398A9FCD942BA39FE9A4D9F03F9F62EFA90CED8FCC605B6A5E1F7A92B277849B

File Size: 1.23 MB, 1229767 bytes

MD5: e9a82a2fda942cdc094f7e7cbeed4729

SHA1: 8ea4e9b83a43cb4817d949381e1c529390c6d8bf

SHA256: 5A95282EBA57F95008831B5C68B97AA64E36A6A28C7FB88B5115DC7C86C269BD

File Size: 143.81 KB, 143815 bytes

MD5: b6bd39aca0c2a1cdce66d1a2a438b21b

SHA1: 2b3c1e9fdc7e6a3a050d6997d5a2c7296d9bcfc4

SHA256: 3B1099A1EA19641FA5A74F06730158BD6D8978B51B3954ADB897D6D5A2FD1572

File Size: 2.30 MB, 2303943 bytes

MD5: db1567485403f6dac00d2f33cff25c1b

SHA1: 20666ba133024fdbca8c88479ec7cd9f4036f827

SHA256: 5B67780D85E1C15802F1D3014DB62538C0374E4728B3312CBC9FA91D80EFC769

File Size: 152.52 KB, 152519 bytes

MD5: dcf5a2e29c3e6e69e4ead113d21d6f8b

SHA1: e0a59d265406838b302ff2b70fe8100441ad035a

SHA256: E37326CEDD5E700F823DE1FD468AE89D79B9A3BB3F98FE797F48595F5A49A87F

File Size: 3.23 MB, 3234759 bytes

MD5: c247295837150a3e1aaffbe42638beae

SHA1: 014a28a038684a5277dafbb1d44d2666b229ba07

SHA256: 1E950EDE3C40BDC5191AC46076D1437FA3D7B9E65AB3E114683D591DC5F9875B

File Size: 2.21 MB, 2208711 bytes

MD5: b49835027e3296114671f260f0762f3c

SHA1: 7b806ce19fdb653f4bcd2773ed5efe10ac73da24

SHA256: 233335E361BB9E282AE14CE77E1BE626CBDD9DF1EC071C0F8A6E7FFE623F8B37

File Size: 245.70 KB, 245703 bytes

MD5: 9930ff6f84e56f8df456e57049e2d49e

SHA1: 0e486f8ed10607ace0d56c6c3eb2b16c847cab3f

SHA256: 5B597952F2A1759F4C7646F93276ED2DF568112F3D44931174CD05305107C54F

File Size: 131.53 KB, 131527 bytes

MD5: 2946fbf961757156b0302691df10c098

SHA1: b3f4c3070a57e472b2551ed4c5c4c8280f8e640a

SHA256: 65CD4C4CB046032959E491340E2018FBC888E395BA9DA44049713A876A43286F

File Size: 478.15 KB, 478151 bytes

MD5: 2519160817a1d0ed8d40fb1841f99c90

SHA1: 1b6780c85ef95cd6b280c5414d81459bf47d5d74

SHA256: BA81C574A1DF32AC205F1D9AFD783B3D49E060A7CBE0A44E3ECA81BCE94631BF

File Size: 1.26 MB, 1255367 bytes

MD5: c525cb838156a5816c6d8a74f90e5bda

SHA1: c65fbbe213fba5baf4e00dee8b216d3043fb86ba

SHA256: A3777AAA25CC99FFFDE34371DB8B943D0E22FFD0DD60E6EFA7113F954FD5F692

File Size: 114.63 KB, 114631 bytes

MD5: 6294bd61d10dbc30118429b888181793

SHA1: 13b9aa85a2b62594a4c6f7e2ab44471317d39928

SHA256: BE0EFDD8CB4C85EF10B54C33DE9C810514E848B432B5B1C99CF975EBE6F5AD69

File Size: 348.62 KB, 348615 bytes

MD5: 5f8af2e31606237aa32b1e4f0880fe3d

SHA1: 7b3e4dcb736e389d06ca023c9cd54682c8a78ed5

SHA256: 28B8AFFE7407E523B31B205A7CA85C4138E88622D47FD64065C91EF3C2E792BE

File Size: 782.79 KB, 782791 bytes

MD5: 765de7b7439ebf531eba899444cbe078

SHA1: 00137231c86a2c9542b81bb4b5a5149d67064dc6

SHA256: D7594736C515006322A65DD43B116E51B76509207D86D2776E18012EB56F0BB7

File Size: 922.57 KB, 922567 bytes

MD5: c685edeb0a39b69575c790bdfb719298

SHA1: 80c9f790a4b7b2bf55ac649ea17aedd73e2d8e26

SHA256: 97411E07DBB5D02BE0E450CA6DC56503E5EECBAAD80FAD3C2FCD9C399833C1A9

File Size: 6.80 MB, 6795207 bytes

MD5: c18349c58e8cbef54862e129e7b53098

SHA1: 5d1fe67a3ed206fdb1212f60d54a7937e03aaff8

SHA256: BC8294C25EB0939C1AE6360848842B5E8DFB3D2DE5EF847F403C199D61CCB9E1

File Size: 421.32 KB, 421319 bytes

MD5: 8f0c0ce659dffc7f848ef6c31257e017

SHA1: 83cc80450a3d595d5ce7e8fa7d534c8dabbf11ef

SHA256: 4D4DB343C642878B517E782D4144979986B0B27639065A272DA3A9A623EFB4D0

File Size: 1.34 MB, 1339335 bytes

MD5: 1ed3d215255d1b3543d4972701d7269f

SHA1: 3d52a19d8511825475aa1d84e78ccb7bdb5e703b

SHA256: 00844894E15BB9ECCD13C3E8599611F08EEE088AED4EA46570B9B8BBD70002BB

File Size: 369.61 KB, 369607 bytes

MD5: 8bc4333ed2d49807d59340f983fd970d

SHA1: a4cecf37afd95268e7596fbc787076f3db7ed896

SHA256: 89B5C3B7BB41D6965488C0B20B06794C8E250ACA68F99A95F1E696720DF618F5

File Size: 8.47 MB, 8469447 bytes

MD5: 2627b099d4ad6a57244e18c3e009dddc

SHA1: 73bf398a11a6162eaccf675f8fc530ae772e1b40

SHA256: 595010F1D77930E72229490A05FC8C4D69488221A12F565EADBC02F9D6CB40C5

File Size: 1.72 MB, 1721799 bytes

MD5: 465aa95818bf85609ca157362970b744

SHA1: c4b02e517a94d8c4100dc7b9d7b833c24a0f2b73

SHA256: A74574FB46A3D669FA6E0195BE3F624A4D875AA51ACBD8C4CBFF7E9C1D7E331E

File Size: 369.61 KB, 369607 bytes

MD5: 32d2e39826eb4b9faab5e6309dc187fa

SHA1: 105e6d5fae0de0c74605dce22933e125b86248da

SHA256: 2351ECE095A4390368FF6B10A271E085BB34DCCDA4B4FA22F963DD7AC19A60FA

File Size: 127.43 KB, 127431 bytes

MD5: 05e268bac3fcf8ea9d777e91986a7975

SHA1: 71aec501413a883e1991ee65db7f07fb1359a19e

SHA256: AB51EB45D6C319BE62C09365FBB34B97DDC7AF08D7614BC1D4698A7EDC08CAF7

File Size: 369.61 KB, 369607 bytes

MD5: 17934f0ef1452629d9fcf5ef2acb4a1f

SHA1: b7a96d14d040f64bcabe1a2c29925efafafb748d

SHA256: 160BE32FC88A889380729883DCF2C0EDDB01716C8D1F141BF5B2D3A447D09C08

File Size: 174.53 KB, 174535 bytes

MD5: a6d7429c852ba816f894a021de51da10

SHA1: 455ee7783cbac964b2c16933c25ea1e546a4ad89

SHA256: 25ED64D121706125EE0C3A4C2641BE2DCFFB0DEB833B5363EFF88D294BE96B89

File Size: 176.58 KB, 176583 bytes

MD5: 702bae7cadb71b8ebd69d4d1f2f5f43a

SHA1: 1bf58414ec8f6415e2ee467c9610315be07c4c73

SHA256: 7921029D156C6BBEAC0268806676859887F9B74CAE97094331EC7F152BF9FFE2

File Size: 143.30 KB, 143303 bytes

MD5: d1c3466c89dfc723a41339ad10a74cfb

SHA1: aecdee56bfb855521445e3a7cfc4a394f058fdfd

SHA256: 4B58A1C462A3031B3D17A925E7DC7CE47B303CED94E753C50A56A4ED255134B2

File Size: 472.52 KB, 472519 bytes

MD5: bcfe582a04187c828e3d83633e22fd2b

SHA1: 403bb553978915ad7e2a611bb751bcadd6779e03

SHA256: EAC100AF10C3EEFBAEFC68EB538BB53216EF748C7A8B2B07C3EF22AD4CBCDC6B

File Size: 139.21 KB, 139207 bytes

MD5: d9d89778c9a8336f51487f853a4d479f

SHA1: bfe405e314f21856f5942b50e8d0d365b1c1e886

SHA256: AA730B4DDAF94A3D73871B03F8FAB73E387D9CFE8651A3121C826A41548ACEA6

File Size: 1.68 MB, 1677767 bytes

MD5: 1f108a742bf9a413a7d15714f635478f

SHA1: 621b32f60bf9f577803f7663231ec590c22a7abf

SHA256: 17A9B5D22048CF865704A6FE891AC8C81BB844DB8737DFE8ADB26DD6F0FE85F7

File Size: 180.68 KB, 180679 bytes

MD5: 843be6019805ecd0922c4e264885733b

SHA1: 15be6b252a51b3761c11200c9a12d807f9d7d509

SHA256: B1AB84ABE9B6B51FACC7BC4D3D9F60611EEEC29F443423FD19D44F6762FB4FFD

File Size: 197.06 KB, 197063 bytes

MD5: 36218b7751bd7acbbbcec0bb59464f4c

SHA1: 12848a457b249ee52d1be5217e2777695f61c88a

SHA256: DFF49C7F2FA6FF4F0880EB856EAA4ACC657222971F612CDE60285B27FC25D338

File Size: 614.86 KB, 614855 bytes

MD5: cdbc7ac876400acae968b8a7e67f1aa8

SHA1: e2f73d2ec810c97080e7c78911d7644fa7f3c090

SHA256: 2A486875E64EF84784615B2DD76AF2E1888452ED2487B3FE53CA437B2B286AA3

File Size: 421.84 KB, 421837 bytes

MD5: 0dabd73063899a4735e70690a04de923

SHA1: 8269885c6ab5274625bd7c8a3a3f361eed7b3daa

SHA256: 11EB99240A96B4D066EA5B72BB1E95DA30CC5CB11BC813A73DFF373D3C5A69BD

File Size: 233.93 KB, 233927 bytes

MD5: 31eba808b6979c9fe245c6c5f86d2580

SHA1: 127e7aa6439fe995e377ffe44c69cce56dc49b70

SHA256: 990BDC133B01981536DCF46D844843A082CF59A75083594BBFAC52ED55F538F3

File Size: 1.22 MB, 1218503 bytes

MD5: 84984b9fb8f34666d2bd784c7a0bd2ae

SHA1: 8f3f3589ce09aaf051be503898322d69793cfa3e

SHA256: C4AA075E7A11B56D2313505AF9F0EA7F3B2C33AE7AD06AC00E406D5388D4ED5E

File Size: 188.39 KB, 188388 bytes

MD5: f6cbfda49f6bf5ae956a5391b719e2d6

SHA1: 74313fda7b7c0170e9f24f0f9ca5dfa96f330847

SHA256: C5853131ADB3A78DFCCD5AD28B2F2DA9AE5BABC072F2AADCAF43D4C2EE0DCE66

File Size: 218.06 KB, 218055 bytes

MD5: f1b9b9f5156dbf69fad06001eeaedc22

SHA1: 1905b6a387d09933f859e59cedda9b051d991545

SHA256: 3A2D438374B064BF70E61E369CDA083C508FDA52F598A78DCE7F1BCD490247F3

File Size: 629.48 KB, 629476 bytes

MD5: 10c127fa3010219ca7818817681f0618

SHA1: f9a9312ad0e60ea9597a469eb2109e0bfb0f479c

SHA256: BFD0AFF38F19492A6E794EC72700A4C6E0426E4B6F45AB1C29F0C09BC53BA07B

File Size: 1.05 MB, 1049031 bytes

MD5: 485f8bcd1ab9726d47a44f9dadd3341c

SHA1: 480cbaa2eb4471851c86fa9d233c358a3a848133

SHA256: 0AF6C8D66779258339AAD0B8201ABCF4961CE9A4EC382F5CF4C01B6A1FE0E842

File Size: 6.09 MB, 6092231 bytes

MD5: 8232b593eb63281f3c3e83c0e006fb20

SHA1: 4e6310503ee8ec1d10cac540d5de4cd7ce1cb9f2

SHA256: 79BFEF2E0C3F9FC7044DE5B2BA36C56795ADDBEAFD164F43FE1AD234DE912201

File Size: 336.84 KB, 336839 bytes

MD5: 911450361e133e0985f159e4483b18d7

SHA1: 981037e03b85c2daa1d81c2c1d467ae254ef58c5

SHA256: 70A1D7C0E1575DCA58CCD3B985576C80351A692E6855D2C841A8C2BCD2224A47

File Size: 135.62 KB, 135623 bytes

MD5: aa6491a46f67b371ad7f9d45fec47475

SHA1: 14c1a78100ee5ab0f8e69427e24a32aa9dafcdc5

SHA256: 9806A9C63E38A9ACB904D32E901D98BCA187DF06ACBD1BC3766A5BE625DEDC56

File Size: 573.89 KB, 573895 bytes

MD5: cbe61e4eabec3800c23940d413533510

SHA1: da2095e62dcb2ef9a7d379817e5f79d620a984f8

SHA256: 975474538EA7B48041CCC5B4C7111AE901D5984772693F7226D3D7EFE14EBE7D

File Size: 350.15 KB, 350151 bytes

MD5: 2d289f1d47d72a9c736ac1db8cfb781c

SHA1: 9c63dbdaf01688739e30f248459a5fa563218806

SHA256: 4CFBFF1C10656F8AAD1BBEB15BA3F6D2E0285B52D306C36FE401C21516773FEC

File Size: 143.81 KB, 143815 bytes

MD5: f816f5361e19700608eb77b067327c6d

SHA1: 440ecd31d356fe18a4469c7052df9bfc97b2fc22

SHA256: 095D311B4023F6D66218A66C7F50AA4682B44ED26D075C5DEB8AB64629FF4B02

File Size: 3.79 MB, 3790279 bytes

MD5: 86f91f5b0a40e6835a46cff92981df82

SHA1: fcbbc7b2933f022814eb5a3abcca8d448804fb6d

SHA256: 0B1C3CE5C6108CA140AC7CDAA3FF5DEFE904993037B5719724B9B3388F942928

File Size: 3.70 MB, 3701191 bytes

MD5: 0d066378a6fc20263cb998a9863eb55f

SHA1: 1e9e1085fa527bdac3280c47b33aa6e03ede662a

SHA256: 437CED0E88EAEED092AC6C0D0E037094C56A014A0155EEBBF657CE924D0F5803

File Size: 6.11 MB, 6107591 bytes

MD5: 355b011939501cf69dd2dc0c835be81c

SHA1: 253f1a58fbed42272ea8f198e2cb23eb5580adf9

SHA256: 40114F8310BC338AD4580D7B1C38D4474D5949E12F8A4F3C6542359BC747D417

File Size: 1.03 MB, 1027527 bytes

MD5: 8b0494b0081ff18f0024d0f5615ea4cd

SHA1: 1d75289a3cb583da8622db4d503ce2ae2425b02e

SHA256: 3EA50AAD68D31CC201C67B21FBADBDCA7E25C6AD2D9218F7C9D0721C8996C9CE

File Size: 652.74 KB, 652743 bytes

MD5: 7dc04a626a7979839d6133c57dc5e77f

SHA1: 4dc7cd4bca2855c7be0ac29c17f85aa57a99e37e

SHA256: 3AB8F8310C9CDDB0074894B32A528C1DD6B0DFACFB372BA5F525F3208E3D0F2A

File Size: 1.03 MB, 1033671 bytes

MD5: b762a4771bedea0374e910640b76061f

SHA1: 68c204d241734e7d5bfb619ed8d48cf3c310aea0

SHA256: D617A6D5A892CC70865B0A2FE06A83AEC9FAB8CE269EB0573CCA3C95B1D29EAF

File Size: 992.71 KB, 992711 bytes

MD5: 03d6c05d1882e4d93b007f12030edce7

SHA1: 449295d804151d136e70452dee27cb36bf576ab8

SHA256: 976D37DC950A3EFA3C3EB14688245C2F518DE398CB8FC1F3C36D5C7F92DFDA05

File Size: 426.95 KB, 426951 bytes

MD5: 69e995a7418274154ea210560c68e485

SHA1: a2ee7a17f733e908b592f0d057924bd4f8b5925e

SHA256: C9815AC2F02F8AAAA2F6D74962245CF98EC22AD2F907ABF0AF6D4078F5A63D62

File Size: 888.77 KB, 888775 bytes

MD5: 2a9d2ea2330307640bb57be6889d9f4f

SHA1: badc05ca2c30e12f7301a0bf10aef678ceb16fcc

SHA256: BD7390E0F5B2ADD7B6C30827460A95D14E6BE4E703595315C74A8F652C7E30DD

File Size: 182.22 KB, 182215 bytes

MD5: 2624e61fa777c4bb13846d6b06b9ab68

SHA1: 72bea0a1e7012bd7f08a96d3ced4ce1392c0410b

SHA256: EE64C6D708F48D4AADD76FF45641B2993A78705E88122EC3210949F62715383C

File Size: 368.58 KB, 368583 bytes

MD5: 462a2d4e9b51bb7353c2699e59179e1a

SHA1: 3ea2f44718297d8ee27e0b7c850cc7bd30b566fa

SHA256: 7BD0F65249445BF820BBE717A94BEF895EBA9A674A6F3D11D5783B3803AE1AE1

File Size: 1.63 MB, 1626567 bytes

MD5: 053c3d576b0f7c0f17fc3e66daa6cfa9

SHA1: 6ea92377037e88bd772ab85f3dc00ed2a2e6b1a2

SHA256: E270FBDF8ABE70DE180E8CE0D83F75236F4BAB6D025822DD3C5A3F72A62F593A

File Size: 627.14 KB, 627143 bytes

MD5: 6d8d596eec6473b2721e287180578928

SHA1: 691d3106fa3adbebb2c3aae744b597d31cd6c798

SHA256: C9729244A49D51E0896443BFA33C4EC5ABB46FC913DAB3E7FC7154F2F07CB24F

File Size: 504.26 KB, 504263 bytes

MD5: d77dc549d28f85a9ed07f598be1e6684

SHA1: 8400f7bae3b7a1f0dff07e5a21220a779c56bf8f

SHA256: EE776F22558C63CEE6429212D59C9D976BD21E7CF4BA450020F58722C66FC773

File Size: 156.10 KB, 156103 bytes

MD5: 6298a662415c8f97da45a39f2b7e1288

SHA1: 77a4254310a44438adf4f2e09323b1365e94e028

SHA256: B1EB4A35B423C002055268C033B828C8086F956BEF47146F6E52303CDD78692D

File Size: 176.07 KB, 176071 bytes

MD5: c7bbaacd0aa24fb010dad84846f8c7f7

SHA1: 0645e32921db24952a38a97db258416888223844

SHA256: AF206581556489EF89410B0CA627FA6C88A602A78BD93FEA6C12E6ADDAC70025

File Size: 2.22 MB, 2217496 bytes

MD5: ab1e7bcf0a38f126d46e7e85aeb23c1c

SHA1: 3a23f9d2547ee2bc23310242880e378b2b6c3d11

SHA256: A8C71F9E3D8E2D41F0668A276A7577F6A93B3B9AE8E6E28AFD9ED21CF1EF7DE6

File Size: 190.44 KB, 190436 bytes

MD5: 73ec390776e270bbc3f624d42541319b

SHA1: 3a623a5e74219ce2576fd42d2a7ad353cfac72dd

SHA256: AE8AEAB81AC1AE2256B5EC86738EEA5D197A135E8E2F27763369DDC6D1039A03

File Size: 1.77 MB, 1774023 bytes

MD5: be3d8a808374114229564345662fc132

SHA1: 81c843bb9ebf3fe27da0e4bc2f4b570186b425d6

SHA256: B291F2FDF0ED39C081110B6424551806C327799177F46A8AEC005A6F115A0A0E

File Size: 216.01 KB, 216007 bytes

MD5: 0142f5fb1c3b7e9571158191f4af1d3b

SHA1: 189f6be46b8d824d56a75f42c944589640259a5e

SHA256: B850716FA21B5A02002CCDFB24AF18D33B5639F8EE2AA2AF17502E83E0F1EF07

File Size: 311.75 KB, 311751 bytes

MD5: 0d5308c5dbe1c9d83ec6fafdfd4617db

SHA1: 38047c9e3f8953dd9926a833b67a52945e5f4a80

SHA256: 6CC054C1BCDF143C29BE174E52460071ABC2AE2266487FD5FF3FCD7BE8A2B340

File Size: 6.03 MB, 6028245 bytes

MD5: 04a6e75cc5137a402684d0e0119b1bc5

SHA1: 9b375fb2952e548bcffb49f81fe0ffcd4a9234e0

SHA256: EA30C423FEE3C9A08A9D66B3065B134E5386F04AF481758F71A2874E8A2B237B

File Size: 947.14 KB, 947143 bytes

MD5: 2f7c66f72451a905e4c451dbd6bcf059

SHA1: 2735712c7b065985ba1bbe8817fd7403ac04d1be

SHA256: 925275A4572DF878605EFC9DB3FD87AEA6D5FA636C845D1610B0397CB8CD9FBD

File Size: 245.19 KB, 245191 bytes

MD5: da77a9d763fc2a55fbfecb05b1b9cab9

SHA1: c155a331b774532ecf58f8df0ee0d5b6b60a4fb4

SHA256: 717BFCA64C90E18AF833CB53609CF910B448FD640C02ABDEB50A1D946B35FD9C

File Size: 913.86 KB, 913863 bytes

MD5: bb5924aba87756266cefe39b60403800

SHA1: 39e393b444d0c3959bdf6b7f65e43dfa93a5aaf6

SHA256: B4996E299FC942D3CA4C6F380C1DF9BBEF4252D941FA000E392A4050D26DE4E0

File Size: 1.40 MB, 1397703 bytes

MD5: 6f5ea423a7d59f91870c7820fd456593

SHA1: a4dd6edc0938fe2ce358c81e05b2e36324671e6b

SHA256: 62B0E1313114B4620348031E82D1FE8617F4DB740C30E81C42B172AF9BF37BC3

File Size: 472.52 KB, 472519 bytes

MD5: b52b72ee2f5a6af4f137a44c13a09c21

SHA1: 27971f02f881935d0b2a3d7f76532257e35d9e50

SHA256: 2DFDA970AB31CBB0F10151C95A72CF83777D0DC94B316FE864FDBFF6B4B0DBE7

File Size: 2.85 MB, 2851271 bytes

MD5: 9ed4a609ff827ee6ba31aaa39660f9b0

SHA1: b97231722fa07e229ebb2b5782d8bee47b62bbcf

SHA256: D1B3D606370CE044C319A650662DEFDFC020A1922900F29E43AA1C8DE66932D4

File Size: 6.11 MB, 6114759 bytes

MD5: e789982296f31bf3841e502f98461d99

SHA1: 48051d72058cc906e150c55fdbdd14ef0ab0d0a3

SHA256: F6F986ED602BD1983860FA1CC458A249E6E2294A2EB0D0E11C6A352DA84DACB4

File Size: 319.43 KB, 319431 bytes

MD5: 8a04abdfd5032f66fd0475ee4688ac5f

SHA1: 65ff877fb782c2a8596d2ac7c769a82b522f69d0

SHA256: 169BA8CB21A0CA2EFC2044FA07F425401151DE19929FD9FC497C8521BFA05B57

File Size: 239.56 KB, 239559 bytes

MD5: 82423bf6e4111122157856774f750c7c

SHA1: e9097ae2a4c2b31ab13567996ad26409f6d76bdf

SHA256: 1A6042D70A284AC5EBF7AC8BC50B695F0BA26A3235E39F97BD3E4829A60A01FB

File Size: 217.54 KB, 217543 bytes

MD5: 6d213e9d05723eda21f8b1d9b13cd7bd

SHA1: c56519b243ef0aa052f98705e0a443b5f811b56e

SHA256: 316D44C8C72B16A35570AB6B1E01F48B9F8BBFB40B8CFD79377FFB0A740CD004

File Size: 156.10 KB, 156103 bytes

MD5: 480073e2b37534176ca57eccc27fff72

SHA1: 664f1ac9d6c106513b7dfda741bcf8184261be4c

SHA256: 26057D4F56655DD3E8F9844120792D8E3B9C998047987A59D880FA6F6A80BB51

File Size: 207.30 KB, 207303 bytes

MD5: b7e502e8ed80f6a4b936f9bd217b71a5

SHA1: 111b690aa15ee89b18681f7a922954ff641c0e92

SHA256: 3483E041CD3601C709DFAC940D6560A6876DCBE818DAA99C0AC74B0B1EA6884C

File Size: 1.57 MB, 1569223 bytes

MD5: 7dff909270a580d14bdc8d87f76a13b2

SHA1: 7232ddb062e2bfb274ed8485556d39cf3f0b877f

SHA256: A528913D9BBC5C125967498E0FACF410EF5103A573276E2FE72B691B7F1D4FFE

File Size: 135.62 KB, 135623 bytes

MD5: c24f6d6b059b2c31a606338fe73b1cf2

SHA1: 8d598eedb31fba94fe8538e5b9a3a85554a71cb0

SHA256: E6106DDBF499462EC15D1BD30423E016123EF45667B2FBE513100BE3AB5FA359

File Size: 166.35 KB, 166349 bytes

MD5: 6e3466f37a49593a9b7cfe7883d0899a

SHA1: e8d4585fad37bfa5344988c82d07982cf510dfc5

SHA256: D5F18551F71F6B73D2F39195C73E34FBCDB8F2E66485C1B1601198A64D24441B

File Size: 2.42 MB, 2417095 bytes

MD5: df5d9d78fcb93d361d7b229ae955cfb7

SHA1: c3ab1d3c0aa59bf39eee2d829607592b86b44132

SHA256: FBD4B5EE14F3A4F5D7232D8B88D20178E90B17D3BAB52BFA15B9D3EEF38A3A16

File Size: 3.67 MB, 3669447 bytes

MD5: 9e1d326f0b1efb00130b0ec4d242fbc0

SHA1: 9f5626b60a55f55aabf667eabe247236c0b0db90

SHA256: 102720CD29D5BB41B979F9D154A8E1E610CCAA7584D0C8ECC227151DD95015DC

File Size: 2.43 MB, 2429895 bytes

MD5: c59aab72a1690a9482cb45c6db278c50

SHA1: 65ff9334d0cbf57439090a49fa7d5a98ad043611

SHA256: 582DE483A9760E60A2D6C87152B6CF9543C0CF4AC813F2C3EFAB81159138E8D4

File Size: 207.30 KB, 207303 bytes

MD5: 6545c5b8d69314ec5c2374b3959548b2

SHA1: 2c9f967089624671423a92a802f25370d49267f3

SHA256: 03D432BD1A5B394229CEE01CBBE8CB0876676675F299D56A48FA7EB1BC7BB21F

File Size: 254.92 KB, 254919 bytes

MD5: 2f153dda2ca17290add9b2eeb71a2031

SHA1: 64bc66208086a828f38c9976afc6628ce113d932

SHA256: FC1EA410DBF6378D19845B1D993F012D38620956E8AC3CFFB46705CFF546B251

File Size: 207.30 KB, 207303 bytes

MD5: 7eea04075683ad27b3e6e334d938d6fd

SHA1: 8fdce64f8b9a0aecd95ff78d25ff03dc3053b8d5

SHA256: BB5F636D5F206DC16AA387C6B24AC13A1B5E0EBE57611268A24A325B0151A2EF

File Size: 180.68 KB, 180679 bytes

MD5: 8c392599283645f8f4a7f1032de7114c

SHA1: 56643e16404372c8bf0078e1d8c222db55d76f3f

SHA256: 1532A218F6F541E8F04F77E3CED7211866E7BC76C1E6E36DBF8F0F1ADD253353

File Size: 119.24 KB, 119239 bytes

MD5: 3d8789ccb5452d59c1a1f22c0cbcb09e

SHA1: 0f9c272e68368e2a0201e87388b3f5e698bebac3

SHA256: B4F76EE77D196D75B6113FF661C38AD41FACFCC13B3893B629A70D6EBBCE42F5

File Size: 136.65 KB, 136647 bytes

MD5: 760efbd341aaf8f31374ef70108b92ba

SHA1: 1b04c9da974d77421f72762c3bfb03440768785b

SHA256: AF216C1517F9FF7327B9701852AFE28E8669F1F2EFE619653B639866F8E6D689

File Size: 1.19 MB, 1185223 bytes

MD5: 02c4dbfeb79c0af07a1bf5280ac37c2e

SHA1: 939d2be87421d16eff73d7872c0d3fceb7dc13d9

SHA256: 9DE19D306396683987C651554630C755731D3DEC2730832D27FD30EB76BC0A6A

File Size: 174.53 KB, 174535 bytes

MD5: 920fa928a811260ce58735fe7e3743a1

SHA1: a761f5f74ba9e912d379a38373eb18d61f764335

SHA256: 1F4D38B04162596034B8DF00AC0A75E0BC48AD3C59DA91BFFAFCD07048A2E88E

File Size: 146.89 KB, 146887 bytes

MD5: 849fd68b3fa3e30fe89733f05c24232b

SHA1: b7918b33c5af5f0f2693f4d60eb137b43671a818

SHA256: 287CCD566255C3416B122609E049BB85B59791E6736AC4397E8540D865C0BAA2

File Size: 180.68 KB, 180679 bytes

MD5: e2c869ca53162ca1e89c249e58077c95

SHA1: b51e98f1dbb3092ce4cc66df2cc94646edeb6ecb

SHA256: 5392D5071346B2FD0A95F449B5A4455EA468E5D7F58AFFB072A657C19B4BDF4B

File Size: 176.07 KB, 176071 bytes

MD5: 83efa959c691a2356cef5405241675ec

SHA1: 6c7afdc3ff6e1f3c341eb79d0c0d29fd57bb4265

SHA256: 8D28AE93CD4D6AFC52BD9E1D5BA816FC3F6B62978440F3D56F30D51B6B8EDA2F

File Size: 1.03 MB, 1027527 bytes

MD5: 0e5be9b448cbca160bf7b592dd91ae58

SHA1: 77ef95b60e7594dbfa0b6c5b64f6b3aaf0e3bf3b

SHA256: 7CB03A4377E9C54E377D6432B7386EDC42A52F65DCCD2C70CFF524102E409BE9

File Size: 152.52 KB, 152519 bytes

MD5: 51b6f54d61fc0601f9f22c1f3bdb9e26

SHA1: 9f6e8ded1f8862caa93a308e2096ce7b6b743525

SHA256: A5286D31A5BD46ECD68DE01FF68112FB4101CADFCA907E537C4F58F9FBE71166

File Size: 364.49 KB, 364487 bytes

MD5: a452607ebe0abac39c436c9cb1248272

SHA1: e94a986bab162d11ac9be678821f12a2d81fbeaf

SHA256: EF0A9EC978E19B3E0F2EABD03D4B5C522A13F3847BC1D084FBDDABB89517377E

File Size: 129.48 KB, 129479 bytes

MD5: 4166b4f521c833621fae9d97715fb848

SHA1: cb590c9a3d94d648ed914d5d8c41a1e05d5b7666

SHA256: 3A9E083ACE44A3BCC514F0F3BE224347CF71738BC41D1B2A2A1F4E8E7CC46F59

File Size: 1.03 MB, 1027527 bytes

MD5: cfad2c80569f8b30578b1cdbc18a731d

SHA1: e4ac3a15d4b494c7dbee1f6b5ef6cba5484f0490

SHA256: 0DB0630A009FBB1E997F9DA940ED465DAB6FAB33EB4868337471AB7AE9CAD41D

File Size: 1.21 MB, 1208498 bytes

MD5: 1a8dc449ac14807b5e0edf2c48e3a6a0

SHA1: a9f4c89f4644a51741ec81b3e639e0b613674070

SHA256: 8BFB81A36496E247DE25FCFD862A5DCB4B6C9E0ECAC84D4AEF4362537DCC7558

File Size: 7.67 MB, 7665607 bytes

MD5: cf18b8baef7a7d45b518856d4e518a75

SHA1: c9e4a32146436382a3fe9649d6a154db07a8ab89

SHA256: 0299A76F1DD7FE66A22D5CCA4282B9FBBABD7049BAAD7872490F40C8E9D6CA2D

File Size: 116.17 KB, 116167 bytes

MD5: f4e8d027a2195cbbe010f8606bf75c88

SHA1: 81d8d4a97dc9d4ad2b5fc7f480e350bec77e9c08

SHA256: FC7E94ED8C6831E4848E65FF8E0D2D06F18D9CDDF54144805DFB58F354348740

File Size: 255.43 KB, 255431 bytes

MD5: ed99e9655177a5a6b3a7dee241b91569

SHA1: a343e826bdce5137f405d69032f79fda40a454f3

SHA256: 1CD29A76C00502DE4561CB08D9FC0F22912DFEED7FBAAE6A1661132EF47013D6

File Size: 6.11 MB, 6114759 bytes

MD5: ebc0b72202eba03e9eefb11dd115394c

SHA1: 17a8780f044552d06e1540872e028a6d1ea0ec7b

SHA256: EB34CFE7E2C466D83A0ECFD0228FC99DC57692C082987B14A101752A20A8C1AC

File Size: 141.25 KB, 141255 bytes

MD5: fd20b24e3374a5f1c723b6c07ff9ceb2

SHA1: 4dbae9a1ab725e505bb3c25c2e320c05e2ba01a1

SHA256: 34589BADF9CEBC80BAC3C0288AAB31DFC688402515584FAAC1780AFACC4605DA

File Size: 1.19 MB, 1185223 bytes

MD5: ff1b58eb68d349420f538ef6d46c59da

SHA1: ce8af3a279ab93cbaf1261af3a9cc8969ff73d68

SHA256: DCC6EE00520CD2A8F09462125B37ACE180BEA44A4767DB9C16CFF12AC98007F0

File Size: 176.07 KB, 176071 bytes

MD5: 0ddd464309bba177d99cc62693c480f9

SHA1: 565475ef572943f763fb2036241b6e2398b8cf91

SHA256: 6F6DEED64C7066CFF905926CF285FCD70A4FE4C26D28EE8B39D5CA361780228E

File Size: 1.02 MB, 1020359 bytes

MD5: 9e8b8d1d28fd4071801e9d51a278fd4f

SHA1: 3abf7f3982e372b08d236a179d1258b4a4861cf4

SHA256: C4B00D8EDBBCF5DA00496E7BAAA74C04F5AD20DFB01CB15F04C680FBD8FA2212

File Size: 692.81 KB, 692811 bytes

MD5: 71e2ffb2fb4e318d43074be4e2acdce6

SHA1: f017bf65aae949a469e70c5380a7ef87d0854660

SHA256: 0D90097172CA68C4333E6C625146707A2537BFE4459F3B8BC58B22060714F284

File Size: 176.07 KB, 176071 bytes

MD5: 2f5e70f67fd0294f053c1e0a752889b8

SHA1: faa557afeb75209ad1c4f725420036ce82c8f66b

SHA256: 16A5C979F9FC30211B2C58A13662E23EE7B7D7083C0BCE425EA71A5C78260511

File Size: 103.88 KB, 103879 bytes

MD5: eed13d7f6937feba60fa9419ec8d961c

SHA1: 4726fabd48ffaf3c788174f195b2bd2044b65abb

SHA256: B8719848B06CB2C613EE9290A32FEC4FC7BE6DBA78196C0809E007A906C32338

File Size: 136.65 KB, 136647 bytes

MD5: 236140660e6da57e1592cb230310b831

SHA1: ccbeb171218ebe17aa9c61d7f11119066c4c2ab1

SHA256: 8E306E4F4687653AED81C2DAF4528C441751571C801F68111059F2E159FDC0B7

File Size: 205.25 KB, 205255 bytes

MD5: edfb8768859123cf411ac3a495acd469

SHA1: bcc4dfb21b432182addebdedf39398cc706650dc

SHA256: 62AFED9A60AC7927111A29F98C7149F41EECAEC21B3CCA1A3851D5DC124A3B2B

File Size: 173.51 KB, 173511 bytes

MD5: dbbdd5733665022b0b58ad7678ac8906

SHA1: c83445d184a9d27879649d1f57530d7d7aa73592

SHA256: 46D0D0843CBFF7AE60F066413813EA83B5899DC3AF2AEB45952E7735600E8068

File Size: 176.07 KB, 176071 bytes

MD5: 5f984c7c4b0a68d73ade004e12f88dc4

SHA1: 9b6a10d7795fb11a9123e2266deea87940698a4d

SHA256: 4D81E842FA0BFB69F7D5962D6ABBFD608FB4210B7FF774F4515944D7AEAA73EB

File Size: 205.25 KB, 205255 bytes

MD5: 7e8137933a23d26f7570a4aa516fcb21

SHA1: 0bd37593900e7df77f38f89d599d8ef3e77b3362

SHA256: 5A5F3659E4C34457183E9DC4E59AAC683ACDDCF9B77BEFC37B675D2797554C8B

File Size: 136.65 KB, 136647 bytes

MD5: f91705658a922bec7318a2fba92352c1

SHA1: a7a81515f02b0d23fca4296b331b1d2deb06f2ef

SHA256: 6A306070845F80FFF2791FE30E0893FD505084585B427B0BA3A216301B699C78

File Size: 2.24 MB, 2237895 bytes

MD5: d5036c6fa67a15c0405466c764271265

SHA1: 793286cddb1fe4cbf351182eff25848cd98e0c16

SHA256: 3963F76C94BBAFFD55F3EC98034562A3484D38205D0B2E45CAAC173CA91EB8E1

File Size: 176.07 KB, 176071 bytes

MD5: 320f4c594b76cad3fe7c1c8f33a6495b

SHA1: 613600987d124ead85a8978767e51e1b387e31b1

SHA256: E0841E65D49B9CAB1BAF5681A92698FE6AFD47D823973E31280A8E50E1C4EFD7

File Size: 136.65 KB, 136647 bytes

MD5: adaef13966cfff0f9ab6cf1bb4184238

SHA1: fc4ca074fb7f0eab2054a0a4b8ebfca1bf584098

SHA256: 0FA1405BF69E2E01B0FAA8110CEF89A429EBFCBD9769BE56277A77E0B2562AF0

File Size: 179.14 KB, 179143 bytes

MD5: 7a1204bbe967ef0dcf2b07b3bc77f7eb

SHA1: 32bc0934e8d0e2e2d2cab682f0abc139d1659ee1

SHA256: B16AD449E8955D55F91326E32D948F9FD942E4C74A3B214F79A611B09BB3BF75

File Size: 176.07 KB, 176071 bytes

MD5: 5e8d4714c7c242b3a4c947bf06114a27

SHA1: 4dfa812e9acd8d7572f836e44f4906d223b94781

SHA256: 444D84F7C236979CAF1B6F54E6531CE2DF6EDDAA589BA86E280BD2A32A1B5A87

File Size: 162.76 KB, 162759 bytes

MD5: de3e61d442cd131008713d9a7fd7cf2c

SHA1: 704ee6acf76c0b6f37dcc2a935c6633beefcd4af

SHA256: 087F7288EF49FF81F6D735C5EBD8A9281F296818CD91A0ABD3B25FC7AC27F11E

File Size: 303.56 KB, 303559 bytes

MD5: b5b63c59a4c9fecb5882c9917bbb6be3

SHA1: ae2a34a90e8ecb68f3cf9c28587d6460951e8ba7

SHA256: FD7B5879E2DD931A37A2E33336DE7F7D65486CC352360FF5FBC8D44C4C976B7F

File Size: 183.24 KB, 183239 bytes

MD5: 18f1d78c1cb3ff24a3711ee7cca11f3b

SHA1: d0c28526b78d91bfb131b9132af3b71c8a2d88d4

SHA256: 4FCEC268873E579C15BDCD99FE9DA8074BD5D9677187B6F6BFCF4D091C167084

File Size: 176.07 KB, 176071 bytes

MD5: 4366e724df9a7f92a0d05db06d07aa3f

SHA1: 4e5bde0dc0c71d03edbd934289f5f2e79d6d1960

SHA256: DB82A930EED47D5A3E821312AA422012030600F3F20E28A1DD6EA17798A52519

File Size: 293.83 KB, 293831 bytes

MD5: df93ab8fec15703e1fa5a55658141ce6

SHA1: def0b70671347bec0360cd01da1833514c46f4fe

SHA256: 935A21A332EB48C59FED6A060A007C99CF2C7483113894967948AD2F9DF1CBE9

File Size: 416.71 KB, 416711 bytes

MD5: 420fc8f55add34ab85905ba16d624429

SHA1: 15627dca75c8a85f9b1c606aa3ddf7054df0b8e7

SHA256: 0C0F2DDB35339BDC52C3BCA754D974BD9212A3FBD131668556FEFC61149B6FE6

File Size: 176.07 KB, 176071 bytes

MD5: ecce15d0cd06f55e5c0c1240b1169436

SHA1: 82c8bcf34de390ed1c463ab893ab8bcfa5311f6e

SHA256: 35B96D5B114ABF954B991B60E70D564CD80AF7810F16F431D43D6B16CD7BF77E

File Size: 226.76 KB, 226759 bytes

MD5: ac66d9c617002f4b345b216ca299015c

SHA1: 365f52c7cc8b12e351a87a259f39fbf51bffc970

SHA256: 6C1B08C46AE67DC4790E3B40EA99A5BFF8668C50D3EA1AE23A87A1AB6E6D9235

File Size: 992.71 KB, 992711 bytes

MD5: 4593abf735297f739ebd8b02a1ccd40e

SHA1: f0dac0ceeaf6e64b77fb546ac2a786666a765641

SHA256: E26C4512403C44EAAC0D31228173FBBF01BCE006859878F53E110D7B1188CCA8

File Size: 419.27 KB, 419271 bytes

21 additional samples are not displayed above.

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is 32-bit executable

File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

170 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Assembly Version	2.0.7.4 1.7.4.0 1.3.7.0
Bin Type	32
Build Date	2008/08/27-18:10:41
Build Version	53.355610
Comments	2015/06/02 13:24:30, ni_traceengine/win32U/i386/msvc90/release AFS2FS Module. This module allows to organize BIN-files into a simple directory structure, instead of inserting them directly into AFS (*.afs) files. So you don't need to worry about managing space or rebuilding AFS. A quick and easy panic log extraction and analysis tool for iDevices. Compiled by Arvid Winkelsdorf, digivendo GmbH (www.digivendo.com) for the Indy Project (www.indyproject.org) Created with Setup Factory 8.0 Easy to use debbuger dll EBU EULA DLL EnterpriseDUUI ExtraDNS FMOD Sound and Music System Show More free crypto library, more information available at www.cryptopp.com Freeware Application gspot@speakeasy.net http://aresgalaxy.sourceforge.net http://www.internetdownloadmanager.com https://code.google.com/p/inno-download-plugin, http://mitrichsoftware.wordpress.com https://www.mypublicwifi.com IP Camera Tool KeyTweak - Keyboard Remapper Medal of Honor Allied Assault(tm) Breakthrough by Electronic Arts, Inc. Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com SkinSoft .NET Hook Library Thank you for using Miles! This installation was built with Inno Setup. This product created by the Firebird - All Copyright (c) retained by the individual contributors - original code Copyright (c) 2000 Inprise Corporation and predecessors. WDS on a PC Whiteboard Wsid module v1.0 www.usbwebserver.com 广州优硕高速编程器
Company	Microsoft Corporation
Company Name	Acrox Adobe Systems Incorporated AnvSoft Inc. AresGalaxy asmedia Asseloos Software (ASoft) Azzouzi Software Border-IT Bosch Automotive Service Solutions brother Industries, Ltd Show More Brother Industries, Ltd. CANON INC. Driver Identifier DvbLib Electronic Arts Electronic Arts Inc. ExtraTools Firebird Project Firelight Technologies Pty, Ltd Flexera GOM & Company Google, inc Google Inc. GSpot Appliance Corp, a unit of GSp0t Heavy Industries HP HP Inc. iDevice Panic Log Analyzer Igor Pavlov InstallShield Software Corporation Intel Corporation Jasc Software, Inc. LDS Lively Macromedia, Inc. Macrovision Corporation Micromedia Microsoft Corporation Mitrich Software Motorola National Instruments Corporation NeatDownloadManager Nero AG PcWinTech.com PuTTY.ORG.RU Python Software Foundation QUALCOMM, Inc. RAD Game Tools, Inc. SafeNet, Inc. Samsung Electronics Co., Ltd. Seiko Epson Corporation SEIKO EPSON CORPORATION SFX TEAM Sherlock Software SkinSoft South.Tver SystemNanoPacks The Chromium Authors The OpenSSL Project, http://www.openssl.org/ Tonec Inc. Travis Krumsick Wei Dai Winamp SA wondershare 吾爱破解论坛--www.52pojie.cn--版权所有广州市优硕微电子科技有限公司深圳市驱动人生软件技术有限公司
Company Short Name	Google The Chromium Authors
Compiler	Hybrid
File Description	7z Plugin 7z Standalone Plugin Adobe Color Engine Adobe Updater Library AFS2FS Module ALi.Hassani.DD AmazonBasics gaming software Android ADB API Android ADB API (WinUsb) Ares p2p for windows Show More asmtusb Dynamic Link Library AVCMedia Transcode DLL BrmfPrint Brother Firmware Update Tool Brother MFC Windows Software Standard Debug Log Send DLL Canon IJ Scan Utility Chromium CleanMem Mini Monitor ControlCenter AutoCrop ControlCenter Launcher Crypto++® Library DLL DAQExp 动态链接库 DebugView Delayed launcher Delete error.dat Director Player DtlPlug 动态链接库 EA Download Manager EnterpriseDUUI Environment for Testman System EPSON Printer Driver Epson Scan 2 Contorller Epson Scan 2 File Processor EPSON USB Display Ver.1.50 EulaDll ExtraDNS Firebird SQL Server FMOD ForwardDemon gcapi GOM GIF Encoder GP Ethernet Interface Printer Communication DLL GSpot Codec Information Appliance HP Smart-Install Strings iDevice Panic Log Analyzer IE ActiveX Interface Marshaling Library Indexing manager Inno Download Plugin InstallShield (R) Ctor DLL InstallShield (R) Script Engine InstallShield (R) Setup Engine InstallShield (R) Setup Launcher Intel(R) Rapid Storage Technology installer Internet Download Manager (IDM) Internet Explorer Compatibility Shims IPCamera MFC Application Jasc Screen Capture DLL KeyTweak - Keyboard Remapper Lively Localization Resource Manager LzmaGzipLzssCrc Medal of Honor Allied Assault(tm) Breakthrough MFCDLL Shared Library - Retail Version Microsoft Windows Media Player Setup Utility Miles Sound System MSI starter MyPublicWifi Software NanoServicePackUpdater 6.0.1 Neat Download Manager (NeatDM) Network Time Synchronizer OpenSSL Shared Library Paint PassThruSvr Application Public Release Version Python Core qcmtusvc r-studio_rportable_rec RC DARK Tool RTFC RTMUI Sentinel RMS Development Kit License Manager Setup.dll Setup/Uninstall Setup Application SkinSoft API Hook Library for WinForms .NET Software and Drivers SoftwareUpdateNotificationService SSH, Telnet and Rlogin client SuperCopier 2 (explorer file copy replacement) Tablet PC Input Panel Text Services Framework TraceLogging Engine updater 8.1.15.16 USBWebserver V8 Whiteboard_Server Winamp Elevator DLL Wsid module 央视影音广州优硕高速编程器
File Version	WI-V2.5.7.27050 GEN_132.1.0 2021.1.17.0 2010.0428.1.20464 113.0.5672.128 52.0.2743.114 51.1052.0.0 040.000.745.000 30.1.1.0 24.0.573 Show More 20.02 alpha 15.0.0f1 12.0.19041.1 (WinBuild.160101.0800) 11.00.28844 11.00.19041.5794 (WinBuild.160101.0800) 11.00.9600.20671 (winblue_ltsb_escrow.221103-1418) 11.00.9600.19101 (winblue_ltsb_escrow.180718-1800) 11.00.9600.17207 (winblue_gdr_escrow.140618-1157) 9.20 9.0Jr432 8.1.1000.0 8.1.15.16 8.00.50727.762 8.00 8, 5, 5, 0015 7,07, 0, 262 7, 01, 100, 1248 6.6.0.0 6.5.28.31561 6.5.23.29563 6.1a 6.1.7601.18984 (win7sp1_gdr.150901-0600) 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) 6.0.1 6.0.0.1911 6, 42, 50, 3 6, 42, 48, 2 6, 42, 43, 3 6, 42, 19, 3 6, 31, 100, 1221 6, 31, 100, 1190 5.1.2600.5918 (xpsp_sp3_qfe.091216-2118) 5,8,0,3660 5, 6, 0, 0 4.9.4.0 4.02.0008 4.0.0.462 4, 2, 80, 1 4, 0, 0, 44 4,0,0,4 3.74 3.8.16 3.7.0.0 3.1.4.220 3.00.0004 3, 4, 0, 0 3, 2, 410, 1103 2.14.21.1744 2.10 2.5.8.3084 2.4.0.3 2.2.1.1 2.2.0.650 2.03 2.0.40.0 2.0.7.4 2.0.0.22 2.0.0.1 2.0.0.0 2, 7, 0, 0 2, 5, 2, 1 2, 3, 8, 9 2, 0, 0, 0 01.99.09.0101 1.85 1.10 1.7.4 1.7 1.4.24.0 1.4.6.0 1.4.0.0 1.3.7.0 1.3.0.0 1.2.1.9 1.2.1.8 1.2.0.9807 1.1.1.0 1.01 1.00 1.0.5.0 1.0.2u 1.0.1f 1.0.1.0 1.0.0g 1.0.0.12 1.0.0.10 1.0.0.5 1.0.0.1 1.0.0.0 1.0 beta 18 additional items are not displayed above.
Internal Build Number	185990
Internal Name	System32
Internal Name	7z 7za ACE AdbWinApi.dll AdbWinUsbApi.dll AdobeUpdater.dll ALi.Hassani.DD.exe ares.exe asmtusb.dll botva2.dll Show More brAutCrp.dll BrCcBoot BrmfPrint Brother MFC Windows Software Standard Debug Log Send DLL chrome_elf_dll Core.exe cryptopp Ctor DAQExp data_api.dll DebugView DelErrDat dotnetversiondetector DPS driveridentifier DtlPlug DvbLib EMP_UDSA.exe Engine EnterpriseDUUI EulaDll ExtraDNS E_PRLGR7 Firebird FirmwareUpdater FMOD ForwardDemon gcapi GifMaker.dll GPNetIO GSpot iDevice Panic Log Analyzer.exe idp ieproxy.dll ieshims.dll Internet Download Manager IPCamera IRST ISPNickel JCAP Kernel KeyTweak LaunchDelay LcMgr libAVCMe.dll libeay32 Lively.dll MFC80U.DLL mini_monitor moh_Breakthrough MSPAINT MyPublicWifi Software NanoServicePackUpdater NeatDownloadManager NetTime NI_TRACEENGINE 15.0.0f1 OpenUrlWithWnd.exe OTTO PassThruSvr PuTTY Python DLL qcmtusvc r-studio_rportable_rec RC DARK Tool.exe RTFC RTMUI Sentinel RMS Development Kit License Manager Server Setup SetupX.exe SoftwareUpdateNotificationService.exe ssapihook Strings SUCMLIB.dll suf80_rt SuperCopier2 TipTsf.dll TJprojMain unregmp2.exe updater usbwebserver Winamp Elevator Wsid module 央视影音
Last Change	32b6079fab55362c7230e37235bb7192fc6c8b5e-refs/branch-heads/5672@{#1204} 97a0f09bd385a340fe5c6509ccd3e3c2f358181e-refs/branch-heads/2743@{#720}
Legal Copyright	(c) <asmedia>. All rights reserved. (c) Samsung Electronics. All rights reserved. 1999-2000 ExtraTools ExtraDNS EURAF 2008-2013 PcWinTech.com All Copyright (c) retained by individual contributors - original code Copyright (c) 2000 Inprise Corporation Copyright (C) 1990-2001 InstallShield Software Corporation Copyright (C) 1990-2002 InstallShield Software Corporation Copyright (C) 1991-2001, RAD Game Tools, Inc. Copyright (c) 1993-2009 DvbLib Copyright (c) 1999-2010 Igor Pavlov Show More Copyright (c) 1999-2020 Igor Pavlov Copyright (C) 2002-2003 Linker Copyright (C) 2004, Steve Greenberg Copyright (C) 2004-2008 Brother Industries, Ltd. Copyright (C) 2005 Macrovision Corporation Copyright(C) 2005-2009 Brother Industries, Ltd. Copyright (C) 2006 Copyright (C) 2006 The Android Open Source Project Copyright (C) 2006-2015 The Android Open Source Project Copyright (c) 2007 Electonic Arts Inc. All rights reserved. Copyright (C) 2009 CopyRight (C) 2009-2012 Copyright(C) 2009-2014 Brother Industries, Ltd. Copyright (C) 2012 Copyright (C) 2013 SafeNet, Inc. Copyright (C) 2013 深圳市驱动人生软件技术有限公司。保留所有权利。 Copyright (C) 2013-2014 Mitrich Software Copyright (C) 2014 Copyright (C) 2016 - 2021 Brother Industries, Ltd. Copyright (c) 2018 Flexera. All Rights Reserved. Copyright (C) 2018 SystemNanoPacks Copyright (C) 2022 - Javad Motallebi (NeatDownloadManager.com) Copyright(C) 2022 Brother Industries, Ltd. All Rights Reserved. Copyright (C) 2024 Micromedia Copyright (c) 2025 Copyright (c) Adobe Systems Incorporated. All rights reserved. Copyright (C) brother industries, ltd 2005 Copyright (C) CSS Ltd 2009 Copyright (C) GAINSCHA Copyright (C) QUALCOMM, Inc. Copyright (C) SEIKO EPSON CORP. 2011 Copyright(C) SEIKO EPSON CORPORATION 2006 - 2010 All rights reserved. Copyright(C) Seiko Epson Corporation 2008-2015. All rights reserved. Copyright (C) Seiko Epson Corporation 2015. All rights reserved. Copyright (c) Yuriy Vikhirev, 2013 Copyright 2006 Nero AG and its licensors Copyright 2011, Intel Corporation Copyright 2013, Intel Corporation Copyright 2015 GOM & Company All Rights Reserved. Copyright 2016 Google Inc. All rights reserved. Copyright 2023 The Chromium Authors. All rights reserved. Copyright ?1998-2005 The OpenSSL Project. Copyright ?1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved. Copyright CANON INC. 2012-2015 Copyright HP. All rights reserved. Copyright © 1991-2001 Jasc Software, Inc. Copyright © 1994-2004, Firelight Technologies Pty, Ltd. Copyright © 1995-2009 by Wei Dai Copyright © 1996 – 2019 Ford Motor Company and its subsidiaries Copyright © 1997, 2000 by Graham Mainwaring, Copyright © 2011, 2012 Mark Griffiths Copyright © 1997-2019 Alexey Nicolaychuk aka Unwinder Copyright © 1998-1999 Microsoft Corporation Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved. Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved. Copyright © 1998-2022 Alexey Nicolaychuk aka Unwinder Copyright © 2000-2015 National Instruments Corporation. All Rights Reserved. Copyright © 2001-2022 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC. Copyright © 2003 Electronic Arts, Inc. All Rights Reserved in the USA and Other Countries Copyright © 2005-2009 Juce, Robbie Copyright © 2008-2019 Winamp SA Copyright © 2009-2019 PuTTY.ORG.RU Copyright © 2025 Copyright © Azzouzi Software Copyright © Nick Asseloos 2006-2017. All Rights ® Reserved. Copyright © Travis Krumsick, 2004. All rights reserved. Copyright © Wayne Bonnici 2020-2024 Copyright ｩ 1985-2002 Macromedia, Inc. GNU GPL GPL OpenSource Software Motorola Copyright ? 2010 ProxymaData Runtime Engine Copyright © 2008 Indigo Rose Corporation (www.indigorose.com) TODO: (C) <公司名>。保留所有权利。 Tonec FZE, Copyright © 1999 - 2024 Tonec FZE, Copyright © 1999 - 2025 wondershare (C) Copyright 2023 wondershare (C) Copyright 2024 WXJYXLWMH © 1999-2008 Adobe Systems Incorporated © 2015 HPDC LP © Microsoft Corporation. All rights reserved. © Microsoft Corporation. All rights reserved. 版权所有 (C) 2013
Legal Trademarks	2008-2013 PcWinTech.com Copyright © Nick Asseloos 2006-2017. All Rights ® Reserved. Crypto++® Directorｮ is a registered trademark and Shockwave(tm) is a trademark of Macromedia, Inc. ExtraTools ExtraDNS EURAF Intel Corporation Internet Download Manager Jasc Software, Inc. Linker Miles Sound System is a trademark of RAD Game Tools, Inc. Show More Nullsoft and Winamp are trademarks of Winamp SA Setup Factory is a trademark of Indigo Rose Corporation TabMan, TestMan, TabComm, WidgetSet
Official Build	1
Original File Name	System32.exe
Original File Name	NanoServicePackUpdater.exe updater.exe
Original Filename	7z.dll 7za.dll ACE.dll AdbWinApi.dll AdbWinUsbApi.dll AdobeUpdater.dll ALi.Hassani.DD.exe ares.exe asmtusb.dll botva2.dll Show More brAutCrp.dll BrCcBoot.exe BrLogAPI.dll BrmfPrint.dll chrome_elf.dll Core.exe cryptopp.dll ctor.dll DAQExp.dll data_api.dll debugview.dll DelErrDat.exe dotnet.exe driveridentifier.exe DriverPackSolution.exe DtlPlug.dll DvbLib.dll Elevatorps.exe EMP_UDSA.EXE EnterpriseDUUI.dll Environment.DLL EulaDll.dll ExtraDNS.exe E_PRLGR7.DLL FirmwareUpdater.exe fmod.dll ForwardDemon.exe GifMaker.dll GPNetIO.DLL GSpot.exe GZUT_OnePro高速编程器.exe iDevice Panic Log Analyzer.exe IDMan.exe idp.dll ieproxy.dll ieshims.dll iKernel.dll iKernel.exe indexing-manager.exe IPCamera.exe IScript.dll JCAP.DLL KeyTweak.exe LaunchDelay.exe LcMgr.dll libAVCMe.dll libeay32.dll Lively.dll lservnt.exe MFC80U.DLL mini_monitor.exe moh_Breakthrough.exe MSPAINT.EXE MyPublicWiFi.exe NeatDM.exe NetTime.exe ni_traceengine.dll OpenUrlWithWnd.exe Otto.exe PassThruSvr.exe PuTTY python38.dll qcmtusvc.exe r-studio_rportable_rec.exe RC DARK Tool.exe RTFC.dll RTMUI.DLL Server.EXE Setup.DLL Setup.exe SetupX.exe SoftwareUpdateNotificationService.exe ssapihook.dll Strings.dll SUCMLIB.dll suf80_rt.exe TipTsf.dll TJprojMain.exe unregmp2.exe usbwebserver.exe Wsid module 央视影音
Private Build	110914
Product Name	Microsoft® Windows® Operating System
Product Version	6.00.2900.2180
Product Family	HP Digital Imaging
Product File Flags	1
Product Name	7-Zip ACE 2008/08/27-18:10:41 Adobe Updater Library AmazonBasics gaming software Android SDK Any Video Converter Ares p2p for windows asmtusb Dynamic Link Library ASoft .NET Version Detector 17 R1b BrmfPrint Show More Brother ControlCenter Brother Firmware Update Tool Brother MFC Windows Software Standard Debug Log Send DLL Brother Software Update Notification Canon IJ Scan Utility Chromium CleanMem Mini Monitor Codec Tweak Tool 6.7.5 ControlCenter Crypto++® Library DAQExp 动态链接库 DebugView Delayed launcher Delete error.dat Director MX Driver Identifier DriverPack Solution DtlPlug 动态链接库 DvbLib EA Download Manager EPLIB EPSON Printer Driver Epson Scan 2 EPSON USB Display ExtraDNS Firebird SQL Server FMOD FN Clock gcapi GOM GIF Encoder GPNetIO GSpot Codec Information Appliance GZUT_OnePro高速编程器.exe HP Digital Imaging HP Smart Install iDevice Panic Log Analyzer Indexing manager Inno Download Plugin InstallShield InstallShield (R) Intel(R) Rapid Storage Technology Internet Download Manager (IDM) Internet Explorer IP Camera Tool KeyTweak LcMgr Lively Medal of Honor Allied Assault(tm) Breakthrough by Electronic Arts, Inc. Microsoft Corporation EulaDll Microsoft® Visual Studio® 2005 Microsoft® Windows® Operating System Miles Sound System Motorola ForwardDemon MyPublicWifi Software Nano Service Pack Neat Download Manager (NeatDM) Nero Installer NetTime NI_TRACEENGINE Odin Downloader PassThruSvr Application PC_CORE Pragmafix Project1 PuTTY.ORG.RU Python QUALCOMM qcmtusvc r-studio_rportable_rec RC DARK Tool RivaTuner Foundation Classes library RivaTuner Multilanguage User Interface library Screen Capture Screen Capture DLL Sentinel RMS Development Kit Server Setup Factory 8.0 Runtime SkinSoft .NET Hook Library The OpenSSL Toolkit TODO: <产品名> USBWebserver Winamp Wsid module 央视影音
Product Short Name	Chromium gcapi
Product Version	GEN_132.1.0 2021 2017 2010.0428.1.20464 113.0.5672.128 53.355610 52.0.2743.114 040.000.745.000 30.1 24.0 Show More 20.02 alpha 15.0.0f1 12.8.2.1000 12.8.0.1016 12.0.19041.1 11.00.19041.5794 11.00.9600.20671 11.00.9600.19101 11.00.9600.17207 11.00 9.20 9.0J 8.1.1000.0 8.1.15.16 8.00.50727.762 8.00 8, 5, 5, 0015 7,07 7, 01 6.7.5.0 6.5.28.31561 6.5.23.29563 6.1a 6.1.7601.18984 6.0.1 6, 42, 50, 3 6, 42, 48, 2 6, 42, 43, 3 6, 42, 19, 3 6, 31 5.1.2600.5918 5,8,0,3660 5, 6, 0, 0 4.9.4.0 4.02.0008 4.0.0.462 4, 2, 80, 1 4, 0, 0, 44 4,0,0,4 3.74 3.14 3.8.16 3.7.0.0 3.00.0004 3, 4, 0, 0 3, 2, 410, 1103 2.10 2.5.7.27050 2.5 2.4.0.3 2.2.1.1 2.03 2.0.0.1 2.0.0.0 2, 7, 0, 0 2, 5, 2, 1 2, 3, 8, 9 2, 0, 0, 0 2 1.85 1.10 1.7.4 1.7 1.4.24.0 1.4.6.0 1.4.0.0 1.3.7.0 1.3 1.2.1.9 1.2.1.8 1.2.0.9807 1.1.1.0 1.01 1.00 1.0.5.0 1.0.2u 1.0.1f 1.0.1.0 1.0.0g 1.0.0.12 1.0.0.10 1.0.0.5 1.0.0.1 1.0.0.0 1.0.0 1.0 beta 1, 99, 9, 101 1, 22, 0, 0 1, 14, 0, 0 1, 9, 9, 0 14 additional items are not displayed above.
Special Build	040915 Firebird 2.5 Kernel Version (1.0.3.1)

Digital Signatures

Signer	Root	Status
InstallShield Software Corporation	Thawte Server CA	Hash Mismatch

File Traits

00 section
2+ executable sections
AutoHK
Autoit
big overlay
dll
fptable
golang
HighEntropy
imgui

Inno
InnoSetup Installer
Installer Manifest
Installer Version
No Version Info
ntdll
packed
SUF
upx
UPX!
vb6
VirtualQueryEx
virut
WriteProcessMemory
x86

Block Information

Total Blocks:	648
Potentially Malicious Blocks:	9
Whitelisted Blocks:	629
Unknown Blocks:	10

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 x x x x 0 x 0 ? 0 ? x ? 0 0 x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.AG
Agent.DFGH
Agent.FRFD
Agent.MBB
Autoit

BadJoke.XA
Brute.PVE
Chapak.DA
Convagent.I
ConvertAd.AR
DarkGate.B
Delf.Q
Detplock.A
Downloader.Agent.EG
Ekstak.AN
Emotet.GX
Expiro.A
Expiro.IE
Expiro.P
Fareit.LC
Farfli.AV
Farfli.NB
Farfli.TD
Floxif.D
Floxif.E
Gulpix.F
Injector.AK
Injector.FG
Injector.FGGA
Injector.FHBC
Injector.FHBH
Injector.GDSA
Injector.KPP
Injector.KS
Injector.RB
Injector.RBA
Kryptik.GSJ
KuwanBar.B
Loader.DE
Lotok.A
Lotok.F
Lumma.DA
Lumma.GFD
Lumma.XC
Malat.A
Marte.Z
Nanobot.MA
NetCat.B
OnlineIO.B
Philadelphia.A
Philadelphia.B
QQPass.W
Ramnit.A
Redline.FAD
Redline.FAG
Rugmi.GI
Rugmi.IA
Rugmi.O
ServStart.K
ServStart.LA
Servstart.B
ShellcodeRunner.DB
ShellcodeRunner.DC
ShellcodeRunner.E
ShellcodeRunner.FN
Sheloader.A
Snatch.A
Startpage.GA
Stealer.BPE
Teslacrypt.E
Trojan.Agent.Gen.ZW
Trojan.Downloader.Gen.S
Ulise.BB
Webalta.A
Zegost.A
Zegost.AG

Files Modified

File	Attributes
	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
	Generic Write,Read Attributes,Delete,LEFT 262144
	Generic Write,Read Data,Read Attributes,Delete,LEFT 262144
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\libwdi-installer	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll.dat	Synchronize,Write Data

c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.211.7\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.211.7\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.213.7\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.213.7\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.213.7\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.213.7\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe.tmp	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000	Generic Write,Read Attributes
c:\programdata\electronic arts\eadm\cache\logs\core.html	Generic Write,Read Attributes
c:\programdata\electronic arts\eadm\cache\{ anonymous }\¤7.1-3.txt	Generic Write,Read Attributes
c:\sandbox_live\injected-win32.dll	Synchronize,Write Attributes
c:\sandbox_live\injected-win32.dll	Synchronize,Write Data
c:\sandbox_live\injected-win32.dll.dat	Synchronize,Write Data
c:\sandbox_live\injected-win32.dll.tmp	Generic Write,Read Attributes
c:\sandbox_live\shsandbox32.exe	Synchronize,Write Attributes
c:\sandbox_live\shsandbox32.exe	Synchronize,Write Data
c:\sandbox_live\shsandbox32.exe.dat	Synchronize,Write Data
c:\sandbox_live\shsandbox32.exe.tmp	Generic Write,Read Attributes
c:\system volume information	Synchronize,Write Attributes
c:\temp\debug.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\a1d26e2\b8f4184ce94.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bye86b.tmp\Ù	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ispackfiles.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nro.log	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nro.log\log	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nro.log\log\nps.log.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pgfoi.sys	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgibd98.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgibd98.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgibdf7.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgibdf7.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgibe56.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgibe56.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgibe76.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgibe76.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgibe96.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgibe96.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmp4352$.tmp	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\~df1c2deeb47cbfbe1f.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df1e411d4679dc7599.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df64a7c8a34c26c575.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dfb494949890a2c9e6.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\desktop\autorun.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\desktop\autorun.ini	Synchronize,Write Attributes
c:\users\user\desktop\system3_.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\system3_.exe	Synchronize,Write Attributes
c:\users\user\downloads\config\lightsyncdata.bin	Generic Write,Read Attributes
c:\users\user\downloads\nettimelog.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\nettimelog.txt	Generic Write,Read Attributes
c:\users\user\downloads\nps.tmp	Synchronize,Write Attributes
c:\users\user\downloads\pst_service_log\pst_svr_log_08_04_02_19.log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\pst_service_log\pst_svr_log_29_21_54_22.log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\putty.ini	Generic Write,Read Attributes
c:\users\user\downloads\regmon.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\sessions\default%20settings	Generic Write,Read Attributes
c:\users\user\downloads\startup.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\error.dat	Generic Write,Read Attributes
c:\windows\syswow64\macromed\flash\flashplayertrust\eacoretrust.cfg	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\software\wow6432node\keytweak::mru1	(NULL)	RegNtPreCreateKey
HKLM\software\wow6432node\keytweak::mru2	(NULL)	RegNtPreCreateKey
HKLM\software\wow6432node\keytweak::mru3	(NULL)	RegNtPreCreateKey
HKLM\software\wow6432node\keytweak::mru4	(NULL)	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls	C:\PROGRA~1\COMMON~1\System\symsrv.dll	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls		RegNtPreCreateKey
HKLM\software\classes\putty.connect.1::	PuTTY connection manager	RegNtPreCreateKey
HKLM\software\classes\putty.connect.1::friendlytypename	@PuTTY, -120	RegNtPreCreateKey
HKLM\software\classes\putty.connect.1\curver::	Putty.connect.1	RegNtPreCreateKey
HKLM\software\classes\putty.connect.1\defaulticon::	c:\users\user\downloads\a027a4e21288daefa09724b7b30bb6f6cf07edea_0000747463	RegNtPreCreateKey
HKLM\software\classes\putty.connect.1\shell\open\command::	"c:\users\user\downloads\a027a4e21288daefa09724b7b30bb6f6cf07edea_0000747463" -pload "%1"	RegNtPreCreateKey
HKLM\software\classes\.ptx::	putty.connect.1	RegNtPreCreateKey
HKLM\software\classes\.ptx::perceivedtype	Connection	RegNtPreCreateKey
HKLM\software\classes\.ptx::content type	connection/ssh	RegNtPreCreateKey
HKLM\software\classes\.ptx::openwithprogids	Putty.connect.1	RegNtPreCreateKey
HKCU\software\microsoft\windows script host\settings::enabled		RegNtPreCreateKey
HKCU\software\wow6432node\microsoft\windows script host\settings::enabled		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows script host\settings::enabled		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disableregistrytools		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disablecmd		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disabletaskmgr		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\explorer::norun		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\explorer::disallowrun		RegNtPreCreateKey
HKLM\software\policies\microsoft\windows\powershell::enablescripts		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\powershell\1\shellids\scripteddiagnostics::executionpolicy	Bypass	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ு궮䚅ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\rfc1156agent\currentversion\parameters::trappolltimemillisecs	㪘	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\iexplore::name	Internet Explorer	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\iexplore::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\msedge::name	Microsoft Edge	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\msedge::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\firefox::name	Mozilla Firefox	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\firefox::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\chrome::name	Google Chrome	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\chrome::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\opera::name	Opera	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\opera::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\safari::name	Apple Safari	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\safari::int		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo	vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.3570"hypervisor="Hypervisor detected (Micros	RegNtPreCreateKey
HKLM\system\controlset001\nerotest::	Test	RegNtPreCreateKey
HKLM\software\wow6432node\ahead\installation\settings::reboot_required	Ϭ	RegNtPreCreateKey
HKLM\software\wow6432node\electronic arts\ea core::clientpath	c:\users\user\downloads\27971f02f881935d0b2a3d7f76532257e35d9e50_0002851271	RegNtPreCreateKey
HKLM\software\wow6432node\electronic arts\ea core::clientversion	4.0.0.462	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes	(NULL)	RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes		RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version	143.0.3650.80	RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\winlogon::shell	Explorer.exe system3_.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::yahoo messengger	C:\Users\user\Desktop\system3_.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\explorer::nofolderoptions		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disabletaskmgr		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disableregistrytools		RegNtPreCreateKey
HKLM\system\controlset001\services\schedule::attaskmaxhours		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\main::default_page_url	http://www.mydreamworld.50webs.com	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\main::default_search_url	http://www.mydreamworld.50webs.com	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\main::search page	http://www.mydreamworld.50webs.com	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\main::start page	http://www.mydreamworld.50webs.com	RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\main::start page	http://www.mydreamworld.50webs.com	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ᔔ뫏錸ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ⓙ묿錸ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\advanced inf setup\ie complist::ie.hkcuzoneinfo		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	믜뮸錸ǜ	RegNtPreCreateKey

Windows API Usage

Category	API
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Service Control	OpenSCManager OpenService StartService StartServiceCtrlDispatcher
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile Show More ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetValueKey ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtUserGetKeyboardLayout win32u.dll!NtUserGetThreadState
Process Shell Execute	CreateProcess ShellExecute ShellExecuteEx WriteConsole
Anti Debug	IsDebuggerPresent NtQuerySystemInformation OutputDebugString
Network Winsock	bind closesocket freeaddrinfo getaddrinfo gethostbyname gethostname inet_addr sendto setsockopt socket
Network Winsock2	WSAStartup WSAttemptAutodialName
Network Winhttp	WinHttpConnect WinHttpOpen WinHttpOpenRequest WinHttpReceiveResponse
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserNameEx GetUserObjectInformation
Keyboard Access	GetAsyncKeyState GetKeyState
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory VirtualAllocEx
Process Terminate	TerminateProcess
Encryption Used	BCryptOpenAlgorithmProvider
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetSetOption

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0958f5499dacc588477548fe3b6efbe0694350be_0000410187.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\138614c09909000aa1fbb0f76198df1762e0b744_0000176071.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e59841c45fed6054e20ca7a160f9f7ac6b29b890_0000131583.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\aecba96908bde98a1251f39665310164e65daa4f_0001584583.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2b8e1b02cf1dde8da736758415fafe75b679910b_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cdb99d981324c7584512c08e9e628a9a4621effb_0001171399.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ad7c3e7956d870cad02373a558906685c49c9743_0001034695.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\14771b4949b49fded14ee739e85b9f5c1772ba9d_0000221639.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\693eeab0a40e6f5abf36c78d6a7d8227d80889b1_0000186823.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f926668f86d1e690b7742473ea1a845b33b7e32b_0000130503.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0df459139c6b186c57e1446f547707095b97c3dd_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ed565964f90326d6373220bc844174ec28ceb486_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0e747420ba1826b5ab4b0fcbf9b998da7b4ad4ef_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4f9ab255fde19fb7a35e00b7d9466cd97d50b1c1_0000136647.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1a47eb483199c9a2467b9dbac6af53adba0ae767_0001573831.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\905125040cf6b02d2740e1cf82b7534ed315656b_0001664455.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\74c34d2692d564a7e9db813a4e44109100fb97c3_0001569223.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\52e31d302bc0d9a5c61e38bb282e4903f36f80ce_0000303559.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\35e4fad042684f2e21722fcde0980ff5969e5552_0000502215.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6ba6f0b17263f81b3d719df7d779adb728870eab_0000344519.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a8355eaa9aafbe032ac2e78b8ff738086dac38e9_0001355207.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4b8ec5f38e1e8c3d489b7ad9588bb6f444af692e_0000214983.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\429dbed8bd24e12a25d37553a2b69a034b0ee348_0001704391.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\dc9758346d51d65fcb0a9558346aaa1016397dd1_0000434119.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\51a08d9a984f6f63c3d6bee4b5043ce10cd7233f_0000136647.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\59f1fa59a9b0e191d2b79ca173cf39f6d5fd0cb7_0000504263.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0c1dbd92f041354ba2fd376fbb6dba8a24c4b7c1_0001275847.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\63f0250d3aafcb80eb74a1aba75c07e1b7cefcfe_0001229767.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8ea4e9b83a43cb4817d949381e1c529390c6d8bf_0000143815.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\20666ba133024fdbca8c88479ec7cd9f4036f827_0000152519.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e0a59d265406838b302ff2b70fe8100441ad035a_0003234759.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0e486f8ed10607ace0d56c6c3eb2b16c847cab3f_0000131527.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b3f4c3070a57e472b2551ed4c5c4c8280f8e640a_0000478151.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1b6780c85ef95cd6b280c5414d81459bf47d5d74_0001255367.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\13b9aa85a2b62594a4c6f7e2ab44471317d39928_0000348615.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\00137231c86a2c9542b81bb4b5a5149d67064dc6_0000922567.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\83cc80450a3d595d5ce7e8fa7d534c8dabbf11ef_0001339335.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3d52a19d8511825475aa1d84e78ccb7bdb5e703b_0000369607.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a4cecf37afd95268e7596fbc787076f3db7ed896_0008469447.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c4b02e517a94d8c4100dc7b9d7b833c24a0f2b73_0000369607.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\105e6d5fae0de0c74605dce22933e125b86248da_0000127431.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\71aec501413a883e1991ee65db7f07fb1359a19e_0000369607.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b7a96d14d040f64bcabe1a2c29925efafafb748d_0000174535.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1bf58414ec8f6415e2ee467c9610315be07c4c73_0000143303.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\aecdee56bfb855521445e3a7cfc4a394f058fdfd_0000472519.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bfe405e314f21856f5942b50e8d0d365b1c1e886_0001677767.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\621b32f60bf9f577803f7663231ec590c22a7abf_0000180679.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\15be6b252a51b3761c11200c9a12d807f9d7d509_0000197063.,LiQMAxHB


									C:\Users\user\downloads\CBox\cbox.exe


									(NULL) C:\Users\user\downloads\CBox\cbox.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8269885c6ab5274625bd7c8a3a3f361eed7b3daa_0000233927.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\127e7aa6439fe995e377ffe44c69cce56dc49b70_0001218503.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8f3f3589ce09aaf051be503898322d69793cfa3e_0000188388.,LiQMAxHB


									open C:\WINDOWS\System32\mshta.exe "c:\users\user\downloads\bin\Tools\run.hta"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\981037e03b85c2daa1d81c2c1d467ae254ef58c5_0000135623.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\da2095e62dcb2ef9a7d379817e5f79d620a984f8_0000350151.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9c63dbdaf01688739e30f248459a5fa563218806_0000143815.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\440ecd31d356fe18a4469c7052df9bfc97b2fc22_0003790279.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\253f1a58fbed42272ea8f198e2cb23eb5580adf9_0001027527.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\68c204d241734e7d5bfb619ed8d48cf3c310aea0_0000992711.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\449295d804151d136e70452dee27cb36bf576ab8_0000426951.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\badc05ca2c30e12f7301a0bf10aef678ceb16fcc_0000182215.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\72bea0a1e7012bd7f08a96d3ced4ce1392c0410b_0000368583.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6ea92377037e88bd772ab85f3dc00ed2a2e6b1a2_0000627143.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\691d3106fa3adbebb2c3aae744b597d31cd6c798_0000504263.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8400f7bae3b7a1f0dff07e5a21220a779c56bf8f_0000156103.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\77a4254310a44438adf4f2e09323b1365e94e028_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3a23f9d2547ee2bc23310242880e378b2b6c3d11_0000190436.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\81c843bb9ebf3fe27da0e4bc2f4b570186b425d6_0000216007.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\189f6be46b8d824d56a75f42c944589640259a5e_0000311751.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c155a331b774532ecf58f8df0ee0d5b6b60a4fb4_0000913863.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a4dd6edc0938fe2ce358c81e05b2e36324671e6b_0000472519.,LiQMAxHB


									c:\users\user\downloads\48051d72058cc906e150c55fdbdd14ef0ab0d0a3_0000319431  -deleter


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\65ff877fb782c2a8596d2ac7c769a82b522f69d0_0000239559.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e9097ae2a4c2b31ab13567996ad26409f6d76bdf_0000217543.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c56519b243ef0aa052f98705e0a443b5f811b56e_0000156103.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\111b690aa15ee89b18681f7a922954ff641c0e92_0001569223.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7232ddb062e2bfb274ed8485556d39cf3f0b877f_0000135623.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8d598eedb31fba94fe8538e5b9a3a85554a71cb0_0000166349.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e8d4585fad37bfa5344988c82d07982cf510dfc5_0002417095.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9f5626b60a55f55aabf667eabe247236c0b0db90_0002429895.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8fdce64f8b9a0aecd95ff78d25ff03dc3053b8d5_0000180679.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0f9c272e68368e2a0201e87388b3f5e698bebac3_0000136647.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1b04c9da974d77421f72762c3bfb03440768785b_0001185223.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\939d2be87421d16eff73d7872c0d3fceb7dc13d9_0000174535.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b7918b33c5af5f0f2693f4d60eb137b43671a818_0000180679.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b51e98f1dbb3092ce4cc66df2cc94646edeb6ecb_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6c7afdc3ff6e1f3c341eb79d0c0d29fd57bb4265_0001027527.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\77ef95b60e7594dbfa0b6c5b64f6b3aaf0e3bf3b_0000152519.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9f6e8ded1f8862caa93a308e2096ce7b6b743525_0000364487.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e94a986bab162d11ac9be678821f12a2d81fbeaf_0000129479.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cb590c9a3d94d648ed914d5d8c41a1e05d5b7666_0001027527.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c9e4a32146436382a3fe9649d6a154db07a8ab89_0000116167.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\17a8780f044552d06e1540872e028a6d1ea0ec7b_0000141255.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4dbae9a1ab725e505bb3c25c2e320c05e2ba01a1_0001185223.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ce8af3a279ab93cbaf1261af3a9cc8969ff73d68_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f017bf65aae949a469e70c5380a7ef87d0854660_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\faa557afeb75209ad1c4f725420036ce82c8f66b_0000103879.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4726fabd48ffaf3c788174f195b2bd2044b65abb_0000136647.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ccbeb171218ebe17aa9c61d7f11119066c4c2ab1_0000205255.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bcc4dfb21b432182addebdedf39398cc706650dc_0000173511.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c83445d184a9d27879649d1f57530d7d7aa73592_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9b6a10d7795fb11a9123e2266deea87940698a4d_0000205255.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0bd37593900e7df77f38f89d599d8ef3e77b3362_0000136647.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a7a81515f02b0d23fca4296b331b1d2deb06f2ef_0002237895.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\793286cddb1fe4cbf351182eff25848cd98e0c16_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\613600987d124ead85a8978767e51e1b387e31b1_0000136647.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fc4ca074fb7f0eab2054a0a4b8ebfca1bf584098_0000179143.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\32bc0934e8d0e2e2d2cab682f0abc139d1659ee1_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4dfa812e9acd8d7572f836e44f4906d223b94781_0000162759.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\704ee6acf76c0b6f37dcc2a935c6633beefcd4af_0000303559.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ae2a34a90e8ecb68f3cf9c28587d6460951e8ba7_0000183239.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d0c28526b78d91bfb131b9132af3b71c8a2d88d4_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\def0b70671347bec0360cd01da1833514c46f4fe_0000416711.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\15627dca75c8a85f9b1c606aa3ddf7054df0b8e7_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\82c8bcf34de390ed1c463ab893ab8bcfa5311f6e_0000226759.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\365f52c7cc8b12e351a87a259f39fbf51bffc970_0000992711.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f0dac0ceeaf6e64b77fb546ac2a786666a765641_0000419271.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\60995418346abb147fc1573c088ddd6648f8f56a_0000136647.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d89da966dee5c997cd6cbb8d544c8a70be48eff4_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\204280f67aec87984fb7693f47c35b119934d460_0000180679.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9db756cede449d573d49b8b52cf84dfef9659209_0001393185.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\322df607e96d14a4d6421de9135f0f6640daac72_0000176071.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b0cd5175bdd2db7ab920353117aeefaa77735ed0_0000134599.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\42fcce8ad12719da55abd452754c477285e3bce0_0000291271.,LiQMAxHB


									open http://jazz.wifi/


									"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://jazz.wifi/


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b2ca67e3fad9b7169e6701b0b8b55f876bed6860_0008461255.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bdf8de2e1fc36d2d91101c992fa1fcee09d99a30_0001572295.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1130fc79c052d5068d0518902684911ef8203244_0000284103.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\59644e3103af5300109cdf568016644a02d1910d_0001185223.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6e86b424ce4cd3a8abcbf5a80faa6bc0453af309_0000176071.,LiQMAxHB


									C:\WINDOWS\system32\cmd.exe /C AT /delete /yes


									C:\WINDOWS\system32\at.exe AT  /delete /yes


									WriteConsole: The AT command h


									C:\WINDOWS\system32\cmd.exe /C AT 09:00 /interactive /EVERY:m,t,w,th,f,s,su C:\Users\user\Desktop\system3_.exe


									C:\WINDOWS\system32\at.exe AT  09:00 /interactive /EVERY:m,t,w,th,f,s,su C:\Users\user\Desktop\system3_.exe


									WriteConsole: Warning: Due to


									WriteConsole: Added a new job


									C:\WINDOWS\system32\cmd.exe /C cacls "C:\system volume information" /e /g "Jitncxdp":f


									C:\WINDOWS\system32\cacls.exe cacls  "C:\system volume information" /e /g "Jitncxdp":f


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3ca4412d0fc40d30b58c9326198f313897cd3200_0000174535.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fe31235b9625a124647dd0e1770f8d24056bcc9c_0000169927.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\702234afa484bc9705f1429f69e29c4ffff99708_0000311751.,LiQMAxHB

HEUR.Crypted

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove HEUR.Crypted

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed