Trojan.Kryptik

Por ZulaZuza em Troianos

Traduzir Para:

Cartão de pontuação de ameaças

Popularity Rank:	1,022
Nível da Ameaça:	90 % (Alto)
Computadores infectados:	193,139

Visto pela Primeira Vez:	July 24, 2009
Visto pela Última Vez:	January 25, 2026
SO (s) Afetados:	Windows

O Trojan.Kryptik é um tipo de ameaça de malware que pertence à categoria Trojan. É uma detecção genérica para várias versões de infecção por malware da família Trojan.Kryptic.

Como outros programas maliciosos, o Trojan.Kryptik foi projetado para realizar várias atividades maliciosas no sistema infectado. O principal objetivo desse programa de malware é fornecer acesso remoto aos invasores e roubar informações confidenciais do computador da vítima.

Como o Trojan.Kryptik Entra no Sistema Visado?

Os usuários podem ser infectados pelo Trojan.Kryptik de várias maneiras. Um dos métodos mais comuns é por meio de anexos maliciosos em e-mails. Os invasores podem anexar o arquivo executável do Trojan a um e-mail e enviá-lo à vítima. Depois que o usuário baixa e abre o anexo, o arquivo Trojan.Kryptik é ativado e começa a infectar o sistema.

Outra maneira de os usuários serem infectados é baixando e instalando arquivos maliciosos de sites não confiáveis. Os invasores podem agrupar o Trojan.Kryptik com outros tipos de arquivos, como freeware, shareware ou software pirata, e carregá-los em sites não seguros. Quando o usuário baixa e instala esses arquivos, o arquivo Trojan.Kryptik entra no sistema.

O Que o Trojan.Kryptik Faz?

Uma vez instalado, o Trojan.Kryptik começa a realizar atividades maliciosas no sistema infectado. Ele cria um backdoor permitindo que os invasores obtenham acesso remoto e controle sobre o computador da vítima. Os cibercriminosos podem usar o sistema para lançar outros ataques maliciosos, como roubar informações confidenciais, instalar malware adicional ou até mesmo lançar ataques DDoS.

O Trojan.Kryptik foi projetado para evitar a detecção pelo software antivírus. Ele usa várias técnicas para ocultar sua presença, como criptografia, ofuscação e polimorfismo. Para detectar o Trojan.Kryptik, o software antivírus geralmente se baseia em métodos de detecção genéricos que procuram programas ou tipos de arquivos suspeitos.

Como me Livro do Trojan.Kryptik?

Como a remoção manual pode ser muito desafiadora para um usuário comum de computador, para remover o Trojan.Kryptik, é recomendável usar um software antivírus poderoso. Uma ferramenta confiável de correção de malware pode detectar e remover arquivos Trojan.Kryptik do sistema. No entanto, como o Trojan.Kryptik foi projetado para evitar a detecção, em alguns casos, os usuários podem precisar usar ferramentas de remoção especializadas ou procurar a ajuda de um profissional.

Para proteger o sistema de ameaças semelhantes, os usuários devem tomar várias precauções. Eles devem evitar baixar e instalar arquivos de sites não confiáveis ou clicar em links suspeitos em e-mails. Eles também devem manter seu software antivírus atualizado e executar verificações regulares para detectar e remover quaisquer arquivos maliciosos.

Simplificando, o Trojan.Kryptik é uma perigosa ameaça de malware, que pode causar danos significativos ao sistema infectado. Os usuários podem ser infectados por meio de anexos maliciosos em e-mails ou baixando e instalando arquivos não confiáveis. Para remover o Trojan.Kryptik, os usuários são encorajados a usar um poderoso software antivírus. Para proteger seu sistema de ameaças semelhantes, você deve tomar várias precauções, como evitar sites não confiáveis e manter seu programa antimalware atualizado.

Outros Nomes

15 fornecedores de segurança sinalizaram este arquivo como malicioso.

Antivirus Vendor	Detecção
AVG	MSIL6.EHL
Fortinet	MSIL/Kryptik.AQZ!tr
Ikarus	Trojan.MSIL.Crypt
AhnLab-V3	Trojan/Win32.Agent
Microsoft	TrojanClicker:MSIL/Ezbro.C
Antiy-AVL	Trojan/MSIL.Kryptik
McAfee-GW-Edition	RDN/Generic.dx!dh3
Sophos	Troj/MSIL-BIN
Kaspersky	Trojan.MSIL.Kryptik.bnm
Avast	Win32:Kryptik-OUJ [Trj]
Symantec	Trojan.Gen.2
K7AntiVirus	Trojan ( 004b21881 )
CAT-QuickHeal	TrojanClicker.Ezbro.r3
Sophos	Mal/Cleaman-B
Kaspersky	Trojan-Dropper.Win32.Injector.fewt

SpyHunter detecta e remove Trojan.Kryptik

Detalhes Sobre os Arquivos do Sistema

Trojan.Kryptik pode criar o(s) seguinte(s) arquivo(s):

Expandir todos | Recolher todos

#	Nome do arquivo	MD5	Detecções Detecções: O número de casos confirmados e suspeitos de uma determinada ameaça detectada nos computadores infectados conforme relatado pelo SpyHunter.
1.	4207961.exe	1d095bc417db73c6bc6e4c4e7b43106f	41,668
Nome: 4207961.exe MD5: 1d095bc417db73c6bc6e4c4e7b43106f Tamanho: 47.61 KB (47616 bytes) Detecções: 41,668 Tipo: Executable File Caminho: C:\Users\<username>\AppData\Roaming\4207961.exe Grupo: Arquivo de malware Ultima Atualização: December 28, 2025
2.	conhost.exe	39ac4626bb55759fc9c376e7b33dc0a1	441
Nome: conhost.exe MD5: 39ac4626bb55759fc9c376e7b33dc0a1 Tamanho: 274.94 KB (274944 bytes) Detecções: 441 Tipo: Executable File Caminho: C:\Users\<username>\AppData\Local\Temp\Low\SessionWin32k\1750\conhost.exe Grupo: Arquivo de malware Ultima Atualização: July 9, 2022
3.	olm.exe	02306dc6be32bcdc6d3ff742058d2ead	150
Nome: olm.exe MD5: 02306dc6be32bcdc6d3ff742058d2ead Tamanho: 358.4 KB (358400 bytes) Detecções: 150 Tipo: Executable File Caminho: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\olm.exe Grupo: Arquivo de malware Ultima Atualização: June 27, 2020
4.	Chromium Updating.exe	cdf251106ab7dea1ae4ce307f4e352ff	135
Nome: Chromium Updating.exe MD5: cdf251106ab7dea1ae4ce307f4e352ff Tamanho: 711.16 KB (711168 bytes) Detecções: 135 Tipo: Executable File Caminho: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Chromium Updating.exe Grupo: Arquivo de malware Ultima Atualização: October 24, 2025
5.	userinit.exe	2c74edb83792105ffb67f2886f9084dd	53
Nome: userinit.exe MD5: 2c74edb83792105ffb67f2886f9084dd Tamanho: 15.87 KB (15872 bytes) Detecções: 53 Tipo: Executable File Caminho: %USERPROFILE%\Start Menu\Programs\Startup Grupo: Arquivo de malware Ultima Atualização: November 26, 2010
6.	winlogon.exe	b97636a52caf65b54463c541ec00310e	52
Nome: winlogon.exe MD5: b97636a52caf65b54463c541ec00310e Tamanho: 50.17 KB (50176 bytes) Detecções: 52 Tipo: Executable File Caminho: %TEMP% Grupo: Arquivo de malware Ultima Atualização: November 10, 2010
7.	pb32.exe	af13ce721832a1082f8e46f4e6c52002	46
Nome: pb32.exe MD5: af13ce721832a1082f8e46f4e6c52002 Tamanho: 215.55 KB (215552 bytes) Detecções: 46 Tipo: Executable File Caminho: %APPDATA%\Microsoft\Internet Explorer Grupo: Arquivo de malware Ultima Atualização: November 12, 2010
8.	omdbl_amhngf.dll	634a48bcdb91b78d46f9ccb6e0e685ce	45
Nome: omdbl_amhngf.dll MD5: 634a48bcdb91b78d46f9ccb6e0e685ce Tamanho: 266.24 KB (266240 bytes) Detecções: 45 Tipo: Dynamic link library Caminho: c:\Users\<username>\appdata\local\litetools\inpuucits\omdbl_amhngf.dll Grupo: Arquivo de malware Ultima Atualização: October 28, 2021
9.	ruuns_Sediater.dll	40822eb664f30a8e673582e0c6b6d02e	34
Nome: ruuns_Sediater.dll MD5: 40822eb664f30a8e673582e0c6b6d02e Tamanho: 273.92 KB (273920 bytes) Detecções: 34 Tipo: Dynamic link library Caminho: %ALLUSERSPROFILE%\RuntimeGraph\PlaybrVehy\ruuns_Sediater.dll Grupo: Arquivo de malware Ultima Atualização: October 28, 2021
10.	utfudmhuqiw.exe	aa00a17e2650629f63afd4bc0cbb63af	30
Nome: utfudmhuqiw.exe MD5: aa00a17e2650629f63afd4bc0cbb63af Tamanho: 245.76 KB (245760 bytes) Detecções: 30 Tipo: Executable File Caminho: %USERPROFILE%\Local Settings\Application Data\gprxatijf Grupo: Arquivo de malware Ultima Atualização: October 7, 2010
11.	nvc.exe	a1bcc11cc6e4e76108b212efc8643770	29
Nome: nvc.exe MD5: a1bcc11cc6e4e76108b212efc8643770 Tamanho: 752.64 KB (752640 bytes) Detecções: 29 Tipo: Executable File Caminho: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\nvc.exe Grupo: Arquivo de malware Ultima Atualização: June 26, 2020
12.	smss.exe	c966e4745bac88d0bb69c47fe46c2fae	28
Nome: smss.exe MD5: c966e4745bac88d0bb69c47fe46c2fae Tamanho: 28.16 KB (28160 bytes) Detecções: 28 Tipo: Executable File Caminho: %WINDIR% Grupo: Arquivo de malware Ultima Atualização: October 5, 2010
13.	update.vbe	5e06e0e3b0cd13f86ad2dc9b274282d9	24
Nome: update.vbe MD5: 5e06e0e3b0cd13f86ad2dc9b274282d9 Tamanho: 79.36 KB (79360 bytes) Detecções: 24 Caminho: %APPDATA%\Origin Grupo: Arquivo de malware Ultima Atualização: August 30, 2020
14.	KBDHEOR2.dll	691fe9536ebb6477460a9167b9836a9e	16
Nome: KBDHEOR2.dll MD5: 691fe9536ebb6477460a9167b9836a9e Tamanho: 77.31 KB (77312 bytes) Detecções: 16 Tipo: Dynamic link library Caminho: %LOCALAPPDATA% Grupo: Arquivo de malware Ultima Atualização: November 12, 2010
15.	w1	7465036372898edc44faeba83d0abfd2	16
Nome: w1 MD5: 7465036372898edc44faeba83d0abfd2 Tamanho: 4.15 MB (4156416 bytes) Detecções: 16 Caminho: %TEMP% Grupo: Arquivo de malware Ultima Atualização: October 27, 2010
16.	michll_seder.dll	7e2f97d9d78ce67e3e41fccc51a6e4d4	6
Nome: michll_seder.dll MD5: 7e2f97d9d78ce67e3e41fccc51a6e4d4 Tamanho: 268.8 KB (268800 bytes) Detecções: 6 Tipo: Dynamic link library Caminho: c:\Users\<username>\appdata\local\tallidle\aoqinvirtual\michll_seder.dll Grupo: Arquivo de malware Ultima Atualização: February 8, 2022
17.	PureUnitGui.exe	98e83a1ca6e4eb75c9ad36483c498cfc	5
Nome: PureUnitGui.exe MD5: 98e83a1ca6e4eb75c9ad36483c498cfc Tamanho: 1.14 MB (1147392 bytes) Detecções: 5 Tipo: Executable File Caminho: C:\ProgramData Grupo: Arquivo de malware Ultima Atualização: November 3, 2018
18.	sqlblxs_wik.dll	160ec8523d246e6dbd7ca5f11c7b95af	5
Nome: sqlblxs_wik.dll MD5: 160ec8523d246e6dbd7ca5f11c7b95af Tamanho: 265.72 KB (265728 bytes) Detecções: 5 Tipo: Dynamic link library Caminho: %ALLUSERSPROFILE%\activehost\caisntsmemo\sqlblxs_wik.dll Grupo: Arquivo de malware Ultima Atualização: October 28, 2021
19.	csrss.exe	111d8b5d91c8cee13aa7e0cc03624070	2
Nome: csrss.exe MD5: 111d8b5d91c8cee13aa7e0cc03624070 Tamanho: 107.52 KB (107520 bytes) Detecções: 2 Tipo: Executable File Caminho: %USERPROFILE% Grupo: Arquivo de malware Ultima Atualização: November 9, 2010
20.	lsass.exe	eb2824a027f5b73103f7559f9108ff6f	2
Nome: lsass.exe MD5: eb2824a027f5b73103f7559f9108ff6f Tamanho: 184.32 KB (184320 bytes) Detecções: 2 Tipo: Executable File Caminho: %APPDATA%\SysWin Grupo: Arquivo de malware Ultima Atualização: November 15, 2010
21.	svcnost.exe	190fce0279df0aa997a010a2bf991212	2
Nome: svcnost.exe MD5: 190fce0279df0aa997a010a2bf991212 Tamanho: 133.12 KB (133120 bytes) Detecções: 2 Tipo: Executable File Caminho: %APPDATA%\mssend2 Grupo: Arquivo de malware Ultima Atualização: December 20, 2010
22.	svchost.exe	5601b6e886ebe1a23dc36bf0b0f82a20	1
Nome: svchost.exe MD5: 5601b6e886ebe1a23dc36bf0b0f82a20 Tamanho: 105.47 KB (105472 bytes) Detecções: 1 Tipo: Executable File Caminho: %APPDATA%\Microsoft Grupo: Arquivo de malware Ultima Atualização: November 4, 2010
23.	IejcEnye.xnr	5fadc590216e4a92143b598b6aed210b	1
Nome: IejcEnye.xnr MD5: 5fadc590216e4a92143b598b6aed210b Tamanho: 301.05 KB (301056 bytes) Detecções: 1 Caminho: %ALLUSERSPROFILE%\RuqoHugxa Grupo: Arquivo de malware Ultima Atualização: December 30, 2014
24.	48a5ab98.exe	1c9493b8aaffd624c97c37834200d610	1
Nome: 48a5ab98.exe MD5: 1c9493b8aaffd624c97c37834200d610 Tamanho: 253.95 KB (253952 bytes) Detecções: 1 Tipo: Executable File Caminho: %SystemDrive%\48a5ab98 Grupo: Arquivo de malware Ultima Atualização: April 3, 2015
25.	jork_0_typ_col.exe	b8282ef0910b0dde52e288bd8895057a	0
Nome: jork_0_typ_col.exe MD5: b8282ef0910b0dde52e288bd8895057a Tamanho: 223.72 KB (223720 bytes) Detecções: 0 Tipo: Executable File Caminho: %TEMP% Grupo: Arquivo de malware Ultima Atualização: June 22, 2012
26.	save_0_in.exe	92b9363efc32b3cc5008b4d19a44ce4b	0
Nome: save_0_in.exe MD5: 92b9363efc32b3cc5008b4d19a44ce4b Tamanho: 223.73 KB (223736 bytes) Detecções: 0 Tipo: Executable File Caminho: %TEMP% Grupo: Arquivo de malware Ultima Atualização: June 22, 2012
27.	14.exe	417494bee98a01655f9f13d4d5efb12f	0
Nome: 14.exe MD5: 417494bee98a01655f9f13d4d5efb12f Tamanho: 135.16 KB (135168 bytes) Detecções: 0 Tipo: Executable File Grupo: Arquivo de malware
28.	4131500ab1d4e9f620e5101e51d98587	4131500ab1d4e9f620e5101e51d98587	0
Nome: 4131500ab1d4e9f620e5101e51d98587 MD5: 4131500ab1d4e9f620e5101e51d98587 Tamanho: 453.95 KB (453956 bytes) Detecções: 0 Grupo: Arquivo de malware

Arquivos Adicionais

Detalhes sobre o Registro

Trojan.Kryptik pode criar a seguinte entrada de registro ou entradas de registro:

File name without path

scaalqtw.exe

Regexp file mask

%ALLUSERSPROFILE%\sqldump.exe

%APPDATA%\b[NUMBERS].exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS].com.url

%APPDATA%\Origin\update.vbe

%APPDATA%\Stanfind.exe

%APPDATA%\vpn gui.exe

%LOCALAPPDATA%\Microsoft\Windows\Symbols\wvfilters.sys

%TEMP%\nvc.exe

%TEMP%\system.exe

%TEMP%\winsrvcs32.exe

Diretórios

Trojan.Kryptik pode criar o seguinte diretório ou diretórios:

%ALLUSERSPROFILE%\windrivgr 19.7

%LOCALAPPDATA%\DsHcaJnIIz

Relatório de análise

Informação geral

Family Name:	Trojan.Kryptik
Signature status:	Root Not Trusted

Known Samples

MD5: 9600d3a2fe02224bf095564a3a89e690

SHA1: 36b234bf1683610e48843e73b07fb4a8cafadb65

Tamanho do Arquivo: 2.15 MB, 2146803 bytes

MD5: ff3da30cd75fcf2cb8bb69e8a42844d9

SHA1: bce3cb2b31e3fd357642705854680f7f24cdceb3

Tamanho do Arquivo: 7.93 MB, 7925760 bytes

MD5: a0694ade7313dcaa378678ca8d931904

SHA1: 85d98b9d9515ca5d96c88a1ff70a02002fdaa6f7

Tamanho do Arquivo: 6.96 MB, 6959104 bytes

MD5: 605bfbc543887356d4d064174a307fb7

SHA1: 97953b3d3f8d0f072678b1bc11096d1c0e04434c

Tamanho do Arquivo: 6.96 MB, 6963200 bytes

MD5: ae61456704827a51c7613b4cc18b31d0

SHA1: 8863218f8de156061a1e22088b8929d996d4f76a

Tamanho do Arquivo: 292.35 KB, 292352 bytes

MD5: 11101b3f4e7ecb4a483ff6bb49c469ba

SHA1: 8b99bf5db2c98582703d25a259e7116411c63d3c

Tamanho do Arquivo: 7.33 MB, 7330816 bytes

MD5: a8343b36fd866f4ec73184a55aebf791

SHA1: 9420445ca0f80f0714978bb158c10772a9eb8ec6

Tamanho do Arquivo: 195.58 KB, 195584 bytes

MD5: 8b0b637e8a37ba37931605e39d963aed

SHA1: 299f3d03b75a35f7d18ce75ab45d264608d86f37

Tamanho do Arquivo: 321.54 KB, 321536 bytes

MD5: a98fac092e6955286af361f18cfe1cbd

SHA1: 1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e

Tamanho do Arquivo: 6.21 MB, 6213728 bytes

MD5: 3522f5b40b01ed6a16fd5aa9070c1a8f

SHA1: 2e1180568953f14caa4c10556c0c359bdd41be3d

SHA256: 72A4C01D155E04230C88BAB9681D20B865CD95DE008C25F0ACBAA35E6BCA0293

Tamanho do Arquivo: 236.54 KB, 236544 bytes

MD5: 4314174c68e355e45ca4b58c74b0ec89

SHA1: 5eff3199e0272ec9721a97fbf09f2aa57d033b0e

SHA256: 64035A844112DD904CCBFF34301185EA7A905D9224A03757AD0A1B26DCC57030

Tamanho do Arquivo: 6.17 MB, 6166016 bytes

MD5: d0e3f2371e2bbc2bc9f6ac4498df00f3

SHA1: b5d334c51a9715401992d30f17f8b52ab277d102

SHA256: C7753913606E8AD1F467F58DA84034F7CD032FFF3D0D19576EF47319AFA0DE01

Tamanho do Arquivo: 2.48 MB, 2475520 bytes

MD5: 8ed50b74f2fc2959a5464b70c896a52f

SHA1: ef8a79e36482e617b547b1da30e5a6d5ab4f6e0b

SHA256: 02F006BD0DCC0DD0896A518711C5642EBC1E962DB1B6D8E8C8836C0FB16A2267

Tamanho do Arquivo: 956.93 KB, 956928 bytes

MD5: afad1dc81d4708d42e5fd32817aeab38

SHA1: d0f5549a2d6bbfae963fa8ccfd5446af28ddf6e4

SHA256: C8F07C5C8FB39AB13964BEB13A7B3CB551A59927DA4459A234DC9415969B8DD9

Tamanho do Arquivo: 403.97 KB, 403968 bytes

MD5: 61ec23c910534e2956ea509d57ebc623

SHA1: 16afa32a87ed409f088fe2c2b73c0941bfe3baba

SHA256: C0F749791B73B761D0A7B5987D74FD0FD2C308CFE830F9BF767779EAE6CEC71A

Tamanho do Arquivo: 612.35 KB, 612352 bytes

MD5: 32b9fdc6203e448736d2e08d1ae97b92

SHA1: ad6aa48a98965077a46de80a522291869f66e13f

SHA256: 09C2ECBAF446EA4CBCA2E0C98FC968A69078C7DB8459DAF652A807FB2663733F

Tamanho do Arquivo: 551.42 KB, 551424 bytes

MD5: 131a042f5396c4e648ad10454822360e

SHA1: c4b24d8d171aefdb70919d3bab763a621c737e22

SHA256: ECE04839B08CB14C9CE0BBBB011EA8B7C44C0C443B7998D6922D3A5E7B1FA0B1

Tamanho do Arquivo: 7.53 MB, 7527424 bytes

MD5: 4494fbb4e7c3879b615781945a0d5dac

SHA1: 60be54109e6047166e8d816b8066000d64bcf287

SHA256: AEFA3D227E68F3AFB41208A5331A4A4650BC00482B7A9A2D40EA510C3D4EDC55

Tamanho do Arquivo: 656.90 KB, 656896 bytes

MD5: dc4ba82a4219bacbacc58c09b6d2f1f0

SHA1: 563061438d1273572a59d2d5703fe792efda459f

SHA256: 457AB1EBD8E8B9EE330AF2419F50685F50C50F769EEDBF9BE754D6E12AD3C9BB

Tamanho do Arquivo: 7.23 MB, 7225944 bytes

MD5: 1de62652a732f40a18330be14e6af30f

SHA1: 7c15c2fb28618a472f69585234dc2bf25482a5b2

SHA256: 8B433DD57CACDA44041C7171D155D14D8BEAD978DFBD2881F9B31432D33AA833

Tamanho do Arquivo: 1.91 MB, 1913344 bytes

MD5: e3374cb9d76e1c2df2456c5f9de1e4c2

SHA1: 5b8547c736daca4568fe56a63fbeff67ed5591b4

SHA256: 4A0438F780D535925011FB51E2AE96784D67F6F197A9580C2F6166B71B9658B6

Tamanho do Arquivo: 438.27 KB, 438272 bytes

MD5: 3457e8a7955fcbcc7efdd399101e1cf4

SHA1: dc24ff328073f48e4ff5a7e42451b437d42eca33

SHA256: 3438F4F6EE530EFE7E458D14E3B46CB0DA3CC1C439B892FA53863AD206784E31

Tamanho do Arquivo: 7.93 MB, 7926784 bytes

MD5: f8f3d2fbc295bf74d25161a9864fe7e8

SHA1: 94ec48daaca735757fcf6c8783c806bbdc2542a3

SHA256: 15B644B42EDCE646E8BA69A677EDCB09EC752E6E7920FD982979C714AECE3925

Tamanho do Arquivo: 593.92 KB, 593920 bytes

MD5: e70a6244f2e91aad2833f6cf15dc2e38

SHA1: fc86e3745d820ffced885769411b8ec62646a256

SHA256: A827F36417B546F7C9DEF3884915B5F7F3B3D63E2E62173C9D02163364DD4FA3

Tamanho do Arquivo: 470.02 KB, 470016 bytes

MD5: 4c4c1149fca58fc02d99e61ca29f0bc1

SHA1: 4181ecf652ff57cefd330f5865e3d1c9ccb6f14c

SHA256: 4ACD3C56DCC77F666CCDCE2C8426523089620867498B2977654CB7594FFE55E5

Tamanho do Arquivo: 7.32 MB, 7318016 bytes

MD5: f7cccbe4e4b5f2b70cd5bea6412b376a

SHA1: 40db4f0104dcf411b62204a3735c1a1644f6794b

SHA256: D9BA20E12FDE5BD68053052F0B03562CB807371642EA4E4C1B2799ADE4873D7F

Tamanho do Arquivo: 453.12 KB, 453120 bytes

MD5: b385d32d41aff9400ab3d88c4529a7f4

SHA1: 95e8642f9e44f299f427dd4385961d0a5f6358dd

SHA256: 28F539664193000A815D976B3BF8974DDFB50236E4E0E0DBC12EE773F27899F9

Tamanho do Arquivo: 7.89 MB, 7890944 bytes

MD5: 512741ff2c4ea29892ed729d45b14f62

SHA1: dfcfdb43b23c8245525b2c3936c2833a3bda9d76

SHA256: EFF64194712E87437DA649EB03E119ACB046B7490020B2F51B5737387E6B41DB

Tamanho do Arquivo: 7.48 MB, 7475712 bytes

MD5: 10b29cd5359c49f43d55c5d0a6f67684

SHA1: 1faea647b480054a10a65c3bf6083b2c4e52c9db

SHA256: 51798136352F132DDB26765D3FA04C617EA66FDD685770857222F54935BEB29A

Tamanho do Arquivo: 2.51 MB, 2512384 bytes

MD5: fe93d1385cc3f27bfe7fbedc7329c0f8

SHA1: be67f8c6fcf8f6fcb65552d110508e995a8d1975

SHA256: 07817109E143F99F7F058DD30E9485CC05C5CD144D33CB62DBD9D70895C776A1

Tamanho do Arquivo: 448.00 KB, 448000 bytes

MD5: 961559ba0911c22694ccf9396c1f66cf

SHA1: 393aed966fcedfa3f83ab361e4fbae0f91483cd5

SHA256: C9180F584BBB8E1B16542A48094A88AF53A99078055652F6596FF9FE7AA4EE84

Tamanho do Arquivo: 6.92 MB, 6916096 bytes

MD5: 1caba540755f76b02be8376b9ae07945

SHA1: 56637462440a2973166722b139925c3181bee0f7

SHA256: 382E41FEC065AFCEC566A7D6DC34C6DB30256ACF2EA6D2BCE7596CF93062A702

Tamanho do Arquivo: 351.23 KB, 351232 bytes

MD5: 54cfe4e098a8fb2a30d574041055f350

SHA1: 2c3f52d8ac1a31f576f1c9c4540925a11e90e08b

SHA256: 3765A6BA9DC592339EBD33ECDD5EF0B40D6DB69D96989EAD48474D925A1CD0AE

Tamanho do Arquivo: 7.33 MB, 7330304 bytes

MD5: 4e7cd001d67cb7a9ca3409ad03bd1eff

SHA1: f8703b54232a740d5688d0c753ff44bf8f5c34cb

SHA256: FFF6B5219CBE93D3BF914C433059AEAF1B1BB7B8654357D51598E4F6AD360048

Tamanho do Arquivo: 591.36 KB, 591360 bytes

MD5: 00f139b3ea1adbc8d2d16b6fa4362e33

SHA1: 1af36efefb0f40d76e0ccf08df06d9f8748f6f2a

SHA256: AEB6403AA67B222D49BA6A5590617F9034B0A892DFE6E48B88A097EBDE586B8D

Tamanho do Arquivo: 523.78 KB, 523776 bytes

MD5: 4ff213082e3590211894c9152dd9e09a

SHA1: 841572197e54dda8909a033497d8b2126dbbe013

SHA256: 550D83E69B3B4F481F49258992BCE6A2DF32120654B06336F643B846F7F11120

Tamanho do Arquivo: 1.88 MB, 1875968 bytes

MD5: 283a1696d817eac650bbcb3876f7e4f0

SHA1: fcfc416235d5ca81202948befa208b106dc4a9f0

SHA256: 4BBD8B180F9163CC5201AA31E0746A3AD7DDE6F4BA717A5BD61AF4AEB13191AC

Tamanho do Arquivo: 5.52 MB, 5517824 bytes

MD5: 7446c857b9fc62ea60acfbd5fde94c16

SHA1: 91ea511f61a405ab78643f1e122e13e3dfd2aea5

SHA256: 23142D17FD1C6F939F93D23F6B58DBDB0AE76B6E6818B00E7F3F5EF85F93AA08

Tamanho do Arquivo: 1.41 MB, 1410842 bytes

MD5: 26cf3bcae0a3ffd4e288756fbebd419a

SHA1: 6d4eaa2aaec9699d8031b208b20bcddd771b1f60

SHA256: A7642339D2D12B0310C26F79E65CAE3E35A03F8653F60ED1E075081EBC60B8F2

Tamanho do Arquivo: 889.86 KB, 889856 bytes

MD5: a841276db2d93857d25f22b2ac6a59fc

SHA1: 129b3226ec7a09081979ec3dad3a1d94084a5f7b

SHA256: 3ECE24145BE738F8D6116C4B82AEADAD374D44B4FDC3B91FE4307CCDB7AB94F7

Tamanho do Arquivo: 7.89 MB, 7890944 bytes

MD5: 05c30fd3031d2b761c62eb89baff3364

SHA1: c0c1668e20d3e1960a361db5c93f454e4752b4c0

SHA256: DF4A368C454C392FB1157ABF75134AD7E8EA1B137630E835BD8A70A71774E6F5

Tamanho do Arquivo: 8.29 MB, 8293552 bytes

MD5: 90dd71dc4374e2613ea34600ed5eb586

SHA1: 4498ca735e0ec4be08fde8af08378b1df6a74c0b

SHA256: FD86FF3B29644B27E41FCC6EA30F33BF3F5CE3BB739672AB9B2C049FBD5B94C4

Tamanho do Arquivo: 7.45 MB, 7449088 bytes

MD5: 47bf8fe8557e847208f058e0d1652dd7

SHA1: 3f2bd44b474629a3152e4bf043665ffd8db5a585

SHA256: 6D2A02DEA69D7BCB0E090FD2CAFAC889362A302E69C6420725A0CD2D337FAE21

Tamanho do Arquivo: 7.69 MB, 7692288 bytes

MD5: 9449f21694c18c478992cb8c37e07fb4

SHA1: c861a01bb2bd283542902ca024a690c3824c2bc7

SHA256: A59A5AC97C1ACA0AC96C3639784131F7869C2F0EA764AB66619DA228B26C5DFA

Tamanho do Arquivo: 7.65 MB, 7645192 bytes

MD5: cba84f481807f277fdbabdaacbcd1290

SHA1: aa3128d52e36cc135f80eb9b94d32f602f92d4df

SHA256: 040F0325C7B5A0195DF777D67D663CA12025D675DE9076AD238F9F6E006497FE

Tamanho do Arquivo: 220.06 KB, 220064 bytes

MD5: 93e01d959a893b8b0ba22ca1472d0d93

SHA1: 48b31a0cbd9558534d65d104e845aa438e1e0960

SHA256: A81AD7704197C5E519C3DA068B1573894BE55F466AEABB5F194CC3D3C3EE1A62

Tamanho do Arquivo: 8.16 MB, 8164352 bytes

MD5: 17007cf43a1df39e1a07a8c4c49f8efb

SHA1: bb495df236ee901940effee49e0bd88d0c389625

SHA256: EBB97D06C4F5ECA7ABD1CF2B702E94F237CB5856C13532277FFC057DF2A7CD73

Tamanho do Arquivo: 326.14 KB, 326144 bytes

MD5: 5def6d24d8038e2e7bc55c9472deb230

SHA1: 413b22790c264900bbb28b8670f489d6d1760c58

SHA256: E3708D84D3E74B6D1FCEE2E1317C536E1767DBDD7A7B078A7A83FE9B477BFC94

Tamanho do Arquivo: 457.22 KB, 457216 bytes

MD5: e5d32309cbf7f07fa80f65d34d6c976c

SHA1: d3b86247c9fdd774b010b7193c8647b15405d9bc

SHA256: 1C4D4006D7C154A026AB809C3CF541B97408082CE1101E6368436C9109702751

Tamanho do Arquivo: 951.64 KB, 951643 bytes

MD5: cbe93276578d3a9942e8cb4a4ad67a16

SHA1: f68a212571ae9bda9d8b10bee83bc3edba2e638e

SHA256: F155944C50897EBBE0AC681E8198E9E48C893DE51587F3945C720E057A4BA90B

Tamanho do Arquivo: 446.46 KB, 446464 bytes

MD5: 83fe1a113d9188f4b052e4650e9d8e24

SHA1: 470d10df0cf3db09d9ef5398e163610f1485a744

SHA256: FE4D62C336E34BFFBCDAEB4C8D3554E04CC04F05D670811934D0EEB041046B0F

Tamanho do Arquivo: 487.42 KB, 487424 bytes

MD5: bd882c1d53dfbf5b8e2d9b6b110e7216

SHA1: 376c4b42fa2a8d73e72aad8fda9bd5e3e6dc7695

SHA256: B9FDD5691456125DC295282B77788BADDF6EF700E5017352CB6EBAFBFC7C4915

Tamanho do Arquivo: 7.59 MB, 7588352 bytes

MD5: b6f08f1f9aeaa77f16e28c8518381b6f

SHA1: deb1158908741818c07b97d3d32ff9ab959206d6

SHA256: 21057EA5C6468F0FDE45944331006C0C6F08EB000240E484519C60E7EC7A69DB

Tamanho do Arquivo: 7.34 MB, 7336960 bytes

MD5: 0f1e40c602f0df10d3d4e801f99b647c

SHA1: ddfe31e9f19a10f59e4372fb4a30e76b691f11cd

SHA256: B5283DA02C083FC4AD72610DEE401C6612F565D0486FD8BCD665BCE6FFB8619C

Tamanho do Arquivo: 419.33 KB, 419328 bytes

MD5: 3c45c8fff2f3a24da26ddf6e5a005413

SHA1: c39b6b2ec2a1d2c270c4d10988adbf92b171ab6b

SHA256: 5BB0C6C2C23B5BFFA2DA69059E9080A21507A85406C2AA421A1995A6EB2BB412

Tamanho do Arquivo: 7.33 MB, 7330304 bytes

MD5: 897183554b87d04252acbe687217c73c

SHA1: 1db38995ee6ebb349d9fdba12cdddca7b5f6ddf4

SHA256: A131F91028D34C7C25A4AB4B1ADDD2283CA116C76EF8B2D6A13B147D0A4562C3

Tamanho do Arquivo: 5.92 MB, 5923840 bytes

MD5: 328c32598dbb09ac6fd5f775afc49b85

SHA1: 38564f5c86d953991c233b06a579546a73bb7f39

SHA256: 14CDA9B4E459730769B3E8095234229F72C5BB10B94D508AA70B77149BEA61CC

Tamanho do Arquivo: 7.14 MB, 7143424 bytes

MD5: 1f14a7c932f9fd6f7982387c221babfe

SHA1: 464aa0ea014f3dc7a4850b875a1c4265d579eca2

SHA256: FBBE21A008006608C9DD7E9FB18140B66E1EAE1EE371CBC8A498E2E010D3CE13

Tamanho do Arquivo: 1.14 MB, 1137495 bytes

MD5: 848198ccc5e9f60d650475c5b94ee00e

SHA1: ff371c1b992209196336d9dfa246134e15f346e3

SHA256: 40797E7639A603F5BF62ABAB098CEFC474EE8AF9890189850AEF290FB3A96122

Tamanho do Arquivo: 237.57 KB, 237568 bytes

MD5: f52573ef74b6fb298d689b4719210b29

SHA1: c37ca333aad8fe8434e63bc4fa34d82d62ec71c7

SHA256: 89D29F96CD4263CFEC8745706E6C47532BBC9F117D3418FE7CD8968FAE355E60

Tamanho do Arquivo: 8.70 MB, 8698368 bytes

MD5: 2979ad27c24f704924becd85b68cafdf

SHA1: 9940c4cedfbfaf717c96908aa1b61b02101e5e2c

SHA256: 7B667E306F38FB74B062602DC5A93B4F1025ADB341AA859091D3D2249DC2840D

Tamanho do Arquivo: 1.35 MB, 1345235 bytes

MD5: de7d16d25b24959f18e6786bf7128ea2

SHA1: 647724b6212dc008ce475626eec9037b992645f2

SHA256: 3D7B035F2A06D8F9B6FE4A39A551D9F59438EC546EBAF3B508B1348AA5CC5D8B

Tamanho do Arquivo: 883.47 KB, 883465 bytes

MD5: 4744d471186031dda04ba0dca29a5cb6

SHA1: 57688063cb6b4e9bee0b59bc88db74cb2c38329c

SHA256: D4FD9D0589CEDC11C3397F6A6B172BAE81184CE0A316EC9BB003BB3C5028D86E

Tamanho do Arquivo: 6.64 MB, 6640640 bytes

MD5: 8f8a50ed2598bcea33b89c9b32f21c8a

SHA1: 756ac2c9ed2aa674f079def3532832546709759e

SHA256: A7616623D34852B875F538C6139EC29D12E6F3878DE7C8ADB56059003E6DFA07

Tamanho do Arquivo: 7.39 MB, 7394816 bytes

MD5: 644b38d3b97dc0385de58a67d310251a

SHA1: dbdcfb8cc43757d7d19e0ed7c3d1597b45996d49

SHA256: 39C5B6D7A8E1807010D6CFA2F5CA698F984E141FD7FFC3E324AA8D852AF4276A

Tamanho do Arquivo: 7.33 MB, 7329792 bytes

MD5: 7ba09da75686a674ccc8e5306f3803ff

SHA1: 8cb61939e7db03e4b0d81b82e9f367843b2ec5ec

SHA256: 01CBE7549A646E84F71497A99F458B098580089255818A799C1B3DF5FA3302C9

Tamanho do Arquivo: 7.94 MB, 7939072 bytes

MD5: e7d70e7b7c8864a7e7e9f0a5f680d0c9

SHA1: 4a6456763802b216f61510608870203e53fc0720

SHA256: 5FA4D50F050334182910CE3B4B34AC6785A4F883024D5BF823E744B0006796E8

Tamanho do Arquivo: 1.12 MB, 1118745 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is 32-bit executable

File is 64-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Nome	Valor
Comments	A base64-based calculator for Indian institutes https://silversecond.net/ Parallels Shared Application Update By DarkDancer
Company Name	A base64-based calculator for Indian institutes INC Historiy Meratro Parallels Software International, Inc. Right SilverSecond
File Description	Black calculator for Indian institutes FeelsLike Game Game / WOLF RPG Editor gens Telegram@dohnaduona Telegram@quzimingyue TheLastPlague (Mac)
File V	44.0.0.56
File Version	Ver2.2961 Ver2.281 91.64.90.2 65.88.28.15 4.2.1.3 3.393.2024.829 3.385.2024.819 3.351.2024.705 3.336.2024.506 3.334.2024.503 Show More 3.275.2024.118 3.248.2023.1028 3.230.2023.928 3.207.2023.714 3.191.2023.529 3.184.2023.515 3.175.2023.414 3.136.2023.115 2, 38, 2022, 722 2, 1, 4, 0 1.0.0.0
File Versions	62.76.74.12 38.34.8.33 3.70.55.47 1.0.5.8
File Verus	1.0.52.18
Internal Name	A base64-based ltd Game gens Gunlet Hope Liee Modink
Internal Surname	vebug.ekc
Legal Co	Copyri (C) 2019, permudationcy
Legal Copyright	Copyright (C) SmokingWOLF All rights reserved. Copyright 1999-2006 Stйphane Dallongeville Copyrights (C) 2023, Nabisradig Indian institutes
Legal Trademarks	A base64-based calculator Gens
Original Filename	A base64-based calculator for Indian institutes Game.exe gens Wonder
Original Filenames	Otlasik
Private Build	3
Prod	1.2.5
Product Name	gens Mustifest Parallels Tools Center Porjezor the base64-based calculator for Indian institutes WOLF RPG Editor
Product Version	33.18.32.55 12.33.3.71 2, 1, 4, 0 2 1, 0, 0, 0 0.0.0.0
Product Versions	162.65.10 80.4.57.49 9.30.90.54
Product Versys	1.6.37.29
Special Build	4 Parallels Shared Application Souvenir

Digital Signatures

Signer	Root	Status
CJSC Computing Forces	Thawte Premium Server CA	Root Not Trusted

File Traits

2+ executable sections
big overlay
dll
HighEntropy
imgui
Installer Manifest
No Version Info
ntdll
packed
SusSec

themida
themida section variant
WriteProcessMemory
x64
x86

Block Information

Total Blocks:	436
Potentially Malicious Blocks:	0
Whitelisted Blocks:	436
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.AIZF
Agent.AN
Agent.EDA
Agent.GDFC
Agent.GSTA

Agent.IUH
Agent.KGD
Agent.KLGA
Agent.KPFA
Agent.KPG
Agent.LGSA
Agent.OFGI
Agent.OFGJ
Agent.XFM
Agent.XSDA
BadIIS.A
BlueLocker.A
Downloader.GS
GameHack.LPE
HackKMS.TFA
IEHelper.B
Injector.HGG
Korplug.P
Kryptik.BIDD
Lamer.CF
Murphy.B
Rugmi.FC
Rugmi.TB
Spy.Agent.GDA
Spy.Keylogger.X
Stealer.BBA
Stealer.FPE
TinyNuke.AA
Trojan.Downloader.Gen.BM
Trojan.Downloader.Gen.BP
Trojan.Downloader.Gen.M
Wapomi.F

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\languages	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\languages	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\languages	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\maindb	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\maindb	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\maindb	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\packagedb	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\packagedb	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\packagedb	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\plugins\0\customui.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\plugins\0\customui.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\plugins\0\customui.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup.rgn	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup.rgn	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup.rgn	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\agreements.html	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\agreements.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\agreements.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\butt_cancel.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\butt_cancel.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\butt_cancel.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\butt_inf.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\butt_inf.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\butt_inf.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\butt_que.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\butt_que.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\butt_que.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\butt_warn.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\butt_warn.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\butt_warn.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\install.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\install.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\install.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\maintenance.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\maintenance.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\maintenance.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\shortcutremover.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\shortcutremover.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\shortcutremover.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\uninstall.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\uninstall.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\uninstall.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\wmkeeper.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\wmkeeper.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2017eide\1a7f95e4ecb0a268cccc01dcc6f5c8894408de7e_0006213728\presetup\wmkeeper.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2017eide\comregc.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\resume.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\2017eide\unpack.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\languages	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\languages	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\languages	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\maindb	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\maindb	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\maindb	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\packagedb	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\packagedb	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\packagedb	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\plugins\0\customui.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\plugins\0\customui.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\plugins\0\customui.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup.rgn	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup.rgn	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup.rgn	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\agreements.html	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\agreements.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\agreements.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\butt_cancel.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\butt_cancel.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\butt_cancel.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\butt_inf.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\butt_inf.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\butt_inf.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\butt_que.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\butt_que.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\butt_que.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\butt_warn.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\butt_warn.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\butt_warn.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\install.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\install.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\install.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\killproc.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\killproc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\killproc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\maintenance.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\maintenance.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\maintenance.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\shortcutremover.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\shortcutremover.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\shortcutremover.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\uninstall.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\uninstall.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\uninstall.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\wmkeeper.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\wmkeeper.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\22l5gl42\c0c1668e20d3e1960a361db5c93f454e4752b4c0_0008293552\presetup\wmkeeper.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\22l5gl42\comregc.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\resume.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\22l5gl42\unpack.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\languages	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\languages	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\languages	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\maindb	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\maindb	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\maindb	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\packagedb	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\packagedb	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\packagedb	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\plugins\0\customui.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\plugins\0\customui.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\plugins\0\customui.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup.rgn	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup.rgn	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup.rgn	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\agreements.html	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\agreements.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\agreements.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\butt_cancel.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\butt_cancel.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\butt_cancel.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\butt_inf.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\butt_inf.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\butt_inf.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\butt_que.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\butt_que.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\butt_que.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\butt_warn.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\butt_warn.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\butt_warn.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\install.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\install.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\install.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\killproc.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\killproc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\killproc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\maintenance.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\maintenance.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\maintenance.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\shortcutremover.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\shortcutremover.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\shortcutremover.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\uninstall.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\uninstall.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\uninstall.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\wmkeeper.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\wmkeeper.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\24v5fijq\647724b6212dc008ce475626eec9037b992645f2_0000883465\presetup\wmkeeper.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\24v5fijq\comregc.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\resume.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\24v5fijq\unpack.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_153468015	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_19625	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_20046	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_20328	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_20750	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_21062	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_21234	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_21390	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_21406	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2145453	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_21468	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_21515	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_21546	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_21578	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_21718	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_21765	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_21875	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_22046	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_22218	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2925687	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2926609	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_566187	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_703828	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\another world (e) [!].gen	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\another world (e) [!].gen	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bios	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\bios	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bios\mcd2_200 (eur).bin	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bios\mcd2_200 (eur).bin	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bios\mcd_101 (jap).bin	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bios\mcd_101 (jap).bin	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bios\scd2_200 (usa).bin	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bios\scd2_200 (usa).bin	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bios\sega_cd_bios.rar	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bios\sega_cd_bios.rar	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\castlevania - bloodlines (u) [!].gen	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\castlevania - bloodlines (u) [!].gen	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\centurion - defender of rome (ue) [!].gen	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\centurion - defender of rome (ue) [!].gen	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\gens - acceso directo.lnk	Generic Read,Write Data,Write Attributes,Write extended,Append data

30 additional files are not displayed above.

Registry Modifications

Key::Value	Dados	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\catkeswx\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	gens.exe	RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	㓼䑯	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	醐焺垻ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::version	Ԁ	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::name	GENS.EXE	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::id	GENS.EXE446F34FC001CA000	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart		RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\xjrelrpf\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	䶛垿ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	आ뱓Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\ehrodjji\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	噠ﷃ埀ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	茵決Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\fzsgieoa\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	홀ꪪ埂ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	ᥡǛ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\mvucxmpj\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	뷐㲇埈ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	ꬾǛ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\aprrxcwx\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	簰摻埊ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	輍팲Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\mcqtpehd\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	删䢝埌ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	蕿띔Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\ehncfewg\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid		RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart		RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\ueensjxi\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	툰ᕋ埐ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	萂Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\csudtgtm\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	⬰ﱼ埒ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	䬥欳Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\dyyrjsub\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	꓀꜑埔ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	㘦ᗋǛ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\ebrmivct\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	鳀埖ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	᭽୸Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\nguqinpj\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	Ꭰ玑埚ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	☞Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\njuyxjhi\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	Ð㦘埜ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	퀘ꡍǛ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\wpieoyyo\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	⛐⌧埞ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	㷵釟Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\qjftmbxg\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	舠ۈ埠ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	霝畿Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\jtvsocfm\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	秠埡ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	燘厜Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	࿠䣓駾ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\user\downloads\841572197e54dda8909a033497d8b2126dbbe013_0001875968	DWM8And16BitMitigation	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	841572197e54dda8909a033497d8b2126dbbe013_0001875968	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	鹇䦘	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	兰ꘫ끾ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::name	841572197E54DDA8909A033497D8B2126DBBE013_0001875968	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::id	841572197E54DDA8909A033497D8B2126DBBE013_000187596849989E47001CA000	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	袙ᓢ䓆ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\nvtosxld\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	ᡰ⾛땐ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	㲶鹒䦗ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317	Û	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324	#	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	é	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://affiliate.free.rongrean.com/logo.gifhttp://demo.mosiva	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey
HKCU\software\apcr::u1_0	鱞댶	RegNtPreCreateKey
HKCU\software\apcr::u2_0	⏑	RegNtPreCreateKey
HKCU\software\apcr::u3_0	権ă	RegNtPreCreateKey
HKCU\software\apcr::u4_0		RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\user\downloads\bb495df236ee901940effee49e0bd88d0c389625_0000326144	DWM8And16BitMitigation	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	bb495df236ee901940effee49e0bd88d0c389625_0000326144	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	⃴㯯	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	唐Ẇ뺕ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::name	BB495DF236EE901940EFFEE49E0BD88D0C389625_0000326144	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::id	BB495DF236EE901940EFFEE49E0BD88D0C389625_00003261443BEF20F40004FA00	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	䔄勤ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\aiwevwds\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	䮀林쯈ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	쩯怘ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\lxceatah\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	纝ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	艼伙秞ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\wiufsjxn\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	䏐嘻ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	퉟⚶臀ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\ljnlbiuv\appdata\local\temp\rarsfx0\gens.exe	DWM8And16BitMitigation	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	ﭠ䫉ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	荃ᭅ觷ǜ	RegNtPreCreateKey

Windows API Usage

Category	API
Keyboard Access	GetKeyboardState GetKeyState
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess ShellExecute ShellExecuteEx
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent NtQuerySystemInformation OutputDebugString
User Data Access	GetUserObjectInformation SetComputerName
Network Winhttp	WinHttpOpen
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose Show More ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFindAtom ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryTimerResolution ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtUserGetKeyboardLayout win32u.dll!NtUserGetThreadState
Process Terminate	TerminateProcess
Other Suspicious	SetWindowsHookEx

Shell Command Execution


							(NULL) C:\Users\Catkeswx\AppData\Local\Temp\RarSFX0\gens.exe Lion King


							(NULL) C:\Users\Xjrelrpf\AppData\Local\Temp\RarSFX0\gens.exe Lion King


							(NULL) C:\Users\Ehrodjji\AppData\Local\Temp\RarSFX0\gens.exe Lion King


							(NULL) C:\Users\Fzsgieoa\AppData\Local\Temp\RarSFX0\gens.exe Lion King


							(NULL) C:\Users\Mvucxmpj\AppData\Local\Temp\RarSFX0\gens.exe Lion King


									(NULL) C:\Users\Aprrxcwx\AppData\Local\Temp\RarSFX0\gens.exe Lion King


									(NULL) C:\Users\Mcqtpehd\AppData\Local\Temp\RarSFX0\gens.exe Lion King


									(NULL) C:\Users\Ehncfewg\AppData\Local\Temp\RarSFX0\gens.exe Lion King


									(NULL) C:\Users\Ueensjxi\AppData\Local\Temp\RarSFX0\gens.exe Lion King


									(NULL) C:\Users\Csudtgtm\AppData\Local\Temp\RarSFX0\gens.exe Lion King


									(NULL) C:\Users\Dyyrjsub\AppData\Local\Temp\RarSFX0\gens.exe Lion King


									(NULL) C:\Users\Ebrmivct\AppData\Local\Temp\RarSFX0\gens.exe Lion King


									(NULL) C:\Users\Ewqqmjql\AppData\Local\Temp\RarSFX0\gens.exe Lion King


									(NULL) C:\Users\Nguqinpj\AppData\Local\Temp\RarSFX0\gens.exe Lion King


									(NULL) C:\Users\Njuyxjhi\AppData\Local\Temp\RarSFX0\gens.exe Lion King


									(NULL) C:\Users\Wpieoyyo\AppData\Local\Temp\RarSFX0\gens.exe Lion King


									(NULL) C:\Users\Qjftmbxg\AppData\Local\Temp\RarSFX0\gens.exe Lion King


									(NULL) C:\Users\Jtvsocfm\AppData\Local\Temp\RarSFX0\gens.exe Lion King


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ef8a79e36482e617b547b1da30e5a6d5ab4f6e0b_0000956928.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d0f5549a2d6bbfae963fa8ccfd5446af28ddf6e4_0000403968.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\16afa32a87ed409f088fe2c2b73c0941bfe3baba_0000612352.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ad6aa48a98965077a46de80a522291869f66e13f_0000551424.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\60be54109e6047166e8d816b8066000d64bcf287_0000656896.,LiQMAxHB


									open steam://run/1398500//


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5b8547c736daca4568fe56a63fbeff67ed5591b4_0000438272.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\94ec48daaca735757fcf6c8783c806bbdc2542a3_0000593920.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fc86e3745d820ffced885769411b8ec62646a256_0000470016.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\40db4f0104dcf411b62204a3735c1a1644f6794b_0000453120.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\be67f8c6fcf8f6fcb65552d110508e995a8d1975_0000448000.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f8703b54232a740d5688d0c753ff44bf8f5c34cb_0000591360.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1af36efefb0f40d76e0ccf08df06d9f8748f6f2a_0000523776.,LiQMAxHB


									(NULL) C:\Users\Nvtosxld\AppData\Local\Temp\RarSFX0\gens.exe Truxton (W) [!].gen


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6d4eaa2aaec9699d8031b208b20bcddd771b1f60_0000889856.,LiQMAxHB


									open steam://run/1124060//


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\413b22790c264900bbb28b8670f489d6d1760c58_0000457216.,LiQMAxHB


									(NULL) C:\Users\Aiwevwds\AppData\Local\Temp\RarSFX0\gens.exe James Bond 007 - The Duel (UE) [!].gen


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f68a212571ae9bda9d8b10bee83bc3edba2e638e_0000446464.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\470d10df0cf3db09d9ef5398e163610f1485a744_0000487424.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ddfe31e9f19a10f59e4372fb4a30e76b691f11cd_0000419328.,LiQMAxHB


									(NULL) C:\Users\Lxceatah\AppData\Local\Temp\RarSFX0\gens.exe Centurion - Defender of Rome (UE) [!].gen


									(NULL) C:\Users\Wiufsjxn\AppData\Local\Temp\RarSFX0\gens.exe Castlevania - Bloodlines (U) [!].gen


									(NULL) C:\Users\Ljnlbiuv\AppData\Local\Temp\RarSFX0\gens.exe Another World (E) [!].gen

Trojan.Kryptik

Cartão de pontuação de ameaças

EnigmaSoft Threat Scorecard

Como o Trojan.Kryptik Entra no Sistema Visado?

O Que o Trojan.Kryptik Faz?

Como me Livro do Trojan.Kryptik?

Outros Nomes

SpyHunter detecta e remove Trojan.Kryptik

Detalhes Sobre os Arquivos do Sistema

Detalhes sobre o Registro

Diretórios

Relatório de análise

Informação geral

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Enviar o Comentário

Tendendo

Mais visto