HEUR.Malware.Confuser.Generic

By CagedTech in HEUR Malware

Threat Scorecard

Popularity Rank:	840
Threat Level:	100 % (High)
Infected Computers:	91,158

First Seen:	January 29, 2021
Last Seen:	February 6, 2026
OS(es) Affected:	Windows

Table of Contents

File System Details

HEUR.Malware.Confuser.Generic may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	5026656.exe	18124d41b0441bdb2bfde1797f929998	1,906
Name: 5026656.exe MD5: 18124d41b0441bdb2bfde1797f929998 Size: 146.94 KB (146944 bytes) Detections: 1,906 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\5026656.exe Group: Malware file Last Updated: March 6, 2023
2.	7768099.exe	ea71b5210afd76970d7dee3a2ce18dbd	303
Name: 7768099.exe MD5: ea71b5210afd76970d7dee3a2ce18dbd Size: 147.45 KB (147456 bytes) Detections: 303 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\7768099.exe Group: Malware file Last Updated: February 23, 2023

Analysis Report

General information

Family Name:	HEUR.Malware.Confuser.Generic
Signature status:	No Signature

Known Samples

MD5: 6b5d1a03076c7426e4544d68e86932d8

SHA1: 47f37217daf6a333f96a356e01a38497089e7e56

File Size: 1.75 MB, 1747456 bytes

MD5: 7a48b3fecd16f92cbbb38b60b54c09fc

SHA1: 701b41aa679d73875bd5f61075dee7c3daedccf3

File Size: 272.90 KB, 272896 bytes

MD5: f5cf0b8fef28fb650ced309130d43bb6

SHA1: 50e5b37f86d9646a0c5eb24f673d201f2131d6d8

File Size: 197.12 KB, 197120 bytes

MD5: 83a30a0749ffe28fb03b8e4f46e25356

SHA1: 2db55e15f4c82c7aa09e358112c72fd7225f1326

File Size: 522.75 KB, 522752 bytes

MD5: 8edcbc9bd5921ebb990d7d471c462be9

SHA1: 5cd8b69677da06e26e81f2be39fc325db026fe46

File Size: 471.55 KB, 471552 bytes

MD5: 95629463e29c75170ed0ec51d3882fc9

SHA1: bfa9733ec60a1970a4265240e0d808ca95dddbb8

File Size: 1.98 MB, 1980416 bytes

MD5: a0aff29c66b0b46778151aae3cb334a8

SHA1: 82cf30d52c35920e1d2ed49e850a048059c7c64d

File Size: 179.71 KB, 179712 bytes

MD5: cc327c303d4b7c01be20a11f82cafc10

SHA1: 4fe0c5f50224ae19f77d21a86bd5850c569cc1e1

File Size: 272.90 KB, 272896 bytes

MD5: 93a40233200d5b3539851c3e150cf2dd

SHA1: 48cb54da9dedf99914c71375f661158138513ce8

File Size: 3.08 MB, 3082752 bytes

MD5: 13c095d98c01e8e7d34df8ff34aa4b8c

SHA1: eb704fac6a4c83b7886541811192f9e6916312cd

File Size: 94.72 KB, 94720 bytes

MD5: 1869a8b205789d537007524b39523fb8

SHA1: ce1dfd62eaa23a7d92d2989eb8b052b01c921260

File Size: 2.91 MB, 2913792 bytes

MD5: a31daf9208d642f16e713e46057e7440

SHA1: a784f9f3c3258339c7ba53cef1b32fa300fbf853

SHA256: 56730700F7249E5BDFF43A248E345A3B5E551901409AB7187F4F11E29F4C0B28

File Size: 56.83 KB, 56832 bytes

MD5: 438c9dbc93c9e7309e330e419f6fed94

SHA1: 4630fc375e50722c1befd0f1911733ed7a18f98a

SHA256: D3763D693E138C079432F4FCED431CF52F2F4D19907296425EC2896E48E3A3D0

File Size: 118.78 KB, 118784 bytes

MD5: 1f26e8a64c0173fe5153d81922d2f5e3

SHA1: 965c246b164c51017cc4e4ca058206d87e11c4cc

SHA256: A02533BEF25022EDC1DA5F32EAFCD1B9C17D17560577D2A0396BD73DA1D39A62

File Size: 143.87 KB, 143872 bytes

MD5: a79cf94c54ec5c576b4d2140c824d49f

SHA1: fcf0703929834694cb8c772ef0fc324f8c3e3375

SHA256: 7BA835AE6B41A40D890D22BABE2E4DB2FABCA45BD35B390FB9B59E8F30AADCAB

File Size: 143.36 KB, 143360 bytes

MD5: 42fba2c0b87d0bf67768f8eb2494c258

SHA1: ea2cb901850a0249adbc87973888c792443fd823

SHA256: A49CBE15295758BED65968C5BDCAC52DC223010B189D33F2FDB43D6FEA67574F

File Size: 143.87 KB, 143872 bytes

MD5: 8cd8e71d5b49d7969d8f30bf75a13e74

SHA1: 950396c5b6794ffaf88e53a59295531be0ef911d

SHA256: DD7DD5F56172246E6B8B5904F0E87D8C845F0745D2CD51B23F96F1F645D2D57A

File Size: 143.87 KB, 143872 bytes

MD5: dc06686ed044c29523234caff880ec81

SHA1: 2d44cbb09f45950c850689e43a2ea4625efc4c81

SHA256: F389FEAFE35CE54F028DCE4119F699B9B3230B359200369921A3F19F4D7FBA86

File Size: 143.87 KB, 143872 bytes

MD5: 9d6d9099879a12f2f43e873a0d15ff4f

SHA1: 53769edcf5b72000bb8dfbb1ff9cdd8f0889ae95

SHA256: 7649D6106F1BF0BE0E3ED06C25B0B65D1F3FDB2534FC685771E562653E5C062B

File Size: 115.71 KB, 115712 bytes

MD5: 833016d31b9270205a0dc651bafe8605

SHA1: 23ac4502533e05e120d65771d4b52bc35a69648b

SHA256: 739D5956FD19359A97D314348B310C8E186B3ECF574186F23A03FEED296F1110

File Size: 115.20 KB, 115200 bytes

MD5: fb338be6b66fc2ca7cc2c1cc61ae0e68

SHA1: c7efb20053e4c52f1341176902e80f92d35ed7e9

SHA256: 62CABBACBAD0BC4FFA3C42F39C5BBFD54AF667D751181B16C26DFCA2471F64D9

File Size: 115.71 KB, 115712 bytes

MD5: d951f7a0441c1a06dd72b3f3131cfd13

SHA1: 1670b5ec268c86dc18aadee1f507a77acf5fc569

SHA256: 2BDF7D371B58C894CDF2FD0FF599F473B852759DD71981F963A45251C3803B88

File Size: 143.87 KB, 143872 bytes

MD5: 867a3072cefd545fdb02b2aed31f1d46

SHA1: cec46ad9be061e5bbb97162cd3f0db6e03ebd138

SHA256: AAE09FCB32D6177E4B95706B5983DA227C5B6D68B191E1BFA5E6021A2B508138

File Size: 115.20 KB, 115200 bytes

MD5: 1b68d34f558a333a9e50d5608d7cce18

SHA1: a6aadb15eee10d573ffdd66fc25eb0a8ced457b4

SHA256: 7EE188C6F3902AD2C70EDAE238D5D5526370410C4C4BB35DADD414C19C52C2F0

File Size: 115.20 KB, 115200 bytes

MD5: a78a7e678fb4247cee6287f075efc2b8

SHA1: c1384afd850baf8905a341929ff2464cc7c0ea3d

SHA256: 161867C4D011E0653B2792C27088754E45F647719799A9886DCC9028CF15708A

File Size: 31.74 KB, 31744 bytes

MD5: f22c8fd1db4d19e722580320590be3a8

SHA1: edbfba5eb89a16ad87e76bce3ee1495217993dfb

SHA256: 51FD321D340EC79263E98E868EA1F50B62756B1367E71770B2FAF2E91D2F02F9

File Size: 272.90 KB, 272896 bytes

MD5: 067fa1fc2a348fa190131ac7995bbf58

SHA1: 48d5bf358f50543ab3349612540c30ac48edcee4

SHA256: 3DF78E8529EAF46ABE932213059D1A0FB180BE6E51AECAD4BF5C9369512B7F79

File Size: 115.71 KB, 115712 bytes

MD5: cfce279fbcc91e03373180eb83c14bd6

SHA1: b7f92ffebdc4d36c4d0854f30d7c1b82fbb21359

SHA256: 449540FE63C096CE567A1DE32979AE18D7CE93DE0028E86C977177518E933F0F

File Size: 115.20 KB, 115200 bytes

MD5: 945cc1a2ea1363ec68cb08dcd964aae5

SHA1: 661747e39619d22a117a8ffb122811ed7bada549

SHA256: F1FC85EAE77F990BD821A64CA9C7CB331FCE1804CE8AF6D5E4C0B08478E7223D

File Size: 115.20 KB, 115200 bytes

MD5: b399194d2efd0420d5fbfb6add59cac2

SHA1: 6e1e62cc2eaac36be363c357a8ed72a857cf0c7c

SHA256: 02D243DD2C0F305F3E512962483D497F759FEB12877AFE01089D84F979057638

File Size: 9.98 MB, 9977856 bytes

MD5: 066ea545122fe5c180d3a9326d7e7a3d

SHA1: 70cec40f5a50148615f63cd8986dbecd4731c913

SHA256: 1F7A4A192FEDACD83B6385B5CEDEBFE5C0DE867989DF94135653EC16097F7858

File Size: 115.20 KB, 115200 bytes

MD5: e0cca4aca5ad60bdfa106a47cec09495

SHA1: 84a83160fe3b9e997b879722e87c951392e9169d

SHA256: 64082FBE9325AA90129EE80C8DE6EC267CBACA161DF6667DA41409FE2236D2BA

File Size: 115.20 KB, 115200 bytes

MD5: 1ebf0539aa3fc40e7ab25f585106b080

SHA1: 859194e4f377f0cb24562962cec2a5ae088e260a

SHA256: 1ECA4C904BC34C3BA36E0B420519207A5A195E83E8E21CC1D9323AB7B4B2FC09

File Size: 127.49 KB, 127488 bytes

MD5: b04646d530461bbcdd11403c83a19f68

SHA1: 87c4378babb8c8b43392f074395a711a45569323

SHA256: 66AD2E87104390AC881AC7E7A3CF4538994CAE1DCD47E7C86F5C381167A094A6

File Size: 160.26 KB, 160256 bytes

MD5: 77af6ec1e00a60eaa4e593bfdd890d9f

SHA1: 8d605555ac813aba35ed0c633c1d24bf7ecd9359

SHA256: 37689744F0135FF0BC6D1E5266C18F8F409343F1EF9EDDA4CDDACE9C79FCDB5C

File Size: 1.97 MB, 1972441 bytes

MD5: 61a95b87dc5b2fbf853c61626f87587f

SHA1: 13d663ef0480d873a16771700ccf26f131357798

SHA256: C8A92A461F99558DD69363A7AE3236745A5791610CC29B9C56E560E64E78AFB2

File Size: 115.71 KB, 115712 bytes

MD5: 21fba0cad92cd276fd40fce1e30891c7

SHA1: 35943f2afb4205ffe048ee1d672ee6dc56d15f74

SHA256: C981136E22C8B39D7C1F1E7131FE3ED2687507B7240C9EBD797E0071D1B94C3F

File Size: 437.76 KB, 437760 bytes

MD5: 984ccca78d746e45301664d202ca8ba2

SHA1: 4a27b75140d18a206f42dc77e4bd33605949c210

SHA256: 48E31DEE5D5DACBADC7D551B862FDBF4B9296F5A23C4D514761C88C6C16D8EEF

File Size: 115.71 KB, 115712 bytes

MD5: 55a8a872c1c327e1276ca9bde29490c7

SHA1: 2bc20ca3f45465cecdadd8624f9717479cf96e6a

SHA256: B9D9DC6A4FA67987C5F60A3563B9B1CA0257236A38F113B81958B55C563D4ABE

File Size: 677.89 KB, 677888 bytes

MD5: 834b484db7eca95983fdb008277fb2f5

SHA1: 38dd6f2a03be923a72873d59babc4001949c20e9

SHA256: 57972FB7AAF5E4AFD094143B85C2A06FFC35D2D06D7715821B1E84CAFEE5973F

File Size: 115.20 KB, 115200 bytes

MD5: b28364fb9aef7fabda93cfed4f21c01e

SHA1: c57ddc8a370a922814bb3ba092f3e69086d6b3b4

SHA256: 3000CEABBD0117A501B754543B163E0D4A601749E9FCBC130F4DFC00B3B28FB5

File Size: 115.71 KB, 115712 bytes

MD5: b32c41213cde24d4fe4ab85931a37db4

SHA1: f36112481833220bb1bc2ae12aeabe69df1364ff

SHA256: 2122AD1A9BC8A55BE7CD0E970C4B8A37F90B92F673D9750D18E2D0ACE08455DB

File Size: 143.87 KB, 143872 bytes

MD5: 5d8d4296428b487f9f6ce88e743554bb

SHA1: 87e9f1316e2ea969ce2e53c43e6399eff9991c54

SHA256: CAA1850BAC5637F96856AA4F269FF714C5A6F087F38594F001E096F4534E8A0D

File Size: 3.41 MB, 3407872 bytes

MD5: cc9969d5a40977059c245ffbdd0bfbb3

SHA1: 9cd9e86accbcf8ae3549bed94a62d015b531150f

SHA256: CDFB3F3597077E9EB5243680D1AF3CA62ACAE3DF9AC63C1822919BBD794064E9

File Size: 115.20 KB, 115200 bytes

MD5: e4bf5d8288982a91a9f6cf9fc8c99cf4

SHA1: d1c1666588b974124dccc818a19fb19d2c014559

SHA256: B22BE2637B4C92566AAB9C8DC135ECC7E8AAE2E86341F5B45A758416F21383F8

File Size: 115.20 KB, 115200 bytes

MD5: 7c07eaac9f39a4ebfd391cc27c05da61

SHA1: c6d2038e49b3edd9665b00dac3a3fe9685aebcd3

SHA256: 6C86A7526F4359E9404CB2E7428F55F01768DD4B1810DC7DC1D8CA64053BE33E

File Size: 115.20 KB, 115200 bytes

MD5: 58e932d6aefb3434058669803ad9a9d8

SHA1: 339607805f051c2a5c96223c1f17fc9e513039da

SHA256: 6426D39928D56E4FBEB1CB0FF716F41ABE960AB2F9C29281030C5DFAE752D980

File Size: 2.15 MB, 2145792 bytes

MD5: 7d244e9efd7283741c12566c56b874e4

SHA1: 0611cbed05d5673d14ab03e60655da53c74f574a

SHA256: A251CBFC3D66036708BE077CC672C0A8819546E93FCBE22FB6DC3FAE9D03A635

File Size: 143.87 KB, 143872 bytes

MD5: f9e3d6a84ee8f9b711d3539f9ee405c2

SHA1: 267d69ed8895d2c017bddf7bd21357fcd574bf6b

SHA256: 4A716D3A1A9E0FE4AFD6FD648CFAFB6AD7DC529ADD3D2567DF8B8AA4A91A1D61

File Size: 272.90 KB, 272896 bytes

MD5: 7cae0b1c143026c4b1f7547cf0508ed5

SHA1: 8a4aee2a2fe7a1fb10ef169013eebbeaffd88e4d

SHA256: C30574B15C4F6DAE82A31ACC9982DA93B94BD1947D9B7A69FDF926F10AC35143

File Size: 1.98 MB, 1977856 bytes

MD5: c410bd5c3f7a383e33ebad9353bc1277

SHA1: 18083feed031446a6682182cd97e62cdae2bb53c

SHA256: 7FC05472AADA82C122581B6D971DD78292456E49B8F1CBF0C312CE16995E01B6

File Size: 2.27 MB, 2266624 bytes

MD5: 7605d6a70a7f81650571b6caa5e1c3dc

SHA1: 1c590f5b59765fe68a9e1c2a02817d8f2a302ca4

SHA256: D706578BB7B5A2108B0E1C81A7F248E603C643B2D1390C2C49A3C7129BDE4145

File Size: 1.01 MB, 1013760 bytes

MD5: 4c8706f6c24040bcaba6d34859ef253d

SHA1: 3a943d0c11a21e9c9aeff13a6b3641e4012d24dd

SHA256: 7C018FD1F07D1BC9E4FEB8AAE39F46066D5976C489440A3D72F6FF53829F41DA

File Size: 115.20 KB, 115200 bytes

MD5: 1a09c76519cd1871077c5799efbc2813

SHA1: 28034ce5c9a37bef6a0a4b6007b51cd8fff3b5ed

SHA256: 219C927C839D908F5F096BF3CADE1ED1E68A7D98F459BAA95F9E63A9B2226DFB

File Size: 3.93 MB, 3928064 bytes

MD5: cad45f56a9b7c28f6e5ad7e40efd77a1

SHA1: 147545e2a243415a72f2cb96e801fe68468fab94

SHA256: 4CEA37433DD338A580328A2B787DFA3B9488A0DCB77CE26A256CBDC929E726FE

File Size: 313.86 KB, 313856 bytes

MD5: 235014f8999f5de6c0ff9c6b8bffaa3b

SHA1: 18db322aa40026662a2313a4b62bb08b88f10a61

SHA256: 0809331B23C93BA071CF1CDEA71F10691049D41C62ECA1040563D40D0308D7AE

File Size: 601.09 KB, 601088 bytes

MD5: e5bee728523d415849a31a47ec1803e7

SHA1: 0c7a241673886710d5704a7b7086f0882c39c6a1

SHA256: 178475A2DCFEAE28E853731E67BC27E3FD9FE01454B860BEEDF76C96632755C8

File Size: 597.50 KB, 597504 bytes

MD5: d1f08f43a54364612df54f2627db1826

SHA1: ca41b0d48ce6aebf6d4ce75e4d80c0aa6a83134b

SHA256: 368F281D945B0D61F354B69CC6F0E5C738155459D8D80FE979EC28B0E92218D4

File Size: 4.02 MB, 4017152 bytes

MD5: d7f3170335578edb41633abfc66fd0e2

SHA1: 1d5094d92c28445fad363de58741ddd618a8e393

SHA256: 5B197E7F569F3EF0AA6A4162D14183958E14AF496B80B4AF13A127F9529743BB

File Size: 115.20 KB, 115200 bytes

MD5: f780d259b6252418bb5d6c11e8df086d

SHA1: aea1b27d177b2d0994be456abf0d8dc1a03ac7b2

SHA256: B470633E7642FD486430C0FE0376F23FAC73ABF2A42E60AD878E41C4E36317C4

File Size: 2.92 MB, 2919424 bytes

MD5: 09db0468b0ba8de48bf57d4b8cb80973

SHA1: 9247f0c693ec041cf554e90de79af961a3590b8f

SHA256: FF2F73B9ABB94C49D361375E0A8574DAB9D5D3656AD68887495A3915B9ED21AA

File Size: 571.90 KB, 571904 bytes

MD5: 6f8d2a143d7152d6a31e9185e69d9b98

SHA1: 4803cbb91a412f4910831adcb5c083c0754a45bd

SHA256: CECFAD3C7711EB21804CA6914C9790CDC5C5FD6D8A9F1F54A5DCC04FFE595351

File Size: 107.01 KB, 107008 bytes

MD5: 68a43dad5b7f486c1764f7c0ae9ed9d7

SHA1: 4c05d5c69d89844d4959fe87622763e02ff432ee

SHA256: 7ABAD48A1EFDF99CA3A301D76F25EED27D2F128364716AFA0D0BE0D525C131F3

File Size: 1.10 MB, 1101312 bytes

MD5: 3ebc8badb102657e55d6dbfcad6fe793

SHA1: 3d5474103792ee1e7ecbdd31f53f4dfebc86fa2d

SHA256: F58D77F252D63E4FF5F1AA3D2AF5232D19E895215D90D03EA02C49BD5A8EC810

File Size: 82.43 KB, 82432 bytes

MD5: 32637563dd356005765479d0ebf5af01

SHA1: 1c3af23318d166b89ef1a38853001645fd3f5e84

SHA256: 9712527ADC95AE8529795D1B87F8794FF25875252214FFE6AAC6A6C08E146ACB

File Size: 600.06 KB, 600064 bytes

MD5: 7a438549dedec0cdefa672a2ac8b530c

SHA1: efb4fe1bbbddb1ccb360c70952b7c507bcc61f01

SHA256: DE86186AF5034AED1B1050D0029DDF56E25B5FF30C24190CD5A3ADE5E542567C

File Size: 4.97 MB, 4968448 bytes

MD5: f05b6e772b2170b75cd799dc0676fd96

SHA1: fc0534e4b1a03fa859f52d02e30dc935913b1908

SHA256: 95801E80C791D0CB289D8B607C7B1A92A6017B929AFD845E5DC5676D2DF599EB

File Size: 115.20 KB, 115200 bytes

MD5: 4a479ed32d19d98154120a38f5ac72a5

SHA1: b6e7e95cc9263f8212c6f712a579cfe762430bb4

SHA256: 81F77C19002F75984FD6C2DB236AB8EF317F723B3681357CDEEE778255DA702B

File Size: 115.20 KB, 115200 bytes

MD5: 613ba7dbf76a35d1c6e2c6a6160e75d7

SHA1: 7d31ed11b660ff04ef28d1bfabe9d2ccacb7e66d

SHA256: D6899D2D53956674DB934992C478E8CF9968CA5FC30478D7D17D771448A931F9

File Size: 95.23 KB, 95232 bytes

MD5: 3c8892716f741e22b2e02fe872c48c9e

SHA1: c799751a227cd078e3223341b46a69ae9b66e42e

SHA256: E1E7832E1D75D83D6AB39DBD4991AFB756F499A9EE4E0984044AF5E1756A2200

File Size: 6.53 MB, 6534656 bytes

MD5: c5caa48dfa3411c71fddaf22820ee289

SHA1: c9604c58bb3a8da5dc454eb4a46db09222befdab

SHA256: 095946DF27C40DB747FBB95F258B4E99C137D47EE4725BDE84805E8CECA98F7C

File Size: 95.23 KB, 95232 bytes

MD5: fbf97bc256e09e05c89ced1f50920124

SHA1: c52d6ea82be0d9169c96bfe8741d8cf7da9dc7b8

SHA256: 6276E1950DB017B4C699E363810E9EBBE1D0956299861116B1BD2798FE95B671

File Size: 706.05 KB, 706048 bytes

MD5: b6d09e80c42e3eefe3f2752d5c5f1e33

SHA1: 215c7635c44c4c83885a381fc4d66687020d5fba

SHA256: E5BC3B6EE293F35DCB4C629BB0DD6A6BB684D34D0E8182E1E5C82E4BC36E4728

File Size: 283.65 KB, 283648 bytes

MD5: 6ec712216c0c973f1170ec399da9acb5

SHA1: 5ed1db3dbd260de35fdc82779e0475122777ea6c

SHA256: B0BC23989BC3500968BD9361ADEBB00F64325191E3D099953FF43225E88648EF

File Size: 923.14 KB, 923136 bytes

MD5: 7ca833235db8350cb151c74a8e1de0f0

SHA1: 7b1c86965086746dc39337f4441c462edae66018

SHA256: D53C7F671D8A768A3E9BD6ECEF857A04D2A5D75B31B4999E00AEE45C9CB3D9E4

File Size: 693.25 KB, 693248 bytes

MD5: 78677a42c6d2d2b2b330235dad90eab9

SHA1: 0064d761a5a1a37967f630b38bfbdc5c39850238

SHA256: 27D21A38C209A0E1AAB46D6FEC1F3810D29A67E09D41B9D93639192D249F0246

File Size: 729.09 KB, 729088 bytes

MD5: f9fa529cb1d03d2516e9cbdc76a7851b

SHA1: a343bd461959ddedd788b0d108bb35d97ba8e1fe

SHA256: 8BCA13687052D182D0A84B821BF5B28A79A93C829A71FCD0F6B04693F26B6808

File Size: 479.64 KB, 479641 bytes

MD5: 256dfd64519143913454a349c3e33247

SHA1: 9a4b2b2624943cdbba49cc648cdcd37abcc97ff8

SHA256: 672F5BD0093CD12B3C62C6E76AE4F3D3A00C3903A5CD08BED59EB38D7BB7AE07

File Size: 963.07 KB, 963072 bytes

MD5: c485757975c13757ebb4ebee72ae6cb4

SHA1: ef06445459f97c879a0db73f8832dfacc5427cd3

SHA256: 63630A42AB412A90A37361D779A82488730B65C154BA55A4B45D12C9B13A16C2

File Size: 476.16 KB, 476160 bytes

MD5: 70093e02c75087cb00eeaf2bc1d1654e

SHA1: c7eaf93340723607e522c58d833af48ed8e32e6c

SHA256: 98016599F27EBFCAC43C4E6740E1A03DA209FFC7B08E5826DC35902EFF39FE1A

File Size: 2.40 MB, 2395136 bytes

MD5: 197bf6d5ffa454892cfb12b14577c47d

SHA1: 74bd639fc7cb15d57b7c57afbf59e169056dab01

SHA256: B5166D04552C90041AD573A08845C758228BC3C1A1428192BB651ED1BBE697C4

File Size: 593.92 KB, 593920 bytes

MD5: f3c1d0c48fa3623edd21c8671572b680

SHA1: 9c1a75653f964b3631dc0a05b45653cf539fc3c9

SHA256: 8695A105743736B2EEF16EB4BDCD237E5114EB6055F1422C7EFF47A85F544E88

File Size: 3.52 MB, 3515392 bytes

MD5: 836258d2e061e66ff7c6bfa221be1f73

SHA1: 1fd80dda43cd33cee2963ff0f118f6b4db44b53f

SHA256: 46467C39DBF88F4A34D754034C08EBA00A1A769C228D9247C56DD13926F0BF89

File Size: 842.24 KB, 842240 bytes

MD5: 8aa72503fc819f05e39eb83f8865b462

SHA1: d44a753f408d35a6c834399a7a52cee6fae6134e

SHA256: DF9DD82B91BE204B5CD7D0B5E618BD59CA6EA2A336A1E245E0346BEA1200459B

File Size: 356.35 KB, 356352 bytes

MD5: 349728b59777f32b1dda75341fad85c6

SHA1: a319eaf2c020c19ac9069eaf0a1fd55a30b6f1a0

SHA256: BFF29E662A37F0AAED78573E4BD75DDD9CFC44C58A7CC477B08828FC380B84ED

File Size: 272.90 KB, 272896 bytes

MD5: 5504ea882e5fa17ca6d0a79a51391ea1

SHA1: 110754ca946e865004e308fcaf648f18214e7d76

SHA256: E95FD72F18593FDCA8AF43261585993B45F291FEFF8C39C39F6BF81DA1238305

File Size: 1.59 MB, 1594880 bytes

MD5: 46a4214f20d88104ac8e033813395d76

SHA1: 533052d0226f227d3cddb6364d8f8e2774567964

SHA256: D2B28DC844C49E26B17D79C2579F8AFBE878CA9BB46FABEE2990ED9FE5717C5A

File Size: 9.25 MB, 9254912 bytes

MD5: 2d040f05584b824f5408d60198428c4b

SHA1: 036c93d97035819617677f66dd291144aaf7c36b

SHA256: 96D294FFAAF27B577BE37F40A82AEFBFD4FF37143849FAB6B36EDC4B6C5FD827

File Size: 6.75 MB, 6747136 bytes

MD5: 8c066b68a2ffb3ab915ad3d1741700d5

SHA1: e899972e4a331b0c5ca6db74a2ef5519c4cd8e65

SHA256: F518B4CF488BDC5A9D463D0E652800D9452AC1F181F2E31AB29138EAD46F3DE0

File Size: 7.94 MB, 7940608 bytes

MD5: 5211b469fb3ec62daece7bbbba05d59e

SHA1: fbbe8f92e485d1232a0892e8fb36f8db131f670b

SHA256: DA48A37E39317E76A93298F6382DD220A8BEEC748A484F12B7DBFCCF95A3F231

File Size: 7.03 MB, 7032713 bytes

MD5: b39ffa8890b25bc91576a0a4239f0715

SHA1: 55cb91f304f7b04eb879faca2195d69cd72db448

SHA256: 58F5E6AE7533F13CA1F41E52A97DB9989353E73EA0EA412A92C28AD391F15E7C

File Size: 772.10 KB, 772096 bytes

MD5: 3061397046a467e9f549392b10ff3907

SHA1: 9b93ad7ff0df330419b2c99817d78346590a4dde

SHA256: 4120055B2CDF5157DE5ABEC0296B918890C6CF14944475A31A765DA1EDD01AAA

File Size: 272.90 KB, 272896 bytes

MD5: 5dbe7dcc464f3004104dbd78e7872a5b

SHA1: 306cfa2d1f28a4aa7716a9abfb0f4d04f477d007

SHA256: 002FCC1EA98D1EA88399BE39F25CCDBBE8F0B000841744D389E2A75FAE3E8751

File Size: 406.02 KB, 406016 bytes

MD5: 4bb509900a871478dfa86f020d8e78d3

SHA1: d9e07faf69cc0098b2cca6b8b5366c1258ff5449

SHA256: 2E6B0C17647265B9C14A91258328F0C9E550977DDB3DCC7D45137CC141E8F53B

File Size: 879.62 KB, 879616 bytes

MD5: c1c89aab1f6d3b201ef9a8c300913ddf

SHA1: 16c4fed54f5ba50808c0f6134e43e3145c3a2a4a

SHA256: 5DA0BB2EF31BFDAF75D58BA5ED55EE62D21542E3ED2AA5C68B2AA3237B0FFB64

File Size: 209.41 KB, 209408 bytes

MD5: 72f63aa29edd8a7a56b9e8fd900d096f

SHA1: f6b19d5632c170c0ec52da9916e7a19d335dc011

SHA256: 6E9074731C5467F6FA06DA440D22DC4B82DB631463865184C7EEE5F03DE5CC05

File Size: 6.82 MB, 6815913 bytes

MD5: 43e2686505f2bf161e308cf713b687f2

SHA1: 490987480a0f795e0b0c72d4ea5af33953c7fcd5

SHA256: 1457FD7833C4E43684E85FFC8D200C4390154752DAC9CA17C1AF490D20B97288

File Size: 272.90 KB, 272896 bytes

MD5: 24da08e309657ff190c30d8689d21423

SHA1: 906797ccc585bebe9000d80ef2beee0862fd56ad

SHA256: 0365EEC94793F0CE75ACDA6736BF52B0ED24C2EA10AEC623F1FD6478593B9ACC

File Size: 338.94 KB, 338944 bytes

MD5: efba0ec135218f5fbaf07c36830ec5c0

SHA1: 652c26ed07bb8804ea4b7687124a225eb5ebd1c5

SHA256: 7D9EB155D01B958BAC08BDC733620C9757A997F8B26D12FCBF44482B0310D303

File Size: 5.05 MB, 5048320 bytes

MD5: f48f4e4f8766d9e72bcd156de626878d

SHA1: f1e4fa8e28ca9d27ed262ee2db85d2e59f9fd775

SHA256: 0317D59F14FBA73033D810FBDDC36A00355BA96ED622119A5AEF9D52C5F91392

File Size: 6.82 MB, 6815844 bytes

MD5: 7b569c6d59c66ce450064b2b8ea6c725

SHA1: 46d77ecb45242a77dfd22e4ac86a7e0c0f51f22d

SHA256: 79DE7686A263160BA71D15C2333F3C123DDEA7C081AE3CC869FD44B5AECBB0BD

File Size: 357.06 KB, 357060 bytes

MD5: 2c896541ca06811f4308e5616cb07801

SHA1: 9888e3f2006b9456bd91c260a22b10824673ff63

SHA256: B6377C0B2CB8EF848665FBDE94BBD9E4D877C2468B81E28FEB4E29128CC81C6B

File Size: 8.62 MB, 8622592 bytes

MD5: 9edc8951f7071ab676e347f84b77c5f4

SHA1: b451ccd6840fb33cccf3bc32ea71482ca6096c90

SHA256: 9625443252F4B0E144EFE22C0D1F78394C2E05D4A6DBA7FC48F13B4731E39DCF

File Size: 5.67 MB, 5671424 bytes

MD5: 7de2d2932ec78bf45218da482b7cebb4

SHA1: a76f7fb0928cb7db291fa8fe168a5ff0f0734dcf

SHA256: D4CD9F42308A260ED255093F9BC27F5C699EE62EBD6F17156F539174AB2F067A

File Size: 807.94 KB, 807936 bytes

MD5: 2f62c9b59d376caf00df04b35b67b816

SHA1: 5b0769b916c97c0c2df30e1eb2719d6c656d72a9

SHA256: FF5A12293D86C159135710192256BD031E965108BFE752CD9C5400CB3BC1AD01

File Size: 557.06 KB, 557056 bytes

MD5: 3d05e663dbd0e3bee05860cec5a74450

SHA1: c5b26e54271ce0698c595850ce490ebf0ee8ffc1

SHA256: 31ABB8312A2A9129BB31FB81051411C29D14516FD63825C7564BB3318B4458F0

File Size: 1.79 MB, 1786368 bytes

MD5: 1c198b2bbe31cb05b6d9ab34f3841265

SHA1: 93128973440154b6f49382feb9760c9db0282b8f

SHA256: 9221253F6E3EB3CDF3EE439BB3B7D8289DFEC6995951E10D538A8B06C54551CF

File Size: 555.01 KB, 555008 bytes

MD5: da30e968470e2b92e37f29be0d37ea01

SHA1: 9517adc0735febc028a634b23b7ded22d5366b86

SHA256: FA151AD07A29883AB84884E7D3BAB644895253BFFFEF15639C7CCCFC7FEF086F

File Size: 104.45 KB, 104448 bytes

MD5: 0152b5bc648e9baf34588f44233fe999

SHA1: 37dccd94844a5e89c8fd1e895aeec830bb2b819c

SHA256: 668C076A723D8D9A7FFC6BCD8CB00EAB7F969EA318726D96411C37D47D3A1F22

File Size: 986.62 KB, 986624 bytes

MD5: 5a9cab0c8810891dea37f36caec62d11

SHA1: bd447f7b674b03d6f38bfb7654f42971a2fcf5b5

SHA256: DEAC4E6913BC09E8287A04C64BDB41F12BF5C6D385E6595FAA4E6ADEA6D33BF1

File Size: 1.84 MB, 1837568 bytes

MD5: 7378d200a838abeba6ddf7f99401cc92

SHA1: d37be0708c8b54ef7e7f0f9f45c6a2afccaf21f9

SHA256: BB1156DBF6677E9A5A6AF1663186795D323B2468F7E27DD594C0256E34CF5C1A

File Size: 797.18 KB, 797184 bytes

MD5: 7a635610d1d0d5860b9549c574fcaf55

SHA1: 84cbcebe995478fa28ff9ea903609ab11919e6d7

SHA256: B3A2E95196688870474B359F564A1AA942473C31C15A7513312AF70AF8F985E3

File Size: 8.47 MB, 8471040 bytes

MD5: d522b51f0490bb861a54d78fa99aff1f

SHA1: d55a5b76abc1045b6840fd7cc9360c1958667a62

SHA256: 6197EFB7671149E0F90A38BD5170077DE7A13EA2B15F5559563CBD904D56661A

File Size: 3.83 MB, 3828736 bytes

MD5: 2690f9e7906fda78dae41a23a7107164

SHA1: 5e73ddf9ec197f0dc9156471cb0f02e800103d9e

SHA256: EE74AA885365B7148F1731CA236A78C3736D21E58965CC3003A4F2033D2E6B42

File Size: 256.51 KB, 256512 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable

File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

143 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Assembly Version	2026.1.19.16 2025.12.9.16 20.2.8.2 15.7.0.0 10.0.19041.1 7.7.8.7 7.5.0.0 7.3.0.0 4.3.0.0 4.0.2.0 Show More 3.8.9.5 3.0.0.0 2.4.6.4 2.2.1.6 2.1.0.0 2.0.2.4 1.8.0.0 1.5.2.6 1.5.1.4 1.5.1.3 1.5.0.1 1.5.0.0 1.4.5.3 1.0.5.0 1.0.2.0 1.0.1.6 1.0.0.226 1.0.0.25 1.0.0.0 0.0.0.4 0.0.0.0
Comments	BestActivator Ramdisk DBA Important Display File (DO NOT DELETE). iOS Bypass Tool from 6s to 17 Pro Max Karaokê FHD KingsHands mining download automation Programul de Optimizare Trial al www.optimizaripc.ro Radio-Digitaal DJ Tool by DJ Ron RF Online Game Launcher Application Software di Supervisione Show More This computer program is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this program, or any portion of it, may result in severe civil and criminal penalties, and will be prosecuted to the maximum extent possible under the law. This installation was built with Inno Setup. xiaomiauth.orh XW16Pro脱机烧录器一款批量修改文件名的软件
Company Name	Accrete India BestActivator Ramdisk BiTechco Dipisoft FHU Kucharscy Flashr FolderSync iSkorpion KingsHands Microsoft Show More Microsoft Corporation Mu8xTeam MVS Sistemas Optimizare Outlook Inc. PLAYMAGiC PMU Radio-Digitaal.nl Remote Access World ReviOS 10 25.10 S&F Valensc Wade www.xwopen.com xiaomiauth.orh 缤纷软件
File Description	ADBTool AnieOrientation BestActivator Ramdisk BIDBA Client Setting CreateShortcut crystalmakerconsole DataMiningLoader DipiChar Setup dl Show More DNS TNT TOOL PRO DocumentPreviewService ec6cea5971 FDExport Flashr FolderSync GTA.exe GTA V Mod Remove Tool Hackt1vator iSkorpion iHello KaraokeFHD KCEPKonfig KepalaTikus Launcher LauncherMaster LauncherV2 NoName Oppo_Unlock_Key Optimizare Outlooks Application Paathashalaw_Classes PLAYMAGiC PMU RadioDigitaalDJTool RDP Tray RegistraKaraokeFHD RemEdge RenOLink Rpxy rtufjxrswdhgjgax Run Samsung FRP Tool By iKeyPro SecureLauncher Simple_Emmc_Tools SmartTest Srrpwarfro SUPERVISION TalismanLauncher Tuja excuter UnityCrackTool Vertex-Tool-Browser WindowsFormsApp1 Windows Security notification icon xiaomiauth.orh XW16Pro脱机烧录器批量修改文件名
File Version	2026.1.19.16 2025.12.09.16 15.7 10.0.19041.1 7.5.0 7.3.0.0 6.8.8.8 4.3.0 4.0.2.0 3.8.9.5 (Release) Show More 3.0.0.0 2.4.6.4 2.2.1.6 2.1.0.0 2.0.2.4 1.8.0.0 1.5.2.6 1.5.1.4 1.5.1.3 1.5.0.1 1.5.0.0 1.4.5.3 1.1 1.00 1.0.5.0 1.0.2.0 1.0.1.46 1.0.1.6 1.0.0.226 1.0.0.32 1.0.0.0 1.0 0.0.0.4 0.0.0.0
Internal Name	AnieOrientation.exe ArndtUnlock bypass tool V1.0.exe Assembly-UnityScript.dll Auth.exe Authenticator.exe BatchReName.exe BestActivatorRamdisk.exe BIDBA.exe BiTech.SmartTest.exe Client Setting.exe Show More CreateShortcut.exe crystalmakerconsole.exe DataMiningLoader.exe dl.exe DNS TNT TOOL PRO.exe DocumentPreviewService.exe ec6cea5971.exe EXGuard.Runtime.dll FAYOUM TOOL Samsung FRP A16.exe FDExport.exe Flashr.exe FolderSync.exe GTA V Mod Remove Tool.exe Hackt1vator.exe KaraokeFHD.exe KCEPKonfig.exe Launcher.exe Launcher Remake.exe NoName.exe Oppo Unlock Key.exe Optimizare.dll Paathashalaw_Classes.exe Pixel_Pro_Tool.exe PLAYMAGiC.exe PMU.exe RadioDigitaalDJTool.dll rdpt.exe RDS-Knight-Service.exe RegistraKaraokeFHD.exe RemEdge.exe RenOLink.exe Rpxy.exe Run.exe SecureLauncher.exe SecurityHealthSystray server1.exe SetupBT.exe Simple_Emmc_Tools.exe SUPERVISION.exe TakeMenu_zh-CHS.exe TalismanLauncher.exe TJprojMain Tuja excuter.exe Unity5-2022破解工具.exe VCRUNTIME140.dll Vertex-Browser.exe Win WindowsFormsApp1.exe XW16Pro脱机烧录器.exe
Legal Copyright	2026 Audio-Tools.eu DJ Tool By Radio-Digitaal.nl BestActivator Ramdisk BinfenSoft.CN Copyright © 2015-2024 Copyright ? 2025 Copyright @iSkorpionOfficial © 2025 Copyright @Optimizari PC Copyright ChaosPlayer 2018-2023 © Gang1111 Copyright © 2000-2023 Saleen Software ### 2023-02-14T09:46:24 Copyright © 2007-2024 Tenorshare Copyright © 2017 Show More Copyright © 2018 Copyright © 2019 Copyright © 2020 Copyright © 2021 Copyright © 2022 Copyright © 2023 Copyright © 2024 Copyright © 2025 Copyright © 2025 Outlook Inc. Copyright © 2026 Copyright © BiTechco 2018 Copyright © By Wade 2023-2025 Copyright © FHU Kucharscy 2013-2019 Copyright © Flashr Copyright © Microsoft 2019 Copyright © MuOnline 2022 Copyright © RDP Solution Copyright © Remote Access World 2016-2025 Copyright © ReviOS 10 25.10 2025 Copyright © Undex Copyright © Valensc 2019 Dipisoft PLAYMAGiC © 2024 © Microsoft Corporation. All rights reserved.
Legal Trademarks	All Right Reserved Outlooks Application BestActivator Ramdisk ikeypro.com iSkorpion.com KaraokeFHD SUPERVISION www.xwopen.com
Original Filename	AnieOrientation.exe ArndtUnlock bypass tool V1.0.exe Assembly-UnityScript.dll Auth.exe Authenticator.exe BatchReName.exe BestActivatorRamdisk.exe BIDBA.exe BiTech.SmartTest.exe Client Setting.exe Show More CreateShortcut.exe crystalmakerconsole.exe DataMiningLoader.exe dl.exe DNS TNT TOOL PRO.exe DocumentPreviewService.exe ec6cea5971.exe EXGuard.Runtime.dll FAYOUM TOOL Samsung FRP A16.exe FDExport.exe Flashr.exe FolderSync.exe GTA V Mod Remove Tool.exe Hackt1vator.exe KaraokeFHD.exe KCEPKonfig.exe Launcher.exe Launcher Remake.exe NoName.exe Oppo Unlock Key.exe Optimizare.dll Paathashalaw_Classes.exe Pixel_Pro_Tool.exe PLAYMAGiC.exe PMU.exe RadioDigitaalDJTool.dll rdpt.exe RDS-Knight-Service.exe RegistraKaraokeFHD.exe RemEdge.exe RenOLink.exe Rpxy.exe Run.exe SecureLauncher.exe SecurityHealthSystray server1.exe SetupBT.exe Simple_Emmc_Tools.exe SUPERVISION.exe TakeMenu_zh-CHS.exe TalismanLauncher.exe TJprojMain.exe Tuja excuter.exe Unity5-2022破解工具.exe VCRUNTIME140.dll Vertex-Browser.exe Win.exe WindowsFormsApp1.exe XW16Pro脱机烧录器.exe
Product Name	ADBTool Android16SamsungFRP AnieOrientation BestActivator Ramdisk BIDBA Client Setting CreateShortcut crystalmakerconsole DataMiningLoader DipiChar Show More dl DNS TNT TOOL PRO DocumentPreviewService FDExportd Flashr FolderSync GTA.exe GTA V Mod Remove Tool Hackt1vator Hibrow iHello Important Files. KaraokeFHD KCEPKonfig KepalaTikus Launcher LauncherMaster Microsoft® Windows® Operating System NoName Oppo_Unlock_Key Optimizare Paathashalaw_Classes PMU Project1 Radio-Digitaal DJ Tool RDP Solution RegistraKaraokeFHD RemEdge RenOLink RFOnlineLauncherV2 Rpxy rtufjxrswdhgjgax Run SecureLauncher Simple_Emmc_Tools SmartTest SUPERVISION TalismanLauncher Tuja excuter UnityCrackTool Vertex-Tool-Browser Win WindowsFormsApp1 xiaomiauth.orh XW16Pro脱机烧录器批量修改文件名
Product Version	2026.1.19.16 2025.12.09.16 15.7 10.0.19041.1 7.3.0.0 6.8.8.8 4.3.0 4.0.2.0 3.8.9.5 (Release) 3.0.0.0 Show More 2.4.6.4 2.2.1.6 2.1.0.0 1.8.0.0 1.5.2.6 1.5.1.4 1.5.1.3 1.5.0.1 1.5.0.0 1.4.5.3 1.1 1.00 1.0.5 1.0.2.0 1.0.1.46 1.0.1.6 1.0.0.226 1.0.0.32 1.0.0.0 1.0.0+fc2b2a0652a1266ee0888486ca594b5108527b20 1.0.0 1.0 0.0.0.4 0.0.0.0

File Traits

.NET
00 section
2+ executable sections
Agile.net
Cli
Confuser
CreateThread
CryptUnprotectData
dll
Fody

Goliath
HighEntropy
Installer Version
NewLateBinding
No CryptProtectData
No Version Info
ntdll
RijndaelManaged
SmartAssembly
vmp section variant
WriteProcessMemory
x64
x86
Yano
ZYXDN

Block Information

Total Blocks:	2
Potentially Malicious Blocks:	0
Whitelisted Blocks:	0
Unknown Blocks:	2

Visual Map

? ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

HEUR.MSIL.Generic_268209
MSIL.Downloader.Agent.LC
MSIL.Downloader.Small.EC
MSIL.Downloader.Small.RB
MSIL.Downloader.TAI

MSIL.Injector.XC
MSIL.Krypt.GJRA
MSIL.Krypt.YAE
MSIL.Rozena.PA
MSIL.Rozena.U
MSIL.Small.FG

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-kqev8.tmp\8d605555ac813aba35ed0c633c1d24bf7ecd9359_0001972441.tmp	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_05c94629\file_93403221.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_0af4619f\file_4441cd53.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_192cfa27\file_a5421c73.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_192cfa27\file_dfab159f.txt	Generic Write,Read Attributes

c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_1e0930b1\file_34774cb2.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_273c3d5a\file_41bff789.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_273c3d5a\file_8218ac6c.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_273c3d5a\file_ad75744e.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_273c3d5a\file_f9926330.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_65eb3d07\file_940f7118.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_65eb3d07\file_fdd1f671.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_6e16f81a\file_6a93b3ab.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_6e16f81a\file_a6987c47.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_6e16f81a\file_c087eefa.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_7df3651e\file_b21a2c9c.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_85f799f2\file_01797653.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_85f799f2\file_f474b87b.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_97d62ade\file_31624e80.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_9867cafc\file_9ddc08f9.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_9867cafc\file_c1cd4169.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_9867cafc\file_fe65c242.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_aa52510d\file_082229c2.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_aa52510d\file_09a973e0.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_aa52510d\file_a038b873.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_aa52510d\file_f85adf16.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_baa434bb\file_5a0b8bbd.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_c1df0ffd\file_5ef9dbb8.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_c1df0ffd\file_6cd44a9d.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_c1df0ffd\file_ac7c001d.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_c1df0ffd\file_dfc19395.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_d21a7bc0\file_0320fa61.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_d21a7bc0\file_0b910801.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_d21a7bc0\file_0f86b885.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_d21a7bc0\file_d13ad4ba.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_d5e846cc\file_2c19d4f5.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_d5e846cc\file_3c90ebaf.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_d5e846cc\file_3d017fa4.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_d5e846cc\file_8db9d619.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_edd0b1a2\file_1b007706.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_edd0b1a2\file_1b115444.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_edd0b1a2\file_7f3855fa.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_edd0b1a2\file_d256f58b.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_f1213238\file_2e800272.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_f1213238\file_5a2553af.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_f1213238\file_a48d964a.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_f49e0819\file_8bf0e8fe.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_f49e0819\file_8e166ef6.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_f49e0819\file_90badb7e.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_f49e0819\file_fdd0d78e.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_f52ddeb0\file_9b420513.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_f52ddeb0\file_e5b6a3d5.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_fe8effb8\file_6dd8ec7a.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_ff43804f\file_2265a419.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_ff43804f\file_9fc8aac3.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_ff43804f\file_d27dd922.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\datafolder_ff43804f\file_e07d50f8.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_004d07f2.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_0866fea1.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_0b96d564.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_0c9f10a6.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_0d9127a9.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_0e449406.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_25e39855.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_2a679ed6.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_4104b0c5.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_412c78ac.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_428abf32.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_4ae042ab.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_4d66c659.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_57e60240.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_59b8a81b.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_5e45d1c6.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_65292150.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_66c15766.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_6cab20eb.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_77e51a3d.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_82da2f37.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_8a5352db.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_8daa1c8b.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_9017075f.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_a3f00eb4.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_a4a0cb90.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_a7088634.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_affe7e32.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_b171ee8d.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_bfcfbcfa.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_c451cfb1.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_c860a33b.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_d9415ca1.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_e5e98dce.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_edffcfe0.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_ef6beb3d.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_ef7c4c2e.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_f06d2912.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_f536ecae.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\log_f6aab888.txt	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\oobe.{d20ea4e1-3957-11d2-a40b-0c5020524153}\useroobebroker.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\windows\update(s).exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\windows\update(s).exe	Synchronize,Write Attributes
c:\users\user\downloads\config	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\emmc.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\telemetry.ini	Generic Write,Read Attributes
c:\users\user\paathashalaw_classes_log\userslog.log	Generic Write,Read Attributes
c:\windows\appcompat\programs\amcache.hve	Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve.log1	Read Data,Write Data
c:\windows\appcompat\programs\amcache.hve.log2	Read Data,Write Data
c:\windows\system\sdx.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	গ䅲༮ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	氌䅴༮ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䊟䆫༮ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	䊟䆫༮ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㘜䊛ྫྷǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㘜䊛ྫྷǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䋊ྫྷǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	䗴䋍ྫྷǜ	RegNtPreCreateKey

HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㘵璟ၺǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	顣璡ၺǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	舿瓌ၺǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	瓎ၺǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	醫랃Ⴇǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꋴ략Ⴇǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	坑ﶦᎤǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	朆﷘Ꭴǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75	憟 Ǭ䠱O噀ñ቎ĤŁ뽹ɞ傄ë릣ʝ閾ʴ淃⟋ʪ柏ũߙĤᰂŁ鍂ꩠŖÉ忶Ǥ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	⼶☰ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	쐱⾞☰ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	Ꮐ￵ⷦǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	畞￷ⷦǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	蜏)ⷧǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	蜏)ⷧǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072_rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072_rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072_rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072_rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072_rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072_rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072_rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072_rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072_rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072_rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072_rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072_rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072_rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072_rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::windows gsmpdater	"c:\users\user\downloads\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072"	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserObjectInformation
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation Show More ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtGetContextThread ntdll.dll!NtGetWriteWatch ntdll.dll!NtLoadKeyEx ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtQueueApcThread ntdll.dll!NtQueueApcThreadEx2 ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRemoveIoCompletion ntdll.dll!NtRequestWaitReplyPort 58 additional items are not displayed above.
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent NtQuerySystemInformation
Encryption Used	BCryptOpenAlgorithmProvider
Process Shell Execute	CreateProcess
Process Terminate	TerminateProcess
Process Manipulation Evasion	NtUnmapViewOfSection NtWriteVirtualMemory ReadProcessMemory VirtualAllocEx
Network Info Queried	GetAdaptersAddresses GetNetworkParams
Network Winsock2	WSASend WSASocket WSAStartup WSAttemptAutodialName
Network Winsock	bind closesocket freeaddrinfo getaddrinfo setsockopt
Network Winhttp	WinHttpOpen

Shell Command Execution


							"cmd.exe" /c schtasks /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Vdgrfhxl\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


							C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Vdgrfhxl\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


							"cmd.exe" /c timeout 5 >nul && del "c:\users\user\downloads\965c246b164c51017cc4e4ca058206d87e11c4cc_0000143872"


							C:\WINDOWS\system32\timeout.exe timeout  5


							"cmd.exe" /c schtasks /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Svobgzyf\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Svobgzyf\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									"cmd.exe" /c timeout 5 >nul && del "c:\users\user\downloads\fcf0703929834694cb8c772ef0fc324f8c3e3375_0000143360"


									"cmd.exe" /c schtasks /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Xeftbsob\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Xeftbsob\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									"cmd.exe" /c timeout 5 >nul && del "c:\users\user\downloads\ea2cb901850a0249adbc87973888c792443fd823_0000143872"


									"cmd.exe" /c schtasks /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Cawwzynz\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Cawwzynz\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									"cmd.exe" /c timeout 5 >nul && del "c:\users\user\downloads\950396c5b6794ffaf88e53a59295531be0ef911d_0000143872"


									"cmd.exe" /c schtasks /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Rolqujop\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Rolqujop\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									"cmd.exe" /c timeout 5 >nul && del "c:\users\user\downloads\2d44cbb09f45950c850689e43a2ea4625efc4c81_0000143872"


									"cmd.exe" /c schtasks /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Iqymxdkb\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Iqymxdkb\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									"cmd.exe" /c timeout 5 >nul && del "c:\users\user\downloads\1670b5ec268c86dc18aadee1f507a77acf5fc569_0000143872"


									C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 900


									"C:\Users\Tloebhym\AppData\Local\Temp\is-KQEV8.tmp\8d605555ac813aba35ed0c633c1d24bf7ecd9359_0001972441.tmp" /SL5="$300AC,1099961,798720,c:\users\user\downloads\8d605555ac813aba35ed0c633c1d24bf7ecd9359_0001972441"


									"cmd.exe" /c schtasks /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Avkrlyso\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Avkrlyso\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									"cmd.exe" /c timeout 5 >nul && del "c:\users\user\downloads\f36112481833220bb1bc2ae12aeabe69df1364ff_0000143872"


									"cmd.exe" /c schtasks /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Xypreeab\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "OneDrive Startup Task-S-2-5-25" /tr "C:\Users\Xypreeab\AppData\Roaming\Microsoft\oobe.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe" /sc minute /mo 1 /it /F


									"cmd.exe" /c timeout 5 >nul && del "c:\users\user\downloads\0611cbed05d5673d14ab03e60655da53c74f574a_0000143872"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\18083feed031446a6682182cd97e62cdae2bb53c_0002266624.,LiQMAxHB


									c:\users\user\downloads\9a4b2b2624943cdbba49cc648cdcd37abcc97ff8_0000963072

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

HEUR.Malware.Confuser.Generic

Threat Scorecard

EnigmaSoft Threat Scorecard

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Trojan.Win32.Autoit.aks

Traffic-media.co

Hacktool.MSIL.TelegramHack.S

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...