Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.ChinAd

PUP.ChinAd

By Domesticus in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank: 477
Threat Level: 80 % (High)
Infected Computers: 285,224
First Seen: October 22, 2013
Last Seen: March 30, 2026
OS(es) Affected: Windows

PUP.ChinAd is a potentially unwanted application that may show random or its own advertisements on well-known social networking and online shopping websites frequently visited by Internet users. The advertisements of PUP.ChinAd may be shown as boxes that include numerous coupons, or as underlined keywords, which when clicked may illustrate a pop-up ad that claims it is brought to the computer user by PUP.ChinAd. PUP.ChinAd may insert an unwanted add-on, plug-in or extension for Mozilla Firefox, Google Chrome, and Internet Explorer while the PC user is downloading and installing other free software products. When the PC user installs these free software products, he may also install PUP.ChinAd on the computer system. When installed, SPUP.ChinAd may illustrate an icon 'See Similar' next to the product image on various online shopping websites. PUP.ChinAd may also deliver coupons, deals, and/or other services on the relevant product websites. Sometimes, by clicking on a delivered offer, the computer user may get diverted to the suspicious commercial website, which was created by cybercrooks to possibly raise traffic and benefit from the pay-per-click technique.

SpyHunter Detects & Remove PUP.ChinAd

File System Details

PUP.ChinAd may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. 555.exe 4b8c85f0e781fd990afdd561169f0f1a 118
2. 88518b16abdae9f65dcdda44588bc060826e90dd40ba58abeec55397bce85167 5c1e55872eee347aab9986cebd50e352 87
3. raffle.exe 663fbf2a248971ea69c6234480a4bdcb 29
4. DreamScreen.scr 719e1b98d3255693303adf38abbf0cd6 24
5. RlDateSet.exe 3f73a23886f2109e11882f5a600d3c24 5
More files

Registry Details

PUP.ChinAd may create the following registry entry or registry entries:
CLSID
{7237A7B9-A57A-47F7-AA32-542848F408E1}
{97510FAC-ED50-46BF-B2A1-25F434BF1030}
Regexp file mask
%WINDIR%\system32\drivers\lanmamaster.sys
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Classes\DongFangImeDictFile
SOFTWARE\Classes\DongFangImeSkinFile
SOFTWARE\DongFang
SOFTWARE\DongFangInput
SOFTWARE\DongFangService
SOFTWARE\Google\Chrome\NativeMessagingHosts\com.haitao.chrome.namsg.ht1hao
SOFTWARE\TXlTb2Z0
Software\WanNengWB
SOFTWARE\WanNengWBInput
SOFTWARE\WanNengWBService
Software\WanNengZip
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
万能五笔内置版
万能压缩
东方输入法

Directories

PUP.ChinAd may create the following directory or directories:

%ALLUSERSPROFILE%\DreamScreen
%ALLUSERSPROFILE%\ailiaoweb
%APPDATA%\DreamScreen
%APPDATA%\Microsoft\Windows\Start Menu\Programs\HT1H
%APPDATA%\TravelCheap
%APPDATA%\calfwallpaper
%APPDATA%\fwsrv
%APPDATA%\haotukankan
%APPDATA%\jyzip
%APPDATA%\lehold
%APPDATA%\ptsandf
%COMMONPROGRAMFILES%\dongfanginput
%COMMONPROGRAMFILES(X86)%\dongfanginput
%HOMEDRIVE%\beloved521
%LOCALAPPDATA%\haotukankan
%LOCALAPPDATA%\htyh
%PROGRAMFILES%\WanNengWBInput
%PROGRAMFILES%\ZHPDFReader
%PROGRAMFILES%\bianya
%PROGRAMFILES%\bianya2
%PROGRAMFILES%\dongfanginput
%PROGRAMFILES%\fastwifi
%PROGRAMFILES%\flushcopy
%PROGRAMFILES%\gmbox
%PROGRAMFILES%\kbox
%PROGRAMFILES%\mainexe
%PROGRAMFILES%\pandapdf
%PROGRAMFILES%\puddingzip
%PROGRAMFILES%\scwbwordsvc
%PROGRAMFILES%\scwordsvc
%PROGRAMFILES%\worthyshop
%PROGRAMFILES(x86)%\WanNengWBInput
%PROGRAMFILES(x86)%\ZHPDFReader
%PROGRAMFILES(x86)%\ailiao
%PROGRAMFILES(x86)%\bianya
%PROGRAMFILES(x86)%\bianya2
%PROGRAMFILES(x86)%\dongfanginput
%PROGRAMFILES(x86)%\fastwifi
%PROGRAMFILES(x86)%\flushcopy
%PROGRAMFILES(x86)%\gmbox
%PROGRAMFILES(x86)%\kbox
%PROGRAMFILES(x86)%\mainexe
%PROGRAMFILES(x86)%\pandapdf
%PROGRAMFILES(x86)%\puddingzip
%PROGRAMFILES(x86)%\scwbwordsvc
%PROGRAMFILES(x86)%\scwordsvc
%PROGRAMFILES(x86)%\worthyshop
%PROGRAMFILES(x86)%\xsqxz
%USERPROFILE%\Local Settings\Application Data\htyh
%UserProfile%\Local Settings\Application Data\haotukankan
%appdata%\EverydayWallpaper
%appdata%\commander
%appdata%\fpsmaste
%appdata%\fypdfconvert
%appdata%\inkmgsrv
%appdata%\jisusearch
%appdata%\jjsciktynotes
%appdata%\kaobeitu
%appdata%\lpsrvrt
%appdata%\nvsofthelpex
%appdata%\qiaozip
%appdata%\qiaozipzhuomianup
%appdata%\screenocr
%appdata%\secondsearch
%appdata%\seenstamine
%appdata%\smartdesktop
%appdata%\webappplugin
%appdata%\xbpic
%appdata%\xbpicviewer
%appdata%\xfpdf
%homedrive%\wannengwbinput
%localappdata%\qiaozip
%temp%\fmpskin
%windir%\SysWOW64\IME\WanNengWB
%windir%\System32\IME\WanNengWB

Analysis Report

General information

Family Name: Trojan.ChinAd
Signature status: Hash Mismatch

Known Samples

MD5: 13b994de2f9cc6ebf1e0cb19ad5284e5
SHA1: 4b29094bfe58c428e226a99a47957760440e6497
File Size: 1.47 MB, 1473280 bytes
MD5: b4f36dc62993e75bad4d2dd61d45466f
SHA1: c78f4e469b26b1864c770f1348e4bd88e8676328
File Size: 2.04 MB, 2035288 bytes
MD5: 0559860f516630a90aed43b5176c2b28
SHA1: 13acbb5d0105b2df43b1686b44f6c02a48a87740
File Size: 197.20 KB, 197200 bytes
MD5: d108dee3fb3a9e1f679c69e66d800d0e
SHA1: 54a3c4f01d5f4f0663451b6548f9cfe981da8877
File Size: 9.49 MB, 9491217 bytes
MD5: 0ab2338c82040203a8b2b7176e96859f
SHA1: 70bc31fb88022615bd4c86f8adab3c7a97025c20
SHA256: 186D9D7E86ED23710912B15688A5DBCF573096BD51597C0ECBFBF2900D6F0082
File Size: 383.87 KB, 383872 bytes
Show More
MD5: 3ca5e556afa0592215deb13fb90ed6f8
SHA1: 7de0a90d1f4c2b71f89473c2974b4e49799b957e
SHA256: 7C010D1DA560FCAFF5DE0636F67CCA3A83C7170F412A65242493BFD81F9C9996
File Size: 2.02 MB, 2023680 bytes
MD5: db137ba3e30bb948318a24e17cab0662
SHA1: 372ad42dd4b2a7b837b56759e1f1195e4d3ef06b
SHA256: 2951C14C1EDFE916EDBD7B31853E0514CFC1C109DC4F2F3357419E8ED54C87A1
File Size: 435.54 KB, 435544 bytes
MD5: 516a6c924161a76bd758ee4bd8864485
SHA1: e127b71b611390e8fcf2072210f5ae1ad788facc
SHA256: F2CE7ACBF39DC3B14F058C1FA08C9922BBF2ECE9A78F5F99D0C84931C580F722
File Size: 733.34 KB, 733344 bytes
MD5: 9058c3d60535ae38f9f56808e740c7b7
SHA1: 48c6316ae884a1848d1bdbeaa1c8cc8020813d27
SHA256: 38E2002F1E6DC8304E0EC846E4DAE003ECCF3206F64A520E1E98C30D651E60E1
File Size: 585.22 KB, 585216 bytes
MD5: 73f37bfdc98937370137f04c3ad651c2
SHA1: 8072fcb43aaef2804b63298250b2631de107b3f4
SHA256: B47D7AB96C6199062E1B09E914995BBF4BABC01F3EE95864D1E45601BB9D208D
File Size: 749.80 KB, 749800 bytes
MD5: d99525c366c60547a055a153ad55ceac
SHA1: 97dc5965fe7a2e6a9a201d6c19540141b42508f1
SHA256: F92F857F2C9E437E26A566C08AB7BB33263CF213798022ABE750B459F75F2DD9
File Size: 2.72 MB, 2719351 bytes
MD5: b605effcf237bbcb471bbe6144d23db4
SHA1: 027edaf75cdf832a90d70655e92ad41c623fa547
SHA256: A36E0E184C63A9704B60284315BF663A9231AC573CEAA4A91FF88FCB7F5FB91E
File Size: 3.67 MB, 3666816 bytes
MD5: 9ecb5a07e8de0783c8c0a5cdeb2d800d
SHA1: 7150e83b7add1e2ea13687b3fc94499d4a5e9c60
SHA256: 4C082E27D0B7490CB69733FFA376A58E833433E9A2ECE1524B1A4B9AE725A6F2
File Size: 883.62 KB, 883616 bytes
MD5: 2fe2f37b4c484611f7e3c122c2621142
SHA1: 008511489c3ef547e2cc2a1a4bda67cdf693ce98
SHA256: CB1F12DE2A17BD2778458004D8C4F739EE2501F575A23C0E158531B023FF242A
File Size: 2.60 MB, 2603840 bytes
MD5: 53b831f23800f31923bc327b5eec138e
SHA1: 4cfc83a8be6a062cc58e5cb0dd25edb26ae124c7
SHA256: F8B1656AB6B5FFEF63A4BE6E2D4B8920511A6D7B53A86AD6BE1C1D495A2B5569
File Size: 4.89 MB, 4893096 bytes
MD5: ebc1183fa5b6515ead95a0e3d4da4de3
SHA1: f83f835c4f1ae04e0f5cc61c05593f05a772b1b7
SHA256: A2A06A352DEB6260E64E0C0A9C23BA823F996C0FE3F5A42C9F9752E89F5E2887
File Size: 5.58 MB, 5577496 bytes
MD5: 0206396c5d0723942599dcb015ceaa97
SHA1: f88b2d6f4c409642c304f4b801dec5c11ad9fd5b
SHA256: 45DA71AB34459DB16F192A0354F9954AA5CA02A662CAC32B3BCAD107B2024544
File Size: 2.02 MB, 2023680 bytes
MD5: bde13c5352d4d8c5f53979c928319cd0
SHA1: f44263bfd55f3d835741e1b57a9beb0f9beb6f82
SHA256: D40DA57283CEDEC91C69FC9F49053B7A46AA316F522FCB5A9E9939599611E7B7
File Size: 30.21 KB, 30208 bytes
MD5: 34f6345d0de4cb1c5edc560e66add3ea
SHA1: c62ffb283d66da350667223aa69276209d230289
SHA256: 14790765E6BA48B9E634CF921FB863D88958403E512382A92B9239C360E380A5
File Size: 351.42 KB, 351424 bytes
MD5: 92de8d9d66c81c58b968d289615047be
SHA1: 031c4d478b4483467dbde00fd7df523c62e126d7
SHA256: F86C1273D471AAB66D4E1DF39311B19AB95CCB0AA5AD1CC4E2B23DA648A4F815
File Size: 4.76 MB, 4763792 bytes
MD5: 2a9344857259ac63f1dcc510d7f615ff
SHA1: dec4145d6158b5deab493c4771b1c306d39c02c4
SHA256: E6C7CAE2C344D00ACF69E4491F8D050E09FEB1FC2E8F5D360A245D6B2D4CC4AA
File Size: 2.09 MB, 2091960 bytes
MD5: a06731e83b46efd458474c81708bc794
SHA1: 77ccb21447ddb45dd6bdebc10f82770e89ee3ded
SHA256: EDB58171256F45C0F4B6295AE71AA0587A6F178C8355A1BE3165A90E9B988E21
File Size: 1.54 MB, 1538960 bytes
MD5: 45b2fb7d0db70157851fda33020978c2
SHA1: 3d89c906e36d04468acc78430bb00da6ab52d4f4
SHA256: EF29720400DAECA2C20A90FB29CEB53DC1537F686FC83962E9CB75B10E4B249E
File Size: 895.06 KB, 895056 bytes
MD5: 1eae2b7b7d0689f588d7a9d33f299500
SHA1: c1d8b591952d4f06f372c897d8ecf749686fddeb
SHA256: 62CBB2764389683E1589C6E0A9FDB562C01D9683797C6DF071F3614B23D271AB
File Size: 3.52 MB, 3519243 bytes
MD5: 91abe6aa4b59279b97875f54635a5827
SHA1: fa1e99279b185a0b9ac276f8ff2c42b722bc2600
SHA256: F6796391894FABAE5D9E1FB92B32D014F403D22CA9491C45B2A6D3A6782B071B
File Size: 5.38 MB, 5383168 bytes
MD5: cd26b94b12562a56f3f9e49860383039
SHA1: f6d08125b5b3f478de2749708f31e273b1a694b0
SHA256: 8F0A8DC814CB68ABFE786A4D6317BBF7DA0D3764B9C8E76CBBEED105EA9BE15C
File Size: 2.00 MB, 1995672 bytes
MD5: b31a3e127de35f27ecf9fb020cb3620d
SHA1: c37f60a3ee9eb00a18794605e11054f7e4f43811
SHA256: B47FCA6087D25D9DBCB5C8306076501A19E526FBE8B0906A07D1517443905FCE
File Size: 883.62 KB, 883616 bytes
MD5: 61344da9d84b4c76fefedd2fdc948460
SHA1: e3b461f7603363c8bc84a7d7970749c50610a1a8
SHA256: 423A64653E711A29D1AD8ED13EAA83D05CD973596731696C830FDC3A50CF13C1
File Size: 274.69 KB, 274689 bytes
MD5: 2bd19e3b1e3ecf3bb88fe1486b5ec472
SHA1: 07313851aed934dfa4895769a72ff1769425c595
SHA256: 09F261A8ACFACE19BCB73C3BBE8DE2B9CC6A166324067DFB15B600A63A20D340
File Size: 2.04 MB, 2035408 bytes
MD5: dc08cb9d4e1ed50c299816b066fad7ed
SHA1: e82ff3fc3a325a9b86d0c81d1bb48c4ef2fa9802
SHA256: DFDDB3DE7DFC5C6BEB3846A631452F1B3814A3478566AF446CDFA6E510137EC1
File Size: 2.12 MB, 2115792 bytes
MD5: fc312e9c2a8d0d42bad370076980f221
SHA1: 5fb16b78cc9006006787b828154fce5a0bedb86b
SHA256: 1E779D097EB6A3FA6442D9119D933A1A9A63DD139E15DBC1220A64F2FEA73848
File Size: 443.90 KB, 443904 bytes
MD5: 3d04f24227accc4022ad5cdd0208f28e
SHA1: fab4366f11158e9dd33602d6f4e1e6d0f7dad211
SHA256: C4B0531398B4B0251858BF576A2478B2BB15CCFF0E98BE9A3AC8583EE04D1EDC
File Size: 2.80 MB, 2800552 bytes
MD5: a8ef92d41884bfb3d19ae964c9e7f911
SHA1: 7d414a41b5f253b72c0a29af8223cc6a9fa86ea1
SHA256: 65500E6C3669E58EEE490E80BEB4BEB6DF26318763C206A63B0874C7D8CC3CD3
File Size: 8.96 MB, 8956512 bytes
MD5: 0aea25c5a5b388708b1e6c2d9c4b12a4
SHA1: a3f93a21362a65b0a378bc02a2540a8e178dbae5
SHA256: 17EF62E5A055077BD97768A9550BD35C53E11D56A66C0D1BE664DD128AC5C9AB
File Size: 542.78 KB, 542776 bytes
MD5: a4c0322274bfcb3fc7f83093b205b30e
SHA1: 17ec1bfa82e0b6524e847c3572b8859e58c19497
SHA256: 0D0276569B6BCAEC07B65FBE316A23CE6B75CCBE3D97D9F25DD4C02195AD14DC
File Size: 763.77 KB, 763768 bytes
MD5: 5023cf9f993c5939a8c76c65c5a115fe
SHA1: cbbe943653f1b23ff61f487f1f1ef905670b5bb1
SHA256: 29AC36ECC93AEDA79579807939166FA46F908C3822149B6E7E0D6086C6CE8DAE
File Size: 5.02 MB, 5023463 bytes
MD5: c0f222571d774a69528b8c2151f62d78
SHA1: d4c4197df6c6b58955ed1eb49a01170f705a3e1d
SHA256: 5F9F0DB0B0F154BAEC01DCEB5C8C21031EEBC97E3BB29DFEE2DD730A5A4D9433
File Size: 2.69 MB, 2686032 bytes
MD5: 47290bcce15463844290fda599512877
SHA1: ae61da461c0319e4599235642b82a53a7d084537
SHA256: 3072F5A0F4CDA89826AF31B5AE14B07C6C49FF0F1D17701623F9135FBC172C89
File Size: 657.44 KB, 657440 bytes
MD5: 476b05e2e8b27a15bfc7136944175464
SHA1: 317fc54c10c8b9265465a31b50620745cbdd8a08
SHA256: 2F5769823E760D42B9A330CE58F2B8CDA83440DCB8BD6AE96F738D4C359EC5D7
File Size: 2.10 MB, 2104896 bytes
MD5: e340c6a6f7b58f84d192382fadb0e1f8
SHA1: c2fc020f054e18e02621fc640d193ede800dbf94
SHA256: 1D85E5128D96053606B0ADEE99218E951C1A17F751AAA12787DC6FF2B1A756BA
File Size: 2.38 MB, 2384888 bytes
MD5: 5911c9587c041e4e84df66d3db8c710f
SHA1: 0a1fb5d1da5b4ad30abee961ca790406b966bd92
SHA256: 4891D23BC151E5C06A32F084532A7C325EDEB34AC78375079A8F53DCB28B609B
File Size: 2.45 MB, 2450032 bytes
MD5: 05b766bc0bbde2a2b49242ca4e7a9b3d
SHA1: cfef816b231c60ce525c2c478fce5fc3807cbede
SHA256: 600DA9EC88FAD93A11E494F1732EE5654B1F88AD440694E9D3665EF8F3CA73B5
File Size: 77.82 KB, 77824 bytes
MD5: e8ee5ecfa4ac2b12d1d1d386e2530cfd
SHA1: 6c6be245a51cb0083e6fd81377df76d2f6a1430f
SHA256: 1D9CEE5514913E430CCD5A54C2E99EDE48FEE9A13D9425260DAAECC8144CA864
File Size: 5.63 MB, 5633320 bytes
MD5: f714a871afb7ff5025a7bb7ef005563c
SHA1: 7118bd7cf354a97c021a83045865ad837cadca9a
SHA256: A03AD8350D1A282AF4FDE17EF264B79367E672798FC2F4A4C743890AE73C1BE7
File Size: 5.83 MB, 5827845 bytes
MD5: c3851fb793ce66a2e43ddc3e39fd2175
SHA1: 7208823784ad8dd54effd4d35ba4ed6dd9c5b6f6
SHA256: 6B689904869A94D62DD7891479EB1EC29980FDE10360ED5E2853C9D025951530
File Size: 2.02 MB, 2024512 bytes
MD5: 2cb2f56612a879b83a0402e23f731e2c
SHA1: 23be9348c3f0d790a2ee63c5d94431be75571437
SHA256: EEA4730275FDD295E97B94822D6C63110FD42FB7A925798DE67B3E00D8EA5BB7
File Size: 5.04 MB, 5035656 bytes
MD5: cdf570e2415bb1e4c07a1360b548eb3e
SHA1: 0debae1aa338b52b65af0bc2edbcb1e19b1b0033
SHA256: 003CF880AFA745AF00D74F139047D351126F1E556897607E2FC0723FD85B3280
File Size: 481.70 KB, 481704 bytes
MD5: ce7407a96557dc0428ebce98edb97d12
SHA1: b032e43b791884a9b346715a8e1c06fd889ab03c
SHA256: B6019435CB4C49EEBBF86C9DB7D5D77346123B727B86248B37CDC6CD536724BF
File Size: 9.33 MB, 9327881 bytes
MD5: bd9aa1e0ade01356615b808bb2fbe610
SHA1: 3881612d6b176f2a5502e0020262ca74dbcaf230
SHA256: CF6B3C1BE79AF851D00A84C66D7BEF3D5058052F11FDB9883EB74690684FF244
File Size: 2.58 MB, 2580240 bytes
MD5: af836a7e2a6c9ed36ed0fcdf6a7c9845
SHA1: 7f7f0539f0287e8cecda2eee93195a9c20bb1759
SHA256: BF58A293F0430954DC11517F7BA075AECFB1D55802AEE398968620765CAE1143
File Size: 798.90 KB, 798901 bytes
MD5: 1de4a907a3895a4d4ac0a9383190d40e
SHA1: db0b73fba2f2a57d07fd551c2374a865787cd020
SHA256: DD3A7D991A66B27C566B142E3236112091D2AA964BF6B0B8E1994D14E1AA8936
File Size: 492.30 KB, 492296 bytes
MD5: a5ee795648e5cc78022ee82b8dc04d1f
SHA1: 7470348d2a7f3ca025b1e3af15a2f423759bd956
SHA256: 20D7F2F45D262004E6D70E4D651F28EBE17488E676F49DB53B1681478E881F79
File Size: 9.50 MB, 9504576 bytes
MD5: f1c702a8318e0dd7f7b1680e0e333162
SHA1: ec359b141e26133fa13de4c9888ed92ac8cf8826
SHA256: 359A0B45E5AB4C53AC01B705CF7A508BAF15C2EE1912A4299F08367E94190F18
File Size: 5.59 MB, 5592872 bytes
MD5: 3a9262032dbbbe6cd8990981cc302301
SHA1: e7d14175239b2bebe956d73801b0e9d632335385
SHA256: D303CA38509DB44842EBB91BB263A30B6A28C156AE5CA363AC7B2E865EDCB8CC
File Size: 2.45 MB, 2453528 bytes
MD5: 9bd6a2e391d154c1feade8359b573cd2
SHA1: 97b8609fe4379644767fc983ba56fdcfea779366
SHA256: B9F7459579F0FAC378D8506F848564238B0E0D03A514AEDF197C4B1A6D531703
File Size: 7.33 MB, 7331560 bytes
MD5: 7604ccf1178ff3e0c1cd7913de0bc0a5
SHA1: f0443a432e79fb7b9ad8eb758c42f5d808f9c81c
SHA256: 09588B9ECAED21C4238D2D962DCFFD46A9AFD28A2A9D06C5FA22DD84CAF57AE2
File Size: 325.21 KB, 325208 bytes
MD5: a7e5be9623de1e8e0d180d2deffc4b35
SHA1: 4be20c1f6419099534c548b9c11e53e5abad20ed
SHA256: E0EB34AC18057AD83CBECBA40B3A70581D229F13B337F244ED45DDCD34E410B4
File Size: 8.25 MB, 8247296 bytes
MD5: 0e8b783a8a641752d64b00bdda775567
SHA1: 0be24fe74d73bb97241fb09dd1b5a8b170a85cf1
SHA256: 71AFFEE8AE1071ADD5E8C0C580595E3F2CA2F353C65B4C2BB74EAA40D1CF22DD
File Size: 1.91 MB, 1907760 bytes
MD5: e3ae62c07a3722f89620fbaa60e94ebf
SHA1: bb161fceb4b770a6ba13aa0bcfeae1a8df305f52
SHA256: F5D5F8B7CD36E03D0B087E4ADE7BC061BA6AFA784031566E20DD796C7045F9A2
File Size: 8.94 MB, 8937053 bytes
MD5: a8ffbdf767a905d837983d66530f54b5
SHA1: 0039dca63d0f30bd69dc618e7e83cccd8c85c11b
SHA256: 9E0F9DDBD07B0F8BBC4EA2BBB237FEECF8C5B18A92AF09C1FFF5923F74B47AC5
File Size: 161.28 KB, 161280 bytes
MD5: 99a775572bd412c25a3631561522d513
SHA1: cbbc1627e10584a6b66d48691b94d6cd4a74176a
SHA256: A9FA73277F0C8040A71BCDEF1F8F86905E779C6EF614473F357DF4EE15D13E2B
File Size: 3.05 MB, 3053264 bytes
MD5: 34d67a5fb9a2950812279521d428bcd3
SHA1: cba2598a48a0399809b122a6b6daaa64b38f649d
SHA256: 601C6B24AC226C833ACFE76923AAC290DBAB336C7D9349ACB90E03D30BFCD466
File Size: 157.90 KB, 157904 bytes
MD5: a37b7703dc4f87de757cbd3697e74941
SHA1: 209bc178eaae5aba4c3d61c318e706e6d4ec5b77
SHA256: F9BF981C39806E503990DE4AA38E3D6EDAA307C4974E32D1777A6F284668C146
File Size: 2.06 MB, 2057424 bytes
MD5: 10461ae9beb7af9a3af92b1ee947a114
SHA1: c7001daf74e4684d8906bba0aa10ac5564415bea
SHA256: 86767B56FC49579FAADF2BC29FCB178C18648B1251E609BF6573ED6AE906DE24
File Size: 74.56 KB, 74560 bytes
MD5: 0e9e8d4e191daee2352a5519dcbb2541
SHA1: b8fae02a0e94281486d9e6c0bf772bb24eec5407
SHA256: 962D202BC2CE5DBFD44DF6E913384FA50C5BC6DF62A090297CD7C8F23FCAB748
File Size: 2.04 MB, 2037672 bytes
MD5: 6e4159fcc68c9c7967336a21fd352f98
SHA1: d0acc9ce1c8f49e9fb2856108e981b006ab2c56b
SHA256: BA41B3DEF3140361629051CEA1C9DC4C2016CB3B5CC10B6B6354AF1B457A74DA
File Size: 2.29 MB, 2287008 bytes
MD5: 5e41aac5785371d4503ae8ec8bf697bb
SHA1: f8146944ac5bba7ed2007bd35ae1dbbaafc89267
SHA256: 286F40070AE61FA0A706290773FF44A9108EFE394821BC376AF9D4E7AEA53CA8
File Size: 8.18 MB, 8180696 bytes
MD5: 1a37b631a626a2bb3a8306b71a44b71d
SHA1: 0f7c28e80d7034ebb23fbc5e0d58c6f681af44b1
SHA256: AB725B71A2F550DAB32108FE3DA2F15DDF7C70EC7157BEB625241A95F3C197F8
File Size: 171.98 KB, 171984 bytes
MD5: 76d61d22722745e6f37023a4e51d278e
SHA1: ce40abcd434f5ee4f383db04581cea342704cda2
SHA256: 6EE90338A574A8FC2E1C641CCB52AD0BD49104E786632DEBE5D94E917294DF5C
File Size: 885.67 KB, 885672 bytes
MD5: 7624bb1f1b6d7f1584d9b80aa9e1bad6
SHA1: 839f01b834f9467f533e2d807b3d099832da0f85
SHA256: 8B5F596F44AF3B6BB3FDA66332B00D5E7516D761F8BA901E55DA79432A3C59A2
File Size: 2.46 MB, 2464792 bytes
MD5: 1acd653d13519e32169f61580e54c89b
SHA1: 792e9b1915cba1bf17f7cedffae100708bb1925b
SHA256: C56F68F653E05856BF67E524D65A050B92AA0E1561A9A7A483AC29A6E0794090
File Size: 2.12 MB, 2118568 bytes
MD5: d38e44d26d8d12cc8e8c0b990cc3af1a
SHA1: 22ccb161d86c178564f8865f2095a614e4f44273
SHA256: 89129D16BD4EE77E760A99F919559D331F57FB194EF3C5E603F6702AE6B20849
File Size: 58.03 KB, 58032 bytes
MD5: 5f26f49ce04b73385f7a3f57ecb130c3
SHA1: 24174a0dd611d378184e6c0f4721354150ccb3f8
SHA256: D9786D39F9FDF9C06AA32404D2FAB9EF9F2FFF212B6A2FBF71F2D74A47FE5A34
File Size: 8.24 MB, 8243200 bytes
MD5: 4290fe50942deba5cab59e26e76b26c2
SHA1: 9c8c61276d89afe4ff48a9be3e8f20f9ad0245f4
SHA256: D955CFB3436043F8AF838231AF7F3BD30E52CC40945245034ED4C51C2F9CE201
File Size: 4.64 MB, 4641784 bytes
MD5: 7c5c1b7f7dd86845f52d9e18f30548ff
SHA1: 77f8ce4dde15993a1812025d5b37fea2eb47647a
SHA256: AEB132EA55AE48742EC6B45A278D5E07F60EBC687EA40C7F1BAD4A2CDEE99A6A
File Size: 3.57 MB, 3569678 bytes
MD5: 2a10f2bd08e20ca11d144b6a4c14538d
SHA1: 6f3a40c6d5d292d0bc2b25f4a189a612f17634bf
SHA256: 9DBA9F043127686F7DAE78FB1A8503B5FA7B7C1C95AA19A09041279F8664A660
File Size: 3.50 MB, 3499424 bytes
MD5: 8e6e62598df6416c9e1c4b732da2f6d2
SHA1: 63da1a9fd7a20edeec30a80c2155356a3154e663
SHA256: CCF98EC21B769C7ED47444C08CD7DBE625C401E7893F7A1EE76A67353DF69BF1
File Size: 198.42 KB, 198416 bytes
MD5: 6c8a03fc27653e66fa1149f820e5faac
SHA1: 6464ac711a8b341113dc2086f9a8a195251160d6
SHA256: CFEBB6AFF630B68F5EFF55370AD845CE0C84F6F3BFBCE824FAD1B3E5B53E753B
File Size: 293.21 KB, 293208 bytes
MD5: 3bdfac8fce866503a147490046924aab
SHA1: c91ee799fe4062d525e5f8ac38778ba567850ff6
SHA256: EFE89C24E3C07FD14190CAA95052EF5354088C3889976E057A90F8CC4AAC910B
File Size: 821.33 KB, 821328 bytes
MD5: 871fdfa5ea3a68d484ae1fd3f09fbb84
SHA1: 80d4867e6099f9d6634e4ff9ff162da9ef241859
SHA256: D54AF7008D55F7B134DF4FBC2FDFDC9D35062751D3D7AE803961208C1DFF3251
File Size: 3.61 MB, 3606408 bytes
MD5: 250ea0e7d0a94b34062942f440ba4c53
SHA1: 463ff8041c90f7635c3e1df63e7f07d00f89a245
SHA256: 71CB865CEF6DB1764FB70A14E6B1C08215ADA160A386CAA5683DABE0C2E03668
File Size: 4.43 MB, 4432768 bytes
MD5: 35aa708c870602f4cf153e06e2c92366
SHA1: ac81b036aa6e23c0c9b739d74c53e0b696f35540
SHA256: E7C3D42896E1489CFEFBFF3C1F03D535091C6F44DF6F5FEEB73A926AD44BEDF6
File Size: 383.87 KB, 383872 bytes
MD5: e3409dd28a4c2e8f6c43bff2d2418033
SHA1: 41ac96a085dfec7a3e3149a1810730541222560e
SHA256: AC30E7A27D537EE9B68C179EF08CD9853F85A7161F7246508DC5B8E847D4F382
File Size: 7.43 MB, 7429000 bytes
MD5: 633aa153569e5af15277f61134b64418
SHA1: 8664f3a5188f8ec38d1cd106626822cf64c1f686
SHA256: DE5BCE2945A1CB4A8D880FDAA709EA38651CB5DCA41F7F8D5344D51CC8014B3E
File Size: 774.66 KB, 774656 bytes
MD5: 26f0f206456ce72a8bc4e8ca87f8b846
SHA1: 57aa66f9e80339d014cf6a195527f36c8b5a76e1
SHA256: 39EAF1AF892D07766603AF41B9BA557FCD63E0BC02B92D97337E94AD88370420
File Size: 481.70 KB, 481704 bytes
MD5: ceed06fd65615d2bac7d593d1a622a88
SHA1: f67042367ce9dbf492d5ae409ef00511114534e1
SHA256: 2D10A4E61DFB07D6816830E65459B40F0EFFEFE50FDC507C71F057CDFF826D1C
File Size: 6.14 MB, 6144816 bytes
MD5: 0b2ba73156bd74b67d37bb5317045455
SHA1: b3c2186e6a4cb5d77314a0a1e0af74bbfd8b2de1
SHA256: 97B95EFB5D4E6A42A940F9D228D11106E9A273C27B784A2D7EF52DED5735BEEE
File Size: 1.71 MB, 1706936 bytes
MD5: 48a471a85b98d1463d4e8f94f265d709
SHA1: 03d7f0b66c15bd9477291cff8f88888561d95498
SHA256: 6386BF17896722FBA52E220D4F7B77F45F0DE96192AE945E9D9255B70F9D3356
File Size: 4.59 MB, 4585856 bytes
MD5: cfee67db304a043e953d7bd25c4796ac
SHA1: 200bc9d9048bdf683292ff112c37ec6128024e07
SHA256: 40FB46C47E06BAA2C6016496FA5AD413A67DA8F8ADFBBA634791D30C8B5482C5
File Size: 112.41 KB, 112408 bytes
MD5: 339621584042d257594134cfa1a09bfe
SHA1: 594d6b321380e0433643956f380658af05d6e6a5
SHA256: B9D503FA1080AA406D629E800EB8CBB6D6BA372E483BA90E9B24AFC91478015F
File Size: 6.00 MB, 6004584 bytes
MD5: bb0695602c908e23c38286461ad28cf1
SHA1: 857760d9d2a905c44f29982d4d3b9e1e679f22fb
SHA256: 8AAF0E436AB10AC8056E9DD0946CC62EED98EC882552838C395AE85DD7440F17
File Size: 435.66 KB, 435664 bytes
MD5: a6eb4ec57755616e0037a4313fb5effa
SHA1: a76069d861c8485aa610b2150cf25ea59e119ca7
SHA256: 18D0DF06A2504A23705EFB4B94D6231F457FE05A1D5C19D324ABA3707FAE2B14
File Size: 2.81 MB, 2811936 bytes
MD5: 3b9deaa40f4f57a87cbb39b1f592d8e4
SHA1: 57eb57a72094880bbe013d0004d940512f1b5d6c
SHA256: 9313F24F8E78F81851463C632907146EA922E4AF96BC7435D017AE5317CBF156
File Size: 4.89 MB, 4893096 bytes
MD5: 4edda36e422ada329695e1b6b0322876
SHA1: 7c3978fb610cff8d1320747dc583397f862ea4fc
SHA256: 723B1C38457C5CB916316C9FE89523DD7C9FE65ABF3C74210A9D1FD6025B09F0
File Size: 876.03 KB, 876032 bytes
MD5: 3ed1f3f9ecf5c2507089803ac522620a
SHA1: 99f4ecc266bdf95f2a5bebcc51e6177c5baa6798
SHA256: 1D02F28661EC4E5A54CACA9DFB3F2D629214F8E7AC1C4916987BD122BDE9F302
File Size: 2.08 MB, 2080575 bytes
MD5: a02c9c2bb343455d7bde70a3f8168dd3
SHA1: 25e030b3a69f8b9df22c36b67eac5f778cd1711c
SHA256: F57DCA1FC5CAE11D9F06BDFCF6B9B65956C9B4F932CB1F5E1317AC7D2478074B
File Size: 1.42 MB, 1421312 bytes
MD5: 5327051846c9c13e8538ef0c2208c8fb
SHA1: d95e2d8cc4e285dd2a1daeb0674d1f6658bd6b34
SHA256: 0DCF9CF1835C137FF80EF78FC825305B1DF1CB07124789AD22AB4A5115178B50
File Size: 2.15 MB, 2149792 bytes
MD5: ed5ef5ad5d3f2d9bc3fefab809fbae0f
SHA1: 463bb21727229ae256166a153f62bb8f9d9dac82
SHA256: 895060134AEF86525D3481B1CBDF3AA9FF3A30C9EDC6BDDA65BCBC92BD92118D
File Size: 4.84 MB, 4843424 bytes
MD5: 22de98c932573f98cbc0d7c093737041
SHA1: 6906be31c73a84b29188a825d954861affccf2dd
SHA256: 273C2068FAAE63A6C73D79F8EAA7ABE7BEC51697B95EECF9755F254FC19D4E7C
File Size: 2.04 MB, 2039208 bytes
MD5: e3deb9cf114fc9595fd5ec32e07e0ed0
SHA1: 62b6f05e1506df2e1bbeaf98fda1c943391330cf
SHA256: EE1DC1EE1BB21BC8FF612FD96E997866921B3EFB36E8589D3B56211EA3562B62
File Size: 2.12 MB, 2120104 bytes
MD5: de5205fe3cd510d137bb701fcca7a176
SHA1: 52e73997ad9c495b3d29ae66fa6423e46ed83df2
SHA256: A82D762FF33966339B1FBEA73DBF674E6CAD3A57FD1B1339BD05000BFD38668E
File Size: 1.51 MB, 1510232 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is .NET application
Show More
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

127 additional icons are not displayed above.

Windows PE Version Information

Name Value
Assembly Version
  • 2024.5.26.2035
  • 1.1.3.4
  • 1.1.2.9
Channel Name calendarbase
Comment GNU C build -- MinGW-w64 32-bit
Comments
  • 2009-12-10 16:51:19
  • Build Date: 2022-06-06 16:59:51 +0000
  • Build Date: 2022-11-30 15:56:35 +0000
  • Oppoos.com
  • This installation was built with Inno Setup.
  • XinMaoTao.Net
  • 本程序使用易语言编写(http://www.eyuyan.com)
  • 此安装程序由 Inno Setup 构建。
  • 虚拟网卡安装/卸载
  • 酷我音乐盒 2011
Company Name
  • 337 Technology Limited.
  • Cetihobome
  • Copyright© 2005-2012 AVMediaSoft Co., Ltd.
  • CyberPower Tech, Inc.
  • FreeAudioVideoSoftTech, Inc.
  • Freeease.net.
  • FreeWiFiHotspot Co., Ltd.
  • gnjoy
  • He Fei Yun Biao Xin Xi Ke Ji You Xian Gong Si
  • Microsoft Corporation
Show More
  • MingW-W64 Project. All rights reserved.
  • PPStream.com
  • PPStream Inc.
  • SoftPerk Co., Ltd.
  • Source Spacetime Co.,Ltd.
  • Synaptics
  • The Chromium Authors
  • TODO: <Shanghai Shaji Network Technology Co., Ltd>
  • TOOLGAMEPC Inc.
  • vrBrothers Corporation
  • XinMaoTao.Net
  • YoutubeMusicDownloader.us
  • 上海子丑六合网络科技有限公司
  • 北京布丁跳跳科技有限公司
  • 奇虎网
  • 弯刀
  • 成都吉胜科技有限责任公司
  • 沧州句号网络科技有限公司
  • 深圳市重诚远顺科技有限公司
  • 皮皮科技
  • 酷我科技
  • 重庆重橙网络科技有限公司
  • 青岛软媒网络科技有限公司
Company Short Name The Chromium Authors
File Description
  • 360安全卫士
  • 360安全卫士文件粉碎模块
  • Advanced Calendar
  • ANGLE libEGL Dynamic Link Library
  • Audio Extractor for Free Setup
  • AV Audio Recorder Setup
  • Chromium
  • clientservices
  • Dagon Setup
  • Direct3D HLSL Compiler for Redistribution
Show More
  • Downloader
  • downloader component
  • Downloader MFC 응용 프로그램
  • Drive USB 2.0 Setup
  • Flash Helper Service
  • Flash Helper Service rc
  • FLiNGTrainer
  • Free DVD to AVI MP4 WMV MPEG 3GP FLV Converter Setup
  • Free WiFi Hotspot Setup
  • GenieCleaner Installer
  • HT1H
  • IsaSvc 动态链接库
  • Launcher
  • PIPI Setup
  • POSIX WinThreads for Windows
  • PPStream Installer
  • PPStream 安装
  • QMacro's macro runner.
  • Rorinicuco Setup
  • RO仙境傳說:世界之旅 install
  • Setup/Uninstall
  • Synaptics Pointing Device Driver
  • TOOLGAMEPC DLL
  • Vulkan Loader - Dev Build
  • Webcam Screen Video Capture Free Setup
  • Windows System Component
  • WinMenu.dll
  • Youtube Music Downloader Setup
  • 万能五笔输入法
  • 即刻PDF阅读器
  • 开心看图王-WIN助手
  • 新毛桃卸载程序
  • 易语言程序
  • 智能拼音输入法
  • 极速浏览器安装程序
  • 蓝泡电竞加速器客户端
  • 虚拟网卡安装/卸载
  • 酷我音乐盒 2011
  • 风云恢复大师
  • 魔方优化大师安装程序
File Version
  • 2025,12,31,1939
  • 2025,04,28,0857
  • 2024.5.26.2035
  • 2021.04.30
  • 2014.0.5.271657
  • 87.0.4280.141
  • 82.0.4085.0
  • 51.1052.0.0
  • 24, 24, 24, 24
  • 23.3.0.29
Show More
  • 23.3.0.25
  • 10.3.6.20606
  • 10.0.20348.1 (WinBuild.160101.0800)
  • 9.3.25.302
  • 9.3.0.1
  • 7, 3, 0, 1198
  • 6, 0, 2, 1004
  • 5.8.52.48
  • 5.0.1.2
  • 5, 2, 0, 48
  • 4.0.3.4
  • 3.3.5.3160
  • 3.2.2.2
  • 3.0.0.0
  • 2.6.86.8989
  • 2.3.1.74
  • 2.3.1.72
  • 2.3.1.68
  • 2.3.1.67
  • 2.3.1.66
  • 2.3.1.63
  • 2.3.1.61
  • 2.2.6.0
  • 2.2.3.55
  • 2.2.3.52
  • 2.2.3.50
  • 2.2.3.48
  • 2.1.18365 git hash: 9405b9ea9935
  • 2.1.18362 git hash: 9768648fffc9
  • 2.0.7.933
  • 2.0.0.11061
  • 1.2.8.6017
  • 1.1.3.4
  • 1.1.2.9
  • 1.00
  • 1.0.1111.2222.Dev Build
  • 1.0.8.21211
  • 1.0.0.8791
  • 1.0.0.1036
  • 1.0.0.4
  • 1.0.0.0
  • 1, 0, 0, 1
  • 1, 0, 0, 0
  • 0.0.2.2
Info http://mingw-w64.sourceforge.net/
Internal Name
  • 360Ver
  • AntiRk
  • chrome_elf_dll
  • ClientServices.dll
  • d3dcompiler_47.dll
  • DataRecovery.exe
  • Downloader
  • FlashHelperServices.exe
  • HTSetup.exe
  • IsaSvc
Show More
  • JiSuSetup.exe
  • lanpao.exe
  • Launcher.exe
  • libEGL
  • MyMacro.exe
  • Skin.dll
  • stub_054a5182-684a-4061-95f3-b886132e9d9a.exe
  • TJprojMain
  • TrayDown.exe
  • WinMenu.dll
  • WinPthreadGC
  • 万能五笔输入法
  • 即刻PDF阅读器
  • 开心看图王-WIN助手
  • 智能拼音输入法
Last Change
  • 9f05d1d9ee7483a73e9fe91ddcb8274ebcec9d7f-refs/branch-heads/4280@{#2007}
  • ca0d4bb86687a4b193f44a6e98733f277796d439-refs/branch-heads/4085@{#4}
Legal Copyright
  • (C) XinMaoTao.Net All Rights Reserved.
  • Copyright (C) 2005-2009 PPStream Inc. All Rights Reserved.
  • Copyright (C) 2010
  • Copyright (C) 2012
  • Copyright (C) 2014 LeCheng(beijing) Technology Development Co.Ltd., All rights reserved.
  • Copyright (C) 2014 TopTools100 All Rights Reserved
  • Copyright (C) 2015 Google Inc.
  • Copyright (C) 2015-2022
  • Copyright (C) 2019 He Fei Yun Biao Xin Xi Ke Ji You Xian Gong Si. All rights reserved.
  • Copyright (C) 2019 Shanghai Shaji Network Technology Co., Ltd
Show More
  • Copyright (C) 2020 深圳市重诚远顺科技有限公司深圳市重诚远顺科技有限公司
  • Copyright(c) 2021
  • Copyright(C) 2021 重庆重橙网络科技有限公司.All Rights Reserved
  • Copyright (c) 2021-2024 Erdem Yılmaz
  • Copyright(C) 2022 重庆重橙网络科技有限公司.All Rights Reserved
  • Copyright (C) 2023
  • Copyright (C) 2024
  • Copyright(C)2024 沧州句号网络科技有限公司
  • Copyright (C) MingW-W64 Project Members 2010-2011
  • Copyright 2008
  • Copyright 2012
  • Copyright 2020 The Chromium Authors. All rights reserved.
  • Copyright 2024 Source Spacetime Co.,Ltd. All Rights Reserved.
  • Copyright 2025 Source Spacetime Co.,Ltd. All Rights Reserved.
  • Copyright © 2024
  • gnjoy
  • Soft
  • © Microsoft Corporation. All rights reserved.
  • © 2026 Intel Corporation. All rights reserved.
  • 上海子丑六合网络科技有限公司
  • 作者版权所有 请尊重并使用正版
  • 弯刀 版权所有
  • 成都吉胜科技有限责任公司保留所有权利。
  • 沧州句号网络科技有限公司
  • 版权所有 (C) 2006-2009 奇虎网
  • 版权所有 (C) 2008 奇虎网
  • 酷我公司保留所有权利。
  • (C)vrBrothers Corporation. All rights reserved.
Legal Trademarks 蓝泡
Licence ZPL
Official Build 1
Original Filename
  • 360Ver.dll
  • AntiRk.dll
  • chrome_elf.dll
  • clientlogger.dll
  • ClientServices.dll
  • d3dcompiler_47.dll
  • DataRecovery.exe
  • Downloader.exe
  • Downloader.EXE
  • FlashHelperService.exe
Show More
  • Give.exe
  • HPPRaump.exe
  • HTSetup.exe
  • IsaSvc.dll
  • JiSuSetup.exe
  • JkNorac.dll
  • lanpao.exe
  • Launcher.exe
  • libEGL.dll
  • MyMacro.exe
  • ppstreamsetup.exe
  • Skin.dll
  • TJprojMain.exe
  • TrayDown.exe
  • TweakCubeSetup.exe
  • WinMenu.dll
  • WinPthreadGC
  • wnTSF.ime
  • ZNUpd.exe
Private Build
  • 2.1.18362 git hash: 9768648fffc9
  • 2.1.18365 git hash: 9405b9ea9935
Product Name
  • 360安全卫士
  • 360安全卫士文件粉碎模块
  • Advanced Calendar
  • ANGLE libEGL Dynamic Link Library
  • Audio Extractor for Free
  • AV Audio Recorder
  • Chromium
  • Dagon
  • DATS
  • Downloader
Show More
  • Downloader 응용 프로그램
  • Drive USB 2.0
  • Flash Helper Service
  • FLiNGTrainer
  • Free DVD to AVI MP4 WMV MPEG 3GP FLV Converter
  • Free Easy YouTube Downloader
  • Free WiFi Hotspot
  • GenieCleaner Installer
  • HT1H
  • IsaSvc 动态链接库
  • Launcher
  • Microsoft® Windows® Operating System
  • Microsoft® Windows® Operating System
  • PIPI
  • PPStream
  • Project1
  • QMacro
  • Rorinicuco
  • RO仙境傳說:世界之旅
  • Skin DLL
  • Synaptics Pointing Device Driver
  • Tray downloader
  • Vulkan Runtime
  • Webcam Screen Video Capture Free
  • WinMenu.dll
  • Youtube Music Downloader
  • 万象网管
  • 中文(简体) - 万能五笔输入法
  • 即刻PDF阅读器
  • 开心看图王-WIN助手
  • 新毛桃卸载程序
  • 易语言程序
  • 智能拼音输入法
  • 极速浏览器
  • 蓝泡电竞加速器
  • 虚拟网卡安装/卸载
  • 酷我音乐盒 2011
  • 风云恢复大师
  • 魔方优化大师
Product Short Name Chromium
Product Version
  • 2024.5.26.2035
  • 2021.04.30
  • 2014.0.5.271657
  • 87.0.4280.141
  • 82.0.4085.0
  • 24, 24, 24, 24
  • 23.3.0.29
  • 23.3.0.25
  • 10.3.6.20606
Show More
  • 10.0.20348.1
  • 10.0.19041.1
  • 9.3.25.302
  • 9.3
  • 7.0.57.12
  • 7.0.56.21
  • 7, 3, 0, 1198
  • 6, 0, 2, 1004
  • 5, 2, 0, 48
  • 4.4
  • 4.2
  • 3.3.5.3160
  • 3.3.5.0
  • 3.0.0.0
  • 2.6.86.8989
  • 2.3.1.74
  • 2.3.1.72
  • 2.3.1.68
  • 2.3.1.67
  • 2.3.1.66
  • 2.3.1.63
  • 2.3.1.61
  • 2.2.6.0
  • 2.2.3.55
  • 2.2.3.52
  • 2.2.3.50
  • 2.2.3.48
  • 2.1.18365 git hash: 9405b9ea9935
  • 2.1.18362 git hash: 9768648fffc9
  • 2.0.0.11061
  • 2,8,0,4291
  • 1.2.8.6017
  • 1.1.3.4
  • 1.1.2.9
  • 1.00
  • 1.0.1111.2222.Dev Build
  • 1.0.26.241009
  • 1.0.8.21211
  • 1.0.7.21211
  • 1.0.0.8791
  • 1.0.0.0
  • 1,1,1,50407
  • 1, 0, 0, 1
  • 1, 0, 0, 0
Publisher TopTools100

Digital Signatures

Signer Root Status
万惟智汇(厦门)数据科技有限公司 AAA Certificate Services Root Not Trusted
商丘蓝泡科技有限公司 AAA Certificate Services Root Not Trusted
Suzhou Qingchen Information Technology Co Ltd. COMODO RSA Code Signing CA Hash Mismatch
Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd COMODO RSA Extended Validation Code Signing CA Hash Mismatch
Beijing Hangxin Gaoke Intellectual Property Operation Co.,Ltd COMODO RSA Extended Validation Code Signing CA Self Signed
Show More
Beijing Qingruan Creative Information Technology Co., Ltd. COMODO RSA Extended Validation Code Signing CA Self Signed
Zhejiang HaoYing Network Co. , Ltd Certification Authority of WoSign Root Not Trusted
SHANGHAI ZHONGYUAN NETWORKS LIMITED Class 3 Public Primary Certification Authority Root Not Trusted
Shanghai Shaji Network Technology Co., Ltd DigiCert EV Code Signing CA (SHA2) Self Signed
Shenzhen Chongcheng Yuanshun Technology Co., Ltd DigiCert EV Code Signing CA (SHA2) Hash Mismatch
Fujian Chuangyi Jiahe Soft Co., Ltd. DigiCert SHA2 Assured ID Code Signing CA Hash Mismatch
Anhui Fun2play Entertainment Network Technology Co.,Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Gravity Game Vision Limited DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Hangzhou Yinggao Technology Co., Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Shanghai Oriental Webcasting Co. Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Shanghai YouXin Media Studio DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Xiamen Jubaoshang Network Technology Co., Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
北京布丁跳跳科技有限公司 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
成都吉胜科技有限责任公司 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
沧州句号网络科技有限公司 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
重庆重橙网络科技有限公司 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Hangzhou Yinggao Technology Co., Ltd. DigiCert Trusted Root G4 Root Not Trusted
北京国富安电子商务安全认证有限公司 DigiCert Trusted Root G4 Root Not Trusted
成都吉胜科技有限责任公司 DigiCert Trusted Root G4 Root Not Trusted
重庆重橙网络科技有限公司 DigiCert Trusted Root G4 Root Not Trusted
沧州句号网络科技有限公司 GlobalSign Code Signing Root R45 Root Not Trusted
337 Technology Limited GlobalSign CodeSigning CA - G2 Self Signed
Beijing Qingruan Chuangxiang Information Technology Co., Ltd. GlobalSign CodeSigning CA - SHA256 - G2 Self Signed
Wuhan Aixinsen Technology Co., Ltd. GlobalSign CodeSigning CA - SHA256 - G3 Hash Mismatch
Tsingsoft Imagination Information Technology Co., Ltd GlobalSign Root CA Root Not Trusted
任子行网络技术股份有限公司 GlobalSign Root CA Root Not Trusted
安徽省刀锋网络科技有限公司 GlobalSign Root CA Root Not Trusted
Xiamen Source Spacetime Technology Co., Ltd. Sectigo Public Code Signing Root R46 Root Not Trusted
MEIXIAN XIE Symantec Class 3 SHA256 Code Signing CA Self Signed
InvestSoft Ltd Thawte Code Signing CA Self Signed
福建六壬网安股份有限公司 Thawte Code Signing CA - G2 Self Signed
Qizhi Software (beijing) Co. Ltd Thawte Premium Server CA Root Not Trusted
BEIJING KUWO TECHNOLOGY CO.,LTD. VeriSign Class 3 Code Signing 2009-2 CA Self Signed
SHANGHAI ZHONGYUAN NETWORKS LIMITED VeriSign Class 3 Code Signing 2009-2 CA Root Not Trusted
Qingdao Ruanmei Network Technology Co.,Ltd. VeriSign Class 3 Code Signing 2010 CA Self Signed
Tiejiaren Technology Co,LTD VeriSign Class 3 Code Signing 2010 CA Self Signed
BEIJING XINDA HUANYU NETWORK SECURITY TECHNOLOGY CO.,LTD VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Henan Pushitong Intelligent Technology Co., Ltd. VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
YI ZENG VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Shenzhen yundian Technology Co., Ltd thawte Primary Root CA Root Not Trusted
善君 韦 thawte Primary Root CA Root Not Trusted
福建六壬网安股份有限公司 thawte Primary Root CA Root Not Trusted
Bopsoft thawte SHA256 Code Signing CA Self Signed
北京昆仑万维科技股份有限公司 北京昆仑万维科技股份有限公司 Self Signed

File Traits

  • 2+ executable sections
  • big overlay
  • dll
  • HighEntropy
  • No Version Info
  • packed
  • themida
  • themida section variant
  • upx
  • x86

Block Information

Total Blocks: 1,668
Potentially Malicious Blocks: 20
Whitelisted Blocks: 1,363
Unknown Blocks: 285

Visual Map

? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 ? 0 0 ? ? 0 ? ? 0 ? 0 x ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x ? ? ? ? x ? 0 0 0 0 0 x 0 0 0 0 0 0 0 0 ? ? ? x 0 0 x 0 x 0 0 x 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 0 0 ? 0 ? ? 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? ? ? 0 ? ? 0 ? ? x ? x ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 ? ? 0 ? ? ? ? ? ? 0 0 0 0 0 ? ? ? ? ? 0 0 ? 0 0 0 0 0 ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 ? ? ? ? 0 ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? x ? ? 0 0 0 x 0 ? 0 0 ? 0 ? ? 0 ? ? 0 0 0 ? ? 0 ? ? 0 0 0 ? ? ? ? 0 0 0 ? ? 0 0 0 0 ? ? 0 x ? ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • 2144FlashPlayer.B
  • Agent.ACB
  • Agent.IFSB
  • Agent.KLB
  • Agent.MBB
Show More
  • Agent.ON
  • Agent.XXS
  • Autorun.SA
  • Bitcoinminer.FD
  • Coinminer.KE
  • Davs.A
  • Delf.AIA
  • Delf.TB
  • Dinwod.E
  • Emotet.CCA
  • Emotet.CDD
  • FakeAlert.X
  • Filecoder.FL
  • FlyStudio.CA
  • Injector.AK
  • Injector.KDH
  • Kasperagent.A
  • Kryptik.DGE
  • Kryptik.FGI
  • Kryptik.TDGA
  • Lumma.GFD
  • Rugmi.GI
  • Rugmi.IA
  • Sheloader.A
  • Softcnapp.A
  • Softcnapp.D
  • Tongbuxing.A
  • Trojan.Agent.Gen.AQS
  • Trojan.Agent.Gen.PT
  • Trojan.Downloader.Gen.HP
  • Trojan.Downloader.Gen.MD
  • Trojan.Kryptik.Gen.ANW
  • Trojan.Kryptik.Gen.BQN
  • Trojan.Kryptik.Gen.DDW
  • Trojan.Kryptik.Gen.DET
  • Xtreme.B

Files Modified

File Attributes
\device\harddisk0\dr0 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\common files\microsoft shared\msinfo\msinfo32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\tweakcube3\cleanmaster.exe Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\config\b437.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\tweakcube3\config\b448.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\tweakcube3\config\favorite.xml Synchronize,Write Data
c:\program files (x86)\tweakcube3\config\tweakcube3.xml Synchronize,Write Data
c:\program files (x86)\tweakcube3\errorlog\hd-2026-02-22-21-38-43-.dmp Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\fixmaster.exe Generic Write,Read Attributes
Show More
c:\program files (x86)\tweakcube3\iemaster.exe Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\ithome.exe Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\memorymaster.exe Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\rmup.exe Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\ruanmeisvc.exe Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\tempmon.exe Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\tweakcube3.exe Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\uninstall.exe Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\virtualdrivemaster.exe Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\visualmaster.exe Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\winguard.dll Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\winguard.exe Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\winguard_x64.dll Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\winguard_x64.exe Generic Write,Read Attributes
c:\program files (x86)\tweakcube3\winmaster.exe Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\license.txt Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantray.exe Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraydll.dll Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\images\button.png Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\images\close.png Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\images\question.png Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\images\set_bk.png Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\images\set_common.png Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\images\set_line.png Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\images\set_right.png Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\mainframe.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\resource.res Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\style.css Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\tabgeneralsettings.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\tabothersettings.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\tabsoundsettings.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\tabtimesettings.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mantraysetdlg\tabweathersettings.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mtad.exe Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mtset.exe Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\mtup.exe Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\popwinparam.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\resources\citylist.xml Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\setup.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ʱ¿ÌÔÚÏß\setup.ini Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\uninstall.exe Generic Write,Read Attributes
c:\program files (x86)\ʱ¿ÌÔÚÏß\xcguid.dll Generic Write,Read Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcxe45b.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\progra~3\packag~1\{042d2~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{33d1f~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{47109~1\vc_red~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{5af95~1\vc_red~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{9dff3~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{ca675~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\3582-490\0a1fb5d1da5b4ad30abee961ca790406b966bd92_0002450032 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\4692urlseum Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\4692urlseum Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut460d.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-0ak33.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-44mge.tmp\d4c4197df6c6b58955ed1eb49a01170f705a3e1d_0002686032.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-9o6va.tmp\97dc5965fe7a2e6a9a201d6c19540141b42508f1_0002719351.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-a3hki.tmp\77f8ce4dde15993a1812025d5b37fea2eb47647a_0003569678.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-bpkk8.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-bpkk8.tmp\isxdl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-bpkk8.tmp\itdownload.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-bpkk8.tmp\yzohlaruug.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-dpflo.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-dpflo.tmp\itdownload.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-dpflo.tmp\rkinstaller.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-dpflo.tmp\rkverify.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-duglb.tmp\80d4867e6099f9d6634e4ff9ff162da9ef241859_0003606408.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-fk41d.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-k9gk5.tmp\4b29094bfe58c428e226a99a47957760440e6497_0001473280.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-lplkv.tmp\fa1e99279b185a0b9ac276f8ff2c42b722bc2600_0005383168.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-vrjn5.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-vrjn5.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\jisu_installer.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsabbd5.tmp\bg.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\bgagreement.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_agreement.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_agreement_h.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_close_new.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_close_new_h.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_custom.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_custom_h.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_install.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_install1_new.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_install1_new_h.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_install_new.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_install_new_h.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_next.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_ok1.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_path_new.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_path_new_h.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_privacy.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_privacy_h.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_return_new.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_return_new_h.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_run_new.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\btn_run_new_h.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\checkbox_checked.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\checkbox_unchecked.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\chk_autorun_checked.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\chk_autorun_unchecked.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\chk_menu_checked.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\chk_menu_unchecked.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\chk_taskbar_checked.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\chk_taskbar_unchecked.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\finish.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\kv1.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\kv2.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\kv3.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\license.rtf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\loading1.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\loading2.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\welcome.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd5.tmp\wndproc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh65ca.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsh65ca.tmp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh65ca.tmp.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsha804.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsha804.tmp\mplugin_nsis.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha804.tmp\mplugin_nsis.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsha804.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha804.tmp\nsdialogs.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsha804.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha804.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsha851.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nshc319.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nskbbd4.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsna872.tmp\buttonlinker.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna872.tmp\findprocdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna872.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna872.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsna872.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna872.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna872.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna872.tmp\op.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsna872.tmp\op.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna872.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna872.tmp\vod.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna872.tmp\whatsnew.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr65b9.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa803.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsxc32a.tmp\sobar\kwmusic_sobar.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsxc32a.tmp\sobar\kwmusic_sobar.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxc32a.tmp\sobar\kwmusic_sobar.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\o’ - t¹3.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\tc_task.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmpskzxcomm.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmpskzxsteup.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\xml_downloaded_24.xml Generic Write,Read Attributes
c:\users\user\appdata\locallow\wannengwbime.users\mb\userdata.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\wannengwbime.users\mb\userdata.db-journal Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\wannengwbime.users\mb\userfreqdata.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\wannengwbime.users\mb\userfreqdata.db-journal Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\wannengwbime\config\related.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\wannengwbime\config\usevestige.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\gnjoy\roworld\userconfig.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\gnjoy\roworld\userconfig.ini Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\startmenu\o’ - t¹3.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\o’ - t¹3.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\o’oö\t¹3\o’ - '.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\o’oö\t¹3\o’ - ¾n'.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\o’oö\t¹3\o’ - )¦ñk.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\o’oö\t¹3\o’ - ie¡'.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\o’oö\t¹3\o’ - itk¶.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\o’oö\t¹3\o’ - t¹3.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\o’oö\t¹3\o’ - zßiq.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\o’oö\t¹3\o’ - …xt.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\o’oö\t¹3\o’ - ž'.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\o’oö\t¹3\o’ - î\r'.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tweakcube3\config\b6ca.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tweakcube3\config\winguard.xml Synchronize,Write Data
c:\users\user\appdata\roaming\tweakcube3\winguard.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\tweakcube3\winguard.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\tweakcube3\winguard_x64.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\tweakcube3\winguard_x64.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\o’ - t¹3.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_25e030b3a69f8b9df22c36b67eac5f778cd1711c_0001421312 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_25e030b3a69f8b9df22c36b67eac5f778cd1711c_0001421312 Synchronize,Write Attributes
c:\users\user\downloads\uninstall.log Generic Write,Read Attributes
c:\windows Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\svchost.com Generic Write,Read Attributes
c:\windows\system32\myeasylog.log Generic Write,Read Attributes
c:\windows\syswow64\isaagent.bin Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\plus500::guistring f6229c85-f2c8-49b3-bce7-3788fd18f722 RegNtPreCreateKey
HKCU\software\plus500::downloadserver download.plus500.com RegNtPreCreateKey
HKCU\software\plus500::downloadserverfolder /DownloadService.svc/GetUpdateXML?did= RegNtPreCreateKey
HKCU\software\plus500::brand Plus500 RegNtPreCreateKey
HKCU\software\plus500::downloadercrc RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows\currentversion\run::mantray C:\Program Files (x86)\ʱ¿ÌÔÚÏß\ManTray.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Lzwzlkhb\AppData\Local\Temp\nsxC32A.tmp\ RegNtPreCreateKey
HKLM\software\classes\exefile\shell\open\command:: C:\WINDOWS\svchost.com "%1" %* RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\wannengwb\setting::7c319  RegNtPreCreateKey
HKCU\software\wannengwb\setting::359c8 I RegNtPreCreateKey
HKCU\software\plus500::guistring 5ab311e5-7a31-4592-9c79-89112a628bb0 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 闯ȁ ਪˣ鈯ˣ遙̃豤̃偫~অˣ炑̃龡^濖̃賬̃攘ť(獖}偫~엦1਷ˣ邯̃뫯ʃdᵂċᵆċeꙥž֢᠌엦1¶fꙥžg֢ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\ruanmei\tweakcube3::install_dir C:\Program Files (x86)\TweakCube3 RegNtPreCreateKey
HKCU\software\ruanmei\tweakcube3::install_file f67042367ce9dbf492d5ae409ef00511114534e1_0006144816 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\tweakcube3::displayname 魔方3 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\tweakcube3::displayversion 3.3.5.0 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\tweakcube3::uninstallstring C:\Program Files (x86)\TweakCube3\uninstall.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\tweakcube3::displayicon C:\Program Files (x86)\TweakCube3\TweakCube3.exe,0 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\tweakcube3::installlocation C:\Program Files (x86)\TweakCube3 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\tweakcube3::publisher 软媒网络科技有限公司 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\tweakcube3::urlinfoabout http://mofang.ithome.com RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\ruanmei\tweakcube3::curversion 3.3.5.0 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 闫ȁ獖}偫~엦1dᵂċᵆċr֢ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
  • ShellExecute
  • ShellExecuteEx
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Network Winsock2
  • WSASocket
  • WSAStartup
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetOpenUrl
  • InternetQueryOption
  • InternetReadFile
  • InternetSetOption
Network Winhttp
  • WinHttpOpen
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAllocateReserveObject
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
Show More
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRemoveIoCompletionEx
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetIoCompletionEx
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiBitBlt

51 additional items are not displayed above.

Anti Debug
  • CheckRemoteDebuggerPresent
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Winsock
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • recv
  • send
  • setsockopt
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Service Control
  • OpenSCManager
  • OpenService
  • StartService
  • StartServiceCtrlDispatcher

Shell Command Execution

"C:\Users\Roiphvor\AppData\Local\Temp\is-K9GK5.tmp\4b29094bfe58c428e226a99a47957760440e6497_0001473280.tmp" /SL5="$401F6,1219721,84480,c:\users\user\downloads\4b29094bfe58c428e226a99a47957760440e6497_0001473280.exe"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\372ad42dd4b2a7b837b56759e1f1195e4d3ef06b_0000435544.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8072fcb43aaef2804b63298250b2631de107b3f4_0000749800.,LiQMAxHB
"C:\Users\Fycoetnu\AppData\Local\Temp\is-9O6VA.tmp\97dc5965fe7a2e6a9a201d6c19540141b42508f1_0002719351.tmp" /SL5="$2013C,1955073,721408,c:\users\user\downloads\97dc5965fe7a2e6a9a201d6c19540141b42508f1_0002719351"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7150e83b7add1e2ea13687b3fc94499d4a5e9c60_0000883616.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f44263bfd55f3d835741e1b57a9beb0f9beb6f82_0000030208.,LiQMAxHB
open C:\Program Files (x86)\ʱ������\ManTray.exe
"C:\Users\Leyuplll\AppData\Local\Temp\is-LPLKV.tmp\fa1e99279b185a0b9ac276f8ff2c42b722bc2600_0005383168.tmp" /SL5="$30264,5077796,56832,c:\users\user\downloads\fa1e99279b185a0b9ac276f8ff2c42b722bc2600_0005383168"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f6d08125b5b3f478de2749708f31e273b1a694b0_0001995672.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c37f60a3ee9eb00a18794605e11054f7e4f43811_0000883616.,LiQMAxHB
"C:\Users\Ulcsmkhk\AppData\Local\Temp\is-44MGE.tmp\d4c4197df6c6b58955ed1eb49a01170f705a3e1d_0002686032.tmp" /SL5="$501E6,2269682,121344,c:\users\user\downloads\d4c4197df6c6b58955ed1eb49a01170f705a3e1d_0002686032"
open C:\Users\Obukghjo\AppData\Local\Temp\3582-490\0a1fb5d1da5b4ad30abee961ca790406b966bd92_0002450032
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cfef816b231c60ce525c2c478fce5fc3807cbede_0000077824.,LiQMAxHB
"C:\Users\Xpxfxgxa\AppData\Local\Temp\nsh65CA.tmp.exe" -CanInstall
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f0443a432e79fb7b9ad8eb758c42f5d808f9c81c_0000325208.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0039dca63d0f30bd69dc618e7e83cccd8c85c11b_0000161280.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cbbc1627e10584a6b66d48691b94d6cd4a74176a_0003053264.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cba2598a48a0399809b122a6b6daaa64b38f649d_0000157904.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0f7c28e80d7034ebb23fbc5e0d58c6f681af44b1_0000171984.,LiQMAxHB
"C:\Users\Mgdiuabz\AppData\Local\Temp\is-A3HKI.tmp\77f8ce4dde15993a1812025d5b37fea2eb47647a_0003569678.tmp" /SL5="$30320,1316816,781824,c:\users\user\downloads\77f8ce4dde15993a1812025d5b37fea2eb47647a_0003569678"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6f3a40c6d5d292d0bc2b25f4a189a612f17634bf_0003499424.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c91ee799fe4062d525e5f8ac38778ba567850ff6_0000821328.,LiQMAxHB
"C:\Users\Yshzgoxn\AppData\Local\Temp\is-DUGLB.tmp\80d4867e6099f9d6634e4ff9ff162da9ef241859_0003606408.tmp" /SL5="$6029C,2855558,721408,c:\users\user\downloads\80d4867e6099f9d6634e4ff9ff162da9ef241859_0003606408"
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate
taskbarpin C:\Users\Kulwimhc\AppData\Local\Temp\软媒 - 魔方3.lnk
startpin C:\Users\Kulwimhc\AppData\Local\Temp\软媒 - 魔方3.lnk
open C:\Program Files (x86)\TweakCube3\TweakCube3.exe -send_install_info
open C:\Program Files (x86)\TweakCube3\TweakCube3.exe
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\857760d9d2a905c44f29982d4d3b9e1e679f22fb_0000435664.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7c3978fb610cff8d1320747dc583397f862ea4fc_0000876032.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\99f4ecc266bdf95f2a5bebcc51e6177c5baa6798_0002080575.,LiQMAxHB
runas c:\users\user\downloads\._cache_25e030b3a69f8b9df22c36b67eac5f778cd1711c_0001421312

Trending

Most Viewed

Loading...