HEUR.Trojan.MSIL.Generic

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	411
Threat Level:	90 % (High)
Infected Computers:	267,195

First Seen:	July 23, 2019
Last Seen:	April 19, 2026
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove HEUR.Trojan.MSIL.Generic

File System Details

HEUR.Trojan.MSIL.Generic may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	dirlist.txt	49df78c91da4d2ae843d166893ee33f7	2
Name: dirlist.txt MD5: 49df78c91da4d2ae843d166893ee33f7 Size: 51.75 KB (51757 bytes) Detections: 2 Group: Malware file Last Updated: October 15, 2020

Analysis Report

General information

Family Name:	HEUR.Trojan.MSIL.Generic
Signature status:	Hash Mismatch

Known Samples

MD5: d3080813bad9f446cf07b3651452c5b2

SHA1: b4d79b26aabb71481f3abb43362720d61fd8cef7

File Size: 3.51 MB, 3511808 bytes

MD5: 631ba4ce782fde3aa48b46eff07e604c

SHA1: a7f0cd153cb2502f0b01c43bdf00dd4254213fbb

File Size: 976.90 KB, 976896 bytes

MD5: 51c63c6397c6ed9a33d00984012dddf7

SHA1: da8f51b38acd5d545295671b199b033b11e59845

File Size: 1.14 MB, 1140886 bytes

MD5: 7e4482794753ece2c7555148db60813d

SHA1: dcb820b18308fbac5cf22d31c3281127857280e7

File Size: 276.99 KB, 276992 bytes

MD5: f9225a4132be9094ec82740c9a5285c8

SHA1: b1f04c2e005baf6766851ade5151897d821eb00b

File Size: 50.18 KB, 50176 bytes

MD5: bd829e8bbb7904bbae60cea6f89607bb

SHA1: 47274b7f4b05995119fbaa2a94841b13f02bef01

File Size: 18.43 KB, 18432 bytes

MD5: 3fe1ffe747e9a2574d152bee56109a3f

SHA1: 9fcae5747eaef175ea0df82650f60ffeecbaaafc

File Size: 2.67 MB, 2666496 bytes

MD5: 54b073b6c5d3d6504851a5882102cb2e

SHA1: fb704eb41ab3e1f796490c3c2369eb33769341b0

File Size: 1.51 MB, 1505792 bytes

MD5: e903094514d3770f114ab0c689cf7754

SHA1: 952a5d308c944849f1a2f43ec9b89c80959be9ee

File Size: 19.46 KB, 19456 bytes

MD5: 0aff663f15d61195352349c230ab9c68

SHA1: 34f6ba394ee96607a78aea1e087d37dafafb6630

File Size: 18.43 KB, 18432 bytes

MD5: a626ccaca5a0d26fdc575157d4d5d52f

SHA1: fc73c1cf01c1218903b14578956ff93876374b1c

File Size: 1.51 MB, 1506816 bytes

MD5: 65e106f98e1c14480894d67608a94a5b

SHA1: 4cf93ba2bbcc482f15b61c50a246072322cbf549

File Size: 20.99 KB, 20992 bytes

MD5: 519abc9b6b927699e46a816664a10359

SHA1: 17c0ea09cd99cea64ea8908393f4dcd5e31937b8

File Size: 63.49 KB, 63488 bytes

MD5: 25add8d88490ff3c7d0f9d82c6161706

SHA1: 8063202aa60bc5d4f020983072255fe6cfe36379

File Size: 26.11 KB, 26112 bytes

MD5: 9885cb97ee95472b0f432a7cf7aed180

SHA1: d033667ee3a185a091a77a211bc7d7e01b450e67

File Size: 181.25 KB, 181248 bytes

MD5: 2a70b8b57ae30a29101e51f28d8277c9

SHA1: dad4b096d3ddcb8777132ce6408ea0ca899b8ef4

File Size: 276.48 KB, 276480 bytes

MD5: 1042d7a7b8eb1b78f1da557113212b7c

SHA1: 09d6676e9be3516b171f1f66b8e0231e19c584b3

File Size: 197.38 KB, 197376 bytes

MD5: 83e16a2a8e444085270a8fe98c8daaab

SHA1: 5956f2c57d46ab5c9a693ad6df80375f42ce7b06

SHA256: 29CFB3C70C26F6AD74D18065E4A7F92A6DFED72C1218AB2EF30970422730621C

File Size: 360.45 KB, 360448 bytes

MD5: 1f70c22203ded0fc28fe5f776ba10031

SHA1: 068e9b92384bf44323261ba6c0aaed386de9f02c

SHA256: 18DEBADDE7A5CB708A538B1D7492529FDCD6F04EEA90C6E642C201DA9AFA4145

File Size: 402.94 KB, 402944 bytes

MD5: 8caab99f6f78f2c8b07965f3aa00d967

SHA1: ed5a37e5050184309cad4b38355ab490bfb86d20

SHA256: D287B489727ACAF3C017C57AD2F8A171EC9C8BB5BB00B20DA58F2203EFE5742B

File Size: 2.10 MB, 2100224 bytes

MD5: 297a861db147dc6eefb427faaf606440

SHA1: 19cd45abf1bbdae395298fa5c658e0b27b5ddb54

SHA256: 0959816467B20F743BFFBAF3571A0EA8242F7BDECD45566F1D62C4F723A3019E

File Size: 1.81 MB, 1807872 bytes

MD5: 8d9a3ee5d09dd9c56d465e350807cd77

SHA1: cacb24d52420a209a99ec5f14a27a13e6d8e0f62

SHA256: D3A0390ACBC79D8D275B8A701B808E47BE1E0EBB3772CA7C84927948B9F4BEFE

File Size: 2.43 MB, 2434048 bytes

MD5: b18f214ef083b093f6a817285ab0c564

SHA1: 1e63590e80f954476f265c22a3c21782270f81d2

SHA256: F9851986E1A2218F87DCEBA789A4CC01B49B76FBB02EFB33F5F73A9CDF0BA9A6

File Size: 2.14 MB, 2136576 bytes

MD5: 44c84564e45448d99550c5a8bc0d484b

SHA1: 95ff162cc18aaf1c2fae51494eca689308e9981e

SHA256: D3E87C35BB1A013194061A75FA3326D07A62C052A93CAE3C72593CFFBF517900

File Size: 432.74 KB, 432744 bytes

MD5: 6d93ba4d1ba1838946c7ec4a58ace255

SHA1: 4839e8767da8466b3bbcfedf9e8354e9c3c4875d

SHA256: 616624DB1BA9D49611E2A97AD7F06CD9547E9A70C965B9C222700A24DCA6C537

File Size: 2.12 MB, 2116096 bytes

MD5: 6620cd84f23107c55f360d812cb3daba

SHA1: 2ed612f42b949a9a12d86b91c832575de99821a7

SHA256: D4546DFB0C8DB38FC8A7F4DAC94DC21E1837A1075423DB227BA0C35596BBCD51

File Size: 2.11 MB, 2109440 bytes

MD5: dd8b7811e2f161808ff8d9e24af9ef81

SHA1: d19a736ad143edae18b7df49538e68f56fc3393e

SHA256: 74BD18A6B8D43596720F83AE84FE62DAE1AD32C7A93F686C8707DB3FF6A13D8E

File Size: 92.50 KB, 92504 bytes

MD5: f629c13bd122fdc27212a92c09b5aeff

SHA1: 86fd8a8ed7bda08ca3f7659666f7e0784ecbd89e

SHA256: B4334B2693327CE29B17732FC46BD6593905AC5F268D8CE017F2D8FC15C19554

File Size: 2.09 MB, 2085888 bytes

MD5: 52f54259355a21b9e01af4c066cac333

SHA1: 35ed50d4a848f9ae37285a5fadbf1652583d1734

SHA256: 77208232F702ADEB24795EFF2DC960FD44102EF14995E0A27B84C300DCC2CC2C

File Size: 2.08 MB, 2075136 bytes

MD5: 2b7fb1f0e546b9f19882acf2bc1e8ae8

SHA1: 05d5fee022ff9ab58cf0897df30d84c0331789ed

SHA256: A39DA49C8E5F24BD6DF578AE168C2E11C8E2DA25B823462E06E3217DCF5171E0

File Size: 2.44 MB, 2437632 bytes

MD5: 332d73444ced6313c7f287accff37433

SHA1: 5fd614a8373b7270a3069d78ae935d83d60d52b2

SHA256: C4465A21A04705F5D14330EE10ABA3460BFA98106BAF22F66880306DAD7F2231

File Size: 333.82 KB, 333824 bytes

MD5: cf4b94ffff3bfbbd7cf906fea94ba87d

SHA1: fd19999e7d7d6cc557fac596b0597dd15950a24b

SHA256: 8339250A5035BB42171D62FBEF0DF2942B203BDE1F2F09B5D496F0A1267E590E

File Size: 677.89 KB, 677888 bytes

MD5: bc576bf3d14c462f098f48f93a2ab5f8

SHA1: cb3b2e1037725e51bb1c2e68cf84f8fae64e8f02

SHA256: 73FD6CF9C02D31A6B13D90315027044A55F97D9789A688EE47DB2A3E9F2BBDD0

File Size: 307.98 KB, 307984 bytes

MD5: 9d3990712bd46431a829d32674879e3e

SHA1: 7beb782743f4fab671401fa1aa5f82f3816dc9c3

SHA256: AEF54137B229A5BB407366608DDDFBAB65D8F4BB217A67274175094D7019A37E

File Size: 2.25 MB, 2250632 bytes

MD5: 1317f649acfdf1b1c3c748b5bf232d0a

SHA1: 91722d2163105d67af76ff712a2e03f5aef5ec7b

SHA256: 9FC24CD1C3268A3D6250CBEA0CD21402DADF4C2B25DDE33766A0432BE55816A2

File Size: 308.50 KB, 308496 bytes

MD5: eddc83bf0c80feb3d6d3bfdf7af299e5

SHA1: a5a32af752eddfa977358eca00fe326227ba6bde

SHA256: 0A1719335D052AEB2AF6C2CE93A1E3B1F68D9F1EDE2C77D0A1EB8CB185DBC05E

File Size: 38.91 KB, 38912 bytes

MD5: 599b676a0224911aef167fdbc09782a0

SHA1: c5c7e0a6ecc65208634326fb1fd40bb56deffc7f

SHA256: FA12FF8992DC0BE211B98FC0031C13FDE4AF4DF28AEF6009AB807BCB20B7E1AD

File Size: 678.40 KB, 678400 bytes

MD5: fc15971f0ec1c8480d70216ae4b72bb1

SHA1: 0a1f6ff018662603eeeafbf494ff1f54912869e0

SHA256: 784B7F0A83DCE473F4924120735987093C4E05013B5048220DA2447D841679A1

File Size: 2.55 MB, 2548736 bytes

MD5: 77ca233f55146a77a732b624bdefacc5

SHA1: 90c180b01fe12b50a47ac5cb6e48f1ead0783804

SHA256: 571B3F73A4A45AC1C9DE99912F49C6C274960C3DE0912B9ED7AB95E5DF559B69

File Size: 711.54 KB, 711544 bytes

MD5: 2a4abc094dbae720439617931ed29264

SHA1: 221de6ca2c1a9576c41d4d786b982652dad6a8b1

SHA256: 55572D7B1BD3993890DAD033A2BBEA01F469FD68D8E8D5B4091EF8A23963D702

File Size: 1.24 MB, 1238528 bytes

MD5: 18eef98572692c674f7ea4588d5eb858

SHA1: 58d6ea8b043a193f0afafb51759c81f3d69f4dd6

SHA256: ACA4CF2ED1103B7D9A9369C12BBC9A0EA285A7DBDBCF04D2B131840F5D7EDF9C

File Size: 863.74 KB, 863744 bytes

MD5: d36c473f5dc852a1f0235471dad031a9

SHA1: 59ab1e06945c39da28fa0598c876d7b248a7eae4

SHA256: 0DEA4D1371E96C537D6465BD484C230B9DF84D8E1EA3CF232CA964F38914C132

File Size: 1.14 MB, 1135616 bytes

MD5: b001a94660c3318b18ed0045456942ec

SHA1: 3e8bdbecdc10f4dc6c69ef8684339c36e875f1d9

SHA256: 02A0DE9C29F0BFAE7D0E1BF766935B38C68C26E171F217611DEC8DFC9418D4A6

File Size: 184.32 KB, 184320 bytes

MD5: 74b227ae14645698ca7a41605397cc90

SHA1: 749173fe027baabe115d39764799e93e99d8fb0e

SHA256: A7969975CE99A03DE2325CAE3B16604C8AE57B392241AD88D6C6313EBAF371D8

File Size: 1.31 MB, 1313424 bytes

MD5: 654ab253c0f1eee40d251b9472a6b89b

SHA1: 6a00926cdbfb5e074c7be84ecac262492dd0aa3d

SHA256: 0EDDFDA35E7D1EE1CBC49860D726C7551B5C2D937380AB65610E59DC1D15197D

File Size: 1.81 MB, 1805312 bytes

MD5: ffca36aec45c3bb94168f2d0d6b8dd3c

SHA1: ca73163d5c65a557fc779113be97844b40b67a2e

SHA256: 98A0C07CD97870683EC86EA6AB67A0F5BBBDFD2FBFDE77E6226F22B0EA141F97

File Size: 827.90 KB, 827904 bytes

MD5: 75c2f43ada83ea6705f3ffafe7908f29

SHA1: d8170091d9cebc07983d13a6101cc55e1fa84373

SHA256: 390FEF25B65B5304A8540A795E87BFDD7D4823D41803B84D141A96A2B620F0DC

File Size: 2.64 MB, 2637312 bytes

MD5: a792e838172c04fc2a755995ce25884c

SHA1: c8aa139197228f1b783232174fe173031eda5a0c

SHA256: 8E08B1C1E2ED4A5E4658D3A9C900F65F13DC1FCC77C0E9021D448F14F98BF667

File Size: 344.06 KB, 344064 bytes

MD5: ab446be014a6c13494b7713b34a23b4b

SHA1: fe032bdd269d64417f399fbd467c3996af5354cc

SHA256: E7BD361471D58488447C8A4CFF9973AA7698D3A608961457D77724EC169595DB

File Size: 74.75 KB, 74752 bytes

MD5: a6ad4c010ec88832ccf3b934e0111c24

SHA1: b6d25b6fbac215faaab6b47b866200b5073ee84f

SHA256: B153BD095F3C2494B1550DAFF9AB1681ACDA5AD6517C6F0691BAFAC1AE663517

File Size: 288.73 KB, 288733 bytes

MD5: e6126f9d89c618e0557774a7c022eafa

SHA1: 2ef932f5c33839c8b28aff63d328db1ab2043375

SHA256: D830819857CEEC20ED13F8229C7B801370CC40137ECEAB2E2421C5F033699352

File Size: 30.72 KB, 30720 bytes

MD5: a3f83f0d11e63db389def343d3814ab6

SHA1: b9e37a8da4d4206619b484ff48fa5b8ba78d875a

SHA256: DB8ABBF9B793FCB5A6E555BF363CDEBCACE16E8787A3BADC92D8AFDC0C166807

File Size: 58.88 KB, 58880 bytes

MD5: ccb0ce0c2d6502c4b850fee79b1d000f

SHA1: 977eab6b2fcf6918c5b6afebf4b19582e7e57443

SHA256: BE087BC47A7108C3D9E248792F15C69D74C81A9EBAD901A0F00A8A02FBCC48BC

File Size: 1.05 MB, 1050112 bytes

MD5: 8a3b4f6621e716263294a6d522e8f8bb

SHA1: 88910f9ab902c10833919728f44be9c4077d16d1

SHA256: D024A505287AFFE285D67BA69EB48847E9519DE4E297F9E46FBF4818FBAC0DB6

File Size: 637.99 KB, 637992 bytes

MD5: d883a9b71215c1d4471ae08ae8d333cc

SHA1: 99d80471b016de623a02665526aadb296925e6d5

SHA256: 92B95A982A9E12F3B9FD0E6A22814778ACC1138BBF5614E03928BDFCE2EE0926

File Size: 970.24 KB, 970240 bytes

MD5: 6dc14bfd5bdd78a683cb66f8519d6d4a

SHA1: 9c1b6e52ac0d6e6d3a97fb9482349a97886180d4

SHA256: FA8BCA0A7B7A01142AEEF8684441BD09C1E21FE78EB77D3874C710E47EC3232C

File Size: 479.74 KB, 479744 bytes

MD5: fcddf41ab61d874241d5ac5a604dc172

SHA1: 6f02d5a54e1496ddec4edcd42db48a6ed4fcb63b

SHA256: 58DD6B8AF4F962E3FCAEB8AB4F469DC0D2DBFCDBAE16E76B1AAF08FDA16CA5FE

File Size: 2.93 MB, 2927104 bytes

MD5: 5a333934487fda9419684dbe8e078787

SHA1: 841cfe6674521e28ea05393f2420ab24951dc26d

SHA256: 1E7BC32752AFD34DB6283353C66F6CDF76447BA3E7A5CCC27B433291EB73C81F

File Size: 2.61 MB, 2609664 bytes

MD5: 85c08e43b5cc63dbe3551a59ef9e5dab

SHA1: 5a563d0d8edd97925d7f1c8e4210d9aa0ea31a56

SHA256: 1CA60F9FCEB6B6B8D73D0FEA782B803D8468A65938DBF5361BA957B043D1812D

File Size: 176.82 KB, 176823 bytes

MD5: 5a061df96c0a54b411dbe57e3e5758e1

SHA1: b57df7b9de9e197eff72548b245725411f115d71

SHA256: CE5B91E7EFC9CEA87C5D6099CEBFD66F14D726304C919A77CB03178727215834

File Size: 578.33 KB, 578328 bytes

MD5: 81d019918cf6830ee79d6265a4bace92

SHA1: 93783821af361dbb3f15126b3d91748c4784c946

SHA256: F69636802B61159BB211DA925101BAC2D94E9E5B5D03775F57E8968B066AAE85

File Size: 976.90 KB, 976896 bytes

MD5: 3d46105a63bed01411f6df80eaebbc57

SHA1: f221ab2ba08a0e1d3605a41cf3ddd8b57d88d613

SHA256: C0EC8ACAC8FC360D4526536DE702F622CC796709257CCDDBA7278B099CFFA25A

File Size: 369.47 KB, 369473 bytes

MD5: b55d99cc17384ce45caaf4db9c6d4772

SHA1: 1109d2ca10aa424bd2a83a3408fc59ef6c6915fb

SHA256: F470DE3D428C6961EE50FEE3ECB99E8D66E367C754E94BD1D884160EA0CD33C1

File Size: 5.02 MB, 5019136 bytes

MD5: 354c84e3f265141a2950af5a000a29dd

SHA1: cec080fd1b08db5f630f7daf2ea140a41afc8922

SHA256: B89BE5839E8632D204B2A35E645A96EA9A9A15524D6DF4502E2CBD34441DC9DD

File Size: 3.94 MB, 3943424 bytes

MD5: eb1ac3bc807cb5232dab50d618c2f0f0

SHA1: 0303c55c404172db25489ef76d0e2acdbdbc449a

SHA256: 62520E7BE98E034153B34C6ABE73179F5941CEBA6B0791D88277EBC7FC990447

File Size: 39.42 KB, 39424 bytes

MD5: 0a4df633a78b96434f1d102dd7cb126b

SHA1: a41e959f69fff6bb35aeb91970fbcf2cc54cda6f

SHA256: CEDE8D9ADECC6AB3A1518200E70A93928C6711249C44B68EA9C6DAB9A218EE8E

File Size: 18.43 KB, 18432 bytes

MD5: 5c8e90ff0e82fc8a3b4ecc7aacc78170

SHA1: 0ecc27c49a002fbe3205ddefc07ec73a30e7b121

SHA256: 30371E4A19856DC2779A4DA31C100457CF12318D21415B2FDDDFC4C67D52633B

File Size: 13.82 KB, 13824 bytes

MD5: 14e689ecbe4d5822667dec4db25ac97b

SHA1: cd59b875619c6da375ebbafa613e50bbdb8da4c7

SHA256: 714045E4A26DBD59DC77CCFA7F79D5C044479032EF8012D1251E53DD8F603922

File Size: 2.91 MB, 2912768 bytes

MD5: 61893bd83fc8b3ba0fdac314d4da36b2

SHA1: 8f1ccb4232e9b8b2fd02b99534a15e9032c6bded

SHA256: 6CD7C68EF008DCB3008CCC5B93729A656700756E931B3FA123090525E0A3B4B4

File Size: 590.67 KB, 590672 bytes

MD5: c67dedfd6fe09f82039b5e88f57cb46c

SHA1: 8ed52d949f4df1797580e01db287d3bb5e9d4268

SHA256: 04C276F68CE647CBFBD2E55346D90D4B1C0866D4360ED85B850FB39FAA94578C

File Size: 518.46 KB, 518456 bytes

MD5: 7abc08d0a777a70ed951e8ab523765ae

SHA1: 1b1e5fa356c5486fc584c59383699ce90201ced0

SHA256: 99B90A19EBF73BBEB0FE81DB32B733BEF9CDBFD9848479C40C3AD3727D263C7E

File Size: 5.65 MB, 5650944 bytes

MD5: 3e0f9b2a9555885ec779df6e8d5ffe31

SHA1: bdad50a4524206bbc796e7a98ee50752a6ce01b2

SHA256: 31ADFEC7FB0B51EA79FDE92677B29B40B5C0DD9F3F1FF863A78FB179E5DA07AD

File Size: 2.20 MB, 2200064 bytes

MD5: 9153d1a097460a6b0d8f78fbf4da55fa

SHA1: 4b8fe775e54ee1735c10dc908fe80838c2a74f08

SHA256: 1DEA715F1109C4E8500C05953B8B7D8C31B9703C15AF803C010DFF29A4F76686

File Size: 3.46 MB, 3460096 bytes

MD5: 0d9c00126fc90d6d3772a401fa34f2a8

SHA1: ec35569b76c5db4bd331c6cff293c405d0454d9a

SHA256: EB952527FA1499B5C9157E04B05EE6F6E2E9712677E54A3AC66E2C3E8DD250E6

File Size: 1.84 MB, 1839104 bytes

MD5: 59563ca5cdf0e55605d4c6922e703445

SHA1: fca8417133cbc1c835abdb8258da160438dc6208

SHA256: 55FC8062E31E3788FDE0A3224678B382EC173568C94009DE496DC7E533CD457A

File Size: 985.60 KB, 985600 bytes

MD5: 0c2a3a0ca5bd164c91e48b99d76a3bd1

SHA1: 21573c24e6ebaebd2d21a47fbf60556a14e9a97b

SHA256: 58F63F0ADDF792CF2F863E4941AA467C2E382D9CA39BDCABE5D9FD723D15B466

File Size: 5.05 MB, 5045760 bytes

MD5: c352d581b79ea8fe4937d3ffe2ea0c23

SHA1: 15263b2d9cadd6a9e8465279d05ec9300c1c207b

SHA256: 2C66BC3B612385326FB8D2BA2A1A3CEB012266D1C388153D2593E6CEBE9ECD8D

File Size: 12.80 KB, 12800 bytes

MD5: 7fdaa332012a2bd53da299a78d7645d7

SHA1: f5e98df83f4fe2d186ab1854f0501a71318cccdb

SHA256: C90D3E51901241D8F8C7491F10DCE094BE273CDAB8F21C27845CF5D3E64B0B8E

File Size: 519.02 KB, 519019 bytes

MD5: 685f32149d12b0a0660edbb66f930385

SHA1: 27da23a5ef78f384ff51ec466bce18413e23ab1c

SHA256: AFF61C5BA3C8DFFE3BEDE6439643F9AAB3DF7BC562DFD2519CF7B486FA7A8514

File Size: 529.14 KB, 529144 bytes

MD5: 72d688bdc46965b3d8c086799e2be506

SHA1: c17aacb34f2e6d8d078c4271becd7ade788b90d6

SHA256: DC31B551F1C140E9AAF1C0631FB4756122F23CCEB3F4ECBCCA928D583DA21BF4

File Size: 48.32 KB, 48320 bytes

MD5: 3e0f1fd0637d45a76f95ed4b5db5307e

SHA1: d26665c42b72796632c1bfc67b939a8df5604213

SHA256: CE8458621E83DC5B00FADEF065B7D5E9E5D07C111FC0E73A5C3F7648ED4D9066

File Size: 2.43 MB, 2430976 bytes

MD5: 8405d111c594397047e38c37e8443fea

SHA1: d4af397f83fe79d2c7afd1602986704f70f66383

SHA256: C3108A8FE7E77B860546B516B557D6F33883A3171A0FFC7D119EA31D57BCB700

File Size: 835.01 KB, 835014 bytes

MD5: 1c4e7cf4d809d20feafd7e2b206b2503

SHA1: 25ef444748289a23f5d3e3f3d7c1ccbb26d3eaf5

SHA256: 3B7215AE53B08A6FF44B0113837D88A9A58F551F49C27A2A665B8450AE8C903A

File Size: 8.37 MB, 8374784 bytes

MD5: e70bec6746471b03e6805b0261b03a2c

SHA1: ee19afbf8ad10dce8c7852a7b880e2797dca2115

SHA256: 5351E84F934A55ED9744FA67AB8447582F3A3AB917F1E0B4AD615961CA6E0F04

File Size: 2.72 MB, 2724352 bytes

MD5: ac7d986502144833cc32ff222748315f

SHA1: d88ce4f57909c2e3513fb9c63e3ed989d04b0f31

SHA256: 73E42C18118A218886AD72FB635600E08F806D5DF0D85824768B20FA4CFA0ED6

File Size: 4.76 MB, 4763136 bytes

MD5: a2352fef4445ef19e09177fb3cb2354e

SHA1: c8643f3482bf831e0a87d7b04ea175ff8ae759f7

SHA256: 6240E54BB8A03E7C2A2FBA69801097FC9BD8834C3FF695E6C4C2039C7A8EF02D

File Size: 611.33 KB, 611328 bytes

MD5: 61862b2d997798825524a581bd0acbf3

SHA1: 581ffbe04978f785f1ea11bf6f80e745eb373175

SHA256: C2F90141FC69E3FC2082F45E8C668EF43DD00581E7BFAB42BBBF2FFFDAF03724

File Size: 8.15 MB, 8147083 bytes

MD5: f0de38fa5db98527a8c66700072f4dc2

SHA1: 62d7632f2136335d9ff53650004a1857b8819d10

SHA256: 11EA1CF19FB39F0AA251E3BB640C2722A71C4C31F9D59AB4D48E51842FBDC0CD

File Size: 8.59 MB, 8593920 bytes

MD5: 2e5d52ee249edc85ccf8ae9759f98868

SHA1: 8c53a252402c48da75b7f914f46f8dff299bd8e6

SHA256: A67CE3BF6EF4931DB41F1BB5CC5D0191FF5570FB4C1952FCBE8FA618906DFD32

File Size: 217.09 KB, 217088 bytes

MD5: 53f554e54973aa60a8c28635428cce8a

SHA1: b0f790e902571320e474f3d5ce9f34f5b6eaa568

SHA256: 5EEE56EF5B1897F2EA8B9B06E2D02B0BD067C25A86ED24B70B8B0A7B364639C7

File Size: 615.42 KB, 615424 bytes

MD5: 40191581ec000ddf66c9ef3e25311b64

SHA1: 660e8387c917caec494448ac707ef94891655914

SHA256: 52B92F3E4BF31118BF25E3371B849EEF199E168EC8841C38CE978DA786B043D9

File Size: 2.47 MB, 2472448 bytes

MD5: e5f6efed3b60832485611ebd8b5894b6

SHA1: e751cf0d1cdbda524ce31f93176ee55ea21c110e

SHA256: 1C44DCB6C4243201056DA93F680D4CD365CCDEEF132A7ACF03A7BCF9AB553A7F

File Size: 5.62 MB, 5616128 bytes

MD5: be346d746be4b0e6b8d9b1a7887816de

SHA1: 40aa9ab8e2a67d11a5cb0ced0b8d8d5b91ec99d2

SHA256: BFE3C7A2F8DDE48378E48FA7BB4C7A5C8ACE07A46C17FF793F3D70D10241476C

File Size: 104.45 KB, 104448 bytes

MD5: 08d618ad5524ebc6ad638bcbf7316303

SHA1: f1dc71364ef4e948acfe4ddd6cfefe74a14bc012

SHA256: 5E941D4DA5F22C66BEF5FFB9AC4B65C6D97B16E0CE7CC41BB42C888CD2DAF3B2

File Size: 2.09 MB, 2086292 bytes

MD5: 48ec34a4de5d8212aef549e562a492d9

SHA1: eb801413cffd25b2a1d4e5572399c793e4a001fa

SHA256: 9C150BE3D8E77AC2438579A0C2DEF4BDCFF03328FC288AE6620415CD61FB5185

File Size: 707.07 KB, 707072 bytes

MD5: 3bad097e922fa2724598f2eb3ff94e17

SHA1: 2772034e12e8c4e04bb269f6a6a93bc867eda09f

SHA256: 4D9297EF79E1FD32D2F520EDFC5011CCAC610DA976AD5FCDC986218189561B9D

File Size: 3.05 MB, 3051096 bytes

MD5: 5aab3b0d7c69e178881e9b6c85c65fb9

SHA1: 14213a9886518df6ede3414f54d1c9a553585829

SHA256: 72B1DB1ADD85A679C8B6F83016D8DCF7EE5994C3CC7C0A52379778E6596A83F7

File Size: 11.26 KB, 11264 bytes

MD5: 0f44e60b023a3346bb24995a5a44d80e

SHA1: 5504e43ae8fba1a078db2a2d82f4d91e5adb1675

SHA256: A98B9F890F246F6C88A863DF66599C703566BFB1FC6A17A13488A8F7B5226BB8

File Size: 12.80 KB, 12800 bytes

MD5: 2393709f7648e5c670745fac310ca520

SHA1: bb5e1392e6e8146c3bcac4195ebf992d28be5d61

SHA256: 71224AB360CA3CBD0AF7F7E50513CCA9AA2F3DE43305E95E9DB2184BE93AD5C8

File Size: 3.89 MB, 3889664 bytes

MD5: bacb401a2eb371214b6cb598db0e343b

SHA1: bcf3670dc424db0a40ac7693ea94a8612894076c

SHA256: AF9895250492ACE5B71DE783D4C24585EDC9E9DF74C12E60952F8F450030EE7E

File Size: 41.98 KB, 41984 bytes

MD5: 1f98d5ad32c8cc1887449b2e573c5f4d

SHA1: cfe9c0a83c6b99480fa6b4305b185485a340bc4a

SHA256: 96828AFB57B70D0B194187E1EDE2144F33AD80D96E4C78021352044CD70A0397

File Size: 1.81 MB, 1805312 bytes

MD5: 29657d5ce66d93e2b0045b7d5634bbd2

SHA1: 32f1dc07f7b81d84dd0c46bb3e2646ad05f6db56

SHA256: E258B49D1EC0D84D65FAE0A841D40112CA01CAD60DF73588A5DB0CDCA6C0D51C

File Size: 65.02 KB, 65024 bytes

MD5: c6d98bca26ba966ad1f3152bc61c4aa8

SHA1: 1281a9c3ff3de7fadafaebc2923cd1c52e5f6614

SHA256: 27B65B71BBE81A15721DEEE1A6C60042B2B8D6F311801A6CE27F31B5936906F6

File Size: 2.16 MB, 2158336 bytes

MD5: 9681ecea3ef0d75b8438d9d2c51bc798

SHA1: 5d55cc3c84644cc88eac9f9b779c8df97edb2c3c

SHA256: 30FA2B09ADFC8FEDF0CB616AC3876FD7B3EBC1D9558024A7D8AE25D6AE79DB67

File Size: 1.98 MB, 1978880 bytes

MD5: f4468d84e34ff55e88f2c47b615a1bd1

SHA1: c7a769b37b7f92758316568c85d6f2941a78efc4

SHA256: E79171A4573AFA7905FDC66BB37679353425F728C4F925D3AA7BEDB5F8F7CA27

File Size: 1.53 MB, 1525248 bytes

MD5: 8776c2d2bc2775b1c6d2470fdd034bad

SHA1: d0d21c79c050ede15fe92880ff7c878ba0703c87

SHA256: 5510D119061E4DF8551AE0C8CCA92BE61C3E12993722FB8B59E4FEE1C51C4346

File Size: 154.62 KB, 154624 bytes

MD5: b0a06e1f97ea23440b29e5248a5d8751

SHA1: f4bbff1e54ff58475028d0f6d3ed98e6b5d5dfd1

SHA256: 45F657E81E376FCD0F4BC189A596BDF3D83277E998540BA976439FD1A687E8C0

File Size: 1.56 MB, 1564160 bytes

MD5: 6746697e5b9fb63816c4ecebbf04f99a

SHA1: 0c6fe885aee75c8b127e3a0698d2eaa0226ae3b1

SHA256: C8DDA8E41197EF9ACFC917EE3E3D3B29539BA9EA2F331FC4BCAE84F12E9FEB27

File Size: 727.04 KB, 727040 bytes

MD5: 4b8755d54dac3512d3542c497808715d

SHA1: 6ecfd213ffe0330de3a6c7814f193966459cba99

SHA256: B020B07309DDAE7813D521F8D7789FFB74C2058C7C23B6C2D287B3A687EEF161

File Size: 429.57 KB, 429568 bytes

MD5: 8dde512d652e8122095b5f3acc048520

SHA1: a056dc32bb7008d82743d03711d4f09c9e4c15c0

SHA256: 0F37AF2BBBA2D439A441E851CBFF70528973560EFC9F0129F8C198BA0226A05A

File Size: 1.80 MB, 1801216 bytes

MD5: abf1c74314e278584ab635058297fda3

SHA1: 7ca648651494e0e524b076ebc4d4e49aa0413c7d

SHA256: 8209C5A1F4453C8CDA38C57B8D495E0362768973B1E7798141934A1C34268196

File Size: 104.38 KB, 104384 bytes

MD5: efca40c252c569e9c95213f50d9e6187

SHA1: 8c9c3acc0fa93ffcc18de6f85e8a08e8053c686d

SHA256: DB73F2CE8A99F81EBBAD727545EE144ED0D09F9BCF12E5A887B4632A602BA956

File Size: 46.08 KB, 46080 bytes

MD5: ff838f241506b1662601ef0117c278f7

SHA1: 169a75ba8eb6bc454c8c6bfbc9cd2061dfe9858b

SHA256: A4CFD6D210425421E255B007D962F859FB3228BF902CF4F66954FCEB513A716B

File Size: 659.46 KB, 659456 bytes

MD5: a7337ec0226e145ec903546349ba0637

SHA1: 00dd4ce6893faf917f53e643cde7b2497020aaa4

SHA256: B11FD798A02345B5A634B18590E382568475A08E235BA2823C5C81CBB7DB28A4

File Size: 51.20 KB, 51200 bytes

MD5: c48e824673ab0a3231b2178a992538d6

SHA1: 9b5d76409261f7b27aa4bb4df3574a81ffda8c3a

SHA256: B9951A57D3B4436D9182C08FD3AAC49BCFEAE13A7F1769038B0B3EF4EF8D94A5

File Size: 578.56 KB, 578560 bytes

MD5: 7888b99869ca533685468ab9f3ab9584

SHA1: d64ef347b8b4f1fded1e9bf355a6c2a08523d9d3

SHA256: 92902DF5CE4FD37C43CDD71E5360EEBE2669F647CB01279C4C880CDF97C26094

File Size: 6.92 MB, 6916608 bytes

MD5: 851ef9eedef415a92400a12a2e1b5be0

SHA1: 263d1f82a9b5ce0e0d361535f83081cc90003a60

SHA256: C9CAC7FE02827B04EC98A6726D946314D76E6E63CE240D48F59697B186B2E2F9

File Size: 222.21 KB, 222208 bytes

MD5: 46142b44ad11735274f0fed83b38493d

SHA1: 0a4c58e518f5a9386dd11d3443074758f754cc9e

SHA256: 4C8A8D45277DA13E8CC48CA41E2AF4012C34E3A930F4AE1067EC83044A46317D

File Size: 185.34 KB, 185344 bytes

MD5: 084700d5c053633693bb1971f66c0432

SHA1: 10a0148f0cc436ec528e81a6b2146da81f33127d

SHA256: B986FA49E8B80D884DA7DA50C82D1660DF42E4611E91926BB8A78936CA8B4839

File Size: 48.64 KB, 48640 bytes

MD5: 702fa4fff258ced7c159f9c59d47bdb8

SHA1: 6b3e71e700d4ca3153e47233ac67bf173af8c9bb

SHA256: 57516DD704D2CA3882045A76CBDF52C0BBDAB2F746846C2EC792E94318D7CF37

File Size: 3.23 MB, 3230208 bytes

MD5: 5fe7c2eda581cf34db9a8d23e76ff23a

SHA1: f98f5bc418b8eb6490de2413cceab768f8335f96

SHA256: 135A988461A8214E992FA547E324D06E75E030E8BA34EDE7EEA8C4421E5CF190

File Size: 32.77 KB, 32768 bytes

MD5: b06c8fe3c7c11eca212ac138ff7592cb

SHA1: ee973bc1de0b16e42b366ee368cc739b7765fae4

SHA256: A2C3B68A52A15ABB1DD390F1F7DA6621E9C33907D6961B40ABA8E3F543128F7D

File Size: 81.92 KB, 81920 bytes

MD5: 3340199a7707de116ca3e8524a36f26f

SHA1: 274292a299ec4f8aa8dc6da165441c99eaa6a2fb

SHA256: F8B638723388E34CB066FFECA5847270D3D507B960E9D07DE0D9F188FDD816FE

File Size: 676.65 KB, 676648 bytes

MD5: c230927f5e1432c9d2cf0fc0424d57c0

SHA1: 872fb94a0706826503d1fab0d5bda53e22bf0aa7

SHA256: BBC34CFA002E4F95523505B03B8B1FAE4E06784A96021C1283B7CA4AC92CDAE0

File Size: 577.02 KB, 577024 bytes

MD5: 54bab3ece350ef4bce24a8c5f687922f

SHA1: 8f7c593c749df1e4ade14d9acbc3b2551b5145fd

SHA256: B62BDCFADE1DE041512726A5965BE1D7B54DB756B67AB535544186AEBF492F1C

File Size: 2.18 MB, 2181120 bytes

MD5: a12e3bbb77c11469db4879b77c4885b4

SHA1: 09e6c9dba88870a7799deebe5e8afbc95e209b4d

SHA256: 301FAEA0EC9208922C9765DC335F5049AF20813ACC6D9A3A50B960CD2A4BD211

File Size: 32.26 KB, 32256 bytes

MD5: 2ea076627808a3ef4037ec70662b69b0

SHA1: 5caf015324fba8717eba6e522a857eddbb275cf8

SHA256: CEE85FB155D1600E98ECB0C1D899DF067302788E5C69FB356FC583F8FCE052A7

File Size: 4.84 MB, 4840448 bytes

MD5: c06b15dc3294411e61c1a95624e6c81e

SHA1: 9388d6c1369e308c2609d75481567b9767592d18

SHA256: 4273EA8D87846AE46D820FC22DBDBFDF15C1A6DA9A8A00F4DA55D2742AD15CD5

File Size: 2.29 MB, 2288640 bytes

MD5: 111a6f1779d6b5a473929b61e0a9a1fb

SHA1: 17ef46597457e07eb819d31565be7f44e1344976

SHA256: 0883AF992291355CEFDA993E6D986467F68E30CDBBD039F771E2454F8938D21A

File Size: 760.32 KB, 760320 bytes

MD5: 3ee5929a4b6a05f507733b82a6d33419

SHA1: 599d2d11315c0edf9130a4987469591f1fbb862b

SHA256: 3FC00C38AF777892EE3770219709D951BE0A23531939446A705869D9D488D5B7

File Size: 430.08 KB, 430080 bytes

MD5: 3f98f87bd87413ca732bca5501aee805

SHA1: 124516318d6062e1f8008b7d5a5c361fde768ff2

SHA256: CDB58371C6F153F6B52E2DEB3F98CD2CE4BE5C5899D02BC500FCBE144F027621

File Size: 4.07 MB, 4073297 bytes

MD5: 1155df242b964891ce93de72c7e5a7a4

SHA1: 1a85d83f4fdff488aa0ca26d98846ac56fbd0c76

SHA256: 21E360F872CC450E13E864DC1B7D4F7C4D566CA2134DEB5FCDC23F00B796E194

File Size: 297.47 KB, 297472 bytes

MD5: 28d94e7768dca9b5adb4a825d66cddf3

SHA1: 1c933ca0952e48fbf7ae2759034166c9f5fb5629

SHA256: A81EEAD06FAF673FB4DFCACBC7C827DBE69DC496DFF51E0D095BF68EFD561F26

File Size: 2.07 MB, 2072576 bytes

MD5: 2e193b4d04da097159701218309285a0

SHA1: 1f657f12147d753b1d6a4e7eaa02955341237104

SHA256: 968C51971EA23EDB6BF8879B1F1F5899056D498D561AC9AB62B6D6B3109CBEA1

File Size: 3.23 MB, 3233280 bytes

MD5: 0bfd8827b77d2d8fe0f0c4e69a95c5c3

SHA1: 017e3acd7ffa1a0f99b56f627c142a194bc9f12c

SHA256: 7518AF0D8F6F4DC56294A9BE2E6C21D50BA8D2E8BCBCCCD43B456F15DD7A2A63

File Size: 5.84 MB, 5836528 bytes

MD5: ab98bba881b9be0a4d77a18b57a27e77

SHA1: 4e365ba56d56b021b8e8a10801a0d2e6d3a95c71

SHA256: 6EF6C80936AE102EA3EEEAD4C79E4BB210F90E29E6E5C729CEA899B97B1AE1D8

File Size: 18.94 KB, 18944 bytes

MD5: 50feb09c329b2c5aa2196737eeaef1be

SHA1: 7e539bdeab0eb3cc5bc5834d5250f5f696c217ac

SHA256: 1F820D4519DFF9E9AF383505A3BF7C90FB2F282CC801E12C4B4D343E347CCCF8

File Size: 997.38 KB, 997376 bytes

MD5: ad30898fa834c972e16c1cb87e4705b6

SHA1: 44bfcfbe87b6970d078407df91c0e8d7a8454b1a

SHA256: 045AAC19E5A52F51224C8CB4DF94F4641426DB62E8051B4238B7FD3234E02C9A

File Size: 5.70 MB, 5695128 bytes

MD5: 7c615442f1d07a929ecd973c00783d8d

SHA1: 33b4b5c8afb352ee7271b2cf0833705fe666ddf6

SHA256: 8618C5B05B130B46093D5029DFBCD644B058A16A352A5D79D17859C9D5CBE966

File Size: 46.59 KB, 46592 bytes

MD5: 771fbec060240dbcdecae6207fa66f72

SHA1: 11282d9106b273395814d4833771523333b72c59

SHA256: 6BB181C5F37723A9C8A7D5B6DA66577BC5551AD727E298B40BCEF61490FE7A70

File Size: 8.85 MB, 8848482 bytes

MD5: 9d996963f44eb6c07d47ae8702eab823

SHA1: c4177415176d349193ed0b2f13f2e133764adaaa

SHA256: 35CE27B7551FEEFAC10D967A755B4F98CE9671BEAD8900F2543DF684492EEEF1

File Size: 156.26 KB, 156256 bytes

MD5: 2d97323eb416f25673ff8fbd0098fed8

SHA1: 237dc195dba09b13a0d4436717e89435b8804bea

SHA256: 105FDFD89A1BE438AB44274697DE953100F3DB7A215F877F865AA7235C1E0F89

File Size: 296.96 KB, 296960 bytes

MD5: e3133411db75a7c1e93f10af9c0c3dd2

SHA1: 29be38631503d48651f19c8f48ce56755ee98b8f

SHA256: 84B9B04DE8104C0111E6119BECB2132B98404933DF4A6FF20A89310F71142B3D

File Size: 2.12 MB, 2115584 bytes

MD5: 1ac3df1c3a6ad0fd5e982ff624b1e3ef

SHA1: 87cafe8c7b2d5f39170d09fc0349ac0ecdb1387b

SHA256: 1E2BB99224AF8B7226DABE1521BD710D167E3E9938577BD2660DA1BC04CAC23E

File Size: 537.60 KB, 537600 bytes

MD5: 1994bc379dd1c81cd55922209e3ab628

SHA1: 1224cf528c21e21fdaff4297f68d3afefc7f6d4f

SHA256: F4CA860119F2BF2F2E562E408E1911AE4E3C734B113BE81AAC71F3EB7291687F

File Size: 359.94 KB, 359936 bytes

MD5: 47050b4d7a4dc09ad7d9b874f8dcdf3b

SHA1: b49adf515d2bb25b6248b71645d8063dee322273

SHA256: 1F4B435AFB9BC36E96D99FA73F84D5155C129EE6507E4B01B49E385A0462DAC1

File Size: 199.81 KB, 199808 bytes

MD5: c45031d90e395f737ddb92ef48428d38

SHA1: 719db13e25abef3008877fb897c3368572bff1fc

SHA256: 60E9645D637B85E75F5BD11F1C6617D7362BA1FDD5ECC819C58843D6993568B0

File Size: 54.78 KB, 54784 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable
File is 64-bit executable

File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

207 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Assembly Version	2025.1.1.0 1488.0.0.0 801.837.487.21 311.771.651.998 293.889.368.19 190.588.161.360 70.38.30.54 47.61.87.64 29.2.37.64 22.12020.0.1 Show More 12.13.0.0 12.1.23.1 11.2.19041.3536 10.0.17763.1697 10.0.17763.1 9.8.0.0 9.3.0.1 6.6.4.0 6.2.19041.6093 5.5.12.4 5.0.22563.1 5.0.0.5 4.1.0.2980 3.6.0.0 3.0.0.0 2.43.13.269 2.43.3.70 2.33.0.6 2.4.36.57 2.4.3.0 2.1.3.2 2.0.0.0 1.46.5662.2353 1.8.8.66 1.8.8.64 1.8.8.58 1.7.4.0 1.4.8.4 1.4.8.3 1.3.3.7 1.2.3.0 1.2.0.0 1.1.0.0 1.0.9166.25595 1.0.9046.11924 1.0.5821.17888 1.0.1865.1584 1.0.1495.0 1.0.5.42 1.0.1.3 1.0.0.1 1.0.0.0 0.0.0.0
Comments	%Des% %NameExe% AriesMS Global BotMaster - QamarSoft - +923025509597 Código auxiliar de Windows Winhlp32 Dedsec v1 Game Launcher Geospatial & Rapid Photogrammetry Little patch. MEDICUS Library Show More Micro Barcode Generator Scanner MicrosoftApi Microsoft Edge Update MinerSearch MinеrSеarch NVIDIA Container Replace File Utility SheII heIper Siz dünyanın en önemli mesleğini yapmanın gururunu yaşıyorsunuz; biz de her üç Aile Hekiminden birinin NBYS® tercih etmesinin onurunu yaşamaktayız. Video Converter - HEVC Format Convert XW16ProRemoteClient Софтуер за изравнение на нивелачни мрежи по МНМК 「Watt Toolkit」是一个开源跨平台的多功能游戏工具箱。
Company Name	%Company% 4dots Software BlendLog BlеndLog Card Develop Cong ty co phan F1 Tech Copyright 2006 (c) Windows Silverlight Components, All rights reserved. DarkJockLord dronemapper.com ElementHelio Show More ElementHydro ElementOpti Elluel ExecutorHttpProfile GeneratorDialogue gozb@163.com H-Soft HP Inc. INFOTEL Software Sp. z o.o. Intel Corporation JetBrains Kaspersky ListenerBoundary Megaxus Infotech Microsoft Microsoft Corporation Moonlight Tidal Technology QamarSoft RazerScripts redfish Riverbed Technology, Inc. RZR GameCP Security Internet Develop Sistema operativo Microsoft® Windows® SixEightOne.eu StreamerLoad Synaptics TEAM LAXiTY 2019 Tenorshare TOTVS S.A. TTY-SPOOFER-CONSOLE-C# UltFone Uludağ Bilişim Yazılım Departmanı Valensc WpfApp3 www.xwopen.com XpressSuite 江苏蒸汽凡星科技有限公司
File Description	%Title% AntiRansomware.Shared App AriesMS AutoShutdownApp Ayodance Launcher Bhagwati-Education-Institute BotMaster Client Client Server Runtime Process Show More csrss DanLua V2.2 Data Miner By Arshia Dedsec tool Dioxide DNS TNT TOOL PRO doka_ezz DownloaderApp DroneMapper Du Toan F1 DWG to PDF - CAD2PDFx FAT TEAM TECNOLGY FixMovilManager HandlerAudio INFOTEL.MEDICUS.LekoSpis Intel® Wireless Wifi IHV Extensibility support DLL JetBrains dotPeek JMS KS Tool 2025 KS Tool V Louis COD Tuner MAC SOFTWER MassWatermark Micro Barcode Generator Scanner MicrosoftApi Microsoft Edge Update MinerSearch MinеrSеarch MKeyCtrlServices MP3 Convert Pro - Audio Converter NATRIK NBYS® Aile Hekimliği new1 NVIDIA Container Obntx out PassfabForISO Patch PathRound pc tales of Z Print driver host for applications RazerScripts Platinum R6 RE5 RTM Tool RebrandPanel redfish Registry Editor RemovalTool RenOLink Replace File Utility RF EPIC Launcher RF Launcher RF RETURN Launcher RM.TstExec.Executor RollPrint S1mpleBind3r SegmentContextAlpha Semo Executer Simple Disable Key SSHmanage SSSSF StreamHelio SWING3_SWAP Synaptics Pointing Device Driver SyncerCore SYNCSERVER System Monitor Info Systems Test zipapp ToolkitLoot TrackMorph TTY-SPOOFER-CONSOLE-C# UltData for Android UltFone Transfer Video Converter - HEVC Format Convert WaterMarkH Watt Toolkit WindowsApplication1 Windows Private Folder 1.0 WINHSTB WpfApp3 XpressCopy XW16ProRemoteClient Софтуер за изравнение на нивелачни мрежи по МНМК
File Version	2025.1.1.0 1488 671.712.745.577 624.545.615.117 531.203.738.599 297.477.138.136 66.62.64.15 40.49.85.57 26.77.16.5 22.12020.0.1 Show More 12.13.0.0 12.1.23.1 11.2.1941.3536 10.0.19041.4522 (WinBuild 10.0.17763.1 9.8.0.0 9.3.0.1 6.6.4.0 6.2.19041.6093 5.5.12.4 5.0.22563.1 5.0.0.5 4.1.0.2980 3.6.0.0 3.2.1.0 3.0.1319.0 2.43.13.269 2.43.3.70 2.4.36.57 2.4.3 2.1.3.2 2.1.0.0 2.0.5 1.46.5662.2353 1.8.8.66 1.8.8.64 1.8.8.58 1.7.4 1.4.8.4 1.4.8.3 1.3.3.38 1.2.3.0 1.2.0.0 1.1.0.0 1.00 1.0.9166.25595 1.0.9046.11924 1.0.7003.11874 1.0.5545.11980 1.0.1495.0 1.0.5.42 1.0.1.3 1.0.0.4 1.0.0.1 1.0.0.0 1.0 0.1.4.8 0.0.0.0
Internal Name	AntiRansomware.Shared.dll App.exe AutoCadToPDF.exe AutoShutdownApp.exe AutoShutdownAppService.exe AyodanceLauncher.exe BD.WTTS.Client.Plugins.Accelerator.dll Bhagwati-Education-Institute.exe BotMaster.exe Client.exe Show More ClientClean.exe cmd DanLua V2.2.exe Data Miner By Arshia.exe Dayz.att.exe Dedsec tool.exe dictionary.exe Dioxide.exe DNS TNT TOOL PRO.exe dotPeek DownloaderApp.exe DroneMapper.exe DuToanF1.exe ElluelClient.exe FAT TEAM TECNOLGY.exe FixMovilManager.exe iCareFone Transfer.exe IntelIHVRouter.dll JMS.exe KS Tool 2025.exe KS Tool V.exe LekoSpisNowy.exe lisme.exe MAC SOFTWER.exe MasonClient.exe MassWatermark.exe MicrosoftApi.exe MinerSearch.exe moondoggie_rcs_engine.exe NATRIK.exe NavegadorEstacio.exe NBYS AH.NET.exe new1.exe Obntx.exe Optimka.exe Orcus.exe out PassfabForISO.exe patch.exe Patch.exe pc tales of Z.exe QRCodeGen.exe RE5 RTM Tool.exe RebrandPanel.exe redfish.dll REGEDIT.EXE RemovalTool.exe RenOLink.exe RF_EPIC.exe RF_RETURN.exe RM.TstExec.Executor.exe S1mpleBind3r.exe ScreenLockStub.dll Semo.exe ShellHelper.exe SimpleDisableKey.exe Solar Booster.exe splwow64.exe SSHmanage.exe SSSSF Steal2.exe Stub.exe SWING3_SWAP.exe SYNCSERVER.exe sysmon.exe Systemss.exe test.exe TJprojMain TTY-SPOOFER-CONSOLE-C#.dll UltData_Android.exe Update.exe UtilityManager.exe WaterMarkH.exe Win WpfApp3.dll WrapperEnhancer1a.exe xeno rat client.exe XpressCopy.exe XW16ProRemoteClient.exe XWormClient.exe YXAudioConvert.exe YXVideoConvert.exe ПИНМ.exe
Legal Copyright	%Copyright% (C) 2016-2026 NVIDIA Copyright © 2026 Bauer Lindemann 2019 Copyright 2006 (c) Windows Silverlight Components, All rights reserved. Copyright @ INFOTEL Software Sp. z o.o. Copyright © 1907 Copyright © 2007-2021 Copyright © 2010 Copyright © 2010-2025 PassFab Co., Ltd. All Rights Reserved Copyright © 2011 Show More Copyright © 2012 by SixEightOne.eu Copyright © 2014 Copyright © 2015 Copyright © 2016 Copyright © 2017 Copyright © 2018 Copyright © 2018 Copyright © 2019 Copyright © 2019 Intel Corporation Copyright © 2020 Copyright © 2021 Copyright © 2022 Copyright © 2022 Copyright © 2022 QamarSoft Copyright © 2023 Copyright © 2023 4dots Software Copyright © 2024 Copyright © 2025 Copyright © 2025 JetBrains, Inc Copyright © Abelssoft Copyright © Card Develop 2023 Copyright © Elluel 2014 - 2023 Copyright © HP Inc. 2018 Copyright © Moonlight Tidal Technology 2024 Copyright © RazerScripts 2026 Copyright ©Security Internet Develop 2022 Copyright © TOTVS 2018 Copyright © Valensc 2019 doka_ezz ElementOrtho GridPenta GridSync Microsoft Corporation© 2024 RayzeR © 2025 SchedulerJet SyncerMapper Telif Hakkı © 2002 Uludağ Bilişim Ltd. Şti. UpdaterPhysics WatcherCompass wrench © 2005 - 2013 Riverbed Technology, Inc. © Microsoft Corporation. All rights reserved. © Microsoft Corporation. Reservados todos los derechos. ©️ 江苏蒸汽凡星科技有限公司. All rights reserved.
Legal Trademarks	%Trademark% BlockUltra CalculatorArea Copyright 2006 (c) Windows Silverlight Components, All rights reserved. DroneMapper Elluel INFOTEL Software Sp. z o.o. KaKa Kaspersky LogicNova Show More MainUI NBYS AH.NET™ SegmentTranquil SixEightOne.eu TimerCheckpoint TimerGun TOTVS S.A. Watt Toolkit XW16ProRemoteClient
Original Filename	AntiRansomware.Shared.dll App.exe AutoCadToPDF.exe AutoShutdownApp.exe AutoShutdownAppService.exe AyodanceLauncher.exe BD.WTTS.Client.Plugins.Accelerator.dll Bhagwati-Education-Institute.exe BotMaster.exe Client.exe Show More ClientClean.exe ContextHydro.exe ContextOrtho.exe DanLua V2.2.exe Data Miner By Arshia.exe Dayz.att.exe Dedsec tool.exe dictionary.exe Dioxide.exe DNS TNT TOOL PRO.exe dotPeek DownloaderApp.exe DroneMapper.exe DuToanF1.exe ElluelClient.exe FAT TEAM TECNOLGY.exe FixMovilManager.exe FlowWave.exe iCareFone Transfer.exe InputForm.exe IntelIHVRouter.dll JMS.exe Kaspersky.exe KS Tool 2025.exe KS Tool V.exe LekoSpisNowy.exe lisme.exe MAC SOFTWER.exe MasonClient.exe MassWatermark.exe MicrosoftApi.exe MinerSearch.exe moondoggie_rcs_engine.exe NATRIK.exe NavegadorEstacio.exe NBYS AH.NET.exe new1.exe Obntx.exe Optimka.exe Orcus.exe out.exe PassfabForISO.exe patch.exe Patch.exe pc tales of Z.exe QRCodeGen.exe QueueMagic.exe QueueXeno.exe RE5 RTM Tool.exe RebrandPanel.exe redfish.dll REGEDIT.EXE RemovalTool.exe RenOLink.exe RF_EPIC.exe RF_RETURN.exe RM.TstExec.Executor.exe S1mpleBind3r.exe ScreenLockStub.dll SelectorShip.exe Semo.exe ShellHelper.exe SimpleDisableKey.exe Solar Booster.exe splwow64.exe SSHmanage.exe SSSSF Steal2.exe Stub.exe SWING3_SWAP.exe SYNCSERVER.exe sysmon.exe Systemss.exe test.exe TJprojMain.exe TTY-SPOOFER-CONSOLE-C#.dll UltData_Android.exe Update.exe UtilityManager.exe WaterMarkH.exe Win.exe WpfApp3.dll WrapperEnhancer1a.exe XpressCopy.exe XW16ProRemoteClient.exe XWormClient.exe YXAudioConvert.exe YXVideoConvert.exe ПИНМ.exe
Product Name	%Product% AntiRansomware.Shared Api App AutoShutdownApp 64bit Ayodance Launcher Bhagwati-Education-Institute BotMaster Client csrss Show More DanLua V2.2 Data Miner By Arshia DNS TNT TOOL PRO dotPeek DownloaderApp DroneMapper Remote, Remote Expert and Rapid for DJI Du Toan F1 DWG to PDF - CAD2PDFx ElluelClient EngineXeno FAT TEAM TECNOLGY FixMovilManager FlowDialogue Github project hacked by dedsec IndexPenta Intel® Wireless Wifi IHV Extensibility Software JMS Kaspersky KS Tool 2025 KS Tool V LogicSkill Louis COD Tuner MAC SOFTWER MassWatermark MEDICUS Micro Barcode Generator Scanner Microsoft Corporation Microsoft Edge Update Microsoft® Windows® Operating System MinerSearch MKeyCtrlServices MP3 Convert Pro - Audio Converter NATRIK NBYS AH.NET new1 NVIDIA Container Obntx out PassfabForISO patch01 pc tales of Z Project1 RazerScripts Platinum R6 RE5 RTM Tool RebrandPanel redfish RemovalTool RenOLink RM RollPrint RZR Launcher S1mpleBind3r Semo Executer Simple Disable Key SpanHelio SSHmanage SSSSF SWING3_SWAP Synaptics Pointing Device Driver SYNCSERVER Systems TabToolPackage Test zipapp ToolkitDebuff TTY-SPOOFER-CONSOLE-C# UltData for Android UltFone Transfer Video Converter - HEVC Format Convert WaterMarkH Watt Toolkit Win WindowsApplication1 Windows Private Folder 1.0 WpfApp3 XpressCopy XW16ProRemoteClient МИНИМАЛЬНАЯ ОПТИМИЗАЦИЯ ВИНДЫ Параметрично изравнение на нивелачни мрежи
Product Version	2025.1.1.0 1488 801.837.487.21 311.771.651.998 293.889.368.19 190.588.161.360 70.38.30.54 47.61.87.64 29.2.37.64 22.12020.0.1 Show More 12.13.0.0 12.1.23.1 11.2.1941.3536 10.0.19041.4522 (WinBuild 10.0.17763.1697 10.0.17763.1 9.8.0.0 9.3.0.1 6.6.4.0 6.2.19041.6093 5.5.12.4 5.0.22563.1 5.0.0.5 4.1.0.2980 3.6.0.0 3.0.0-rc.13 2.43.13.269 2.43.3.70 2.4.36.57 2.4.3 2.1.3.2 2.1.0.0 2.0.5 1.46.5662.2353 1.8.8.66 1.8.8.64 1.8.8.58 1.7.4 1.4.8.4 1.4.8.3 1.3.3.38 1.2.3.0 1.2.0.0 1.1.0.0 1.00 1.0.9166.25595 1.0.9046.11924 1.0.7003.11874 1.0.5545.11980 1.0.1495.0 1.0.5.42 1.0.1.3 1.0.0.1 1.0.0.0 1.0.0 1.0 0.1.4.8 0.0.0.0
Public Name	AggregatorDebuff InteractorWeather LayerNova MapperPlasma ServiceFactoryBeta UISync UpdaterRoom

Digital Signatures

Signer	Root	Status
4E058A64-E2FE-4E47-8986-40501AE0A816	4E058A64-E2FE-4E47-8986-40501AE0A816	Self Signed
743AB084-A325-4CC8-9154-0A3409D1F7D8	743AB084-A325-4CC8-9154-0A3409D1F7D8	Self Signed
BC9EF823-43B3-4BDF-A991-C20603D84EFA	BC9EF823-43B3-4BDF-A991-C20603D84EFA	Self Signed
Zoom Video Communications, Inc.	DigiCert EV Code Signing CA (SHA2)	Hash Mismatch
Image Line	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch

Node.js Foundation	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Nmap Software LLC	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Tenorshare Co., Ltd.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
Tenorshare (Hongkong) Limited	DigiCert Trusted Root G4	Hash Mismatch
Tenorshare Co., Ltd.	DigiCert Trusted Root G4	Root Not Trusted
Telegram FZ-LLC	GlobalSign GCC R45 EV CodeSigning CA 2020	Hash Mismatch
Megaxus Infotech	Megaxus Infotech	Self Signed
Microsoft Corporation	Microsoft Code Signing PCA 2010	Hash Mismatch
Microsoft Corporation	Microsoft Code Signing PCA 2011	Hash Mismatch
JetBrains s.r.o.	SSL.com EV Root Certification Authority RSA R2	Hash Mismatch
Test01DA60D5E494F9C0	Test01DA60D5E494F9C0	Self Signed
TLauncher Inc.	Trustwave Global Code Signing CA, Level 1	Hash Mismatch

File Traits

.NET
.sdata
2+ executable sections
Agile.net
big overlay
Confuser
CreateThread
CryptUnprotectData
dll
Fody

GenKrypt
HighEntropy
Installer Version
NewLateBinding
No CryptProtectData
No Version Info
ntdll
Reactor
RijndaelManaged
Run
SmartAssembly
vmp section variant
WriteProcessMemory
x64
x86

Block Information

Total Blocks:	69
Potentially Malicious Blocks:	40
Whitelisted Blocks:	23
Unknown Blocks:	6

Visual Map

0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x ? x x x x x x x x x 0 x x x x 0 0 x ? x x x x x x ? 0 0 0 0 x x ? x x x x x x x x x x x x x ? ? x

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Downloader.Agent.AG
HEUR.MSIL.Generic_268209
MSIL.Agent.DPC
MSIL.Agent.F
MSIL.AgentTesla.PK

MSIL.AgentTesla.SC
MSIL.AgentTesla.TG
MSIL.Bulz.RL
MSIL.DllInject.R
MSIL.DllInject.RE
MSIL.Downloader.ACGDA
MSIL.Downloader.Agent.LC
MSIL.Downloader.Small.EC
MSIL.Downloader.Small.L
MSIL.Downloader.Small.RB
MSIL.Downloader.TAI
MSIL.Downloader.TAX
MSIL.Injector.XC
MSIL.Krypt.AHA
MSIL.Krypt.CCZF
MSIL.Krypt.GJRA
MSIL.Krypt.YAE
MSIL.Kryptik.XE
MSIL.LolStealer.B
MSIL.LolStealer.C
MSIL.Phorpiex.B
MSIL.Rozena.PA
MSIL.Rozena.U
MSIL.Small.FG
MSIL.Spy.Agent.GD
MSIL.Stealer.O
MSIL.Surveyer.C

Files Modified

File	Attributes
	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
	Generic Write,Read Attributes,Delete,LEFT 262144
	Generic Write,Read Data,Read Attributes,Delete,LEFT 262144
\device\harddisk0\dr0	Generic Write,Read Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\pshost.133965428268886185.4016.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.133975755276649858.5552.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288

\device\namedpipe\pshost.134065482432719585.3272.defaultappdomain.fe032bdd269d64417f399fbd467c3996af5354cc_0000074752	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\_minersearchlogs	Synchronize,Write Attributes
c:\_minersearchlogs\minersearch_04.01.2026_12-48-51.log	Generic Write,Read Attributes
c:\program files (x86)\systemholo\settings.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\systemholo\settings.exe	Generic Write,Read Attributes
c:\program files (x86)\systemholo\settings.exe	Synchronize,Write Attributes
c:\program files (x86)\systemholo\settings.exe.config	Generic Write,Read Attributes
c:\tools.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\1fw53wrk\1fw53wrk.0.cs	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\1fw53wrk\1fw53wrk.cmdline	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1fw53wrk\1fw53wrk.err	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1fw53wrk\1fw53wrk.out	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1fw53wrk\1fw53wrk.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_04nh2qtv.dgq.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_1i22ysvt.efy.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_2k4zwt4f.i2n.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_2oe20f1u.bxr.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_euc554xa.pak.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_h4uppeod.at1.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ljmoacjp.2qw.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_m3ztycz2.oxr.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_mjhbp0pc.n55.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_oumdigfu.t5w.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_umcf1xro.nzo.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_vchd3w5k.wun.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_y1xhojhu.q3z.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_zhje0pf0.ogx.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bd4cae89c3\suker.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\config	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\neloks.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsvbc51.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\robolox.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rtkbtmanserv.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\runtimeservices.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\whysosad	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\xenomanager\a5a32af752eddfa977358eca00fe326227ba6bde_0000038912	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\subdir\client.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\systemmainui.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\desktop\0ox6as3s.exe	Generic Write,Read Attributes
c:\users\user\desktop\0ox6as3s.exe	Synchronize,Write Attributes
c:\users\user\desktop\8xigm6t0.7k6v	Generic Write,Read Attributes
c:\users\user\desktop\8xigm6t0.7k6v	Synchronize,Write Attributes
c:\users\user\desktop\aibznmyi.exe	Generic Write,Read Attributes
c:\users\user\desktop\aibznmyi.exe	Synchronize,Write Attributes
c:\users\user\desktop\hqy0bj1n7fcj.duma	Generic Write,Read Attributes
c:\users\user\desktop\hqy0bj1n7fcj.duma	Synchronize,Write Attributes
c:\users\user\desktop\ix3iityk.i8kpf	Generic Write,Read Attributes
c:\users\user\desktop\ix3iityk.i8kpf	Synchronize,Write Attributes
c:\users\user\desktop\l1jrr45z.covt2	Generic Write,Read Attributes
c:\users\user\desktop\l1jrr45z.covt2	Synchronize,Write Attributes
c:\users\user\desktop\nwqvkkij.e2iy	Generic Write,Read Attributes
c:\users\user\desktop\nwqvkkij.e2iy	Synchronize,Write Attributes
c:\users\user\desktop\p0qxgkr2.exe	Generic Write,Read Attributes
c:\users\user\desktop\p0qxgkr2.exe	Synchronize,Write Attributes
c:\users\user\desktop\ugqz6l4v.exe	Generic Write,Read Attributes
c:\users\user\desktop\ugqz6l4v.exe	Synchronize,Write Attributes
c:\users\user\desktop\yepdxafk.8b3a	Generic Write,Read Attributes
c:\users\user\desktop\yepdxafk.8b3a	Synchronize,Write Attributes
c:\users\user\desktop\yml3lg9tsvk7.salo	Generic Write,Read Attributes
c:\users\user\desktop\yml3lg9tsvk7.salo	Synchronize,Write Attributes
c:\users\user\desktop\ziob0sdt.exe	Generic Write,Read Attributes
c:\users\user\desktop\ziob0sdt.exe	Synchronize,Write Attributes
c:\users\user\downloads\language.cfg	Generic Write,Read Attributes
c:\windows\appcompat\programs\amcache.hve	Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve	Write Attributes
c:\windows\appcompat\programs\amcache.hve.log1	Read Data,Write Data
c:\windows\appcompat\programs\amcache.hve.log2	Read Data,Write Data
c:\windows\e4bjybfl.exe	Generic Write,Read Attributes
c:\windows\e4bjybfl.exe	Synchronize,Write Attributes
c:\windows\eavhlmzd.bun6v	Generic Write,Read Attributes
c:\windows\eavhlmzd.bun6v	Synchronize,Write Attributes
c:\windows\le568pk7.exe	Generic Write,Read Attributes
c:\windows\le568pk7.exe	Synchronize,Write Attributes
c:\windows\pjotlxr6.uija	Generic Write,Read Attributes
c:\windows\pjotlxr6.uija	Synchronize,Write Attributes
c:\windows\systemhelper.exe	Generic Write,Read Attributes
c:\windows\systemhelper.exe	Synchronize,Write Attributes
c:\windows\winloghelper.exe	Generic Write,Read Attributes
c:\windows\winloghelper.exe	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	☺Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	隹Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	︤颅஄ǜ	RegNtPreCreateKey

HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	푂颼஄ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	菶飬஄ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	锣餞஄ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	챤饗஄ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	꒒馎஄ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	䔷ກǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	椢ກǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꅏກǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	꾼ກǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	藄ກǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	䝯ກǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㼴簢Ⴘǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	¨籥Ⴘǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	휚粛Ⴘǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	괎糒Ⴘǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	苴紉Ⴘǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	奇絀Ⴘǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	᭺綃Ⴘǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	劑ᄅǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ᬃ勗ᄅǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	匍ᄅǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	어卄ᄅǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㥎卹ᄅǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	곐厭ᄅǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	灎台ᄅǜ	RegNtPreCreateKey
HKCU::di	!	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\system\controlset001\services\.net clr data\linkage::export	.NET CLR Data	RegNtPreCreateKey
HKLM\system\controlset001\services\.net clr networking\linkage::export	.NET CLR Networking	RegNtPreCreateKey
HKLM\system\controlset001\services\.net data provider for oracle\linkage::export	.NET Data Provider for Oracle	RegNtPreCreateKey
HKLM\system\controlset001\services\.net data provider for sqlserver\linkage::export	.NET Data Provider for SqlServer	RegNtPreCreateKey
HKLM\system\controlset001\services\msdtc bridge 3.0.0.0\linkage::export	MSDTC Bridge 3.0.0.0	RegNtPreCreateKey
HKLM\system\controlset001\services\servicemodelendpoint 3.0.0.0\linkage::export	ServiceModelEndpoint 3.0.0.0	RegNtPreCreateKey
HKLM\system\controlset001\services\servicemodeloperation 3.0.0.0\linkage::export	ServiceModelOperation 3.0.0.0	RegNtPreCreateKey
HKLM\system\controlset001\services\servicemodelservice 3.0.0.0\linkage::export	ServiceModelService 3.0.0.0	RegNtPreCreateKey
HKLM\system\controlset001\services\smsvchost 3.0.0.0\linkage::export	SMSvcHost 3.0.0.0	RegNtPreCreateKey
HKLM\system\controlset001\services\windows workflow foundation 3.0.0.0\linkage::export	Windows Workflow Foundation 3.0.0.0	RegNtPreCreateKey
HKLM\system\controlset001\services\bits\performance::1009	溺⃼䵎ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bits\performance::disable performance counters		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data	洎ʫጉ嵑酌픋˹耀뫹躧隞̃缁耀꧌Ø)	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data	馐ʊ耀ŚT隞̃耀꧌ТǞ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data	隞̃팁耀꧌Сy	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\environment::see_mask_nozonechecks	1	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㯘먗ꨄǜ	RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\firewallcontrolpanel.dll,-12122	Windows Defender Firewall	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data	隞̃耀꧌Шw	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data	馐ʊ耀ŚE洎ʫጉ嵑룚픋˹耀뫹躧隞̃耀꧌ÒΒ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserNameEx GetUserObjectInformation OpenClipboard
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent NtQuerySystemInformation OutputDebugString
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation Show More ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFindAtom ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtGetContextThread ntdll.dll!NtGetWriteWatch ntdll.dll!NtLoadKeyEx ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtQueryWnfStateNameInformation ntdll.dll!NtQueueApcThread ntdll.dll!NtQueueApcThreadEx2 ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore 62 additional items are not displayed above.
Process Shell Execute	CreateProcess ShellExecute ShellExecuteEx WriteConsole
Process Terminate	TerminateProcess
Service Control	OpenSCManager OpenService
Network Winsock2	WSAConnect WSASocket WSAStartup WSAttemptAutodialName
Network Winsock	closesocket freeaddrinfo getaddrinfo recv send setsockopt
Network Winhttp	WinHttpOpen
Network Info Queried	GetAdaptersAddresses GetNetworkParams
Keyboard Access	GetAsyncKeyState GetKeyState

Shell Command Execution


							"cmd.exe" /c "C:\Users\Btohgmne\Desktop\HQY0BJ1N7fCJ.duma"


							"cmd.exe" /c schtasks /create /tn "DPahOZRu" /tr "cmd /c \"C:\Users\Btohgmne\Desktop\HQY0BJ1N7fCJ.duma\"" /sc minute /mo 10 /f


							C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "DPahOZRu" /tr "cmd /c \"C:\Users\Btohgmne\Desktop\HQY0BJ1N7fCJ.duma\"" /sc minute /mo 10 /f


							WriteConsole: Access is denied


							C:\Users\Btohgmne\Desktop\hqy0bj1n7fcj.duma C:\Users\Btohgmne\Desktop\HQY0BJ1N7fCJ.duma


									"powershell" -NoProfile -ExecutionPolicy Bypass -Command "\n$task = Get-ScheduledTask -TaskName 'DPahOZRu'


									 C:\Users\Btohgmne\AppData\Local\Temp\bd4cae89c3\suker.exe


									C:\WINDOWS\system32\fondue.exe "C:\WINDOWS\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll


									"cmd.exe" /c "C:\Users\Ruhutfdc\Desktop\YmL3Lg9tsVk7.salo"


									"cmd.exe" /c schtasks /create /tn "ZqvzEsue" /tr "cmd /c \"C:\Users\Ruhutfdc\Desktop\YmL3Lg9tsVk7.salo\"" /sc minute /mo 10 /f


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "ZqvzEsue" /tr "cmd /c \"C:\Users\Ruhutfdc\Desktop\YmL3Lg9tsVk7.salo\"" /sc minute /mo 10 /f


									C:\Users\Ruhutfdc\Desktop\yml3lg9tsvk7.salo C:\Users\Ruhutfdc\Desktop\YmL3Lg9tsVk7.salo


									"powershell" -NoProfile -ExecutionPolicy Bypass -Command "\n$task = Get-ScheduledTask -TaskName 'ZqvzEsue'


									"cmd.exe" /c icacls "C:\WINDOWS\pjoTlxR6.Uija" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\pjoTlxR6.Uija" /setowner "SYSTEM"


									WriteConsole: processed file:


									WriteConsole: Successfully pro


									"cmd.exe" /c icacls "C:\WINDOWS\pjoTlxR6.Uija" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\pjoTlxR6.Uija" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\WINDOWS\pjoTlxR6.Uija" /remove:d Everyone Administrators


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\pjoTlxR6.Uija" /remove:d Everyone Administrators


									"cmd.exe" /c icacls "C:\WINDOWS\e4BjyBfL.exe" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\e4BjyBfL.exe" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\WINDOWS\e4BjyBfL.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\e4BjyBfL.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\WINDOWS\e4BjyBfL.exe" /remove:d Everyone Administrators


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\e4BjyBfL.exe" /remove:d Everyone Administrators


									"cmd.exe" /c powershell -ExecutionPolicy Bypass -Command "New-Service -Name "DownloaderService" -BinaryPathName "c:\users\user\downloads\ed5a37e5050184309cad4b38355ab490bfb86d20_0002100224" -StartupType Automatic"


									C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell  -ExecutionPolicy Bypass -Command "New-Service -Name "DownloaderService" -BinaryPathName "c:\users\user\downloads\ed5a37e5050184309cad4b38355ab490bfb86d20_0002100224" -StartupType Automatic"


									C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 932


									"cmd.exe" /c icacls "C:\WINDOWS\EAVHlMZD.bUn6v" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\EAVHlMZD.bUn6v" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\WINDOWS\EAVHlMZD.bUn6v" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\EAVHlMZD.bUn6v" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\WINDOWS\EAVHlMZD.bUn6v" /remove:d Everyone Administrators


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\EAVHlMZD.bUn6v" /remove:d Everyone Administrators


									"cmd.exe" /c icacls "C:\WINDOWS\Le568pK7.exe" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\Le568pK7.exe" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\WINDOWS\Le568pK7.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\WINDOWS\Le568pK7.exe" /remove:d Everyone Administrators


									"cmd.exe" /c icacls "C:\Users\Pvziodyr\Desktop\Ix3IiTyK.I8kPF" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Pvziodyr\Desktop\Ix3IiTyK.I8kPF" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\Users\Pvziodyr\Desktop\Ix3IiTyK.I8kPF" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Pvziodyr\Desktop\Ix3IiTyK.I8kPF" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\Users\Pvziodyr\Desktop\Ix3IiTyK.I8kPF" /remove:d Everyone Administrators


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Pvziodyr\Desktop\Ix3IiTyK.I8kPF" /remove:d Everyone Administrators


									"cmd.exe" /c icacls "C:\Users\Pvziodyr\Desktop\zIOB0SDt.exe" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Pvziodyr\Desktop\zIOB0SDt.exe" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\Users\Pvziodyr\Desktop\zIOB0SDt.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Pvziodyr\Desktop\zIOB0SDt.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\Users\Pvziodyr\Desktop\zIOB0SDt.exe" /remove:d Everyone Administrators


									"cmd.exe" /c icacls "C:\Users\Vmrqrtwh\Desktop\L1jRR45Z.COvt2" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Vmrqrtwh\Desktop\L1jRR45Z.COvt2" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\Users\Vmrqrtwh\Desktop\L1jRR45Z.COvt2" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Vmrqrtwh\Desktop\L1jRR45Z.COvt2" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\Users\Vmrqrtwh\Desktop\L1jRR45Z.COvt2" /remove:d Everyone Administrators


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Vmrqrtwh\Desktop\L1jRR45Z.COvt2" /remove:d Everyone Administrators


									"cmd.exe" /c icacls "C:\Users\Vmrqrtwh\Desktop\ugQZ6L4v.exe" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Vmrqrtwh\Desktop\ugQZ6L4v.exe" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\Users\Vmrqrtwh\Desktop\ugQZ6L4v.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Vmrqrtwh\Desktop\ugQZ6L4v.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\Users\Vmrqrtwh\Desktop\ugQZ6L4v.exe" /remove:d Everyone Administrators


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Vmrqrtwh\Desktop\ugQZ6L4v.exe" /remove:d Everyone Administrators


									"cmd.exe" /c powershell -ExecutionPolicy Bypass -Command "New-Service -Name "DownloaderService" -BinaryPathName "c:\users\user\downloads\4839e8767da8466b3bbcfedf9e8354e9c3c4875d_0002116096" -StartupType Automatic"


									C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell  -ExecutionPolicy Bypass -Command "New-Service -Name "DownloaderService" -BinaryPathName "c:\users\user\downloads\4839e8767da8466b3bbcfedf9e8354e9c3c4875d_0002116096" -StartupType Automatic"


									"cmd.exe" /c icacls "C:\Users\Exvccpdh\Desktop\nwqVkKij.e2Iy" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Exvccpdh\Desktop\nwqVkKij.e2Iy" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\Users\Exvccpdh\Desktop\nwqVkKij.e2Iy" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Exvccpdh\Desktop\nwqVkKij.e2Iy" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\Users\Exvccpdh\Desktop\nwqVkKij.e2Iy" /remove:d Everyone Administrators


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Exvccpdh\Desktop\nwqVkKij.e2Iy" /remove:d Everyone Administrators


									"cmd.exe" /c icacls "C:\Users\Exvccpdh\Desktop\0Ox6as3S.exe" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Exvccpdh\Desktop\0Ox6as3S.exe" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\Users\Exvccpdh\Desktop\0Ox6as3S.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Exvccpdh\Desktop\0Ox6as3S.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\Users\Exvccpdh\Desktop\0Ox6as3S.exe" /remove:d Everyone Administrators


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Exvccpdh\Desktop\0Ox6as3S.exe" /remove:d Everyone Administrators


									"cmd.exe" /c powershell -ExecutionPolicy Bypass -Command "New-Service -Name "DownloaderService" -BinaryPathName "c:\users\user\downloads\2ed612f42b949a9a12d86b91c832575de99821a7_0002109440" -StartupType Automatic"


									"cmd.exe" /c icacls "C:\Users\Uovsxgck\Desktop\8Xigm6t0.7K6v" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Uovsxgck\Desktop\8Xigm6t0.7K6v" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\Users\Uovsxgck\Desktop\8Xigm6t0.7K6v" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Uovsxgck\Desktop\8Xigm6t0.7K6v" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\Users\Uovsxgck\Desktop\8Xigm6t0.7K6v" /remove:d Everyone Administrators


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Uovsxgck\Desktop\8Xigm6t0.7K6v" /remove:d Everyone Administrators


									"cmd.exe" /c icacls "C:\Users\Uovsxgck\Desktop\aIbznmyI.exe" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Uovsxgck\Desktop\aIbznmyI.exe" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\Users\Uovsxgck\Desktop\aIbznmyI.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Uovsxgck\Desktop\aIbznmyI.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\Users\Uovsxgck\Desktop\aIbznmyI.exe" /remove:d Everyone Administrators


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Uovsxgck\Desktop\aIbznmyI.exe" /remove:d Everyone Administrators


									"cmd.exe" /c powershell -ExecutionPolicy Bypass -Command "New-Service -Name "DownloaderService" -BinaryPathName "c:\users\user\downloads\86fd8a8ed7bda08ca3f7659666f7e0784ecbd89e_0002085888" -StartupType Automatic"


									C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell  -ExecutionPolicy Bypass -Command "New-Service -Name "DownloaderService" -BinaryPathName "c:\users\user\downloads\86fd8a8ed7bda08ca3f7659666f7e0784ecbd89e_0002085888" -StartupType Automatic"


									"cmd.exe" /c icacls "C:\Users\Ydhskzxl\Desktop\yePdXaFK.8B3A" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Ydhskzxl\Desktop\yePdXaFK.8B3A" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\Users\Ydhskzxl\Desktop\yePdXaFK.8B3A" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Ydhskzxl\Desktop\yePdXaFK.8B3A" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\Users\Ydhskzxl\Desktop\yePdXaFK.8B3A" /remove:d Everyone Administrators


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Ydhskzxl\Desktop\yePdXaFK.8B3A" /remove:d Everyone Administrators


									"cmd.exe" /c icacls "C:\Users\Ydhskzxl\Desktop\P0QXGkR2.exe" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Ydhskzxl\Desktop\P0QXGkR2.exe" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\Users\Ydhskzxl\Desktop\P0QXGkR2.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Ydhskzxl\Desktop\P0QXGkR2.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\Users\Ydhskzxl\Desktop\P0QXGkR2.exe" /remove:d Everyone Administrators


									C:\WINDOWS\system32\icacls.exe icacls  "C:\Users\Ydhskzxl\Desktop\P0QXGkR2.exe" /remove:d Everyone Administrators


									"cmd.exe" /c powershell -ExecutionPolicy Bypass -Command "New-Service -Name "DownloaderService" -BinaryPathName "c:\users\user\downloads\35ed50d4a848f9ae37285a5fadbf1652583d1734_0002075136" -StartupType Automatic"


									C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell  -ExecutionPolicy Bypass -Command "New-Service -Name "DownloaderService" -BinaryPathName "c:\users\user\downloads\35ed50d4a848f9ae37285a5fadbf1652583d1734_0002075136" -StartupType Automatic"


									"cmd.exe" /c icacls "C:\WINDOWS\winloghelper.exe" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\winloghelper.exe" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\WINDOWS\winloghelper.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\winloghelper.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\WINDOWS\winloghelper.exe" /remove:d Everyone Administrators


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\winloghelper.exe" /remove:d Everyone Administrators


									"cmd.exe" /c icacls "C:\WINDOWS\systemhelper.exe" /setowner "SYSTEM"


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\systemhelper.exe" /setowner "SYSTEM"


									"cmd.exe" /c icacls "C:\WINDOWS\systemhelper.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\systemhelper.exe" /inheritance:r /grant SYSTEM:F /grant Everyone:RX


									"cmd.exe" /c icacls "C:\WINDOWS\systemhelper.exe" /remove:d Everyone Administrators


									C:\WINDOWS\system32\icacls.exe icacls  "C:\WINDOWS\systemhelper.exe" /remove:d Everyone Administrators


									"cmd.exe" /c powershell -ExecutionPolicy Bypass -Command "New-Service -Name "DownloaderService" -BinaryPathName "c:\users\user\downloads\05d5fee022ff9ab58cf0897df30d84c0331789ed_0002437632" -StartupType Automatic"


									C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell  -ExecutionPolicy Bypass -Command "New-Service -Name "DownloaderService" -BinaryPathName "c:\users\user\downloads\05d5fee022ff9ab58cf0897df30d84c0331789ed_0002437632" -StartupType Automatic"


									C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 796


									"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Hzrlxdpz\AppData\Local\Temp\1fw53wrk\1fw53wrk.cmdline"


									"schtasks" /create /tn "SystemMangerMicrosoft" /sc ONLOGON /tr "C:\Users\Bdcayzug\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f


									C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 812


									"schtasks" /Query /FO LIST /V


									C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 1416


									C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 800


									C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 936


									C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 928


									(NULL) C:\Users\Okvjilid\AppData\Local\Temp\neloks.exe


									netsh firewall add allowedprogram "C:\Users\Okvjilid\AppData\Local\Temp\neloks.exe" "neloks.exe" ENABLE


									C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 860


									C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 812


									(NULL) C:\Users\Vyhjuunq\AppData\Roaming\SystemMainUI.exe

HEUR.Trojan.MSIL.Generic

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove HEUR.Trojan.MSIL.Generic

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed