Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.ChinAd

PUP.ChinAd

By Domesticus in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank: 519
Threat Level: 80 % (High)
Infected Computers: 284,734
First Seen: October 22, 2013
Last Seen: February 7, 2026
OS(es) Affected: Windows

PUP.ChinAd is a potentially unwanted application that may show random or its own advertisements on well-known social networking and online shopping websites frequently visited by Internet users. The advertisements of PUP.ChinAd may be shown as boxes that include numerous coupons, or as underlined keywords, which when clicked may illustrate a pop-up ad that claims it is brought to the computer user by PUP.ChinAd. PUP.ChinAd may insert an unwanted add-on, plug-in or extension for Mozilla Firefox, Google Chrome, and Internet Explorer while the PC user is downloading and installing other free software products. When the PC user installs these free software products, he may also install PUP.ChinAd on the computer system. When installed, SPUP.ChinAd may illustrate an icon 'See Similar' next to the product image on various online shopping websites. PUP.ChinAd may also deliver coupons, deals, and/or other services on the relevant product websites. Sometimes, by clicking on a delivered offer, the computer user may get diverted to the suspicious commercial website, which was created by cybercrooks to possibly raise traffic and benefit from the pay-per-click technique.

SpyHunter Detects & Remove PUP.ChinAd

File System Details

PUP.ChinAd may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. 555.exe 4b8c85f0e781fd990afdd561169f0f1a 118
2. 88518b16abdae9f65dcdda44588bc060826e90dd40ba58abeec55397bce85167 5c1e55872eee347aab9986cebd50e352 87
3. raffle.exe 663fbf2a248971ea69c6234480a4bdcb 29
4. DreamScreen.scr 719e1b98d3255693303adf38abbf0cd6 24
5. RlDateSet.exe 3f73a23886f2109e11882f5a600d3c24 5
More files

Registry Details

PUP.ChinAd may create the following registry entry or registry entries:
CLSID
{7237A7B9-A57A-47F7-AA32-542848F408E1}
{97510FAC-ED50-46BF-B2A1-25F434BF1030}
Regexp file mask
%WINDIR%\system32\drivers\lanmamaster.sys
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Classes\DongFangImeDictFile
SOFTWARE\Classes\DongFangImeSkinFile
SOFTWARE\DongFang
SOFTWARE\DongFangInput
SOFTWARE\DongFangService
SOFTWARE\Google\Chrome\NativeMessagingHosts\com.haitao.chrome.namsg.ht1hao
SOFTWARE\TXlTb2Z0
Software\WanNengWB
SOFTWARE\WanNengWBInput
SOFTWARE\WanNengWBService
Software\WanNengZip
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
万能五笔内置版
万能压缩
东方输入法

Directories

PUP.ChinAd may create the following directory or directories:

%ALLUSERSPROFILE%\DreamScreen
%ALLUSERSPROFILE%\ailiaoweb
%APPDATA%\DreamScreen
%APPDATA%\Microsoft\Windows\Start Menu\Programs\HT1H
%APPDATA%\TravelCheap
%APPDATA%\calfwallpaper
%APPDATA%\fwsrv
%APPDATA%\haotukankan
%APPDATA%\jyzip
%APPDATA%\lehold
%APPDATA%\ptsandf
%COMMONPROGRAMFILES%\dongfanginput
%COMMONPROGRAMFILES(X86)%\dongfanginput
%HOMEDRIVE%\beloved521
%LOCALAPPDATA%\haotukankan
%LOCALAPPDATA%\htyh
%PROGRAMFILES%\WanNengWBInput
%PROGRAMFILES%\ZHPDFReader
%PROGRAMFILES%\bianya
%PROGRAMFILES%\bianya2
%PROGRAMFILES%\dongfanginput
%PROGRAMFILES%\fastwifi
%PROGRAMFILES%\flushcopy
%PROGRAMFILES%\gmbox
%PROGRAMFILES%\kbox
%PROGRAMFILES%\mainexe
%PROGRAMFILES%\pandapdf
%PROGRAMFILES%\puddingzip
%PROGRAMFILES%\scwbwordsvc
%PROGRAMFILES%\scwordsvc
%PROGRAMFILES%\worthyshop
%PROGRAMFILES(x86)%\WanNengWBInput
%PROGRAMFILES(x86)%\ZHPDFReader
%PROGRAMFILES(x86)%\ailiao
%PROGRAMFILES(x86)%\bianya
%PROGRAMFILES(x86)%\bianya2
%PROGRAMFILES(x86)%\dongfanginput
%PROGRAMFILES(x86)%\fastwifi
%PROGRAMFILES(x86)%\flushcopy
%PROGRAMFILES(x86)%\gmbox
%PROGRAMFILES(x86)%\kbox
%PROGRAMFILES(x86)%\mainexe
%PROGRAMFILES(x86)%\pandapdf
%PROGRAMFILES(x86)%\puddingzip
%PROGRAMFILES(x86)%\scwbwordsvc
%PROGRAMFILES(x86)%\scwordsvc
%PROGRAMFILES(x86)%\worthyshop
%PROGRAMFILES(x86)%\xsqxz
%USERPROFILE%\Local Settings\Application Data\htyh
%UserProfile%\Local Settings\Application Data\haotukankan
%appdata%\EverydayWallpaper
%appdata%\commander
%appdata%\fpsmaste
%appdata%\fypdfconvert
%appdata%\inkmgsrv
%appdata%\jisusearch
%appdata%\jjsciktynotes
%appdata%\kaobeitu
%appdata%\lpsrvrt
%appdata%\nvsofthelpex
%appdata%\qiaozip
%appdata%\qiaozipzhuomianup
%appdata%\screenocr
%appdata%\secondsearch
%appdata%\seenstamine
%appdata%\smartdesktop
%appdata%\webappplugin
%appdata%\xbpic
%appdata%\xbpicviewer
%appdata%\xfpdf
%homedrive%\wannengwbinput
%localappdata%\qiaozip
%temp%\fmpskin
%windir%\SysWOW64\IME\WanNengWB
%windir%\System32\IME\WanNengWB

Analysis Report

General information

Family Name: Trojan.ChinAd
Signature status: Hash Mismatch

Known Samples

MD5: 13b994de2f9cc6ebf1e0cb19ad5284e5
SHA1: 4b29094bfe58c428e226a99a47957760440e6497
File Size: 1.47 MB, 1473280 bytes
MD5: b4f36dc62993e75bad4d2dd61d45466f
SHA1: c78f4e469b26b1864c770f1348e4bd88e8676328
File Size: 2.04 MB, 2035288 bytes
MD5: 0559860f516630a90aed43b5176c2b28
SHA1: 13acbb5d0105b2df43b1686b44f6c02a48a87740
File Size: 197.20 KB, 197200 bytes
MD5: d108dee3fb3a9e1f679c69e66d800d0e
SHA1: 54a3c4f01d5f4f0663451b6548f9cfe981da8877
File Size: 9.49 MB, 9491217 bytes
MD5: 0ab2338c82040203a8b2b7176e96859f
SHA1: 70bc31fb88022615bd4c86f8adab3c7a97025c20
SHA256: 186D9D7E86ED23710912B15688A5DBCF573096BD51597C0ECBFBF2900D6F0082
File Size: 383.87 KB, 383872 bytes
Show More
MD5: 3ca5e556afa0592215deb13fb90ed6f8
SHA1: 7de0a90d1f4c2b71f89473c2974b4e49799b957e
SHA256: 7C010D1DA560FCAFF5DE0636F67CCA3A83C7170F412A65242493BFD81F9C9996
File Size: 2.02 MB, 2023680 bytes
MD5: db137ba3e30bb948318a24e17cab0662
SHA1: 372ad42dd4b2a7b837b56759e1f1195e4d3ef06b
SHA256: 2951C14C1EDFE916EDBD7B31853E0514CFC1C109DC4F2F3357419E8ED54C87A1
File Size: 435.54 KB, 435544 bytes
MD5: 516a6c924161a76bd758ee4bd8864485
SHA1: e127b71b611390e8fcf2072210f5ae1ad788facc
SHA256: F2CE7ACBF39DC3B14F058C1FA08C9922BBF2ECE9A78F5F99D0C84931C580F722
File Size: 733.34 KB, 733344 bytes
MD5: 9058c3d60535ae38f9f56808e740c7b7
SHA1: 48c6316ae884a1848d1bdbeaa1c8cc8020813d27
SHA256: 38E2002F1E6DC8304E0EC846E4DAE003ECCF3206F64A520E1E98C30D651E60E1
File Size: 585.22 KB, 585216 bytes
MD5: 73f37bfdc98937370137f04c3ad651c2
SHA1: 8072fcb43aaef2804b63298250b2631de107b3f4
SHA256: B47D7AB96C6199062E1B09E914995BBF4BABC01F3EE95864D1E45601BB9D208D
File Size: 749.80 KB, 749800 bytes
MD5: d99525c366c60547a055a153ad55ceac
SHA1: 97dc5965fe7a2e6a9a201d6c19540141b42508f1
SHA256: F92F857F2C9E437E26A566C08AB7BB33263CF213798022ABE750B459F75F2DD9
File Size: 2.72 MB, 2719351 bytes
MD5: b605effcf237bbcb471bbe6144d23db4
SHA1: 027edaf75cdf832a90d70655e92ad41c623fa547
SHA256: A36E0E184C63A9704B60284315BF663A9231AC573CEAA4A91FF88FCB7F5FB91E
File Size: 3.67 MB, 3666816 bytes
MD5: 9ecb5a07e8de0783c8c0a5cdeb2d800d
SHA1: 7150e83b7add1e2ea13687b3fc94499d4a5e9c60
SHA256: 4C082E27D0B7490CB69733FFA376A58E833433E9A2ECE1524B1A4B9AE725A6F2
File Size: 883.62 KB, 883616 bytes
MD5: 2fe2f37b4c484611f7e3c122c2621142
SHA1: 008511489c3ef547e2cc2a1a4bda67cdf693ce98
SHA256: CB1F12DE2A17BD2778458004D8C4F739EE2501F575A23C0E158531B023FF242A
File Size: 2.60 MB, 2603840 bytes
MD5: 53b831f23800f31923bc327b5eec138e
SHA1: 4cfc83a8be6a062cc58e5cb0dd25edb26ae124c7
SHA256: F8B1656AB6B5FFEF63A4BE6E2D4B8920511A6D7B53A86AD6BE1C1D495A2B5569
File Size: 4.89 MB, 4893096 bytes
MD5: ebc1183fa5b6515ead95a0e3d4da4de3
SHA1: f83f835c4f1ae04e0f5cc61c05593f05a772b1b7
SHA256: A2A06A352DEB6260E64E0C0A9C23BA823F996C0FE3F5A42C9F9752E89F5E2887
File Size: 5.58 MB, 5577496 bytes
MD5: 0206396c5d0723942599dcb015ceaa97
SHA1: f88b2d6f4c409642c304f4b801dec5c11ad9fd5b
SHA256: 45DA71AB34459DB16F192A0354F9954AA5CA02A662CAC32B3BCAD107B2024544
File Size: 2.02 MB, 2023680 bytes
MD5: bde13c5352d4d8c5f53979c928319cd0
SHA1: f44263bfd55f3d835741e1b57a9beb0f9beb6f82
SHA256: D40DA57283CEDEC91C69FC9F49053B7A46AA316F522FCB5A9E9939599611E7B7
File Size: 30.21 KB, 30208 bytes
MD5: 34f6345d0de4cb1c5edc560e66add3ea
SHA1: c62ffb283d66da350667223aa69276209d230289
SHA256: 14790765E6BA48B9E634CF921FB863D88958403E512382A92B9239C360E380A5
File Size: 351.42 KB, 351424 bytes
MD5: 92de8d9d66c81c58b968d289615047be
SHA1: 031c4d478b4483467dbde00fd7df523c62e126d7
SHA256: F86C1273D471AAB66D4E1DF39311B19AB95CCB0AA5AD1CC4E2B23DA648A4F815
File Size: 4.76 MB, 4763792 bytes
MD5: 2a9344857259ac63f1dcc510d7f615ff
SHA1: dec4145d6158b5deab493c4771b1c306d39c02c4
SHA256: E6C7CAE2C344D00ACF69E4491F8D050E09FEB1FC2E8F5D360A245D6B2D4CC4AA
File Size: 2.09 MB, 2091960 bytes
MD5: a06731e83b46efd458474c81708bc794
SHA1: 77ccb21447ddb45dd6bdebc10f82770e89ee3ded
SHA256: EDB58171256F45C0F4B6295AE71AA0587A6F178C8355A1BE3165A90E9B988E21
File Size: 1.54 MB, 1538960 bytes
MD5: 45b2fb7d0db70157851fda33020978c2
SHA1: 3d89c906e36d04468acc78430bb00da6ab52d4f4
SHA256: EF29720400DAECA2C20A90FB29CEB53DC1537F686FC83962E9CB75B10E4B249E
File Size: 895.06 KB, 895056 bytes
MD5: 1eae2b7b7d0689f588d7a9d33f299500
SHA1: c1d8b591952d4f06f372c897d8ecf749686fddeb
SHA256: 62CBB2764389683E1589C6E0A9FDB562C01D9683797C6DF071F3614B23D271AB
File Size: 3.52 MB, 3519243 bytes
MD5: 91abe6aa4b59279b97875f54635a5827
SHA1: fa1e99279b185a0b9ac276f8ff2c42b722bc2600
SHA256: F6796391894FABAE5D9E1FB92B32D014F403D22CA9491C45B2A6D3A6782B071B
File Size: 5.38 MB, 5383168 bytes
MD5: cd26b94b12562a56f3f9e49860383039
SHA1: f6d08125b5b3f478de2749708f31e273b1a694b0
SHA256: 8F0A8DC814CB68ABFE786A4D6317BBF7DA0D3764B9C8E76CBBEED105EA9BE15C
File Size: 2.00 MB, 1995672 bytes
MD5: b31a3e127de35f27ecf9fb020cb3620d
SHA1: c37f60a3ee9eb00a18794605e11054f7e4f43811
SHA256: B47FCA6087D25D9DBCB5C8306076501A19E526FBE8B0906A07D1517443905FCE
File Size: 883.62 KB, 883616 bytes
MD5: 61344da9d84b4c76fefedd2fdc948460
SHA1: e3b461f7603363c8bc84a7d7970749c50610a1a8
SHA256: 423A64653E711A29D1AD8ED13EAA83D05CD973596731696C830FDC3A50CF13C1
File Size: 274.69 KB, 274689 bytes
MD5: 2bd19e3b1e3ecf3bb88fe1486b5ec472
SHA1: 07313851aed934dfa4895769a72ff1769425c595
SHA256: 09F261A8ACFACE19BCB73C3BBE8DE2B9CC6A166324067DFB15B600A63A20D340
File Size: 2.04 MB, 2035408 bytes
MD5: dc08cb9d4e1ed50c299816b066fad7ed
SHA1: e82ff3fc3a325a9b86d0c81d1bb48c4ef2fa9802
SHA256: DFDDB3DE7DFC5C6BEB3846A631452F1B3814A3478566AF446CDFA6E510137EC1
File Size: 2.12 MB, 2115792 bytes
MD5: fc312e9c2a8d0d42bad370076980f221
SHA1: 5fb16b78cc9006006787b828154fce5a0bedb86b
SHA256: 1E779D097EB6A3FA6442D9119D933A1A9A63DD139E15DBC1220A64F2FEA73848
File Size: 443.90 KB, 443904 bytes
MD5: 3d04f24227accc4022ad5cdd0208f28e
SHA1: fab4366f11158e9dd33602d6f4e1e6d0f7dad211
SHA256: C4B0531398B4B0251858BF576A2478B2BB15CCFF0E98BE9A3AC8583EE04D1EDC
File Size: 2.80 MB, 2800552 bytes
MD5: a8ef92d41884bfb3d19ae964c9e7f911
SHA1: 7d414a41b5f253b72c0a29af8223cc6a9fa86ea1
SHA256: 65500E6C3669E58EEE490E80BEB4BEB6DF26318763C206A63B0874C7D8CC3CD3
File Size: 8.96 MB, 8956512 bytes
MD5: 0aea25c5a5b388708b1e6c2d9c4b12a4
SHA1: a3f93a21362a65b0a378bc02a2540a8e178dbae5
SHA256: 17EF62E5A055077BD97768A9550BD35C53E11D56A66C0D1BE664DD128AC5C9AB
File Size: 542.78 KB, 542776 bytes
MD5: a4c0322274bfcb3fc7f83093b205b30e
SHA1: 17ec1bfa82e0b6524e847c3572b8859e58c19497
SHA256: 0D0276569B6BCAEC07B65FBE316A23CE6B75CCBE3D97D9F25DD4C02195AD14DC
File Size: 763.77 KB, 763768 bytes
MD5: 5023cf9f993c5939a8c76c65c5a115fe
SHA1: cbbe943653f1b23ff61f487f1f1ef905670b5bb1
SHA256: 29AC36ECC93AEDA79579807939166FA46F908C3822149B6E7E0D6086C6CE8DAE
File Size: 5.02 MB, 5023463 bytes
MD5: c0f222571d774a69528b8c2151f62d78
SHA1: d4c4197df6c6b58955ed1eb49a01170f705a3e1d
SHA256: 5F9F0DB0B0F154BAEC01DCEB5C8C21031EEBC97E3BB29DFEE2DD730A5A4D9433
File Size: 2.69 MB, 2686032 bytes
MD5: 47290bcce15463844290fda599512877
SHA1: ae61da461c0319e4599235642b82a53a7d084537
SHA256: 3072F5A0F4CDA89826AF31B5AE14B07C6C49FF0F1D17701623F9135FBC172C89
File Size: 657.44 KB, 657440 bytes
MD5: 476b05e2e8b27a15bfc7136944175464
SHA1: 317fc54c10c8b9265465a31b50620745cbdd8a08
SHA256: 2F5769823E760D42B9A330CE58F2B8CDA83440DCB8BD6AE96F738D4C359EC5D7
File Size: 2.10 MB, 2104896 bytes
MD5: e340c6a6f7b58f84d192382fadb0e1f8
SHA1: c2fc020f054e18e02621fc640d193ede800dbf94
SHA256: 1D85E5128D96053606B0ADEE99218E951C1A17F751AAA12787DC6FF2B1A756BA
File Size: 2.38 MB, 2384888 bytes
MD5: 5911c9587c041e4e84df66d3db8c710f
SHA1: 0a1fb5d1da5b4ad30abee961ca790406b966bd92
SHA256: 4891D23BC151E5C06A32F084532A7C325EDEB34AC78375079A8F53DCB28B609B
File Size: 2.45 MB, 2450032 bytes
MD5: 05b766bc0bbde2a2b49242ca4e7a9b3d
SHA1: cfef816b231c60ce525c2c478fce5fc3807cbede
SHA256: 600DA9EC88FAD93A11E494F1732EE5654B1F88AD440694E9D3665EF8F3CA73B5
File Size: 77.82 KB, 77824 bytes
MD5: e8ee5ecfa4ac2b12d1d1d386e2530cfd
SHA1: 6c6be245a51cb0083e6fd81377df76d2f6a1430f
SHA256: 1D9CEE5514913E430CCD5A54C2E99EDE48FEE9A13D9425260DAAECC8144CA864
File Size: 5.63 MB, 5633320 bytes
MD5: f714a871afb7ff5025a7bb7ef005563c
SHA1: 7118bd7cf354a97c021a83045865ad837cadca9a
SHA256: A03AD8350D1A282AF4FDE17EF264B79367E672798FC2F4A4C743890AE73C1BE7
File Size: 5.83 MB, 5827845 bytes
MD5: c3851fb793ce66a2e43ddc3e39fd2175
SHA1: 7208823784ad8dd54effd4d35ba4ed6dd9c5b6f6
SHA256: 6B689904869A94D62DD7891479EB1EC29980FDE10360ED5E2853C9D025951530
File Size: 2.02 MB, 2024512 bytes
MD5: 2cb2f56612a879b83a0402e23f731e2c
SHA1: 23be9348c3f0d790a2ee63c5d94431be75571437
SHA256: EEA4730275FDD295E97B94822D6C63110FD42FB7A925798DE67B3E00D8EA5BB7
File Size: 5.04 MB, 5035656 bytes
MD5: cdf570e2415bb1e4c07a1360b548eb3e
SHA1: 0debae1aa338b52b65af0bc2edbcb1e19b1b0033
SHA256: 003CF880AFA745AF00D74F139047D351126F1E556897607E2FC0723FD85B3280
File Size: 481.70 KB, 481704 bytes
MD5: ce7407a96557dc0428ebce98edb97d12
SHA1: b032e43b791884a9b346715a8e1c06fd889ab03c
SHA256: B6019435CB4C49EEBBF86C9DB7D5D77346123B727B86248B37CDC6CD536724BF
File Size: 9.33 MB, 9327881 bytes
MD5: bd9aa1e0ade01356615b808bb2fbe610
SHA1: 3881612d6b176f2a5502e0020262ca74dbcaf230
SHA256: CF6B3C1BE79AF851D00A84C66D7BEF3D5058052F11FDB9883EB74690684FF244
File Size: 2.58 MB, 2580240 bytes
MD5: af836a7e2a6c9ed36ed0fcdf6a7c9845
SHA1: 7f7f0539f0287e8cecda2eee93195a9c20bb1759
SHA256: BF58A293F0430954DC11517F7BA075AECFB1D55802AEE398968620765CAE1143
File Size: 798.90 KB, 798901 bytes
MD5: 1de4a907a3895a4d4ac0a9383190d40e
SHA1: db0b73fba2f2a57d07fd551c2374a865787cd020
SHA256: DD3A7D991A66B27C566B142E3236112091D2AA964BF6B0B8E1994D14E1AA8936
File Size: 492.30 KB, 492296 bytes
MD5: a5ee795648e5cc78022ee82b8dc04d1f
SHA1: 7470348d2a7f3ca025b1e3af15a2f423759bd956
SHA256: 20D7F2F45D262004E6D70E4D651F28EBE17488E676F49DB53B1681478E881F79
File Size: 9.50 MB, 9504576 bytes
MD5: f1c702a8318e0dd7f7b1680e0e333162
SHA1: ec359b141e26133fa13de4c9888ed92ac8cf8826
SHA256: 359A0B45E5AB4C53AC01B705CF7A508BAF15C2EE1912A4299F08367E94190F18
File Size: 5.59 MB, 5592872 bytes
MD5: 3a9262032dbbbe6cd8990981cc302301
SHA1: e7d14175239b2bebe956d73801b0e9d632335385
SHA256: D303CA38509DB44842EBB91BB263A30B6A28C156AE5CA363AC7B2E865EDCB8CC
File Size: 2.45 MB, 2453528 bytes
MD5: 9bd6a2e391d154c1feade8359b573cd2
SHA1: 97b8609fe4379644767fc983ba56fdcfea779366
SHA256: B9F7459579F0FAC378D8506F848564238B0E0D03A514AEDF197C4B1A6D531703
File Size: 7.33 MB, 7331560 bytes
MD5: 7604ccf1178ff3e0c1cd7913de0bc0a5
SHA1: f0443a432e79fb7b9ad8eb758c42f5d808f9c81c
SHA256: 09588B9ECAED21C4238D2D962DCFFD46A9AFD28A2A9D06C5FA22DD84CAF57AE2
File Size: 325.21 KB, 325208 bytes
MD5: a7e5be9623de1e8e0d180d2deffc4b35
SHA1: 4be20c1f6419099534c548b9c11e53e5abad20ed
SHA256: E0EB34AC18057AD83CBECBA40B3A70581D229F13B337F244ED45DDCD34E410B4
File Size: 8.25 MB, 8247296 bytes
MD5: 0e8b783a8a641752d64b00bdda775567
SHA1: 0be24fe74d73bb97241fb09dd1b5a8b170a85cf1
SHA256: 71AFFEE8AE1071ADD5E8C0C580595E3F2CA2F353C65B4C2BB74EAA40D1CF22DD
File Size: 1.91 MB, 1907760 bytes
MD5: e3ae62c07a3722f89620fbaa60e94ebf
SHA1: bb161fceb4b770a6ba13aa0bcfeae1a8df305f52
SHA256: F5D5F8B7CD36E03D0B087E4ADE7BC061BA6AFA784031566E20DD796C7045F9A2
File Size: 8.94 MB, 8937053 bytes
MD5: a8ffbdf767a905d837983d66530f54b5
SHA1: 0039dca63d0f30bd69dc618e7e83cccd8c85c11b
SHA256: 9E0F9DDBD07B0F8BBC4EA2BBB237FEECF8C5B18A92AF09C1FFF5923F74B47AC5
File Size: 161.28 KB, 161280 bytes
MD5: 99a775572bd412c25a3631561522d513
SHA1: cbbc1627e10584a6b66d48691b94d6cd4a74176a
SHA256: A9FA73277F0C8040A71BCDEF1F8F86905E779C6EF614473F357DF4EE15D13E2B
File Size: 3.05 MB, 3053264 bytes
MD5: 34d67a5fb9a2950812279521d428bcd3
SHA1: cba2598a48a0399809b122a6b6daaa64b38f649d
SHA256: 601C6B24AC226C833ACFE76923AAC290DBAB336C7D9349ACB90E03D30BFCD466
File Size: 157.90 KB, 157904 bytes
MD5: a37b7703dc4f87de757cbd3697e74941
SHA1: 209bc178eaae5aba4c3d61c318e706e6d4ec5b77
SHA256: F9BF981C39806E503990DE4AA38E3D6EDAA307C4974E32D1777A6F284668C146
File Size: 2.06 MB, 2057424 bytes
MD5: 10461ae9beb7af9a3af92b1ee947a114
SHA1: c7001daf74e4684d8906bba0aa10ac5564415bea
SHA256: 86767B56FC49579FAADF2BC29FCB178C18648B1251E609BF6573ED6AE906DE24
File Size: 74.56 KB, 74560 bytes
MD5: 0e9e8d4e191daee2352a5519dcbb2541
SHA1: b8fae02a0e94281486d9e6c0bf772bb24eec5407
SHA256: 962D202BC2CE5DBFD44DF6E913384FA50C5BC6DF62A090297CD7C8F23FCAB748
File Size: 2.04 MB, 2037672 bytes
MD5: 6e4159fcc68c9c7967336a21fd352f98
SHA1: d0acc9ce1c8f49e9fb2856108e981b006ab2c56b
SHA256: BA41B3DEF3140361629051CEA1C9DC4C2016CB3B5CC10B6B6354AF1B457A74DA
File Size: 2.29 MB, 2287008 bytes
MD5: 5e41aac5785371d4503ae8ec8bf697bb
SHA1: f8146944ac5bba7ed2007bd35ae1dbbaafc89267
SHA256: 286F40070AE61FA0A706290773FF44A9108EFE394821BC376AF9D4E7AEA53CA8
File Size: 8.18 MB, 8180696 bytes
MD5: 1a37b631a626a2bb3a8306b71a44b71d
SHA1: 0f7c28e80d7034ebb23fbc5e0d58c6f681af44b1
SHA256: AB725B71A2F550DAB32108FE3DA2F15DDF7C70EC7157BEB625241A95F3C197F8
File Size: 171.98 KB, 171984 bytes
MD5: 76d61d22722745e6f37023a4e51d278e
SHA1: ce40abcd434f5ee4f383db04581cea342704cda2
SHA256: 6EE90338A574A8FC2E1C641CCB52AD0BD49104E786632DEBE5D94E917294DF5C
File Size: 885.67 KB, 885672 bytes
MD5: 7624bb1f1b6d7f1584d9b80aa9e1bad6
SHA1: 839f01b834f9467f533e2d807b3d099832da0f85
SHA256: 8B5F596F44AF3B6BB3FDA66332B00D5E7516D761F8BA901E55DA79432A3C59A2
File Size: 2.46 MB, 2464792 bytes
MD5: 1acd653d13519e32169f61580e54c89b
SHA1: 792e9b1915cba1bf17f7cedffae100708bb1925b
SHA256: C56F68F653E05856BF67E524D65A050B92AA0E1561A9A7A483AC29A6E0794090
File Size: 2.12 MB, 2118568 bytes
MD5: d38e44d26d8d12cc8e8c0b990cc3af1a
SHA1: 22ccb161d86c178564f8865f2095a614e4f44273
SHA256: 89129D16BD4EE77E760A99F919559D331F57FB194EF3C5E603F6702AE6B20849
File Size: 58.03 KB, 58032 bytes
MD5: 5f26f49ce04b73385f7a3f57ecb130c3
SHA1: 24174a0dd611d378184e6c0f4721354150ccb3f8
SHA256: D9786D39F9FDF9C06AA32404D2FAB9EF9F2FFF212B6A2FBF71F2D74A47FE5A34
File Size: 8.24 MB, 8243200 bytes
MD5: 4290fe50942deba5cab59e26e76b26c2
SHA1: 9c8c61276d89afe4ff48a9be3e8f20f9ad0245f4
SHA256: D955CFB3436043F8AF838231AF7F3BD30E52CC40945245034ED4C51C2F9CE201
File Size: 4.64 MB, 4641784 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is .NET application
Show More
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

90 additional icons are not displayed above.

Windows PE Version Information

Name Value
Assembly Version
  • 2024.5.26.2035
  • 1.1.3.4
  • 1.1.2.9
Channel Name calendarbase
Comment GNU C build -- MinGW-w64 32-bit
Comments
  • Build Date: 2022-06-06 16:59:51 +0000
  • Oppoos.com
  • This installation was built with Inno Setup.
  • XinMaoTao.Net
  • 本程序使用易语言编写(http://www.eyuyan.com)
  • 虚拟网卡安装/卸载
  • 酷我音乐盒 2011
Company Name
  • 337 Technology Limited.
  • Cetihobome
  • Copyright© 2005-2012 AVMediaSoft Co., Ltd.
  • CyberPower Tech, Inc.
  • FreeAudioVideoSoftTech, Inc.
  • Freeease.net.
  • FreeWiFiHotspot Co., Ltd.
  • Microsoft Corporation
  • MingW-W64 Project. All rights reserved.
  • PPStream.com
Show More
  • Source Spacetime Co.,Ltd.
  • The Chromium Authors
  • TODO: <Shanghai Shaji Network Technology Co., Ltd>
  • TOOLGAMEPC Inc.
  • vrBrothers Corporation
  • XinMaoTao.Net
  • YoutubeMusicDownloader.us
  • 上海子丑六合网络科技有限公司
  • 北京布丁跳跳科技有限公司
  • 奇虎网
  • 弯刀
  • 成都吉胜科技有限责任公司
  • 沧州句号网络科技有限公司
  • 皮皮科技
  • 酷我科技
  • 重庆重橙网络科技有限公司
Company Short Name The Chromium Authors
File Description
  • 360安全卫士
  • 360安全卫士文件粉碎模块
  • Advanced Calendar
  • ANGLE libEGL Dynamic Link Library
  • Audio Extractor for Free Setup
  • AV Audio Recorder Setup
  • Chromium
  • clientservices
  • Dagon Setup
  • Direct3D HLSL Compiler for Redistribution
Show More
  • Downloader
  • downloader component
  • Downloader MFC 응용 프로그램
  • Flash Helper Service
  • Flash Helper Service rc
  • Free DVD to AVI MP4 WMV MPEG 3GP FLV Converter Setup
  • Free WiFi Hotspot Setup
  • GenieCleaner Installer
  • HT1H
  • IsaSvc 动态链接库
  • Launcher
  • PIPI Setup
  • POSIX WinThreads for Windows
  • PPStream 安装
  • QMacro's macro runner.
  • Setup/Uninstall
  • TOOLGAMEPC DLL
  • Vulkan Loader - Dev Build
  • WinMenu.dll
  • Youtube Music Downloader Setup
  • 开心看图王-WIN助手
  • 新毛桃卸载程序
  • 易语言程序
  • 智能拼音输入法
  • 极速浏览器安装程序
  • 蓝泡电竞加速器客户端
  • 虚拟网卡安装/卸载
  • 酷我音乐盒 2011
  • 风云恢复大师
File Version
  • 2025,04,28,0857
  • 2024.5.26.2035
  • 2021.04.30
  • 2014.0.5.271657
  • 87.0.4280.141
  • 51.1052.0.0
  • 24, 24, 24, 24
  • 23.3.0.29
  • 23.3.0.25
  • 10.0.20348.1 (WinBuild.160101.0800)
Show More
  • 9.3.25.302
  • 9.3.0.1
  • 7, 3, 0, 1198
  • 6, 0, 2, 1004
  • 5.0.1.2
  • 5, 2, 0, 48
  • 4.0.3.4
  • 3.3.5.3160
  • 2.3.1.72
  • 2.3.1.68
  • 2.3.1.67
  • 2.3.1.66
  • 2.3.1.63
  • 2.3.1.61
  • 2.2.6.0
  • 2.2.3.52
  • 2.2.3.50
  • 2.2.3.48
  • 2.1.18362 git hash: 9768648fffc9
  • 2.0.7.933
  • 2.0.0.11061
  • 1.2.8.6017
  • 1.1.3.4
  • 1.1.2.9
  • 1.00
  • 1.0.1111.2222.Dev Build
  • 1.0.8.21211
  • 1.0.0.1036
  • 1.0.0.0
  • 1, 0, 0, 1
  • 1, 0, 0, 0
Info http://mingw-w64.sourceforge.net/
Internal Name
  • 360Ver
  • AntiRk
  • chrome_elf_dll
  • ClientServices.dll
  • d3dcompiler_47.dll
  • DataRecovery.exe
  • Downloader
  • FlashHelperServices.exe
  • HTSetup.exe
  • IsaSvc
Show More
  • JiSuSetup.exe
  • lanpao.exe
  • Launcher.exe
  • libEGL
  • MyMacro.exe
  • Skin.dll
  • TJprojMain
  • TrayDown.exe
  • WinMenu.dll
  • WinPthreadGC
  • 开心看图王-WIN助手
  • 智能拼音输入法
Last Change 9f05d1d9ee7483a73e9fe91ddcb8274ebcec9d7f-refs/branch-heads/4280@{#2007}
Legal Copyright
  • (C) XinMaoTao.Net All Rights Reserved.
  • Copyright (C) 2010
  • Copyright (C) 2012
  • Copyright (C) 2014 LeCheng(beijing) Technology Development Co.Ltd., All rights reserved.
  • Copyright (C) 2014 TopTools100 All Rights Reserved
  • Copyright (C) 2015 Google Inc.
  • Copyright (C) 2015-2022
  • Copyright (C) 2019 Shanghai Shaji Network Technology Co., Ltd
  • Copyright(C) 2021 重庆重橙网络科技有限公司.All Rights Reserved
  • Copyright (c) 2021-2024 Erdem Yılmaz
Show More
  • Copyright(C) 2022 重庆重橙网络科技有限公司.All Rights Reserved
  • Copyright (C) 2023
  • Copyright(C)2024 沧州句号网络科技有限公司
  • Copyright (C) MingW-W64 Project Members 2010-2011
  • Copyright 2008
  • Copyright 2020 The Chromium Authors. All rights reserved.
  • Copyright 2024 Source Spacetime Co.,Ltd. All Rights Reserved.
  • Copyright 2025 Source Spacetime Co.,Ltd. All Rights Reserved.
  • Copyright © 2024
  • © Microsoft Corporation. All rights reserved.
  • 上海子丑六合网络科技有限公司
  • 作者版权所有 请尊重并使用正版
  • 弯刀 版权所有
  • 成都吉胜科技有限责任公司保留所有权利。
  • 沧州句号网络科技有限公司
  • 版权所有 (C) 2006-2009 奇虎网
  • 版权所有 (C) 2008 奇虎网
  • 酷我公司保留所有权利。
  • (C)vrBrothers Corporation. All rights reserved.
Legal Trademarks 蓝泡
Licence ZPL
Official Build 1
Original Filename
  • 360Ver.dll
  • AntiRk.dll
  • chrome_elf.dll
  • ClientServices.dll
  • d3dcompiler_47.dll
  • DataRecovery.exe
  • Downloader.EXE
  • Downloader.exe
  • FlashHelperService.exe
  • Give.exe
Show More
  • HPPRaump.exe
  • HTSetup.exe
  • IsaSvc.dll
  • JiSuSetup.exe
  • lanpao.exe
  • Launcher.exe
  • libEGL.dll
  • MyMacro.exe
  • Skin.dll
  • TJprojMain.exe
  • TrayDown.exe
  • WinMenu.dll
  • WinPthreadGC
  • ZNUpd.exe
Private Build 2.1.18362 git hash: 9768648fffc9
Product Name
  • 360安全卫士
  • 360安全卫士文件粉碎模块
  • Advanced Calendar
  • ANGLE libEGL Dynamic Link Library
  • Audio Extractor for Free
  • AV Audio Recorder
  • Chromium
  • Dagon
  • DATS
  • Downloader
Show More
  • Downloader 응용 프로그램
  • Flash Helper Service
  • Free DVD to AVI MP4 WMV MPEG 3GP FLV Converter
  • Free Easy YouTube Downloader
  • Free WiFi Hotspot
  • GenieCleaner Installer
  • HT1H
  • IsaSvc 动态链接库
  • Launcher
  • Microsoft® Windows® Operating System
  • PIPI
  • Project1
  • QMacro
  • Skin DLL
  • Tray downloader
  • Vulkan Runtime
  • WinMenu.dll
  • Youtube Music Downloader
  • 万象网管
  • 开心看图王-WIN助手
  • 新毛桃卸载程序
  • 智能拼音输入法
  • 极速浏览器
  • 蓝泡电竞加速器
  • 虚拟网卡安装/卸载
  • 酷我音乐盒 2011
  • 风云恢复大师
Product Short Name Chromium
Product Version
  • 2024.5.26.2035
  • 2021.04.30
  • 2014.0.5.271657
  • 87.0.4280.141
  • 24, 24, 24, 24
  • 23.3.0.29
  • 23.3.0.25
  • 10.0.20348.1
  • 9.3.25.302
  • 9.3
Show More
  • 7.0.56.21
  • 7, 3, 0, 1198
  • 6, 0, 2, 1004
  • 5, 2, 0, 48
  • 4.4
  • 3.3.5.3160
  • 2.3.1.72
  • 2.3.1.68
  • 2.3.1.67
  • 2.3.1.66
  • 2.3.1.63
  • 2.3.1.61
  • 2.2.6.0
  • 2.2.3.52
  • 2.2.3.50
  • 2.2.3.48
  • 2.1.18362 git hash: 9768648fffc9
  • 2.0.0.11061
  • 1.2.8.6017
  • 1.1.3.4
  • 1.1.2.9
  • 1.00
  • 1.0.1111.2222.Dev Build
  • 1.0.26.241009
  • 1.0.8.21211
  • 1.0.7.21211
  • 1.0.0.0
  • 1,1,1,50407
  • 1, 0, 0, 1
  • 1, 0, 0, 0
Publisher TopTools100

Digital Signatures

Signer Root Status
万惟智汇(厦门)数据科技有限公司 AAA Certificate Services Root Not Trusted
商丘蓝泡科技有限公司 AAA Certificate Services Root Not Trusted
Suzhou Qingchen Information Technology Co Ltd. COMODO RSA Code Signing CA Hash Mismatch
Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd COMODO RSA Extended Validation Code Signing CA Hash Mismatch
Beijing Qingruan Creative Information Technology Co., Ltd. COMODO RSA Extended Validation Code Signing CA Self Signed
Show More
Zhejiang HaoYing Network Co. , Ltd Certification Authority of WoSign Root Not Trusted
SHANGHAI ZHONGYUAN NETWORKS LIMITED Class 3 Public Primary Certification Authority Root Not Trusted
Shanghai Shaji Network Technology Co., Ltd DigiCert EV Code Signing CA (SHA2) Self Signed
Fujian Chuangyi Jiahe Soft Co., Ltd. DigiCert SHA2 Assured ID Code Signing CA Hash Mismatch
Anhui Fun2play Entertainment Network Technology Co.,Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Hangzhou Yinggao Technology Co., Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Shanghai Oriental Webcasting Co. Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Xiamen Jubaoshang Network Technology Co., Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
北京布丁跳跳科技有限公司 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
成都吉胜科技有限责任公司 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
沧州句号网络科技有限公司 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
重庆重橙网络科技有限公司 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Hangzhou Yinggao Technology Co., Ltd. DigiCert Trusted Root G4 Root Not Trusted
成都吉胜科技有限责任公司 DigiCert Trusted Root G4 Root Not Trusted
重庆重橙网络科技有限公司 DigiCert Trusted Root G4 Root Not Trusted
沧州句号网络科技有限公司 GlobalSign Code Signing Root R45 Root Not Trusted
337 Technology Limited GlobalSign CodeSigning CA - G2 Self Signed
Beijing Qingruan Chuangxiang Information Technology Co., Ltd. GlobalSign CodeSigning CA - SHA256 - G2 Self Signed
Wuhan Aixinsen Technology Co., Ltd. GlobalSign CodeSigning CA - SHA256 - G3 Hash Mismatch
Tsingsoft Imagination Information Technology Co., Ltd GlobalSign Root CA Root Not Trusted
安徽省刀锋网络科技有限公司 GlobalSign Root CA Root Not Trusted
Xiamen Source Spacetime Technology Co., Ltd. Sectigo Public Code Signing Root R46 Root Not Trusted
MEIXIAN XIE Symantec Class 3 SHA256 Code Signing CA Self Signed
InvestSoft Ltd Thawte Code Signing CA Self Signed
福建六壬网安股份有限公司 Thawte Code Signing CA - G2 Self Signed
Qizhi Software (beijing) Co. Ltd Thawte Premium Server CA Root Not Trusted
BEIJING KUWO TECHNOLOGY CO.,LTD. VeriSign Class 3 Code Signing 2009-2 CA Self Signed
Tiejiaren Technology Co,LTD VeriSign Class 3 Code Signing 2010 CA Self Signed
BEIJING XINDA HUANYU NETWORK SECURITY TECHNOLOGY CO.,LTD VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Henan Pushitong Intelligent Technology Co., Ltd. VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Shenzhen yundian Technology Co., Ltd thawte Primary Root CA Root Not Trusted
善君 韦 thawte Primary Root CA Root Not Trusted
福建六壬网安股份有限公司 thawte Primary Root CA Root Not Trusted
Bopsoft thawte SHA256 Code Signing CA Self Signed
北京昆仑万维科技股份有限公司 北京昆仑万维科技股份有限公司 Self Signed

File Traits

  • 2+ executable sections
  • HighEntropy
  • No Version Info
  • packed
  • themida
  • themida section variant
  • x86

Block Information

Total Blocks: 14,957
Potentially Malicious Blocks: 394
Whitelisted Blocks: 14,187
Unknown Blocks: 376

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? x 0 0 x ? ? ? ? ? ? 0 0 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 x 0 0 0 0 ? 0 0 ? ? x 0 0 x x x x 0 0 ? x 0 0 0 0 0 x x 0 0 x x x x ? ? ? ? ? ? x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x ? ? 0 ? x ? 0 0 x ? ? x x 0 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 x ? ? ? ? ? 0 x 0 0 0 0 x 0 0 0 0 0 x ? x 0 0 0 ? x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x ? x x x x x x x x x x x x x x x ? x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 x ? ? ? x ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? x ? x ? ? x ? ? ? 0 0 0 ? ? ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? x 0 0 ? ? ? x ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? ? ? ? 0 0 0 ? 0 ? 0 0 0 0 ? ? ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 ? ? 0 0 ? ? ? ? ? 0 0 0 ? 0 x 0 x x 0 0 0 ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? x ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 ? 0 x 0 0 ? ? ? ? ? 0 0 ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? ? ? ? 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 x 0 0 0 0 0 0 0 ? ? x 0 0 0 0 0 ? 0 0 0 ? ? ? x 0 0 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? 0 0 0 ? ? x 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? 0 1 0 x 0 0 0 ? ? x ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.ACB
  • Agent.IFSB
  • Agent.KLB
  • Agent.MBB
  • Agent.ON
Show More
  • Agent.XXS
  • Autorun.SA
  • Bitcoinminer.FD
  • Davs.A
  • Delf.AIA
  • Delf.TB
  • Dinwod.E
  • Emotet.CCA
  • Emotet.CDD
  • Filecoder.FL
  • FlyStudio.CA
  • Injector.AK
  • Kryptik.DGE
  • Kryptik.FGI
  • Lumma.GFD
  • Rugmi.GI
  • Rugmi.IA
  • Sheloader.A
  • Softcnapp.A
  • Tongbuxing.A
  • Trojan.Agent.Gen.PT
  • Trojan.Kryptik.Gen.ANW
  • Trojan.Kryptik.Gen.BQN
  • Xtreme.B

Files Modified

File Attributes
c:\program files (x86)\common files\microsoft shared\msinfo\msinfo32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ʱ¿ÌÔÚÏß\license.txt Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantray.exe Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraydll.dll Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\images\button.png Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\images\close.png Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\images\question.png Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\images\set_bk.png Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\images\set_common.png Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\images\set_line.png Generic Write,Read Attributes
Show More
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\images\set_right.png Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\mainframe.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\resource.res Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\style.css Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\tabgeneralsettings.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\tabothersettings.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\tabsoundsettings.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\tabtimesettings.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\tabweathersettings.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mtad.exe Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mtset.exe Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mtup.exe Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\popwinparam.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\resources\citylist.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\setup.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ʱ¿ÌÔÚÏß\setup.ini Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\uninstall.exe Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\xcguid.dll Generic Write,Read Attributes
c:\progra~3\packag~1\{042d2~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{33d1f~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{47109~1\vc_red~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{5af95~1\vc_red~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{9dff3~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{ca675~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\3582-490\0a1fb5d1da5b4ad30abee961ca790406b966bd92_0002450032 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\4692urlseum Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\4692urlseum Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut460d.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-0ak33.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-44mge.tmp\d4c4197df6c6b58955ed1eb49a01170f705a3e1d_0002686032.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-9o6va.tmp\97dc5965fe7a2e6a9a201d6c19540141b42508f1_0002719351.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-dpflo.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-dpflo.tmp\itdownload.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-dpflo.tmp\rkinstaller.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-dpflo.tmp\rkverify.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-k9gk5.tmp\4b29094bfe58c428e226a99a47957760440e6497_0001473280.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-lplkv.tmp\fa1e99279b185a0b9ac276f8ff2c42b722bc2600_0005383168.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-vrjn5.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-vrjn5.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\jisu_installer.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsh65ca.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsh65ca.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh65ca.tmp.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshc319.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsr65b9.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxc32a.tmp\sobar\kwmusic_sobar.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsxc32a.tmp\sobar\kwmusic_sobar.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxc32a.tmp\sobar\kwmusic_sobar.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tmpskzxcomm.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmpskzxsteup.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\xml_downloaded_24.xml Generic Write,Read Attributes
c:\users\user\downloads\uninstall.log Generic Write,Read Attributes
c:\windows\svchost.com Generic Write,Read Attributes
c:\windows\system32\myeasylog.log Generic Write,Read Attributes
c:\windows\syswow64\isaagent.bin Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\plus500::guistring f6229c85-f2c8-49b3-bce7-3788fd18f722 RegNtPreCreateKey
HKCU\software\plus500::downloadserver download.plus500.com RegNtPreCreateKey
HKCU\software\plus500::downloadserverfolder /DownloadService.svc/GetUpdateXML?did= RegNtPreCreateKey
HKCU\software\plus500::brand Plus500 RegNtPreCreateKey
HKCU\software\plus500::downloadercrc RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows\currentversion\run::mantray C:\Program Files (x86)\ʱ¿ÌÔÚÏß\ManTray.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Lzwzlkhb\AppData\Local\Temp\nsxC32A.tmp\ RegNtPreCreateKey
HKLM\software\classes\exefile\shell\open\command:: C:\WINDOWS\svchost.com "%1" %* RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
  • ShellExecute
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Network Winsock2
  • WSASocket
  • WSAStartup
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile
Network Winhttp
  • WinHttpOpen
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAllocateReserveObject
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
Show More
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRemoveIoCompletionEx
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetIoCompletionEx
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap

50 additional items are not displayed above.

Anti Debug
  • CheckRemoteDebuggerPresent
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Winsock
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • recv
  • send
  • setsockopt
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

"C:\Users\Roiphvor\AppData\Local\Temp\is-K9GK5.tmp\4b29094bfe58c428e226a99a47957760440e6497_0001473280.tmp" /SL5="$401F6,1219721,84480,c:\users\user\downloads\4b29094bfe58c428e226a99a47957760440e6497_0001473280.exe"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\372ad42dd4b2a7b837b56759e1f1195e4d3ef06b_0000435544.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8072fcb43aaef2804b63298250b2631de107b3f4_0000749800.,LiQMAxHB
"C:\Users\Fycoetnu\AppData\Local\Temp\is-9O6VA.tmp\97dc5965fe7a2e6a9a201d6c19540141b42508f1_0002719351.tmp" /SL5="$2013C,1955073,721408,c:\users\user\downloads\97dc5965fe7a2e6a9a201d6c19540141b42508f1_0002719351"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7150e83b7add1e2ea13687b3fc94499d4a5e9c60_0000883616.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f44263bfd55f3d835741e1b57a9beb0f9beb6f82_0000030208.,LiQMAxHB
open C:\Program Files (x86)\ʱ������\ManTray.exe
"C:\Users\Leyuplll\AppData\Local\Temp\is-LPLKV.tmp\fa1e99279b185a0b9ac276f8ff2c42b722bc2600_0005383168.tmp" /SL5="$30264,5077796,56832,c:\users\user\downloads\fa1e99279b185a0b9ac276f8ff2c42b722bc2600_0005383168"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f6d08125b5b3f478de2749708f31e273b1a694b0_0001995672.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c37f60a3ee9eb00a18794605e11054f7e4f43811_0000883616.,LiQMAxHB
"C:\Users\Ulcsmkhk\AppData\Local\Temp\is-44MGE.tmp\d4c4197df6c6b58955ed1eb49a01170f705a3e1d_0002686032.tmp" /SL5="$501E6,2269682,121344,c:\users\user\downloads\d4c4197df6c6b58955ed1eb49a01170f705a3e1d_0002686032"
open C:\Users\Obukghjo\AppData\Local\Temp\3582-490\0a1fb5d1da5b4ad30abee961ca790406b966bd92_0002450032
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cfef816b231c60ce525c2c478fce5fc3807cbede_0000077824.,LiQMAxHB
"C:\Users\Xpxfxgxa\AppData\Local\Temp\nsh65CA.tmp.exe" -CanInstall
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f0443a432e79fb7b9ad8eb758c42f5d808f9c81c_0000325208.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0039dca63d0f30bd69dc618e7e83cccd8c85c11b_0000161280.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cbbc1627e10584a6b66d48691b94d6cd4a74176a_0003053264.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cba2598a48a0399809b122a6b6daaa64b38f649d_0000157904.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0f7c28e80d7034ebb23fbc5e0d58c6f681af44b1_0000171984.,LiQMAxHB

Trending

Most Viewed

Loading...