Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.CheatEngine

PUP.CheatEngine

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.CheatEngine
Signature status: No Signature

Known Samples

MD5: 4d671f833919fe6226bcee4c99a8e29c
SHA1: 4976c589dd1d714b8964fd2c69093635d4f0c34d
File Size: 3.65 MB, 3651225 bytes
MD5: 44b2cc4df15f354d6d5e788500c5c50a
SHA1: 16ad647718e2b0bf7cfcfe05c6be14087856699b
SHA256: E5A3002DF7558DE90A00ADE159555C820220761E6AE4ED1CBD2E3C6C59B33DD3
File Size: 3.31 MB, 3311009 bytes
MD5: cdf5da3195df838d06a5fe700d6a7625
SHA1: ef6fd4e97e98798dcf15e210a02b1d72a98f543d
SHA256: 4C796FC4F2381D4C48C74567E500B8B8EE561D475F86F5E858AD7046E6B6E74E
File Size: 350.11 KB, 350112 bytes
MD5: ae285bf6cc1a7b4d7f158d93464f4cb4
SHA1: ceca362942148662598e428c7dd4beec0218ef35
SHA256: 97E98258EBF5805CF96AD67CCF4E37EE07CB7853266F8CE205EADED76C582244
File Size: 2.31 MB, 2310144 bytes
MD5: cf7a89eda5f3a084fb5b47610229311c
SHA1: a28a3752ee90550641cb8274fb3706b1599f73c6
SHA256: 9191340F0BD2125D870581EBCB560FA5B604536B76C02921ED25A14F9402D144
File Size: 5.06 MB, 5055488 bytes
Show More
MD5: 062a5e5e1b2bd27fdaa6e48a29503892
SHA1: fd9838eaaa6bdd4c19d3028dbb2d1b527d80549d
SHA256: 5DFDB8953D7A2410E0A4EA0A403D78F1EEA00A522643376CA3A82ACB87345B43
File Size: 287.51 KB, 287512 bytes
MD5: c2ec5b7268999dbf6612582173388ad1
SHA1: c641d01a6dfb5c10c70352101062806d1fa00cc7
SHA256: 8F969E2166C3E42BF71D5A3B54DBD44EC1DDE6D6A9508884B85F6C9FCC1A6CFE
File Size: 4.87 MB, 4867527 bytes
MD5: e90353887e5d3de8012b23581dd24735
SHA1: d23c9fdb422b2db18f70f44c448da72490ad9b41
SHA256: 47622CBAE2EB024A6B1F8FC7BDAF1F4644BD7F442028F1A98D89B8085F47A489
File Size: 4.06 MB, 4058112 bytes
MD5: 94ee003095ad15b883d369306a4a1d36
SHA1: 56dc63e915f25b28818d29d90ffbb6a86f0da3b8
SHA256: 663A1F2B846B1E68807928BB62EBFAE0CDB182D3CF84A45598B568AC7F2E1A68
File Size: 3.30 MB, 3301792 bytes
MD5: 56d0fef03b2ee232037d5273c8ece927
SHA1: c7254e8762b46bc99efec7d3dafcf4ddf47a4c04
SHA256: C5D157A10A0807917B000E6C2F2308D62B48ACC39815228509230EEC97305A5B
File Size: 879.62 KB, 879616 bytes
MD5: a5a36418ec2f66a5e7e4792841ac132e
SHA1: 458274440345e559b783c8bc76fd4fb7b67bc34e
SHA256: DA1DB94E2C9C6F169E35BC454B7B09E685460F8FA3FD513342A946CAE4F747D4
File Size: 714.52 KB, 714520 bytes
MD5: 3c6c9e1ca3c8dbc3eee2b9a436d82fd9
SHA1: 8b552cffc6f252cf4b21b0ad1d73d52b48d676e6
SHA256: 90C67F5CB3D07296E0866671953DAF319686BFE13D776D35E141017D0EFF6C5A
File Size: 3.69 MB, 3685888 bytes
MD5: dc82bb868a2380fd646f04fbc9c53245
SHA1: c4f60bdbbe3241a53ab48c60b7737b9da2394a71
SHA256: C8E6D6FDD3E7A9F5781B52E508A73A1858EEF05D111791BF08D88AA4EB6D13B4
File Size: 3.74 MB, 3739136 bytes
MD5: 562622418b71cd1bdd19c358c249f418
SHA1: 364725bb77ec1004e42d83b3cbe66a9e7d3a160a
SHA256: 893189C41A608004E78009186DCBF19702B1881822D894CE0B37C1A31479F84F
File Size: 6.50 MB, 6504448 bytes
MD5: 4fa8a018af55a28a2c545d50be6502d4
SHA1: bb371276522e2193c7821875040ec20a9f578d57
SHA256: 5FB1D1E0ECDDAE904491DCDE522057EDBF3AFBF508E8BCFF2195B9DE2FA429AA
File Size: 4.31 MB, 4310016 bytes
MD5: dc09952f0e89bc1486f1f27aa8f91294
SHA1: fd44a1b2afcc2ea68171eeacc5479ce0edefdc38
SHA256: A3BD66F80D66D688550C33CC2B4B7FACC9E5D775C70F29A7D94C5333EF889E07
File Size: 4.42 MB, 4423168 bytes
MD5: ea942326c5cce5175de810298425366e
SHA1: d2caee075719b2e7ee75e74bdf2908d0e84adfaf
SHA256: 8EA5185B1156D61BE0D04C5C641F571EC51257910467125C528098807BEA67EC
File Size: 140.70 KB, 140696 bytes
MD5: 6d96c819d78d5e537df52c6430034cee
SHA1: 616c24ec78ff6ab167a17df0f9bdb6d452bf9439
SHA256: 3F64EFFB99589D91937392ADEF5BB991FE9BC8D4B24FCF7B51C9A3CAB630C421
File Size: 2.97 MB, 2972645 bytes
MD5: 461a751f3bf0cbf3fd30bb1d5eaa5abd
SHA1: 013af6935561fbbe4ad7118f5be4272a082b337d
SHA256: 089AA8C295C274AFB25960FE872A060EAD28F18947EFEEEF75D5544178B26559
File Size: 3.84 MB, 3838464 bytes
MD5: dd021e0b4d875bef5cd9e430d276da6f
SHA1: 0ed3eb474a8464dd0bda06687416716167c1b430
SHA256: F77E9C3C437FB60D7C126D6BC0EBE382A9195404ECCB974A4CFF99D090157244
File Size: 196.46 KB, 196456 bytes
MD5: 560264959976ed8447259004a92768e0
SHA1: 4df79cf8f94a035d9bc70c4abf44048bb56f0dc8
SHA256: F14504DFEF1BD21A3512E792556DEA9E035268518977CA2C744EF89259224BFF
File Size: 4.37 MB, 4366336 bytes
MD5: b4a222152b13ed88216bf0e42dc00d9f
SHA1: aa0bad05ae5e8df2a573b8adcaa6b2011d4eb407
SHA256: 8EC15E049CBD85AC5788C9E47CDE19E8959FFCEF768B92AA620CDA2DB788113E
File Size: 4.48 MB, 4478464 bytes
MD5: 1bb5f57d08a127a4a71bf72a7a23ef0e
SHA1: a17fbff184eec569a854df3779ae5dcfc5c56ad1
SHA256: 57055BBEDC4BFF3A32EBE1DAB3BD53D16CD3B35AF9340EF192288C07BC0D2B83
File Size: 4.21 MB, 4205568 bytes
MD5: 6a9df3e6ee96971da4bec290eb6c338e
SHA1: 81ea0a3d4a6fa7215693a04af56df22a7b6c445d
SHA256: EB962800F82CAC5CE21CDA0CCA819ACF3B6494CA9FC95B2B8C8FC7199C89DC89
File Size: 4.39 MB, 4388864 bytes
MD5: dae1e5d126e128001f2fb6725c297fa1
SHA1: dba00fb870148e811cb61c3986db4f48990e741a
SHA256: 940567D2A44D06B92E4A2A8A84A68E3413261AC4F28FDD77F8C9365A7D2BF289
File Size: 1.37 MB, 1373897 bytes
MD5: 56fb76f2e6c8b2e7141560a18365506f
SHA1: 40f498a21827135e6af54c23c4d4e6c0141c613b
SHA256: BF28B23028E72389067C496B0309308151A9015FA99957FB42F82267D8EEE310
File Size: 222.57 KB, 222568 bytes
MD5: f9ce8f2e4fa983ccbe83f461df2df040
SHA1: 2c43af02261e30267db1d436bc2d8451a1e29764
SHA256: CEEF98DE2A00034A24E049E740568BB3F964DBC1524063D070F8BDB4CCD6314B
File Size: 3.72 MB, 3719680 bytes
MD5: 886bb225227a54fced31da0454ef23c7
SHA1: e092944da9947c06560bbc4a9e8271329047f047
SHA256: 16BF960C9E314C7C242775E2A63E193DE9AA217CC4AF48F316D385A0FBE0EB36
File Size: 4.65 MB, 4654080 bytes
MD5: b0b856548497bed1cd9c34580dfa6a7a
SHA1: 12164c3cba29af9411ce5ba0dd6d3be3869ac156
SHA256: 3C9427C51FE4E07942C6F3D7BDB52BE84E68ECB5B9DE7446A23EE3665C538FF1
File Size: 7.81 MB, 7812738 bytes
MD5: 05c1c5a68500a7902dc60fd7d763967a
SHA1: f694aed37db94077f10a3a582b41e890dcf5e6c9
SHA256: 2C40E9EB4CFD95FB1E00D301C6535A36C211DBCBED25E6603E09F3896CC8F1D8
File Size: 205.74 KB, 205742 bytes
MD5: 69a36d286479a18abe5bb7afd4d0cb32
SHA1: 1db04580ea6c52f401240425c32e82fd7cdf53e4
SHA256: 903992822E3681E3355E1113319A5F9410041740C68EA877AC134B567247B87F
File Size: 4.24 MB, 4239872 bytes
MD5: c0e2c28fd097119af9ff12f607a7eec1
SHA1: aa70fdb4a657ddb5ccff08e41d233b944e760b06
SHA256: 029AFFAB7866EA2053F342EB7066F43F32D4A4197DB9BEB0336570D929F5573C
File Size: 140.18 KB, 140184 bytes
MD5: 90ce8bead689cffe267946fe5a71c659
SHA1: b0c863653cbd50a0cfa5b7d92189321357b1f9e0
SHA256: D0BBE2E6FBEC634A29B16DBFD6CDCB8D63BA0D23A56B9176A394EEE3D7BFD1B5
File Size: 5.31 MB, 5314560 bytes
MD5: ce8d96ec77de2a139ff8faf8c8e09187
SHA1: d272ceedb082c698a93ce1ddc4418d546a03b6e0
SHA256: 90A137E2770C1EBF20A6908E39C9B7C5493AC81ECD2D3EC148160AD8DB217678
File Size: 147.83 KB, 147834 bytes
MD5: 8c14228144fd991989870cf866b315de
SHA1: 58dd2c6ea0a0b63cc93500bfa0221a1ae54eeda7
SHA256: 9C7FC18F1A7E95AEC5A8941D23C89833B9A739B895000437ED85D8DF4A8175C5
File Size: 570.45 KB, 570447 bytes
MD5: 069135ea83ec3b724b9c0a4675e6646d
SHA1: 13e8fa2b011f09151c8cf2c5e8a51a58e0f1a10b
SHA256: 0C48432732339BAE2B7D8C33417D9F598059792D747046DBE55B2ADD49BCFA41
File Size: 3.80 MB, 3804160 bytes
MD5: fcf28dc4313de651ae322030ecdf146d
SHA1: 95b96a5229252c29fdba03fea68df6bdfc8d5f21
SHA256: 20CA6ECAEBEC5A233651059F4024EC4C66881CDCC34755BE22A0C53D29E90959
File Size: 9.76 MB, 9763720 bytes
MD5: bffe49795e13814d608c956561fd2668
SHA1: 1015213c02b2af2268d35f55056d41977c05bec2
SHA256: C2EB84C1A2FCAF9E5CACD5DE6BB22CBE7D897C224CE3B40C1D7388653AFDEA51
File Size: 5.49 MB, 5489664 bytes
MD5: 87cba180043ee6fe729c371ff1c65318
SHA1: f1b716598cb4504b918d98fe79631e9f17e02520
SHA256: 5CDB261497A6E74E8AAB78FFD4F65D06C558B72DF045A34EC065C56A46256C20
File Size: 336.60 KB, 336600 bytes
MD5: c73168bbfdb1f67cbb2f64c7be2b2e4a
SHA1: 36ab53541277baab3ce7f3c3ed4e768f8c153ba2
SHA256: B99630C2A4A757721B5374C34D694BF546A65DD63F4D0FF4B84C57F06EE6B6E8
File Size: 4.66 MB, 4664832 bytes
MD5: 430190cbd6bbfb3ea216ce9957ab20cb
SHA1: e187dcf4fc12e1b9c34b853bfe705ce0d4bf723a
SHA256: D144F526085A6DA03C155930A26617041A6DC3414427F1559AAA3A55D2B072ED
File Size: 4.18 MB, 4177408 bytes
MD5: 62a19257da5437b589aa3cad755bef7d
SHA1: 67cf30606778921249563b73ad4838c067360d76
SHA256: 6F1CE7EE507DDD3B29F1F4B7A28639096EC64F5A0DF3463C90F71BDD7AF2D740
File Size: 3.63 MB, 3631488 bytes
MD5: 5663d99464c96a2677bf7a37efbead5d
SHA1: 270520e3b3a30232109887213d25972c37677d3d
SHA256: CAB93D088904265378F94B9A3AD7F2F93480B4C3F645BD1627B259F0CFFB5FA8
File Size: 355.74 KB, 355744 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
Show More
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Comments
  • Created with AutoPlay Media Studio
  • This installation was built with Inno Setup.
Company Name
  • Cheat Engine
  • Cheat Engine
  • Dark Byte
  • My Company, Inc.
File Description
  • AutoPlay Application
  • Cheat Engine 6.0 Setup
  • Cheat Engine 6.1 Setup
  • Cheat Engine 6.5.1 Setup
  • Cheat Engine for Xbox 360
  • Cheat Engine v7.6.5
  • EngineGame Installer
  • moto de trampa Setup
  • Patreon check
  • Setup/Uninstall
File Version
  • 51.1052.0.0
  • 51.52.0.0
  • 8.0.1.1
  • 7.6.5.0
  • 7.3.0
  • 6.5.1.1
  • 6.3.0.0
  • 2.0.0.0
  • 1.0.0.0
Internal Name
  • ams_launch
  • Cheat Engine for Xbox 360.exe
  • pcheck
Legal Copyright
  • Cheat Engine
  • Cheat Engine
  • Copyright © XeClutch 2015
  • Runtime Engine Copyright © 2010 Indigo Rose Corporation (www.indigorose.com)
Legal Trademarks AutoPlay Media Studio is a Trademark of Indigo Rose Corporation
Original Filename
  • ams_launch.exe
  • Cheat Engine for Xbox 360.exe
Product Name
  • AutoPlay Media Studio Launcher
  • Cheat Engine
  • Cheat Engine 6.0
  • Cheat Engine 6.1
  • Cheat Engine 6.5.1
  • Cheat Engine 6.7
  • Cheat Engine for Xbox 360
  • Cheat Engine v7.6.5
  • EngineGame
  • moto de trampa
Product Version
  • 26
  • 8.0.1.1
  • 7.6.0.5
  • 7.5.0.0
  • 7.3.0
  • 6.5.1.1
  • 1.0.0.0
  • 0.0.0.1

Digital Signatures

Signer Root Status
Cheat Engine GlobalSign Root Not Trusted
Cheat Engine GlobalSign Hash Mismatch
Cheat Engine EZ GlobalSign Root Not Trusted
Cheat Engine EZ GlobalSign Hash Mismatch
Cheat Engine GlobalSign CodeSigning CA - G2 Self Signed

File Traits

  • .NET
  • 2+ executable sections
  • HighEntropy
  • Inno
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • nosig nsis
  • ntdll
  • Nullsoft Installer
Show More
  • VirtualQueryEx
  • x86

Block Information

Total Blocks: 2,715
Potentially Malicious Blocks: 1
Whitelisted Blocks: 2,643
Unknown Blocks: 71

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? ? 0 0 ? 0 ? 0 0 ? ? ? 0 ? ? 0 0 0 ? ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? 0 ? 0 0 ? ? x ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.FDD
  • Banker.LH
  • Banker.R
  • BestaFera.G
  • Chapak.HBX
Show More
  • CheatEngine.A
  • CobaltStrike.GI
  • CobaltStrike.GIA
  • Delf.AIA
  • Delf.TB
  • Downloader.S
  • Dropper.Delf.C
  • Dropper.Delf.CF
  • Filecoder.FL
  • Injector.AJA
  • Injector.AK
  • Injector.KPD
  • Injector.XD
  • Lumma.GFD
  • MSILZilla.TC
  • Morto.B
  • Parite.P
  • Rozena.XC
  • Rugmi.IA
  • Sheloader.A
  • Softcnapp.N
  • Stealer.KF
  • Trojan.Agent.Gen.VN

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000 Generic Write,Read Attributes
c:\repos\spyhunter5\sandboxtool\builds\releasenologencrypt-win32\injected-win32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\0001396a_rar\56dc63e915f25b28818d29d90ffbb6a86f0da3b8_0003301792 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\0001396a_rar\56dc63e915f25b28818d29d90ffbb6a86f0da3b8_0003301792 Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\000139f7_rar\56dc63e915f25b28818d29d90ffbb6a86f0da3b8_0003301792 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\000139f7_rar\56dc63e915f25b28818d29d90ffbb6a86f0da3b8_0003301792 Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
Show More
c:\users\user\appdata\local\temp\a1d26e2\ab4d1bf017c8.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cetrainers\cet4a53.tmp\cet_archive.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cetrainers\cet4a53.tmp\d23c9fdb422b2db18f70f44c448da72490ad9b41_0004058112 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cetrainers\cet4a53.tmp\extracted\cet_trainer.cetrainer Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet4a53.tmp\extracted\d23c9fdb422b2db18f70f44c448da72490ad9b41_0004058112 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet4a53.tmp\extracted\defines.lua Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet4a53.tmp\extracted\lua5.1-64.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet4c37.tmp\c641d01a6dfb5c10c70352101062806d1fa00cc7_0004867527 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cetrainers\cet4c37.tmp\cet_archive.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cetrainers\cet4c37.tmp\extracted\c641d01a6dfb5c10c70352101062806d1fa00cc7_0004867527 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet4c37.tmp\extracted\cet_trainer.cetrainer Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet4c37.tmp\extracted\defines.lua Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet4c37.tmp\extracted\lua5.1-32.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet4c37.tmp\extracted\win32\dbghelp.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet4ff5.tmp\a28a3752ee90550641cb8274fb3706b1599f73c6_0005055488 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cetrainers\cet4ff5.tmp\cet_archive.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cetrainers\cet4ff5.tmp\extracted\a28a3752ee90550641cb8274fb3706b1599f73c6_0005055488 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet4ff5.tmp\extracted\cet_trainer.cetrainer Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet4ff5.tmp\extracted\defines.lua Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet4ff5.tmp\extracted\lua5.1-32.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet4ff5.tmp\extracted\win32\dbghelp.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet4ff5.tmp\extracted\xmplayer.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\cet_archive.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\advapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\apphelp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\bcryptprimitives.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\cet_trainer.cetrainer Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\clbcatq.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\combase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\comctl32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\comdlg32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\crypt32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\cryptsp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dbghelp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\defines.lua Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\advapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\apphelp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\bcryptprimitives.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\clbcatq.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\combase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\comctl32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\comdlg32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\crypt32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\cryptsp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\dbghelp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\glu32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\imagehlp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\injected-win32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\kernel.appcore.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\lua5.1-32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\msctf.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\msimg32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\msvcp_win.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\msvcrt.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\ole32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\oleaut32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\opengl32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\profapi.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\propsys.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\psapi.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\sechost.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\shcore.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\shell32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\shfolder.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\shlwapi.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\ucrtbase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\version.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\wgdi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\wgdi32full.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\wimm32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\windows.storage.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\wkernel32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\wkernelbase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\wldp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\wntdll.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\wrpcrt4.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\ws2_32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\wsock32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\wuser32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\wuxtheme.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\dll\wwin32u.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\exe\fd44a1b2afcc2ea68171eeacc5479ce0edefdc38_0004423168.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\fd44a1b2afcc2ea68171eeacc5479ce0edefdc38_0004423168 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\fd44a1b2afcc2ea68171eeacc5479ce0edefdc38_0004423168.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\glu32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\hhctrl.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\imagehlp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\injected-win32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\kernel.appcore.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\lua5.1-32.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\lua5.1-32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\msctf.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\msimg32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\msvcp_win.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\msvcrt.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\ocx\hhctrl.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\ole32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\oleaut32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\opengl32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\profapi.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\propsys.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\psapi.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\sechost.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\shcore.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\shell32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\shfolder.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\shlwapi.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\advapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\apphelp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\bcryptprimitives.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\clbcatq.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\combase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\comctl32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\comdlg32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\crypt32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\cryptsp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\dbghelp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\glu32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\imagehlp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\injected-win32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\kernel.appcore.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\lua5.1-32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\msctf.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\msimg32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\msvcp_win.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\msvcrt.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\ole32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\oleaut32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\opengl32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\profapi.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\propsys.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\psapi.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\sechost.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\shcore.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\shell32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\shfolder.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\shlwapi.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\ucrtbase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\version.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\wgdi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\wgdi32full.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\wimm32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\windows.storage.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\wkernel32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\wkernelbase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\wldp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\wntdll.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\wrpcrt4.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\ws2_32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\wsock32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\wuser32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\wuxtheme.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\dll\wwin32u.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\exe\fd44a1b2afcc2ea68171eeacc5479ce0edefdc38_0004423168.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\symbols\ocx\hhctrl.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\ucrtbase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\version.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\wgdi32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\wgdi32full.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\wimm32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\win32\dbghelp.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\windows.storage.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\wkernel32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\wkernelbase.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\wldp.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\wntdll.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\wrpcrt4.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\ws2_32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\wsock32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\wuser32.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\wuxtheme.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\extracted\wwin32u.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cetrainers\cet603a.tmp\fd44a1b2afcc2ea68171eeacc5479ce0edefdc38_0004423168 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cetrainers\cet6098.tmp\364725bb77ec1004e42d83b3cbe66a9e7d3a160a_0006504448 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cetrainers\cet6098.tmp\cet_archive.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cetrainers\cet6098.tmp\extracted\364725bb77ec1004e42d83b3cbe66a9e7d3a160a_0006504448 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet6098.tmp\extracted\cet_trainer.cetrainer Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet6098.tmp\extracted\defines.lua Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet6098.tmp\extracted\lua5.1-32.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet6098.tmp\extracted\speedhack-i386.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet6098.tmp\extracted\win32\dbghelp.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet70ff.tmp\36ab53541277baab3ce7f3c3ed4e768f8c153ba2_0004664832 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cetrainers\cet70ff.tmp\cet_archive.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cetrainers\cet70ff.tmp\extracted\36ab53541277baab3ce7f3c3ed4e768f8c153ba2_0004664832 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet70ff.tmp\extracted\cet_trainer.cetrainer Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet70ff.tmp\extracted\defines.lua Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet70ff.tmp\extracted\lua5.1-32.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet70ff.tmp\extracted\win32\dbghelp.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cetrainers\cet8093.tmp\c4f60bdbbe3241a53ab48c60b7737b9da2394a71_0003739136 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cetrainers\cet8093.tmp\cet_archive.dat Generic Write,Read Attributes

719 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317 ˆ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 ċ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://althawry.org/images/xs.jpghttp://www.careerdesk.org/im RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 ᅕ쒧 RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ǁṯꈣǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\rfc1156agent\currentversion\parameters::trappolltimemillisecs RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
Keyboard Access
  • GetAsyncKeyState
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
Network Winsock2
  • WSAStartup
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAdjustPrivilegesToken
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
Show More
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFindAtom
  • ntdll.dll!NtFlushBuffersFile
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBSection
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetDCObject

64 additional items are not displayed above.

Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Process Terminate
  • TerminateProcess

Shell Command Execution

C:\Users\Koafjwgx\AppData\Local\Temp\cetrainers\CET4FF5.tmp\a28a3752ee90550641cb8274fb3706b1599f73c6_0005055488 "C:\Users\Koafjwgx\AppData\Local\Temp\cetrainers\CET4FF5.tmp\a28a3752ee90550641cb8274fb3706b1599f73c6_0005055488" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Koafjwgx\AppData\Local\Temp\cetrainers\CET4FF5.tmp\extracted\a28a3752ee90550641cb8274fb3706b1599f73c6_0005055488 "C:\Users\Koafjwgx\AppData\Local\Temp\cetrainers\CET4FF5.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fd9838eaaa6bdd4c19d3028dbb2d1b527d80549d_0000287512.,LiQMAxHB
C:\Users\Shixowjg\AppData\Local\Temp\cetrainers\CET4C37.tmp\c641d01a6dfb5c10c70352101062806d1fa00cc7_0004867527 "C:\Users\Shixowjg\AppData\Local\Temp\cetrainers\CET4C37.tmp\c641d01a6dfb5c10c70352101062806d1fa00cc7_0004867527" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Shixowjg\AppData\Local\Temp\cetrainers\CET4C37.tmp\extracted\c641d01a6dfb5c10c70352101062806d1fa00cc7_0004867527 "C:\Users\Shixowjg\AppData\Local\Temp\cetrainers\CET4C37.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
Show More
C:\Users\Jwvmlgnq\AppData\Local\Temp\cetrainers\CET4A53.tmp\d23c9fdb422b2db18f70f44c448da72490ad9b41_0004058112 "C:\Users\Jwvmlgnq\AppData\Local\Temp\cetrainers\CET4A53.tmp\d23c9fdb422b2db18f70f44c448da72490ad9b41_0004058112" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Jwvmlgnq\AppData\Local\Temp\cetrainers\CET4A53.tmp\extracted\d23c9fdb422b2db18f70f44c448da72490ad9b41_0004058112 "C:\Users\Jwvmlgnq\AppData\Local\Temp\cetrainers\CET4A53.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\Users\Ioumpljy\AppData\Local\Temp\cetrainers\CETCB81.tmp\8b552cffc6f252cf4b21b0ad1d73d52b48d676e6_0003685888 "C:\Users\Ioumpljy\AppData\Local\Temp\cetrainers\CETCB81.tmp\8b552cffc6f252cf4b21b0ad1d73d52b48d676e6_0003685888" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Ioumpljy\AppData\Local\Temp\cetrainers\CETCB81.tmp\extracted\8b552cffc6f252cf4b21b0ad1d73d52b48d676e6_0003685888 "C:\Users\Ioumpljy\AppData\Local\Temp\cetrainers\CETCB81.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\Users\Zteduukn\AppData\Local\Temp\cetrainers\CET8093.tmp\c4f60bdbbe3241a53ab48c60b7737b9da2394a71_0003739136 "C:\Users\Zteduukn\AppData\Local\Temp\cetrainers\CET8093.tmp\c4f60bdbbe3241a53ab48c60b7737b9da2394a71_0003739136" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Zteduukn\AppData\Local\Temp\cetrainers\CET8093.tmp\extracted\c4f60bdbbe3241a53ab48c60b7737b9da2394a71_0003739136 "C:\Users\Zteduukn\AppData\Local\Temp\cetrainers\CET8093.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\Users\Gbjuquec\AppData\Local\Temp\cetrainers\CET6098.tmp\364725bb77ec1004e42d83b3cbe66a9e7d3a160a_0006504448 "C:\Users\Gbjuquec\AppData\Local\Temp\cetrainers\CET6098.tmp\364725bb77ec1004e42d83b3cbe66a9e7d3a160a_0006504448" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Gbjuquec\AppData\Local\Temp\cetrainers\CET6098.tmp\extracted\364725bb77ec1004e42d83b3cbe66a9e7d3a160a_0006504448 "C:\Users\Gbjuquec\AppData\Local\Temp\cetrainers\CET6098.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\Users\Izfzqapo\AppData\Local\Temp\cetrainers\CETAB70.tmp\bb371276522e2193c7821875040ec20a9f578d57_0004310016 "C:\Users\Izfzqapo\AppData\Local\Temp\cetrainers\CETAB70.tmp\bb371276522e2193c7821875040ec20a9f578d57_0004310016" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Izfzqapo\AppData\Local\Temp\cetrainers\CETAB70.tmp\extracted\bb371276522e2193c7821875040ec20a9f578d57_0004310016 "C:\Users\Izfzqapo\AppData\Local\Temp\cetrainers\CETAB70.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\Users\Nrkegzsx\AppData\Local\Temp\cetrainers\CET603A.tmp\fd44a1b2afcc2ea68171eeacc5479ce0edefdc38_0004423168 "C:\Users\Nrkegzsx\AppData\Local\Temp\cetrainers\CET603A.tmp\fd44a1b2afcc2ea68171eeacc5479ce0edefdc38_0004423168" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Nrkegzsx\AppData\Local\Temp\cetrainers\CET603A.tmp\extracted\fd44a1b2afcc2ea68171eeacc5479ce0edefdc38_0004423168 "C:\Users\Nrkegzsx\AppData\Local\Temp\cetrainers\CET603A.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d2caee075719b2e7ee75e74bdf2908d0e84adfaf_0000140696.,LiQMAxHB
C:\Users\Zpvnvxzw\AppData\Local\Temp\cetrainers\CETBAC9.tmp\013af6935561fbbe4ad7118f5be4272a082b337d_0003838464 "C:\Users\Zpvnvxzw\AppData\Local\Temp\cetrainers\CETBAC9.tmp\013af6935561fbbe4ad7118f5be4272a082b337d_0003838464" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Zpvnvxzw\AppData\Local\Temp\cetrainers\CETBAC9.tmp\extracted\013af6935561fbbe4ad7118f5be4272a082b337d_0003838464 "C:\Users\Zpvnvxzw\AppData\Local\Temp\cetrainers\CETBAC9.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\Users\Fclsjijm\AppData\Local\Temp\cetrainers\CETB849.tmp\4df79cf8f94a035d9bc70c4abf44048bb56f0dc8_0004366336 "C:\Users\Fclsjijm\AppData\Local\Temp\cetrainers\CETB849.tmp\4df79cf8f94a035d9bc70c4abf44048bb56f0dc8_0004366336" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Fclsjijm\AppData\Local\Temp\cetrainers\CETB849.tmp\extracted\4df79cf8f94a035d9bc70c4abf44048bb56f0dc8_0004366336 "C:\Users\Fclsjijm\AppData\Local\Temp\cetrainers\CETB849.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\Users\Wqobkqnz\AppData\Local\Temp\cetrainers\CETFA9E.tmp\aa0bad05ae5e8df2a573b8adcaa6b2011d4eb407_0004478464 "C:\Users\Wqobkqnz\AppData\Local\Temp\cetrainers\CETFA9E.tmp\aa0bad05ae5e8df2a573b8adcaa6b2011d4eb407_0004478464" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Wqobkqnz\AppData\Local\Temp\cetrainers\CETFA9E.tmp\extracted\aa0bad05ae5e8df2a573b8adcaa6b2011d4eb407_0004478464 "C:\Users\Wqobkqnz\AppData\Local\Temp\cetrainers\CETFA9E.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\Users\Oexkdysl\AppData\Local\Temp\cetrainers\CET9559.tmp\a17fbff184eec569a854df3779ae5dcfc5c56ad1_0004205568 "C:\Users\Oexkdysl\AppData\Local\Temp\cetrainers\CET9559.tmp\a17fbff184eec569a854df3779ae5dcfc5c56ad1_0004205568" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Oexkdysl\AppData\Local\Temp\cetrainers\CET9559.tmp\extracted\a17fbff184eec569a854df3779ae5dcfc5c56ad1_0004205568 "C:\Users\Oexkdysl\AppData\Local\Temp\cetrainers\CET9559.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\Users\Dzsmclkv\AppData\Local\Temp\cetrainers\CETA9D7.tmp\81ea0a3d4a6fa7215693a04af56df22a7b6c445d_0004388864 "C:\Users\Dzsmclkv\AppData\Local\Temp\cetrainers\CETA9D7.tmp\81ea0a3d4a6fa7215693a04af56df22a7b6c445d_0004388864" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Dzsmclkv\AppData\Local\Temp\cetrainers\CETA9D7.tmp\extracted\81ea0a3d4a6fa7215693a04af56df22a7b6c445d_0004388864 "C:\Users\Dzsmclkv\AppData\Local\Temp\cetrainers\CETA9D7.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\Users\Hmjbbgsi\AppData\Local\Temp\cetrainers\CETBBE3.tmp\2c43af02261e30267db1d436bc2d8451a1e29764_0003719680 "C:\Users\Hmjbbgsi\AppData\Local\Temp\cetrainers\CETBBE3.tmp\2c43af02261e30267db1d436bc2d8451a1e29764_0003719680" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Hmjbbgsi\AppData\Local\Temp\cetrainers\CETBBE3.tmp\extracted\2c43af02261e30267db1d436bc2d8451a1e29764_0003719680 "C:\Users\Hmjbbgsi\AppData\Local\Temp\cetrainers\CETBBE3.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\Users\Ddpxlagl\AppData\Local\Temp\cetrainers\CETA718.tmp\e092944da9947c06560bbc4a9e8271329047f047_0004654080 "C:\Users\Ddpxlagl\AppData\Local\Temp\cetrainers\CETA718.tmp\e092944da9947c06560bbc4a9e8271329047f047_0004654080" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Ddpxlagl\AppData\Local\Temp\cetrainers\CETA718.tmp\extracted\e092944da9947c06560bbc4a9e8271329047f047_0004654080 "C:\Users\Ddpxlagl\AppData\Local\Temp\cetrainers\CETA718.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
"C:\Users\Ikstxsnt\AppData\Local\Temp\is-EILR3.tmp\12164c3cba29af9411ce5ba0dd6d3be3869ac156_0007812738.tmp" /SL5="$5032C,7365161,121344,c:\users\user\downloads\12164c3cba29af9411ce5ba0dd6d3be3869ac156_0007812738"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f694aed37db94077f10a3a582b41e890dcf5e6c9_0000205742.,LiQMAxHB
C:\Users\Zvaqoupn\AppData\Local\Temp\cetrainers\CETA7E3.tmp\b0c863653cbd50a0cfa5b7d92189321357b1f9e0_0005314560 "C:\Users\Zvaqoupn\AppData\Local\Temp\cetrainers\CETA7E3.tmp\b0c863653cbd50a0cfa5b7d92189321357b1f9e0_0005314560" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Zvaqoupn\AppData\Local\Temp\cetrainers\CETA7E3.tmp\extracted\b0c863653cbd50a0cfa5b7d92189321357b1f9e0_0005314560 "C:\Users\Zvaqoupn\AppData\Local\Temp\cetrainers\CETA7E3.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
"C:\Users\Golhzzlo\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=c:\users\user\downloads\
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\58dd2c6ea0a0b63cc93500bfa0221a1ae54eeda7_0000570447.,LiQMAxHB
"C:\Users\Fxetyejh\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:c:\users\user\downloads\95b96a5229252c29fdba03fea68df6bdfc8d5f21_0009763720"
C:\Users\Urxbugsj\AppData\Local\Temp\cetrainers\CETBBA4.tmp\1015213c02b2af2268d35f55056d41977c05bec2_0005489664 "C:\Users\Urxbugsj\AppData\Local\Temp\cetrainers\CETBBA4.tmp\1015213c02b2af2268d35f55056d41977c05bec2_0005489664" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Urxbugsj\AppData\Local\Temp\cetrainers\CETBBA4.tmp\extracted\1015213c02b2af2268d35f55056d41977c05bec2_0005489664 "C:\Users\Urxbugsj\AppData\Local\Temp\cetrainers\CETBBA4.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f1b716598cb4504b918d98fe79631e9f17e02520_0000336600.,LiQMAxHB
C:\Users\Mwulgztv\AppData\Local\Temp\cetrainers\CET70FF.tmp\36ab53541277baab3ce7f3c3ed4e768f8c153ba2_0004664832 "C:\Users\Mwulgztv\AppData\Local\Temp\cetrainers\CET70FF.tmp\36ab53541277baab3ce7f3c3ed4e768f8c153ba2_0004664832" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Mwulgztv\AppData\Local\Temp\cetrainers\CET70FF.tmp\extracted\36ab53541277baab3ce7f3c3ed4e768f8c153ba2_0004664832 "C:\Users\Mwulgztv\AppData\Local\Temp\cetrainers\CET70FF.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\Users\Vjgyznke\AppData\Local\Temp\cetrainers\CETA228.tmp\e187dcf4fc12e1b9c34b853bfe705ce0d4bf723a_0004177408 "C:\Users\Vjgyznke\AppData\Local\Temp\cetrainers\CETA228.tmp\e187dcf4fc12e1b9c34b853bfe705ce0d4bf723a_0004177408" -ORIGIN:"c:\users\user\downloads\"
C:\Users\Vjgyznke\AppData\Local\Temp\cetrainers\CETA228.tmp\extracted\e187dcf4fc12e1b9c34b853bfe705ce0d4bf723a_0004177408 "C:\Users\Vjgyznke\AppData\Local\Temp\cetrainers\CETA228.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:c:\users\user\downloads\"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\270520e3b3a30232109887213d25972c37677d3d_0000355744.,LiQMAxHB

Related Posts

Trending

Most Viewed

Loading...