PUP.Gamehack

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.Gamehack
Signature status:	Modified signature

Known Samples

MD5: 4d123dad4b8dbef9af59f55b94d65d2a

SHA1: 3b9ac40b46506981204faa23ed72a6863e7b28df

File Size: 144.67 KB, 144672 bytes

MD5: 1036ccc7d7ae9480500995d255d46b6c

SHA1: 97292e49958ecd3a3af985befa2662debf6670d2

File Size: 144.67 KB, 144672 bytes

MD5: e0a2df6d60df2707184963668e94b45a

SHA1: c13b9533cbbe497e08a19146d9fb3ced1674e7a2

File Size: 144.67 KB, 144672 bytes

MD5: f747d4cc204578d05f4fb6d114393f3e

SHA1: d27d4c1284c4a2007229ce897cbed52e1534ae48

File Size: 144.67 KB, 144672 bytes

MD5: ffd185e84ec7e6758c6288052d45ff67

SHA1: c1909ca79e11cd686bd13d0db9da9a74418544d5

File Size: 144.67 KB, 144672 bytes

MD5: 054d9ef45fd88dc7e16a83030b9135c6

SHA1: ed59181eea36fd1cd21c065aa9ecd8c08bca878e

File Size: 144.67 KB, 144672 bytes

MD5: f47caaf8e92d0a1ec1791c4e5e34f437

SHA1: a38317b7617f1547d5ba11f03d59f05730efe373

File Size: 144.67 KB, 144672 bytes

MD5: fbd4aa3bc6a01802cac1b566e33847cc

SHA1: 4088cdbe67bf12e1ab46ee6b52be6b0e787fe4d0

File Size: 144.67 KB, 144672 bytes

MD5: 2c05fa7f294b25ebd1c08463443032bc

SHA1: 686382d64ea1f81bec5c8df46adb737f209eebfb

File Size: 3.58 MB, 3575296 bytes

MD5: ec568260da8cb8a38a08c33c33d795a4

SHA1: 25ea9ef558cdbca310ab22eee4fad61449c05922

File Size: 144.67 KB, 144672 bytes

MD5: 2fe64cad238476587a333e28532e25ec

SHA1: fc4da51ccb0462a50c5932481dda16f3966ee815

File Size: 144.67 KB, 144672 bytes

MD5: 400af0d88592a1315ce3b4a58ac4a135

SHA1: 363af0afda288ab68ad6fbc958f5c56213dd0666

File Size: 144.42 KB, 144416 bytes

MD5: 4d9ac5ca62ac900a49dd51dd6be89ea2

SHA1: 3a2a07475b220df7670386bca28e949fa71a2130

File Size: 71.17 KB, 71168 bytes

MD5: 5a54b62e83c537e8dc9b9f0ce73ae074

SHA1: a8a769d09e02ddcc0690a99f38a5d813c9dd984e

File Size: 144.67 KB, 144672 bytes

MD5: 5b0a5c4c9c2bd0792d1910073ff72e60

SHA1: f96e6a9ed5e3e64a408106aeb0fddd62803dcce1

File Size: 144.67 KB, 144672 bytes

MD5: b97ca4c95dab9471044aa2e70077b7e8

SHA1: d00a0b2b0c14adcd3cbbbaf8b2b2a5dedf45084e

File Size: 2.63 MB, 2633728 bytes

MD5: 4e948b7a104001fe1d15bd83c34b86d5

SHA1: c1846d8ce0c6230f5ee7917291994bc8d39c8452

File Size: 144.67 KB, 144672 bytes

MD5: 10d2dde4d3c737e01265b5bb3c54b43f

SHA1: c0bd69b5d4fbb1a2aa34b19605f54f1b038cab7c

File Size: 1.67 MB, 1672192 bytes

MD5: efa4ffd0614d34c53db8c64a35174774

SHA1: 7b20f92d69a1433cd2f6dc2fa6be4bd278d793e8

File Size: 3.47 MB, 3472341 bytes

MD5: 2726686240b3aeb1908e9469039d0a6f

SHA1: 38c61c6a30a5785fcaf7a4e49a5a0696ef7e9bd7

File Size: 144.67 KB, 144672 bytes

MD5: b0bbb1d1089cb18269b9d93ea3ec2d56

SHA1: 626d275568462659dac17158ab6939f0a9288188

File Size: 7.33 MB, 7330816 bytes

MD5: 1fb9943526a5f8e230ed9646e23de754

SHA1: 0d306a7e143e49e8fa5c5c83076191ca34040e65

File Size: 144.67 KB, 144672 bytes

MD5: 71920af2d8dd0520d4b2fa600811c705

SHA1: 30f185bb12c35752dc897a4c4d564aafb9e082a4

File Size: 144.42 KB, 144416 bytes

MD5: 974f33d37158ea7ce92f9655761e27eb

SHA1: 8cc5b8806f2e0ad9ea245349c16e963255e562fe

File Size: 144.67 KB, 144672 bytes

MD5: 2f3f925c32503d06f49930dd12929f11

SHA1: d75ce6f9faaf522424535c18f754930983334ad7

File Size: 144.67 KB, 144672 bytes

MD5: 565345f6c839ef77fcf3fc308d9ee147

SHA1: 71846a4ea1f29345009e2c1424e7e35ce0287a97

File Size: 144.67 KB, 144672 bytes

MD5: c91ecff8fb810f99212df73d121e41a5

SHA1: d0b932ab630515c810f3ee14b8d846163849df40

File Size: 144.67 KB, 144672 bytes

MD5: 22b0591167a97dcd639d9101937f97ea

SHA1: 4b795aab609f0d96d4b4cfa529b210027324c42e

File Size: 144.67 KB, 144672 bytes

MD5: b79bf71a3925373b41740c000dbac9bc

SHA1: 35d39e7a4ff03ff2647d7ca1ab8e84703e50b5c7

File Size: 144.42 KB, 144416 bytes

MD5: d850ec5e8cba36f4198a7d880db31e56

SHA1: 51fe5696cff04785949db6dc52e9cca274dab25e

File Size: 144.67 KB, 144672 bytes

MD5: 73db124fc8a928e64a7ef687e8803fa4

SHA1: af5eb3fac0e009163275046e01f835c02b1368af

File Size: 144.67 KB, 144672 bytes

MD5: 3f32b02cd49348d55291d862faf78b0d

SHA1: 6f4e965a23b96c11f5630e613e664b0fd42d6c0b

File Size: 144.42 KB, 144416 bytes

MD5: 99af5ad4f4cd6a20c0ba57f2fa8817d8

SHA1: 24288ffb2c0a7c8d08a2c4129c5cdef96fa03c05

File Size: 144.67 KB, 144672 bytes

MD5: 469c6f02d0f03e3b47c351f86ab52e53

SHA1: c38c28e0d85c0b4ffddc36732c70dc7b95a4162f

File Size: 144.67 KB, 144672 bytes

MD5: 7ea9f5948b7555024741f9f82709a0c7

SHA1: dcbcfaf1c289e4a80c185d7857a782650c2a3e1d

File Size: 144.67 KB, 144672 bytes

MD5: a4067872e9d6dc43a1b061621b0e9271

SHA1: b83e4b68e09064fbc26e3d2c526f8a1683f7b737

File Size: 1.21 MB, 1212487 bytes

MD5: 2fc26ef674587d90adb529b639ab821c

SHA1: 8d00ac772fb340d54f0ea12d1af0c54012a0455e

File Size: 144.67 KB, 144672 bytes

MD5: 1fcc8d092ad54daaa33f66315ce9234e

SHA1: 9aeda2c1faccb75e6ea9b4484d1040a8f969e30c

File Size: 144.42 KB, 144416 bytes

MD5: fe80b7ed96fd6e84486afa9c0bb4b575

SHA1: 8f171ff3d240c4c1d8c76b08e8b05e333cc5c030

File Size: 144.67 KB, 144672 bytes

MD5: 4c8f60395bce497976f86ae12d240124

SHA1: 138279853221a04a0e5bd1bd7e1ab96758a8e648

File Size: 136.08 KB, 136080 bytes

MD5: d7ec62febc4a42416de817e893380666

SHA1: 9ec93be09dd5d31e049946372838f2d1169b6c16

File Size: 144.67 KB, 144672 bytes

MD5: d900505826dbca4aafc8ce288ce119fa

SHA1: 4d9873aa55da5633bb4f473229697f44a611d897

File Size: 8.52 MB, 8515840 bytes

MD5: 5589c048c26ba046e14e42bafb8f94a5

SHA1: ddf7cb4ee7990d92f6fb39a29c0f263f6e62e9dd

File Size: 144.67 KB, 144672 bytes

MD5: 550e078760d04399ce620ac172f2be62

SHA1: ca0012b72c9c38cd216a2601e52a65a3cfa6cb9b

File Size: 1.67 MB, 1665536 bytes

MD5: 08f2a60c4026f51e6de95756e9c15579

SHA1: 832875bd90254633b522326260ef508c9a13ded9

File Size: 74.75 KB, 74752 bytes

MD5: 94c649ca20904ad28ead67eff958e484

SHA1: 2b5ca3f0b47367be5c91de70ddaf3416b28129be

File Size: 144.67 KB, 144672 bytes

MD5: 5eb5c72f331fd034dd64f1e1ae777de4

SHA1: bfa17fdc7c30c5d336897ac003a6248e93e12a05

File Size: 144.67 KB, 144672 bytes

MD5: 0af04a5b4004dcf6ab5e0c0b7a2df044

SHA1: 89a4626a92cdea88c1f78d6a82579e49c8092885

File Size: 144.67 KB, 144672 bytes

MD5: 2702a4f4afb6836bb2b8785f82b61e33

SHA1: 893b7952c1704675b3e0698c99af941eadd736a7

File Size: 144.67 KB, 144672 bytes

MD5: 7fed24fca902a883c30359412fb15759

SHA1: 47a24c432f1f0d87c9bc19a5c454c9ec3e1b95c7

File Size: 144.67 KB, 144672 bytes

MD5: 828ec75302dd752fa138f86482fea827

SHA1: 36b885797dc013222de916c89431357efa0fca06

File Size: 144.67 KB, 144672 bytes

MD5: cdf76b5a8d7e31654afedb862a085729

SHA1: 541c3989829cfc0b55b347e4b007c01aa0b54a5c

File Size: 144.67 KB, 144672 bytes

MD5: 50df191a84684518bc0a50b943828d3e

SHA1: 70cbfd5ce7bc590ccf395ce056be00c93a14db12

File Size: 144.67 KB, 144672 bytes

MD5: 2d37326eab0b7a9c3f3e4214f536a017

SHA1: 2c181bf825c8c6253edb97334a750d4252422857

File Size: 2.20 MB, 2204629 bytes

MD5: 4b70c470d815517233be1efe0ed5244a

SHA1: 86b7033d4b5349216bd3ad5fa23becbb429a2838

File Size: 1.62 MB, 1619456 bytes

MD5: 17b933dd4b7a54b5ea43c45034a1c7c7

SHA1: bcfdeaf25c7a664987c531262245b08386848a04

File Size: 144.67 KB, 144672 bytes

MD5: 0e9bb1f0a706610bd7b0bf8914790200

SHA1: 383ecb44b927a2b8aea00237711898243516b28a

File Size: 144.67 KB, 144672 bytes

MD5: 226fcd962cbb07400b85e485b476f4de

SHA1: dddfca5af8014e4e72458012cd6c6301969b9982

File Size: 144.42 KB, 144416 bytes

MD5: 8d635c279b12a79d4502f5610cc7e4cd

SHA1: c73fe5b79e11e19a5b3ddaddf0a73932f18cdf41

File Size: 144.67 KB, 144672 bytes

MD5: a11a4bca55244286dfe6cc57dc736cd5

SHA1: 1c541c0f505c9d2f0d42344ed72f829bb7685ae9

File Size: 144.67 KB, 144672 bytes

MD5: 4ecb98b3e230b961372521dece0f8432

SHA1: 3ef7455068660cf0aeb6be6289ceb655268682ca

File Size: 1.53 MB, 1527995 bytes

MD5: a3e4d2946d9406ceaa73578071291459

SHA1: d6c196f67b316b948972ce5a13b5645fac23f5eb

File Size: 20.48 KB, 20480 bytes

MD5: cf0e10c076158195ce7fa445e2913dd3

SHA1: d7c6880b495766ebc313e9979bc94502075f5186

File Size: 144.67 KB, 144672 bytes

MD5: 73abc85e609281589e406ed420bf67c9

SHA1: d1d4e4597c783ee93aa63587b144a106758794fb

File Size: 144.67 KB, 144672 bytes

MD5: dc4604cea5996154645eb030ea7064c6

SHA1: b9640b7cd16a856dfe66ce3693dcec557f16d185

File Size: 144.67 KB, 144672 bytes

MD5: e8ced7bf646f468a1e25d3de83f6eb95

SHA1: 60ae81b159cae4f10c1051329913e518c346eeff

File Size: 144.67 KB, 144672 bytes

MD5: 2f44b8a01084adcd0b490212d95aaeba

SHA1: b608cc36f78c0732b734a5dfe8b5f77dc82fd935

File Size: 7.33 MB, 7330816 bytes

MD5: c1a79fe8f7be37cf81be0605aa129f3e

SHA1: 358c44c8b7e052830ff0faff364012769f515c73

File Size: 144.67 KB, 144672 bytes

MD5: 27c95fc249eba6e8e1662733d32b3558

SHA1: 5cfc83939a8e6457f2a265f36c86050899c00b2f

File Size: 1.36 MB, 1360896 bytes

MD5: 7afb98b0c0fdc3aa2397f6a6bcb5ec2a

SHA1: a6d39bee331d119e54d6c95f0358a3873d7d92ff

File Size: 144.67 KB, 144672 bytes

MD5: 075b49201dc8ebb970e75d1721dbb563

SHA1: 06f06776a021364ae31d64b39e60851d2c31c52a

File Size: 144.67 KB, 144672 bytes

MD5: 890a93a7c6eb4a7152e73ba071e73cf5

SHA1: c3d49eab689cd21b2e63bcbc6ce968c7c2648034

File Size: 1.53 MB, 1527995 bytes

MD5: 2a0ac94481b8fbf55e29c22dae8a5c6f

SHA1: e2d6ac7311859e2550b7e8ec1cce335252fd834b

File Size: 1.53 MB, 1526641 bytes

MD5: ef8a8dc4810db9707fd4d22bd3f8d6f8

SHA1: 46ea3b7ebb6e854e9f1b93c97f884c16ebd5781c

File Size: 144.67 KB, 144672 bytes

MD5: 8b292af939880f17cc094031329997a5

SHA1: ea3e57cf8ff5748f249df50aef5e7ea25cb46d71

File Size: 144.67 KB, 144672 bytes

MD5: 78fe97cf6432d241240e36e26720e936

SHA1: f8d0c6b602424a1ec1e71150aaa61220d669f41b

File Size: 7.64 MB, 7643648 bytes

MD5: 8d0420bcccde1e28e6f0eb5b30aed07e

SHA1: 22c05397dc1dea5b45ac753f9bf567c55a260191

File Size: 144.67 KB, 144672 bytes

MD5: 52640ef929f152539b49f90ddd953ec7

SHA1: a782b648a5172f5b857176bac21dd9eb6855ff0e

File Size: 144.67 KB, 144672 bytes

MD5: c653f1b3b0037efb5f7a66daabcdef2b

SHA1: 0d2ca19e09d3d5002c6b0007c4926608f5a07fee

File Size: 144.67 KB, 144672 bytes

MD5: 6e32410e4f4032ee25126397467f0530

SHA1: 4942c9730756cfc9c04f21a1ff3fc1552fb3c413

File Size: 144.42 KB, 144416 bytes

MD5: 3b231eee1bc1a64c363d10f16dc590f9

SHA1: 6e4af2cd7b930fc3db10089e0e22a2dad25b6c2a

File Size: 144.42 KB, 144416 bytes

MD5: 7ae09ca66811101f943c85f072497799

SHA1: 6406bab0c390bc08ee6c5aa47504c337a6e4b5a9

File Size: 144.67 KB, 144672 bytes

MD5: e75ed865069a14296b731e5a7c2b8535

SHA1: 7b02034e66b86d775419900b1087928bc46a9cc2

File Size: 144.67 KB, 144672 bytes

MD5: a0864772d14f763937036ff0bd876067

SHA1: 5d294ff7b77bca6d01ac665c7261d2d96b318856

File Size: 144.67 KB, 144672 bytes

MD5: 8673341c562136372b110aef18b920df

SHA1: 00e32daf45c255047d35f80343749d0c45cd88e0

File Size: 144.67 KB, 144672 bytes

MD5: 90b6d27908a3105e82b14fb4dac55a24

SHA1: 06291eed25f2d08dd7cc6a7ae1bdcd20b57cd60f

File Size: 144.67 KB, 144672 bytes

MD5: d70a547f87a455179df59c028a995824

SHA1: d5cdfbb02e7165950a21d4402adc696285c0432b

File Size: 144.42 KB, 144416 bytes

MD5: e54f6ab39c42e363878c7154cfd02ac1

SHA1: 5cac7bd78ff34bdce45a9c498cac12ca8cb2cef2

File Size: 144.67 KB, 144672 bytes

MD5: 1d4f1d02a3ba1d842ce2c05dd41626eb

SHA1: ba7534add50250f875b11a32d67912751329c770

File Size: 144.67 KB, 144672 bytes

MD5: 566bf726dd14de73577c27176d1c5680

SHA1: 216b9bd37164f8a7f85167ffb1193c1af638c158

File Size: 20.95 KB, 20952 bytes

MD5: 964256569616d2a451655866a4b8b6b8

SHA1: 9898fda9d06ece00cea7069606eb142d5e33e062

File Size: 144.67 KB, 144672 bytes

MD5: 4563b404d93661ecb646bdaf1eb8f905

SHA1: ea79d315f4fefe997be356977642881dea339e0b

File Size: 144.67 KB, 144672 bytes

MD5: 7770990aedb8ebf344156e9e83858547

SHA1: a27bea8e222e6c757cb9ce495b888fd836c1a737

File Size: 144.67 KB, 144672 bytes

MD5: b5a87bee7c443db7cc6f8e9d7d44c1ba

SHA1: bb79a2baa3f4558e4b75f996d76db3ede8a6ba68

File Size: 144.67 KB, 144672 bytes

MD5: 9385c27fd8bc52c49c3b3da5dca53842

SHA1: b17ad06610df74ddafe10b9f704554c6312c8c19

File Size: 144.67 KB, 144672 bytes

MD5: 22ba1c57ea5c63d2b7145244153559f5

SHA1: a617029cdb8208fc9b96ed08fedbb17a4e349c53

File Size: 144.67 KB, 144672 bytes

MD5: 33c8bf226d476813bcef138656f35616

SHA1: b05b1ab844b6c0afff81bab41e4c93ecb62785a4

File Size: 144.67 KB, 144672 bytes

MD5: ae70f0b092ec34ba9120cb3db3306e9d

SHA1: 4a639cf6548481a3523f7d5c489ad705eb635b78

File Size: 144.67 KB, 144672 bytes

MD5: 1c399bc81b0ed5f1e7b24cf5ee9c981a

SHA1: c5facbf6b06032293e1156ec91a97c65ace89b0e

File Size: 144.67 KB, 144672 bytes

MD5: 47e8e14c0b38aaf83a37d14964fc0fc9

SHA1: 9ac7f019b3f72488bae7a6fa788582ce85af9a81

File Size: 144.67 KB, 144672 bytes

MD5: 84074f98de450c9bb4511ba4344f3e1a

SHA1: 8406b279849a04ede5d12b930d2cff631feb95a9

File Size: 144.67 KB, 144672 bytes

MD5: 72f47dc24e8feda20d9a5a476b596054

SHA1: 917e29448c42c500c3d4d184c71758816aacf455

File Size: 144.67 KB, 144672 bytes

MD5: bb7e741e58f6e401531001c39d1091d2

SHA1: 95661995dae98a6206e4aa399a3a05d625f86680

File Size: 144.67 KB, 144672 bytes

MD5: 82ad1856c093d3d4f68c20d199fbf4a3

SHA1: 8e80861306ad526aa4eefd4fb05fb69c3c61d803

File Size: 144.67 KB, 144672 bytes

MD5: 3623a00908fed72207dd2e011c5edbf5

SHA1: f9c8637c3363fb28852df3ea39b491d710bed93e

File Size: 132.50 KB, 132496 bytes

MD5: 496f85a7440cf82c1284b855ea7e7e13

SHA1: 34624ee42e5ae67d8932c5c5861fbe5276c35578

File Size: 1.91 MB, 1914125 bytes

MD5: 1645d3084c07efb7be7215035690c2f8

SHA1: b689c1a49eb78f92aa09c5ec42ad7f7b0d398058

File Size: 1.70 MB, 1695324 bytes

MD5: 8ab913a5da924586f99383749477574a

SHA1: 11335c9ebe4a3bc49186b22700d252c50184170c

File Size: 144.67 KB, 144672 bytes

MD5: 9fa8920843b3c3060ee296f2946bd52c

SHA1: 4ef22f9ced66847845b24ba0d8bbc07fb31d882d

File Size: 144.67 KB, 144672 bytes

MD5: 7147984c87575c341a49be1c6df53b16

SHA1: bf35d605d3dd52b547118e536b595af000e69c3c

File Size: 144.67 KB, 144672 bytes

MD5: c8fa9590439268802a99ada9f26e73f7

SHA1: d8503672bca9b8b59c34b6c066bc53af2d98a2b0

File Size: 144.67 KB, 144672 bytes

MD5: 93bf87e33cec5fd1e6e4becdf0e688a2

SHA1: 36429080d4f8899fbc0fc1e76c62433a4ca460c1

File Size: 144.67 KB, 144672 bytes

MD5: c0ddadab621384105169f1d4b7f47948

SHA1: e28832baf97743fe4dfc989c62dd64247873a588

File Size: 144.67 KB, 144672 bytes

MD5: f10b74305235004fcd4a7ac56c32d6ab

SHA1: a7a73bf6f4f59144f7f8f66124721dab87c3fcc5

File Size: 144.67 KB, 144672 bytes

MD5: 712078cad0e90f04eafb82d2c06d9710

SHA1: 7693c4ace776e728ebe55ba708dc64e7e9e75c99

File Size: 144.67 KB, 144672 bytes

MD5: 2bc5c641282dc4ae5e89bfd865e6af3f

SHA1: e554d86005ac2c2262ce9608b1f3dfd56837ea7b

File Size: 144.67 KB, 144672 bytes

MD5: cf5680413c74d5e1db0048f3f5884b40

SHA1: d0ffb749b11693553b2b5c1a9cb4fe33c573ba62

File Size: 144.42 KB, 144416 bytes

MD5: c829eb8469c88a9e73722f9957a1e304

SHA1: 906c28c326c7ff08eb4599d64dda749a883a1c58

File Size: 144.67 KB, 144672 bytes

MD5: f17e2d6cacba7bce8df54e3048c7ca09

SHA1: 4440e6b7147caea7243f6f54c9a33b6e725e9bbb

File Size: 144.67 KB, 144672 bytes

MD5: a0933eb4d27725f44fcec5b7a3bee363

SHA1: 274bd576df3082ff6058733aa16b915bfc763d20

File Size: 144.67 KB, 144672 bytes

MD5: 4ead8f142cb895675db9cadcba54ee15

SHA1: 5984ed49f3ba9905aa0944b5cf60aa1b0b7c95a9

File Size: 144.67 KB, 144672 bytes

MD5: a88d3004f9c9b0712a64cf2c2ad28ca8

SHA1: 2546151100422cf8de3d5ac687e24160b12bc5c3

File Size: 144.67 KB, 144672 bytes

MD5: fc5e3ccacad0ab99877d035f482f6e98

SHA1: 0245168a3ec78302654189cb586d0889f4b7b6fd

File Size: 144.67 KB, 144672 bytes

MD5: 38395cea702547dabcfb8ac844b1234b

SHA1: 4361321d192cc5e9dc815d3a211ab1783fd3bc29

File Size: 9.15 MB, 9149952 bytes

MD5: 3b30c198d64f4edf28cce67c8b0721a2

SHA1: 2998d0cb2ba81c4aeadc79d4e2ed9c0c6456323e

File Size: 57.34 KB, 57344 bytes

MD5: 7b0d1425c16d81843fa928f1c9030813

SHA1: 4760fe7f120ab7d88fadd293c7bb09976c30de7d

File Size: 7.33 MB, 7332352 bytes

MD5: 3de4925fef745c3261e042c55b627631

SHA1: 4595911b01eecc048690e9f3b0943a6dc2f8ba4e

File Size: 487.51 KB, 487512 bytes

MD5: 9114171adb0e6647909b91a3196920d7

SHA1: 4ef2055ece78c7520bf38698a85c20d0a9b61b2c

File Size: 144.67 KB, 144672 bytes

MD5: 935533d651021677fb6eec3b88d635e3

SHA1: cfd64bf49cb9f47fccd657fab7a7a49a0808a89b

File Size: 144.67 KB, 144672 bytes

MD5: cef75b7293aea8cdc6dbe28c215f9148

SHA1: 59856f013cf7075439f02e65087c764ab3660dbd

File Size: 3.47 MB, 3465961 bytes

MD5: a4e722564bf7caaf977fc44e3c487229

SHA1: 59e8bcf8bc72eb3eea6097055e95bf22b4c142f2

File Size: 1.69 MB, 1694998 bytes

MD5: 1080ee93cd5b57401b8b5d33bf5ed02c

SHA1: 5a3fefe0fdc6cb2e31d5d67b462ae3f75751c7be

File Size: 144.67 KB, 144672 bytes

MD5: 0abb952e7a0af2aa35114d6ff06df78b

SHA1: 1d4772c9a2bdd1c31120dfed778f737c4e0cdee1

File Size: 144.67 KB, 144672 bytes

MD5: b3f5d4ed8f669335445380fe24ba0da8

SHA1: 83a2a7754302bc00f259f3d73dd617eea2b645de

File Size: 1.68 MB, 1677285 bytes

MD5: da3d77f7f6d521e4403eb183070f84eb

SHA1: 5f37c84257f691fb5e5b09bf732e1566e3ca4016

File Size: 144.67 KB, 144672 bytes

MD5: 4ea32ebee24d8961e405e34894972443

SHA1: f04ae7e1cf4b922c845af9660088f4372b2f9f4d

File Size: 144.42 KB, 144416 bytes

MD5: 104f7972989d6a30c28db20b95eda20a

SHA1: 7d30ed2d24816d5373536db36357cdb778512689

File Size: 144.67 KB, 144672 bytes

MD5: 4fa2f9df092de61987972c5c94aaa549

SHA1: 491481d42933ca05839ecc461df59407d7503924

File Size: 1.09 MB, 1091840 bytes

MD5: a02695618144f9977b22c99466495914

SHA1: 51dc72b7e66ad25b85fd38eae8fe25d8c6041114

File Size: 144.67 KB, 144672 bytes

MD5: ff011fd15a3eb01ddecece7cdcca3cae

SHA1: a97aa62d800261b77b512aaf0fe9db5486cdb05a

File Size: 144.67 KB, 144672 bytes

MD5: 25e49da1e328e973c86708ea36226ca2

SHA1: dd113baddb30d05e121d32b75ab03bfc2a786663

File Size: 1.91 MB, 1914673 bytes

MD5: 9f4d4362094c754b4791b721e087e9fe

SHA1: 5e75d1a46bb1ea73d2aaedd3c72233104c6e86dc

File Size: 144.67 KB, 144672 bytes

MD5: ec81f3b9845ab2e2891cf1a25e4b5c39

SHA1: afc793ff17160306d5e5152c31370be2274b2251

File Size: 144.67 KB, 144672 bytes

MD5: cc3d80132a74bb6f9e06b0dcd121e8a1

SHA1: b38dadbe65a834110857c53a8b050162012d62e6

File Size: 340.48 KB, 340480 bytes

MD5: a35a1e225d638855af48b7e52580e6d4

SHA1: e45821c96634f8cfb45043e00f51ec4bba5e1282

File Size: 144.67 KB, 144672 bytes

MD5: 8cab1fe47547462c0ba63f3e9efd51ff

SHA1: 0c0a63dac3d97aeccc37d0cc32ac033cfe6fc733

File Size: 144.67 KB, 144672 bytes

MD5: 1807a9d8595b0abf6b31418050975dec

SHA1: d1ac798a7031f554cfe0c27a46f53bc359b583fb

File Size: 953.34 KB, 953344 bytes

MD5: 448fa679d2f60fc4a7a5e7c23d45e00f

SHA1: 089cb7fd08ecb5dc5b26eb527da781d856b8f3fc

File Size: 144.67 KB, 144672 bytes

MD5: 53d1d6b26779fd367774d6b2741347e7

SHA1: d0ed8e3740c00800c223b7f0bad5fc95eac07dbb

File Size: 144.67 KB, 144672 bytes

MD5: b81fa90bf352836a819dd47f93f847b8

SHA1: 28cfc317446643db5a10034ec3262e8aecde36dc

File Size: 144.67 KB, 144672 bytes

MD5: f4f34f7de49336fad70a0c40996ab7ff

SHA1: 3fcad5f8d974670b7016ee421d1196f4d5e9ac75

File Size: 7.64 MB, 7643648 bytes

MD5: fa0202660d37cf01ecc33c1fce5582c0

SHA1: 3717f1f4d9444d77d503ec9cd07a424e5b5b564b

File Size: 2.57 MB, 2568213 bytes

MD5: e93da74b44d09be04da5684a892102b0

SHA1: 57b21dc8e6ac3f1f48a54540915fc844233d37b7

File Size: 7.33 MB, 7329792 bytes

MD5: 3a3694aef8ff402d8b2710b4e0fa406d

SHA1: 3eac58a553d03d81e3bcaa67d9ad7398419028d2

File Size: 144.67 KB, 144672 bytes

MD5: f3d4bc0663ba75f9f1bb4534149f19ab

SHA1: 376716694b8b941e31d49e9b3a18f4b711496b6d

File Size: 144.67 KB, 144672 bytes

MD5: c4e786bd9028f2c8bc4dc734a421de6f

SHA1: cd49f2f44be34999cc04baafc80d521f63c38310

File Size: 1.70 MB, 1695098 bytes

MD5: b2cbb58900ee6d9c599b147d4ab8bbce

SHA1: bf00e934325b3c5f8c8348147ba77b94dc0787cd

File Size: 144.42 KB, 144416 bytes

MD5: 6b57b6926c125d23373522ba40bfeb04

SHA1: 3bbe92eddfc6f27bcefc5e5c22c011fd1409f0fd

File Size: 144.67 KB, 144672 bytes

MD5: 46403ebd7b8252559b441e2a6525faa4

SHA1: 7bca1efe6b770229fc539cd8c08b4f28fa6a41f9

File Size: 144.67 KB, 144672 bytes

MD5: a7b89879c227aa1ae0a98ebf25424b44

SHA1: 94311d270313bc9b5738b01cd59e5cfded6490c8

File Size: 144.67 KB, 144672 bytes

MD5: 8d2c94ca5b46ac176df146fdf37499f3

SHA1: 54ed0123cddf754c213da9c3919c899e37f7a536

File Size: 144.42 KB, 144416 bytes

MD5: 58ba41fbbd45d03534b1dc385945978c

SHA1: be14bf7efab77b099e56d31af69d068d73ae06a3

File Size: 144.67 KB, 144672 bytes

MD5: 15d99e29b943e21e29af60614d9e6311

SHA1: d894cf11db916f0ad957530242f8100b8c5fa63d

File Size: 7.64 MB, 7643648 bytes

MD5: 796b3875d40f7b88f2abe6d9a09ae476

SHA1: 358fda0410e6b5c75dfa0ef3fde6cfb3181a53d7

File Size: 871.94 KB, 871936 bytes

MD5: 18b47e6f01e4d865f754dd31565f5628

SHA1: 51aa9b599635702b90580c33ec624e78530b77b6

File Size: 144.67 KB, 144672 bytes

MD5: 68b4e1f700d1085c232948f1804c3009

SHA1: eab6acc2c7e62eb67947f351df02392ab11fd837

File Size: 42.17 KB, 42171 bytes

MD5: 50b0d9122ec3999f5c5a0dd607f2e98a

SHA1: 6602aee2ffbcf521a6eef208b3242f451ca803c2

File Size: 3.44 MB, 3443712 bytes

MD5: 52ab348e667d1f521b3474997efac5a5

SHA1: df3fc2798bd9e3da5a5bb6019dfeea1a3ca170b2

File Size: 7.33 MB, 7329792 bytes

MD5: 5227162eb586ef06e93fb40e7bd3a053

SHA1: 772b45a07b6e8a194908d6d68c0d222132c7e286

File Size: 144.67 KB, 144672 bytes

MD5: 5de3aafcec7b72dee2d0c3d261098e6e

SHA1: 5f4e67c0b50610b47294f2582dd92e9cbb8bb7e4

File Size: 144.67 KB, 144672 bytes

MD5: 6eb5c0f9c37efc9bfba6be97abf635aa

SHA1: f8ef6ae886dcad048412c3b7924292f686b4ae2f

File Size: 144.67 KB, 144672 bytes

MD5: e023ccdf9526dd0e086ad38f9443cf1e

SHA1: 474acaa0e0ac4fb58b15b1e15718526439226ea6

File Size: 144.67 KB, 144672 bytes

MD5: f97cb35146eddbf830a5ebc80beb66d2

SHA1: ee68964a44035bacf22362d210b906491eaa6343

File Size: 144.67 KB, 144672 bytes

MD5: 41c290833543252af765a290621dacc6

SHA1: 4891fd9aa9ef5f0c1475caeb959a8ee774143046

File Size: 144.67 KB, 144672 bytes

MD5: 173051d3db6f5ae54af79ad028217b4b

SHA1: 1f72c0d07983dc91616c4b2bfbacfa8fbd067226

File Size: 1.24 MB, 1239568 bytes

MD5: 6304b2f5931514c61e98d0d4dc712893

SHA1: 3f60428b0fc79c9438c8aa2a7080c73cade459c3

File Size: 144.42 KB, 144416 bytes

MD5: 31648aa6cc823e3e04fe36e473c17b84

SHA1: 9ee407ffed690d1b88e333b36ec1a99f6e9263d3

File Size: 144.42 KB, 144416 bytes

MD5: 6b4447d160dde15bfd7c483537024112

SHA1: 0ef2b77377a2b1a7debdba8dfe0c2a56f5d71278

File Size: 93.70 KB, 93696 bytes

MD5: 8a1ae78a9892c392da0163deccbab732

SHA1: 067a74b480a105046390033da8afe2e02a6bbeaf

File Size: 144.67 KB, 144672 bytes

MD5: c1e3378702d203c2455260abdc24cc31

SHA1: 5b05dee48c7eb7ebf5a1ad9fdc5fba38d4123ac0

File Size: 3.49 MB, 3494552 bytes

MD5: cc2e28990b14186289fc284243636aa4

SHA1: 4f59c44387b1d0521ca1b8cbbfe4f9422d27e9fa

File Size: 8.12 MB, 8119832 bytes

MD5: fa69576f4ec0cad0f782f68d9a5b107b

SHA1: ad5ac55c1a2b6b11f8e157c83823b75446a908d3

File Size: 144.67 KB, 144672 bytes

MD5: 428bf7c77289640618eb057563be4935

SHA1: 137c1a4e71ff12d803b1a38c1ee27e000252a38d

File Size: 144.67 KB, 144672 bytes

MD5: 06101a2612af98aba18b736ff260365b

SHA1: 99e2954d939f624de8c3f01c00fb5d667a6b3ac5

File Size: 144.67 KB, 144672 bytes

MD5: 7beb185c92b1648eb5ff2f1082d6bcb6

SHA1: 8b98eaad7c8fce23661cf8ec1069a08a5ea16952

File Size: 1.71 MB, 1711104 bytes

MD5: 42f9e835def1c3ebba0d5f888e4ef012

SHA1: 7113332f466f7fe0bba34e37f8bb78884387ba2c

File Size: 74.24 KB, 74240 bytes

MD5: 8f9a6ffe99a09de193428027cb24cc10

SHA1: 57e81b385f0858547672ba5d08112cee238654fe

File Size: 144.67 KB, 144672 bytes

MD5: a39ebca1f0a73337e48865c975474116

SHA1: 7a8c812c9c52cb50d76cca75ed7cfea7ea0afee3

File Size: 144.67 KB, 144672 bytes

MD5: 0b8e766227e8938884362dc464c38572

SHA1: 9a97c85de854ef35dfefc76c34bd84fdf84612e1

File Size: 144.67 KB, 144672 bytes

MD5: 17f3803fa195e80b8751424de75af137

SHA1: 255145bb0ea1da419f5aed666027fa7d47b256b9

File Size: 144.67 KB, 144672 bytes

MD5: cd7e37946eaa2b3540ac9d1fe247644f

SHA1: 5be295fe6b8dfc0abb52c20466200021bdc61346

File Size: 76.80 KB, 76800 bytes

MD5: a9dd71f96fbcbc5dd10fc3602f8fa96a

SHA1: bc58793f298251f4a4a19335df8ae03bee12d776

File Size: 71.17 KB, 71168 bytes

MD5: 4cdcf829ec5eda17197c14089ac5ba78

SHA1: 4ce554ad6ccfaa0149b0639ac280334705f64c7c

File Size: 144.67 KB, 144672 bytes

MD5: c581c01817dfd60cbd08084317d1b748

SHA1: 3b7b324b28a860b779a1b083aef115bb9f54f400

File Size: 144.67 KB, 144672 bytes

MD5: 531d9b2e91c97b4e4ef30af8de5e866a

SHA1: 761d1adc4717bfa63521bf229604d262717eb245

File Size: 144.67 KB, 144672 bytes

MD5: 9abfa10d1134e65bccfcec570a01f6e7

SHA1: 36f386c6879fce77f5882b77f122a8a813c53751

File Size: 2.03 MB, 2034688 bytes

MD5: 5b31a03e215fffab1b42d24b37f7ad69

SHA1: d94eb943fe91e54597d2e6517ae2f3f056254a4f

File Size: 144.67 KB, 144672 bytes

MD5: b6efa284d6eece7978bac304584b760e

SHA1: 68a33ec393ab91c45c93c7074be5c50b0a78d414

File Size: 8.37 MB, 8372224 bytes

MD5: 4aac6a2fa5398c927f01d1a2b17c59f9

SHA1: ff51b49ead5f09cd86e332d770f35f381d7f4481

File Size: 2.62 MB, 2623699 bytes

MD5: 884477932ccaa17d988a7ef5abfd8369

SHA1: db49a6d37ff3bde8d56e0250011b85bab9748ba4

File Size: 144.42 KB, 144416 bytes

3365 additional samples are not displayed above.

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application

File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

813 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Assembly Version	141.0.3537.71 32.0.0.0 25.3.28.1 18.0.0.0 17.6.22.0 11.0.0.0 10.1.0.1 8.2.2.0 8.0.0.0 7.9.0.1665 Show More 7.9.0.0 7.5.1.0 7.2.0.0 7.0.0.0 6.4.0.1076 6.4.0.0 4.9.8.0 4.0.0.0 3.2310.16.2 3.998.0.0 3.9.0.0 3.7.0.92 3.7.0.81 3.7.0.42 3.0.9.4 2.12.2.0 2.12.1.0 2.11.6.0 2.5.0.1 2.4.1.8 2.2.1.0 2.2.0.3 2.2.0.0 2.1.0.0 2.0.5.2 2.0.5.1 2.0.3.0 2.0.0.1 2.0.0.0 1.44.0.0 1.12.1.3 1.10.0.0 1.7.141.6 1.6.0.0 1.5.5770.20088 1.4.9.0 1.4.0.0 1.3.1.2 1.1.33.10 1.1.33.2 1.1.32.0 1.1.30.0 1.1.18.0 1.1.9.0 1.1.7.0 1.1.0.5 1.1.0.1 1.1.0.0 1.0.1138.403 1.0.9.8 1.0.9.6 1.0.9.4 1.0.9.3 1.0.9.1 1.0.8.8 1.0.8.7 1.0.8.3 1.0.8.1 1.0.8.0 1.0.7.9 1.0.7.8 1.0.7.7 1.0.4.0 1.0.2.0 1.0.1.0 1.0.0.1938 1.0.0.1893 1.0.0.1888 1.0.0.1850 1.0.0.1842 1.0.0.1727 1.0.0.1725 1.0.0.1719 1.0.0.1574 1.0.0.1348 1.0.0.906 1.0.0.873 1.0.0.3 1.0.0.1 1.0.0.0 0.6.6.0 0.6.2.1 0.4.3.0 0.4.1.0 0.2.0.0 0.0.0.0
Cheat Engine Homepage	http://members.chello.nl/~p.heijen/Cheat Engine/
Comments	2025-11-12 14:18:53 A Good Menu Made By Malachi Animal Crossing - New Horizons Save Editor A Perfect Template Made By Malachi API for modifying Silksong menus AutoHotkey Script Compiler AutoKeoxe Automatically generates and installs CreamAPI files for Steam games on the user's computer. It can also generate and install CreamAPI for the Paradox Launcher should the user select a Paradox Interactive game. AutoTrain-G4VN AVarmor Show More BENX PREMIUAM BYPASS_UID Client application for MOURAI Learning Platform Colin McRae Dirt - Language Selector Collections de timbres Compete with 4 players, and become the speediest SpeedRunner of the known universe! Contents Copyright© 2000 Creator and designer of the contents Converts and downloads youtube videos to mp3 COServer Settings Created by @crimsoncauldron with love <3 [Debug] Created with Multimedia Builder Created with Multimedia Builder, version 4.9.8.13 Database management tool for PostgreSQL EasyTundra 1.29.0.0 x64 [ Free Version ] EasyTundra 1.32.0.0 x64 [ Free Version ] EPROM Reader / Writer software for BoostedNW Burner FutureXGame.com Host Process IG-WNM9 Install A-Windows LunaHook v3.10 Made by Flopper Microsoft Edge Minecraft 启动器 (制作：龙腾猫跃) Mod Menu Among Us By MRLukex MU Client Launcher Novarin Launcher installs & launches Roblox versions on the Novarin servers. OldSkools ProMod OUSSAMA Parallels Shared Application Patcher for TeknoParrot PC Wizard Splash Screen PEAK Mod Menu by TheHolyOneZ ScriptHookVDotNet v2 API ScriptHookVDotNet v3 API Shank 2 v1.0 Plus 6 Trainer Solara V3 UI Speedometer and Overlay for GTA Online! TeknoParrot is a software package allowing you to run selected PC-based arcade titles on your own hardware, with full support for keyboard and mouse controls, gamepads, steering wheels and joysticks. The developer SDK for ScriptHookVDotNet v2 scripts for Grand Theft Auto V. The developer SDK for ScriptHookVDotNet v3 scripts for Grand Theft Auto V. The World's First Universal Mod Loader for Unity Games compatible with both Il2Cpp and Mono. This installation was built with Inno Setup. This is a shim that points to a particular file. It was generated by ShimGen (Shim Generator). The use of shimgen must comply with its proprietary license. unDefinition Valve SpecialBuild WeMod Setup www.mrhacktv.com Xeno - Executor UI https://github.com/Riz-ve/Xeno {CB22F1FC-79CC-49B9-92A1-8BB882CA249E}
Company Name	(C)CAPCOM CO., LTD. !ReLOADeD! 3DMGAME Acer Incorporated Acronis afonsosusah Application Automation, LLC Armageddon Atlas Playbook v0.4.1 Auraside Inc Show More Auto Clicker AutoFill Auto Clicker AutoFill DEV AutoHotkey Benjamin Höglinger 2015 BENX XITERS BiTect BITZER Kühlmaschinenbau GmbH Blackmagic Design blast.hk BoostedNW BoyDoILoveInformation BreezeV2 BReWErS BYPASS_UID CastingShouldBeFree CheatHappens CheatLoader Cheat_Menu Chris P.C. srl Client CMD Softworks COLEGIO DE FARMACEUTICOS com.keklick1337.peak.advancedconsole CommunicationYuBX ComputerInterface.Commands COServer CouldBeAimmyV2 CrazyShoot CreamInstaller crosire & kagikn & Chiheb-Bacha & contributors crosire & kagikn & contributors Daanav Softwares Daring Development Inc. dark horizon menu Delta Online Deltarune Yellow Digisystem S.r.l. discord.gg/2Wn3N2P DoubleDutch Games DV-Team Dv7 Electronic Arts Eon EterniaGames Evanescent Network Audition Software Extasy Ferox Games B.V. Final Fantasy XV (v1.0 build 1138403) FINEX UID BYPASS FreeTP.Org FreeTP.Org - Backrooms Rec Multiplayer Fix FreeTP.Org - Barony Multiplayer Fix FreeTP.Org - CashGrab Refunded Multiplayer Fix FreeTP.Org - Chaos Express Delivery Simulator Multiplayer Fi FreeTP.Org - Cult Of The Lamb Multiplayer Fix FreeTP.Org - CURE - A Hospital Simulator Multiplayer Fix FreeTP.Org - Dark Hours Multiplayer Fix FreeTP.Org - Deep Rock Galactic Multiplayer Fix FreeTP.Org - Divinity Original Sin 2 Multiplayer Fix FreeTP.Org - DONT SCREAM TOGETHER Multiplayer Fix FreeTP.Org - Drive Beyond Horizons Multiplayer Fix FreeTP.Org - ELDEN RING NIGHTREIGN Multiplayer Fix FreeTP.Org - FOUNDRY Multiplayer Fix FreeTP.Org - Hearts of Iron IV Multiplayer Fix FreeTP.Org - Hired 2 Die Multiplayer Fix FreeTP.Org - Inside the Backrooms Multiplayer Fix FreeTP.Org - KLETKA Multiplayer Fix FreeTP.Org - Levelhead Multiplayer Fix FreeTP.Org - Little Nightmares III Multiplayer Fix FreeTP.Org - Ranch Simulator Multiplayer Fix FreeTP.Org - Ready Or Not Multiplayer Fix FreeTP.Org - REANIMAL Multiplayer Fix FreeTP.Org - Salt 2 Shores of Gold Multiplayer Fix FreeTP.Org - Sid Meiers Civilization VI Multiplayer Fix FreeTP.Org - State Of Decay 2 Multiplayer Fix FreeTP.Org - Stick It To The Stickman Multiplayer Fix FreeTP.Org - Teardown Multiplayer Fix FreeTP.Org - The Spell Brigade Multiplayer Fix FreeTP.Org - We Escaped a Twisted Game Multiplayer Fix FreeTP.Org - Wobbly Life Multiplayer Fix FriponBypass Gaea.Swarm Galactic Paid Menu gamania Games GENiEBEN goldentrophy Goldentrophy Software GorillaShirts Guavaman Enterprises Hefei Kunbo Information Technology Co., Ltd. 136 additional items are not displayed above.
Company Short Name	kadokawa
File Description	*Pl@4!jqYY7Xo 7 Days to Die v1.0-v2.0 Plus 30 Trainer 7z Console SFX Acer OEM Activation Utility Advanced Peak Console AeigisAPI Alan Wake 2 +DLC Türkçe Yama American Arcadia Türkçe Yama Amnezia Setup An ASI plugin for Grand Theft Auto V, which allows running scripts written in any .NET language in-game. Show More An ASI plugin for Grand Theft Auto V Legacy & Enhanced editions, which allows running scripts written in any .NET language in-game. AntiAfkKick.Properties AquaSys Assassins Creed Odyssey v1.0.2-v1.5.4 Plus 28 Trainer Assassins Creed Valhalla v1.0.2-v1.6.2 Plus 20 Trainer AssCheeksV1 A useful tool to Lock/Encrypt folders, flash disk and Hard drive Auto Clicker AutoFill 1.0.0.0 Auto Clicker AutoFill DEV 1.0.0.0 Auto Clicker by MurGee.com v19.4 Setup AutoHotkey Script Compiler - shim AutoKeoxe AutoTrain-G4VN Autoupdate AzzWork.WPF Backrooms Rec Barony BattleField4 Battlefield Bad Company 2 Installer BENX PREMIUAM BiTect BITZER Software BlackPink's Api Blasphemous v1.0-v2.0.22 Plus 12 Trainer BlazBlue Entropy Effect v1.0-v1.0.3 Plus 13 Trainer BO2Z Toolbox BoostedNW FlasnNBurn Bot BoyDoILoveInformation BreezeV2 BReWErS Game Trainer Broken Arrow v1.0 Plus 17 Trainer Fixed Broken Arrow v1.0 Plus 18 Trainer Broken Arrow v1.0-v1.0.12 Plus 18 Trainer Broken Arrow v1.0-v1.1 Plus 18 Trainer BYPASS_UID CABAL Online CalyInstaller CashGrab Refunded CastingShouldBeFree Chaos Express Delivery Simulator CheatLoader CHEAT OUSSAMA Cheat_Menu ChrisPC Anonymous Connection Setup CHTrainer Cities Skylines 2 Türkçe Yama ClashBot Clash of Clans Bot - A Free Clash of Clans bot - https://mybot.run Client CloudyApis Code Vein v1.01-v1.53 Plus 16 Trainer Colin McRae Dirt - Language Selector Comet Exec Command & Conquer - Red Alert 2 v1.006 +4 Trainer CommunicationYuBX ComputerInterface.Commands ConfigApp ConfigCreator Connect Client Uninstaller Connect Server Core Keeper Early Access Plus 19 Trainer Updated 2024.02.13 CouldBeAimmyV2 CreamInstaller Crimson Desert v1.0-v1.02 Plus 12 Trainer Cult Of The Lamb CURE - A Hospital Simulator Da best ninja executor Darkest Dungeon v25807 Plus 14 Trainer (For 64-bit Game Version) dark horizon menu Dark Hours Davinci Resolve Studio Dead Space (2023) v1.1 STEAM +7 Trainer Deep Rock Galactic Delta Online Launcher Deltarune Yellow Devil May Cry 3 Special Edition DeviPals Digimon Masters Online Digimon Masters Online Client Installer Divinity Original Sin 2 DONT SCREAM TOGETHER DownloadManager Drive Beyond Horizons Dv7 DVREMU2 Manager Dynasty Warriors 8 Xtreme Legends Complete Edition v20190307 Plus 31 Trainer Dynasty Warriors Origins v1.0 Plus 35 Trainer Easy Red 2 v1.5.1-v1.5.6 Plus 14 Trainer EasyTundra 1.29.0.0 x64 [ Free Version ] 265 additional items are not displayed above.
File Version	8716.54.58 2022.3.26.15494360 2021.3.45.895135 2006, 1, 7, 0 1535 141.0.3537.71 82.2.0.42464:43325 51.1052.0.0 51.52.0.0 40.3.16 Show More 40.1.7 40.0.5 40.0.2 37 32.0.0.0 25.03.28.1 23.9.0.1 19.4 18.0.0.0 17.6.22.0 16.02 11.0.0.0 10.1.0.1 10.0.26100.5737 (WinBuild.160101.0800) 8.14.4 8.2.2.0 8.2.0 8.0.0.0 7.9.0.1665 7.9.0.0 7.5.1.0 7.4.9.33430 7.4.0.4161 7.2.0.0 07.04.2026.1943 7.0.0.0 6.4.0.1076 6.4.0.0 6.3.0.75 6.0.0.0 05.92.36.75 5.7.1 rel.25 (SA-MP 0.3.DL) 5.7.1 rel.25 (SA-MP 0.3.7-R5) 5.1.0.46249 5.1.0 5.0.0.0 5,0,0,0 4.9.8.0 4.8.5 4.0 3.2310.16.2 3.998.0.0 3.10.0.0 3.9.0.0 3.9.0 3.7.0.92 3.7.0.81 3.7.0.42 3.6.0.0 3.2.3.0 3.1.0.1 3.0.9.4 3.0.3.0 3.0.0.3 3.0.0.1 3.0.0.0 3, 0, 0, 0 2.93.0.0 2.12.2.0 2.12.1.0 2.11.6 2.5.0.1 2.4.1.9 2.3.0.1 2.2.1.0 2.2.0.3 2.2.0.0 2.2.0 2.1.0.1 2.1.0.0 2.03.0013 2.0.5.2 2.0.5.1 2.0.3.0 2.0.1.1 2.0.1 2.0.0.221 2.0.0.140 2.0.0.96 2.0.0.1 2.0.0.0 2, 1, 0, 0 1.44.0.0 1.12.1.3 1.10.0.0 1.6.0.0 1.5.5770.20088 1.5.9.21050 1.4.9 1.4.5.42 110 additional items are not displayed above.
Internal Name	7 Days to Die v1.0-v2.0 Plus 30 Trainer 7z.sfx Adobe Powershell Activation.exe AeigisAPI.dll Ahk2Exe.exe Alan Wake 2 +DLC Türkçe Yama.exe American Arcadia Türkçe Yama.exe AntiAfkKick.exe AnyDesk.exe ApeX mod menu.dll Show More AquaSys.exe Assassins Creed Odyssey v1.0.2-v1.5.4 Plus 28 Trainer Assassins Creed Valhalla v1.0.2-v1.6.2 Plus 20 Trainer AssCheeksV1.dll Assembly-CSharp Assembly-CSharp.dll Assistenza AutoThaiLan.exe Autoupdate.exe AzzWork.WPF.dll Base Trainer Battlefield.Bad.Company.2 BiTect.dll BlackPink's Api.dll Blasphemous v1.0-v2.0.22 Plus 12 Trainer BlazBlue Entropy Effect v1.0-v1.0.3 Plus 13 Trainer BO2Z Toolbox.exe BoostedNW Flash & Burn.exe Bot.dll BoyDoILoveInformation.dll BreezeV2.dll BReWErS Broken Arrow v1.0 Plus 17 Trainer Fixed Broken Arrow v1.0 Plus 18 Trainer Broken Arrow v1.0-v1.0.12 Plus 18 Trainer Broken Arrow v1.0-v1.1 Plus 18 Trainer Bypass patcher BYPASS_UID.exe Calypso Setup.exe CastingShouldBeFree.dll ChaosModVConfig.exe Cheat Engine Trainer CheatLoader.dll Cheat_Menu.dll Cities Skylines 2 Türkçe Yama.exe ClassLibrary1.dll Client.dll CloudyApis.dll Code Vein v1.01-v1.53 Plus 16 Trainer com.keklick1337.peak.advancedconsole.dll Comet.exe CommunicationYuBX.dll ComputerInterface.Commands.dll Config.exe ConnectServer.exe ConquerLaucher.exe Core Keeper Early Access Plus 19 Trainer Updated 2024.02.13 COServer.dll CouldBeAimmyV2.dll CRACK CHEAT OUSSAMA.exe CrazyShoot Internal Menu CreamInstaller.dll CreateTeam.exe Crimson Desert v1.0-v1.02 Plus 12 Trainer Da best ninja executor.exe Darkest Dungeon v25807 Plus 14 Trainer (For 64-bit Game Version) dark horizon menu.dll DeltaOnlineLauncher.exe Deltarune Yellow.dll DeviPals.exe Digimon Masters Download Manager.exe DriftUI.exe Dv7.dll DVREMU2 Manager.exe Dynasty Warriors 8 Xtreme Legends Complete Edition v20190307 Plus 31 Trainer Dynasty Warriors Origins v1.0 Plus 35 Trainer Easy Red 2 v1.5.1-v1.5.6 Plus 14 Trainer EasyTundra 1.29.0.0 x64 [ Free Version ].exe EasyTundra 1.32.0.0 x64 [ Free Version ].exe Eclipsed.GameData.dll Eggsploit.dll Endless Space 2 v1.0-v1.0.47 Plus 4 Trainer Eon.dll Escape from Duckov v1.0 Plus 35 Trainer Everspace 2 v1.0-v1.4 Plus 20 Trainer Extasy.dll ezcd FINEX UID BYPASS.dll FKFXEMU.dll Folder Protector Forever Skies Early Access Plus 21 Trainer Updated 2024.12.18 FRIPON BAYPASS.dll FutureXGame.exe G4VN-AutoTrain.exe Gaea.Swarm.dll gameModifierStarter.rc GameSettingsManager.exe game_exe Global.dll 213 additional items are not displayed above.
Last Change	15b9f145354d863c03cebb6fb2d992d4213b9a05-
Legal Copyright	(C) 2003 - 2022 Nexus RP (c) 2005-2024 Unity Technologies. All rights reserved. (c) 2007 codin/GENiEBEN (C)CAPCOM CO., LTD. 2005, 2006 ALL RIGHTS RESERVED./ILLUSTRATIONS：Kazuma Kaneko/ATLUS (c) Puran Software. All rights reserved. !ReLOADeD! 6EADC0A94466092A6D1218C14165B22D 2002-2022 SQL Maestro Group 2021, pointfeev (https://github.com/pointfeev) 2024 (c) Auto Clicker AutoFill Show More 2024 (c) Auto Clicker AutoFill DEV All Rights Reserved ClientMod (C) 2026 Copyleft 2019-2023 Copyleft 🄯 2015-2022 Copyleft 🄯 2015-2023 Copyleft 🄯 2015-2025 Copyright (c) 1999-2016 Igor Pavlov Copyright (c) 2002-2024 Acronis. All rights reserved. Copyright (c) 2002-2025 Acronis. All rights reserved. Copyright (C) 2004 Copyright (c) 2005 NEXON korea Corporation. All Rights Reserved Copyright (C) 2007 copyright (c) 2007-2021 Volkswagen AG Copyright (C) 2009-2017 Tsuda Kageyu. All rights reserved. Copyright (C) 2011 MOVEINTERACTIVE Co., Ltd. All Rights Reserved. Copyright (c) 2012, BlastHack Team <blast.hk> Copyright (C) 2018 Copyright (C) 2021 Copyright (c) 2021 Erdem Yılmaz Copyright (c) 2022 Lava Gang Copyright (C) 2022 WeBuff Copyright (c) 2022 ZwiftHacks (Jesper Rosenlund Nielsen) Copyright (C) 2023 Copyright (C) 2023-2025, 0xdeadc0de Copyright (C) 2024 Copyright (c) 2024 shaiya.dev Copyright (C) 2024 TEAM R2R Copyright (C) 2025 Copyright (C) 2025 TEAM R2R Copyright (C) 2025, FreeTP.Org Copyright (C) 2026 Electronic Arts Copyright (C) 2026 TEAM R2R Copyright (c) NEXON korea Corporation. All Rights Reserved Copyright (c) since 2004 Copyright (C) TEAM R2R 2025 Copyright 1998 - 2015 Jukka Poikolainen & Poikosoft Copyright 2008-2014 KakaSoft.All rights reserved Copyright 2017 Kadokawa. All rights reserved. Copyright 2024 Hefei Kunbo Information Technology Co., Ltd. All rights reserved. Copyright Microsoft Corporation. All rights reserved. Copyright Project Malachi© 2024 Copyright© 2010-2018 Copyright © 2012 Copyright © 2013 - 2017 RealDimensions Software, LLC Copyright © 2014 Augie R. Maddox. All rights reserved. Copyright © 2015 Copyright © 2015 Copyright © 2015 crosire & kagikn Copyright © 2015 crosire & kagikn & Chiheb-Bacha Copyright © 2015 crosire & kagikn & Chiheb-Bacha & contributors Copyright © 2015 crosire & kagikn & contributors Copyright © 2016 Copyright © 2016-2025 Outbyte Computing Pty Ltd Copyright © 2017 Copyright © 2017 Chris P.C. srl Copyright © 2017 {BrUj£} Copyright © 2018 Copyright © 2018 {BrUj£} Copyright © 2019 Copyright © 2019 Lordmau5 Copyright © 2020 Copyright © 2020 Pulse Copyright © 2021 Copyright © 2021 Copyright © 2021 Pulse Copyright © 2022 Copyright © 2023 Copyright © 2023 nzgamer41 Copyright © 2023 Pulse Copyright © 2024 Copyright © 2024 @WNM9 Copyright © 2024 Flopper Copyright© 2025 Copyright © 2025 Copyright © 2025 BY MR.Saydul Copyright © 2025 TheHolyOneZ Copyright © 2026 Copyright © Atlas Playbook v0.4.1 2025 Copyright © Benjamin Höglinger 2015 Copyright © CMD Softworks 2024-2025 Copyright © CMD Softworks 2026-2027 Copyright © HP Inc. 2021 Copyright © https://github.com/Eternita-S 2021 Copyright © IDScan.net 2021 Copyright © jk-websolutions 2013 Copyright © LOGI-Collector-2022 Copyright © Microsoft 2009 Copyright © Shaiya Diverge 2018 Copyright © SHARINGAN 50 additional items are not displayed above.
Legal Trademarks	'Poikosoft' and 'EZ CD Audio Converter' are registered trademarks of Poikosoft Augie R. Maddox BENX PREMIUAM BYPASS_UID CrazyShoot FLiNGTrainer IG-WNM9 LOGI-Collector MAK Mediachance Show More MrHackTV OldSkools ProMod OUSSAMA RabanSoft. SpeedRunners Tsuda Kageyu uI3f5-356ds-yrhg5-82vbg àbank 「(C)CAPCOM CO., LTD. 2005, 2006 ALL RIGHTS RESERVED./ILLUSTRATIONS Kazuma Kaneko/ATLUS」风灵月影 (FLiNG@3DM)
Original File Name	Battlefield.Bad.Company.2.exe Outbyte-avarmor-setup.exe SK_WinRing0.exe SpecialK_25.1.29.3.exe SpecialK_25.3.25.exe SpecialK_25.4.1.1.exe SpecialK_25.6.21.1.exe SpecialK_25.9.4.1.exe SpecialK_25.9.26.3.exe SpecialK_26.3.26.2.exe Show More SpecialK_TVFix_23.9.10.5.exe
Original Filename	7 Days to Die v1.0-v2.0 Plus 30 Trainer.exe 7z.sfx.exe Adobe Powershell Activation.exe ADV-disco01.exe AeigisAPI.dll Ahk2Exe.exe Alan Wake 2 +DLC Türkçe Yama.exe American Arcadia Türkçe Yama.exe aneta2009.exe AntiAfkKick.exe Show More AnyDesk.exe ApeX mod menu.dll AquaSys.exe Assassins Creed Odyssey v1.0.2-v1.5.4 Plus 28 Trainer.exe Assassins Creed Valhalla v1.0.2-v1.6.2 Plus 20 Trainer.exe AssCheeksV1.dll Assembly-CSharp.dll Assistenza.exe AutoThaiLan.exe Autoupdate.exe AzzWork.WPF.dll BiTect.dll BlackPink's Api.dll Blasphemous v1.0-v2.0.22 Plus 12 Trainer.exe BlazBlue Entropy Effect v1.0-v1.0.3 Plus 13 Trainer.exe BO2Z Toolbox.exe BoostedNW Flash & Burn.exe Bot.dll BoyDoILoveInformation.dll BreezeV2.dll BReWErS.exe Broken Arrow v1.0 Plus 17 Trainer Fixed.exe Broken Arrow v1.0 Plus 18 Trainer.exe Broken Arrow v1.0-v1.0.12 Plus 18 Trainer.exe Broken Arrow v1.0-v1.1 Plus 18 Trainer.exe Bypass patcher.exe BYPASS_UID.exe c&cra2v1006+4tr.exe Calypso Setup.exe CastingShouldBeFree.dll ChaosModVConfig.exe CheatLoader.dll Cheat_Menu.dll Cities Skylines 2 Türkçe Yama.exe ClassLibrary1.dll Client.dll CloudyApis.dll Code Vein v1.01-v1.53 Plus 16 Trainer.exe com.keklick1337.peak.advancedconsole.dll Comet.exe CommunicationYuBX.dll ComputerInterface.Commands.dll Config.exe ConnectServer.exe ConquerLaucher.exe Core Keeper Early Access Plus 19 Trainer Updated 2024.02.13.exe COServer.dll CouldBeAimmyV2.dll CRACK CHEAT OUSSAMA.exe CreamInstaller.dll CreateTeam.exe Crimson Desert v1.0-v1.02 Plus 12 Trainer.exe Da best ninja executor.exe Darkest Dungeon v25807 Plus 14 Trainer (For 64-bit Game Version).exe dark horizon menu.dll DeltaOnlineLauncher.exe Deltarune Yellow.dll DeviPals.exe DigimonMasters.exe dmc3se.exe Download Manager.exe DriftUI.exe ds2023v11_steam+7tr.exe Dv7.dll DVREMU2 Manager.exe Dynasty Warriors 8 Xtreme Legends Complete Edition v20190307 Plus 31 Trainer.exe Dynasty Warriors Origins v1.0 Plus 35 Trainer.exe Easy Red 2 v1.5.1-v1.5.6 Plus 14 Trainer.exe EasyTundra 1.29.0.0 x64 [ Free Version ].exe EasyTundra 1.32.0.0 x64 [ Free Version ].exe Eclipsed.GameData.dll Eggsploit.dll Endless Space 2 v1.0-v1.0.47 Plus 4 Trainer.exe Eon.dll Escape from Duckov v1.0 Plus 35 Trainer.exe Everspace 2 v1.0-v1.4 Plus 20 Trainer.exe Extasy.dll ezcd.exe FINEX UID BYPASS.dll FKFXEMU.dll Forever Skies Early Access Plus 21 Trainer Updated 2024.12.18.exe FRIPON BAYPASS.dll FutureXGame.exe G4VN-AutoTrain.exe Gaea.Swarm.dll game.exe Game.exe gameModifierStarter.exe GameSettingsManager.exe Global.dll 220 additional items are not displayed above.
Private Build	1.0.0.0 1.0.0.0 4.8.5
Product Name	6EADC0A94466092A6D1218C14165B22D 7 Days to Die v1.0-v2.0 Plus 30 Trainer 7-Zip AeigisAPI Ahk2Exe Alan Wake 2 +DLC Türkçe Yama American Arcadia Türkçe Yama Amnezia AnotherWorld AntiAfkKick.Properties Show More AquaSys Assassins Creed Odyssey v1.0.2-v1.5.4 Plus 28 Trainer Assassins Creed Valhalla v1.0.2-v1.6.2 Plus 20 Trainer AssCheeksV1 Assistenza Tecnica Audition Auto Clicker Auto Clicker AutoFill 1.0.0.0 Auto Clicker AutoFill DEV 1.0.0.0 Automatic DLC Unlocker Installer & Configuration Generator AutoTrain-G4VN AVarmor AzzWork.WPF Backrooms Rec Barony BattleField4 Battlefield Bad Company 2 bDesigner BENX PREMIUAM BiTect BlackPink's Api Blasphemous v1.0-v2.0.22 Plus 12 Trainer BlazBlue Entropy Effect v1.0-v1.0.3 Plus 13 Trainer BO2Z Toolbox BoostedNW FlasnNBurn Bot BoyDoILoveInformation BreezeV2 BReWErS Game Trainer Broken Arrow v1.0 Plus 17 Trainer Fixed Broken Arrow v1.0 Plus 18 Trainer Broken Arrow v1.0-v1.0.12 Plus 18 Trainer Broken Arrow v1.0-v1.1 Plus 18 Trainer Bypass patcher BYPASS_UID CalyInstaller CashGrab Refunded CastingShouldBeFree Chaos Express Delivery Simulator Cheat Happens Trainer CheatLoader Cheat_Menu ChrisPC Anonymous Connection Cities Skylines 2 Türkçe Yama ClashBot Client ClientMod Library CloudyApis Code Vein v1.01-v1.53 Plus 16 Trainer Colin McRae Dirt - Language Selector com.keklick1337.peak.advancedconsole Comet Exec CommunicationYuBX Community Script Hook V .NET ComputerInterface.Commands ConfigApp Connect Client Connect Server Copyright (C) 2022 WeBuff Core Keeper Early Access Plus 19 Trainer Updated 2024.02.13 COServer CouldBeAimmyV2 Counter-Strike Online CreamAPI Generator & Installer Crimson Desert v1.0-v1.02 Plus 12 Trainer Cult Of The Lamb CURE - A Hospital Simulator Da best ninja executor Darkest Dungeon v25807 Plus 14 Trainer (For 64-bit Game Version) dark horizon menu Dark Hours Davinci Resolve Studio Deep Rock Galactic Delta Online Launcher Deltarune Yellow Devil May Cry 3 Special Edition DeviPals Digimon Masters Online Digimon Masters Online(MGame) Divinity Original Sin 2 DONT SCREAM TOGETHER DownloadManager Dragon Age Inquisition Trainer Drive Beyond Horizons Dv7 DVREMU2 Manager Dynasty Warriors 8 Xtreme Legends Complete Edition v20190307 Plus 31 Trainer Dynasty Warriors Origins v1.0 Plus 35 Trainer Easy Red 2 v1.5.1-v1.5.6 Plus 14 Trainer EasyTundra x64 [ Free Version ] 273 additional items are not displayed above.
Product Short Name	kadokawa
Product Version	客戶端 19210 8716.54.58 2022.3.26f1 (ec6cd8118806) 2021.3.45f1 (0da89fac8e79) 2006, 1, 7, 0 141.0.3537.71 82.2.0.42464:43325 40.3.16 40.1.7 Show More 40.0.5 40.0.2 37 32.0.0.0 26.3.26.2 25.9.26.3 25.9.4.1 25.6.21.1 25.4.1.1 25.3.25 25.1.29.3 25.03.28.1 23.9.10.5 23.9.0.1 19t13.4 19.4 18.0.0.0 17.6.22.0 16.02 11.0.0.0 10.1.0.1 10.0.26100.5737 8.14.4 8.2.2 8.2.0 8.0.0.0 7.9.0.1665 7.9.0 7.5.1 7.4.9.33430 7.4.0.4161 7.2.0.0 7.1.0 07.04.2026.1943 7.0.0.0 7.0.0 6.30 6.4.0.1076 6.4.0.0 5.x 5.7.1 rel.25 (SA-MP 0.3.DL) 5.7.1 rel.25 (SA-MP 0.3.7-R5) 5.1.0 5.0.0.0 5,0,0,0 4.9.8 4.8.5 4.0 3.2310.16.2 3.998.0.0 3.88 3.10.0.0 3.9.0.0 3.9.0 3.7.0.92 3.7.0.81 3.7.0.42 3.6.0.0 3.2.3.0 3.1.0.1 3.0.9.4 3.0.3.0 3.0.0.9 3.0.0.3 3.0.0.1 3.0.0.0 3-00-32-th 3-00-21-th 3, 0, 0, 0 2.12.2.0 2.12.1.0 2.11.6+ce65ee36c7d5aacb52ab107d21a91d6a4d072520 2.11.6+b1baae26de5b2b98e188f533c121feec6d40eeb4 2.11.6+af79edeaf849070cf881c8007f0699ddcd0ae9b6 2.11.6+ae8cfff63375137889b2b66d3c81cef02f3b7712 2.11.6+7b3b9e44f2624ef2de2fd3d079dc0b9337b9c272 2.11.6+2fa4b551e4b49512303de6933afed2641058b2f9 2.6.8 2.5.0.1 2.4.1.9 2.3.0.1 2.2.1.0+d336b92d765ac39e80d6c8fa88eaf9861f1eeb35 2.2.0.3+7ba0c35a3be755c0f3881c778f9ac73e248678ce 2.2.0 2.2.0 2.1.0.1 2.1.0.0 2.03.0013 2.0.70 2.0.5.2+35c9e26566865ddcac19fb0cbc00036e6c876f31 171 additional items are not displayed above.
Program I D	com.embarcadero.Project1 com.embarcadero.REG
Source Control I D	5923675
Special Build	1.0.0.0 1.0.0.0 4.8 Parallels Shared Application

Digital Signatures

Signer	Root	Status
CMD Softworks	CMD Softworks	Self Signed
ChrisPC Software SRL	COMODO RSA Code Signing CA	Self Signed
Audio for Apps Ltd.	Certum Extended Validation Code Signing CA SHA2	Self Signed
ClientModGame	ClientModGame	Self Signed
DV-Team	Codegic Root CA G2	Root Not Trusted

DESKTOP-DQ7MTVA\Eren	DESKTOP-DQ7MTVA\Eren	Self Signed
Kandra Labs, Inc.	DigiCert SHA2 Assured ID Code Signing CA	Self Signed
Acronis International GmbH	DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1	Self Signed
Acronis International GmbH	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
ESTgames Corp.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
ESTgames Corp.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
Ferox Games B.V.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
Tencent Technology (Shenzhen) Company Limited	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
合肥坤博信息科技有限公司	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
EG Shaiya	EG Shaiya	Self Signed
Dingo WebWorks, LLC	GlobalSign Code Signing Root R45	Root Not Trusted
Eisys Inc	GlobalSign Code Signing Root R45	Hash Mismatch
Dingo WebWorks, LLC	GlobalSign CodeSigning CA - SHA256 - G3	Self Signed
Move Interactive Co., Ltd.	GlobalSign GCC R45 CodeSigning CA 2020	Self Signed
Informaal	Informaal	Self Signed
JuniorDjjr	JuniorDjjr	Hash Mismatch
LX63	LX63	Self Signed
Lordmau5	Lordmau5	Self Signed
Microsoft Corporation	Microsoft Code Signing PCA 2010	Hash Mismatch
OldSkoolsProMod	OldSkoolsProMod	Self Signed
OptiJuegos	OptiJuegos	Self Signed
R2R	R2R	Self Signed
QuadSpinner	SSL.com Code Signing Intermediate CA ECC R2	Self Signed
KUD LIMITED	Sectigo Public Code Signing Root R46	Hash Mismatch
MOVE INTERACTIVE Co.,Ltd.	Sectigo Public Code Signing Root R46	Root Not Trusted
VOLKTYSON\volka	VOLKTYSON\volka	Self Signed
ESTsoft Corp.	VeriSign Class 3 Public Primary Certification Authority - G5	Root Not Trusted
ZER0 Team	ZER0 Team	Self Signed
{034BC2CC-5A4D-4CC7-B544-4F06FBCA678B}	{034BC2CC-5A4D-4CC7-B544-4F06FBCA678B}	Self Signed
{670E16B7-D25E-4060-818F-BAEC85C0264B}	{670E16B7-D25E-4060-818F-BAEC85C0264B}	Self Signed
{B090C501-8978-4F75-A928-01325D5B226A}	{B090C501-8978-4F75-A928-01325D5B226A}	Self Signed
{C11FE69B-5286-4ED4-915B-BFADA825C03F}	{C11FE69B-5286-4ED4-915B-BFADA825C03F}	Self Signed
{F786EE31-57FC-472C-A08D-CFBF5FCB5D38}	{F786EE31-57FC-472C-A08D-CFBF5FCB5D38}	Self Signed
ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ ЭНВИВОРЛД	ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ ЭНВИВОРЛД	Self Signed

File Traits

.adata
.NET
.petite
.sdata
.vmp0
00 section
2+ executable sections
AdvInst
Agile.net
ASPack v2.12

AutoHK
Autoit
big overlay
CAB (In Overlay)
Confuser
CreateThread
dll
Fody
fptable
Gdrive
GenKrypt
GetConsoleWindow
HighEntropy
imgui
Inno
InnoSetup Installer
Installer Manifest
Installer Version
JMC
MPRESS
NewLateBinding
nosig nsis
No Version Info
ntdll
Nullsoft Installer
packed
Pastebin
RAR (In Overlay)
RARinO
Reactor
RijndaelManaged
Run
SmartAssembly
SusSec
themida
themida section variant
upx
vb6
VirtualQueryEx
vlizer
vmp section variant
vmp with ShellExecuteA, no signature
vmp with VirtualProtect, no signature
WinRAR SFX
Wix
WixToolset Installer
WRARSFX
WriteProcessMemory
x64
x86

Block Information

Total Blocks:	55
Potentially Malicious Blocks:	0
Whitelisted Blocks:	21
Unknown Blocks:	34

Visual Map

0 0 ? ? 0 ? 0 0 ? ? 0 ? 0 ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? 0 ? 0 ? ? 0 ? 0 ? ? 0 ? ? 0 ? 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

AdjProg.A
Agent.DRZ
Agent.FDD
Agent.FYL
Agent.GAE

Agent.GFSA
Agent.KFF
Agent.KFG
Agent.KFM
Agent.KLB
Agent.LA
Agent.PFZC
Agent.PGA
Agent.XCO
Agent.ZFKC
AutoHotkey.B
Autoit
Babar.AE
BadJoke.LJ
BadJoke.XA
Banker.GT
Banker.J
Banker.JJ
Banker.LH
Banker.R
Banload.XE
Banload.XL
Banload.Z
Barys.U
BestaFera.G
Bestafera.A
BitWall.A
Brute.BHA
Chapak.HBX
ClipBanker.J
Clipbanker.DO
CobaltStrike.GI
CobaltStrike.GIA
CobaltStrike.GL
CsgoHack.GAK
Delf.DA
Dropper.Delf.CD
Emotet.CDD
Expiro.KA
Filecoder.FR
GameHack.ADDS
GameHack.G
GameHack.HL
GameHack.QB
Gamehack.BAE
Gamehack.GSA
Gamehack.GU
Gamehack.LCR
Gamehack.SBA
Gamehack.SBG
Gametool.JN
Gametool.PDE
HackAgent.X
Havokiz.A
Injector.AK
Injector.DFF
Injector.FGGA
Injector.FHBA
Injector.FHBC
Injector.GDSA
Injector.GDSB
Injector.KS
Injector.XD
Jeefo.A
Keygen.FAC
Keygen.FG
Keygen.FH
Kraddare.XF
Krasnoglaz.B
Kryptik.FTC
Kryptik.FTD
Kryptik.VTC
Lumma.GFD
MSIL.Agent.FSDA
MSIL.Agent.IGD
MSIL.Agent.JJ
MSIL.BypassUAC.K
MSIL.ClipBanker.HA
MSIL.ClipBanker.PC
MSIL.ClipBanker.ROA
MSIL.ClipBanker.RP
MSIL.CsgoHack.IA
MSIL.DllInject.AB
MSIL.DllInject.ME
MSIL.Downloader.Agent.BIE
MSIL.Downloader.Agent.BII
MSIL.Downloader.Agent.SEA
MSIL.Downloader.Agent.TWG
MSIL.Downloader.CAYD
MSIL.Downloader.DTD
MSIL.Dropper.MF
MSIL.FakeMS.HG
MSIL.FakeMS.HK
MSIL.FakeMS.L
MSIL.FakeMS.LA

92 additional families are not displayed above.

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_1188	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_1656	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_1752	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_2208	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_2252	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_2380	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_2392	Generic Read,Write Data,Write Attributes,Write extended,Append data

\device\namedpipe\flingtrainernamedpipe_2456	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_2516	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_2608	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_2656	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_2676	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_2792	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_2848	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_288	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_3016	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_3076	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_3220	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_3232	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_3536	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_3568	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_3620	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_3664	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_3676	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_4088	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_4128	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_4184	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_4220	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_4252	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_4384	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_4620	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_4624	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_4740	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_480	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5204	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5232	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5424	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5484	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5500	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5552	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5572	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5576	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5596	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5816	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5848	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5948	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5964	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5972	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_5976	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_6048	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_6176	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_6344	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_6440	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_6612	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_6628	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_6736	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_6800	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_6900	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_6916	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_692	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_6940	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_7008	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_7024	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_7132	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_7136	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_7280	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_7400	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_752	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_7644	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_7840	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_7932	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_8176	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_8380	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_8444	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_8676	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_8856	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\flingtrainernamedpipe_8984	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\local\mojo.7500.7456.9504473198179828798	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134001240249506937.6112.defaultappdomain.62dc41362342d47ad81f82939334a01c9c74912c_0000061440	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134056021023234375.5492.defaultappdomain.9866528114749f507706cdd041b86e685e705c39_0000194560	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134105002235093565.8232.defaultappdomain.9a8f74432d10c316bba3a0cf0113039f57a9b9e1_0005991424	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134133695289948578.7268.defaultappdomain.c5fd344ed579097b16186be9e08f1a399f5f2155_0000047616	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134164309233921966.4012.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134192004478744099.7920.defaultappdomain.bb9d12de177bf6799b958810ca5d2ebb582b0e07_0000026624	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134211130415923936.4516.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\toserveradvinst_extract_c:\users\user\downloads\2e5e2b05c4bc36995e5d077db64c8a856e046ce5_0004441710	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\w32time	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\action-runner\_work\yimmenuv2\yimmenuv2\build\yimmenuv2.pdb	Read Attributes,Synchronize,Write Attributes
c:\hp\yimmenuv2\build\yimmenuv2.pdb	Read Attributes,Synchronize,Write Attributes
c:\program files (x86)\easyanticheat_eos\easyanticheat_eos.sys	Synchronize,Write Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\programdata\abank\logs\install-windows-abank.log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\nrp san andreas all\1.5\report.log	Generic Write,Read Attributes
c:\programdata\nrp san andreas all\1.5\report.log	Synchronize,Write Attributes
c:\programdata\synaptics	Synchronize,Write Attributes
c:\programdata\synaptics\rcxdf95.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe	Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe	Synchronize,Write Data
c:\repos\spyhunter5\sandboxtool\builds\releasenologencrypt-x64\injected-x64.pdb	Read Attributes,Synchronize,Write Attributes
c:\spurdo\cheat.log	Generic Write,Read Attributes
c:\users\kxwrld\desktop\yimmenuv2-f4611e5e33987186e1d55c93ecf02d085d41389f\out\build\x64-release-msvc\yimmenuv2.pdb	Read Attributes,Synchronize,Write Attributes
c:\users\sound\downloads\yimmenuv2 1.71 dark version\yimmenuv2-enhanced\out\build\x64-release-msvc\yimmenuv2.pdb	Read Attributes,Synchronize,Write Attributes
c:\users\sound\downloads\yimmenuv2-(1)\new dark version\out\build\x64-release-msvc\yimmenuv2.pdb	Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\local\flarial\client\logs\latest.log	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\__psscriptpolicytest_1agrkww1.mg1.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_21k0prmv.qge.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_4rsuat3k.ogv.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_4uaebjld.qha.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_e2gwd0wm.yew.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_gexgk2kz.lwo.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_h1frcryl.qrg.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_nbllekxf.nmn.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ncjfnffr.drx.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ucpbl5o5.cvq.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_x4rqaisv.yo0.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_yjsbfw1z.o20.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ytcxyxwg.exo.ps1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_zf5retxi.1cm.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\be81bac1c10.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectclientforwindows_installer_logs\uninstall.log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\connectclientforwindows_installer_logs\uninstall.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\costura\381352d0ab09585b77bfaf2a037cccc3\costura.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\costura\381352d0ab09585b77bfaf2a037cccc3\microsoft.bcl.asyncinterfaces.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\costura\381352d0ab09585b77bfaf2a037cccc3\newtonsoft.json.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\costura\381352d0ab09585b77bfaf2a037cccc3\system.buffers.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\costura\381352d0ab09585b77bfaf2a037cccc3\system.io.pipelines.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\costura\381352d0ab09585b77bfaf2a037cccc3\system.memory.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\costura\381352d0ab09585b77bfaf2a037cccc3\system.numerics.vectors.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\costura\381352d0ab09585b77bfaf2a037cccc3\system.runtime.compilerservices.unsafe.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\costura\381352d0ab09585b77bfaf2a037cccc3\system.text.encodings.web.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\costura\381352d0ab09585b77bfaf2a037cccc3\system.text.json.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\costura\381352d0ab09585b77bfaf2a037cccc3\system.threading.tasks.extensions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\costura\381352d0ab09585b77bfaf2a037cccc3\system.valuetuple.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\flingtrainer.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-0sif8.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-0sif8.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-0vt8b.tmp\ea6b5bb814a3ebaab538a2e7d17b7497f84ee8c1_0005735793.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-11cvc.tmp\790baeb3e3aefdef9f8cc33668035a813822695d_0002566757.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1m93q.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-1m93q.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-1umcn.tmp\c539772905cfe392fd5b15fb5b8933dc3aa45667_0001253345.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-23ib6.tmp\73f93d4ab7a301917b4d4053efa56b89af08f8c2_0001693993.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-2g7te.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-2g7te.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-2lf3u.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-2lf3u.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-2p8al.tmp\3717f1f4d9444d77d503ec9cd07a424e5b5b564b_0002568213.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-2u0nr.tmp\8c04bec7cb09a7d4973a0a761792bf1941b3ded4_0001733000.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-3a09d.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-3a09d.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-3af8t.tmp\c43c09fbed1b8509fb1e9c9cfb8ce7b5e58848d3_0001714941.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-40kdp.tmp\83a2a7754302bc00f259f3d73dd617eea2b645de_0001677285.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-4e27t.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-4e27t.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-4ijdj.tmp\abfe5869344c9575a25aad56d47522bdceb8fbe2_0004847061.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-513hv.tmp\edb8548e1952773ac2defb867b072dcbf1facf61_0001683335.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-5diko.tmp\47e4da3faeedeb19befd3c8e1ec39d68100ed3be_0001693956.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-5qiea.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-5qiea.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-6arlc.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-6arlc.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-6kii2.tmp\b480e664546ccf2b2e47501102048ccfa6a2fdce_0001726198.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-71bta.tmp\d77a2d8c9ad69d73fe3be48234da95667bd44608_0001814192.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-75vb8.tmp\_isetup\_regdll.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-75vb8.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-75vb8.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-77rga.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-77rga.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-7nu60.tmp\b8c9aa7423ccff8af526838bf6c7aa26a7312dd3_0001712727.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-7rmgu.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-7rmgu.tmp\getsa.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-8afsa.tmp\d0f0fc8a9791ab6476c47acc4321ef6a56e2d370_0001954377.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-8ll2s.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-8ll2s.tmp\idp.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-9sioo.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-9sioo.tmp\idp.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-9v11p.tmp\e4ed6cb40b3d011788acca5d94041e3addab8f33_0002052444.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-abuvd.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-abuvd.tmp\elo.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-akkpf.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-akkpf.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-aqhf4.tmp\3f0c1bc5ebed2b2867692376f66d6133ecb329b1_0002793424.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-b1tr2.tmp\257f1cbb9f66f49089b9334530a5f49d0267c786_0001726614.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-b765i.tmp\50aa6539325013d036afb7d19687b7105e87d033_0001714564.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ba3ok.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-ba3ok.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-bi3rn.tmp\c5abe896411b2a6f17c23075d1f253ed22e92b27_0001713608.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c90ce.tmp\72f810120fae88b81e446593c6e608f3340875ae_0001914666.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-d85t6.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-d85t6.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-d85t6.tmp\get_hw_caps.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-e3juu.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-e3juu.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data

410 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ﺒ았Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ګ앯Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Gyhqmjkn\AppData\Local\Temp\~nsuA.tmp\Un_A.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Gyhqmjkn\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Gyhqmjkn\AppData\Local\Temp\~nsuA.tmp	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey

HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\live editor\fc 25::data dir	C:\FC 25 Live Editor	RegNtPreCreateKey
HKLM\software\live editor\fc 25::mods dir	C:\FC 25 Live Editor\mods	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Uzhyxxsj\AppData\Local\Temp\~nsuA.tmp\Un_A.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Uzhyxxsj\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Uzhyxxsj\AppData\Local\Temp\~nsuA.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Uzhyxxsj\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Uzhyxxsj\AppData\Local\Temp\~nsuA.tmp\??\C:\Users\Uz	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	梛䛽୿ǜ	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\c:\users\user\downloads\c2af915482ac7454abf1a3816bd840b9a69e610b_0000053248	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\c:\users\user\downloads\c2af915482ac7454abf1a3816bd840b9a69e610b_0000053248\??\C:\WINDOWS\SysWOW64\oleext32.dll!\??\C:\WI	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::allowprotectedrenames		RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3}::it	ᳲ靤	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3}::bin		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::intell32.exe	C:\WINDOWS\system32\intell32.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\internet update::displayname	Internet Update	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\internet update::uninstallstring	uninstIU.exe	RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\main::operationaldata		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Sagrzszi\AppData\Local\Temp\nsd9233.tmp\nsprocess.dll	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Sagrzszi\AppData\Local\Temp\nsd9233.tmp\nsprocess.dll\??\C:\Users\Sagrzszi\AppData\Local\Temp\nsd9233.tmp\	RegNtPreCreateKey
HKCU\software\team r2r\fkfxemu::email	reverse@revolutionize.com	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	꤁ሠǜ	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Aqpjtztc\AppData\Local\Temp\~nsuA.tmp\Un_A.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Aqpjtztc\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Aqpjtztc\AppData\Local\Temp\~nsuA.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Aqpjtztc\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Aqpjtztc\AppData\Local\Temp\~nsuA.tmp\??\C:\Users\Aq	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Psoheznb\AppData\Local\Temp\nsz56BD.tmp\nsprocess.dll	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Psoheznb\AppData\Local\Temp\nsz56BD.tmp\nsprocess.dll\??\C:\Users\Psoheznb\AppData\Local\Temp\nsz56BD.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Wgatidcj\AppData\Local\Temp\~nsuA.tmp\Un_A.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Wgatidcj\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Wgatidcj\AppData\Local\Temp\~nsuA.tmp	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	彴剟☕ǜ	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Wgatidcj\AppData\Local\Temp\nsr41B9.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	棂䟹☨ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	b20c13b6569b67a2cca5cd8685ac1c4412c606d3_0000514434	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	埕㿽	RegNtPreCreateKey
HKCU\software\kaldaien\special k::installguid	{843F2157-7B38-4CE6-A3FC-3499C87B23D2}	RegNtPreCreateKey
HKCU\software\kaldaien\special k::first launch		RegNtPreCreateKey
HKCU\software\kaldaien\special k::categories	FavoritesGames	RegNtPreCreateKey
HKCU\software\kaldaien\special k::categories state	00	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Etbpwdne\AppData\Local\Temp\~nsu1.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Etbpwdne\AppData\Local\Temp\~nsu1.tmp\??\C:\Users\Etbpwdne\AppData\Local\Temp\~nsu1.tmp\Un.exe	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	攌ਗ⚫ǜ	RegNtPreCreateKey
HKLM\software\live editor\fc 26::data dir	C:\FC 26 Live Editor	RegNtPreCreateKey
HKLM\software\live editor\fc 26::mods dir	C:\FC 26 Live Editor\mods	RegNtPreCreateKey
HKCU\software\nexus rp: san andreas all\1.5\settings\general::pending-browse-to-solution	ecode=&flags=2&message=Failed to load: 'c:\users\user\downloads\nrp\loader.dll' Error 126: The specified module could not be fo	RegNtPreCreateKey
HKCU\software\nexus rp: san andreas all\1.5\settings\general::pending-browse-to-solution		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	0d1b45b708828140a598c35d1937648386ed78e4_0001501710	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	∌䜻	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ॐ刻ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	悁啺ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	Ὢ啺ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	퀑啺ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	团ࠟ垝ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	6ef991c297970445d8d9fb7957c25e09362951ef_0000747137	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	颍䄽	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75	沉䠱O噀ñ᝹ʁ傄ë횎ǜ駃óߙĤÉ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	⪙堢抷ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\kaldaien\special k::installguid	{C69268F2-197B-428F-947F-4C67A4C6DC61}	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\kaldaien\special k::installguid	{243CBA3B-E244-4784-94E2-99517EF71C2E}	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	庆푿滯ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	娓Ὥ灆ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	濸ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	٘ꔧ牏ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㧨瓻牉ǜ	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e41\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	燐蒦犫ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	骤즚窙ǜ	RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\ndfapi.dll,-40001	Windows Network Diagnostics	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	d05cc62bef9ee38f947728a1d3693c430e553dd3_0000577765	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꪒ自ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	漤柟蛐ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	퇎柡蛐ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꠀ栘蛐ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꠀ栘蛐ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	955b59a0966422042ca083f4d979f0abfba2025e_0000973625	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	詎䄬	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꢆ賓ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data	馐ʊ耀ŚT隞̃耀꧌ХI	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꗗ躯ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	텋阳ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	a99bd4ca581ee141cc95df757bcdc74ae5063c07_0006279198	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af521\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	짖祮ꖺǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	6765d704cf2200352f6184a6ce7c29e9c3e7add6_0006146258	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	b71b202e2d19eac8a237e086e18ced399546cd77_0004459109	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㣈晝명ǜ	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager\environment::dotnet_tieredcompilation	0	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ᇎ柼명ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\prnfldr.dll,-8036	Printers	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	貈嬄쉬ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	犮녺첊ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	떏큏ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver	C:\ProgramData\Synaptics\Synaptics.exe	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAccessCheckByType ntdll.dll!NtAddAtomEx ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAllocateLocallyUniqueId ntdll.dll!NtAllocateReserveObject ntdll.dll!NtAllocateUuids ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort Show More ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePort ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFindAtom ntdll.dll!NtFlushBuffersFile ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtGetContextThread ntdll.dll!NtGetWriteWatch ntdll.dll!NtImpersonateAnonymousToken ntdll.dll!NtLoadKeyEx ntdll.dll!NtLockFile ntdll.dll!NtLockVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeDirectoryFile ntdll.dll!NtNotifyChangeKey ntdll.dll!NtNotifyChangeMultipleKeys ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenPrivateNamespace ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFile ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter 274 additional items are not displayed above.
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserNameEx GetUserObjectInformation
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent NtQuerySystemInformation OutputDebugString
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Network Winsock2	WSAConnect WSARecv WSASend WSASocket WSAStartup WSAttemptAutodialName
Network Winsock	accept bind closesocket connect freeaddrinfo getaddrinfo gethostbyname gethostname getpeername getsockname Show More inet_addr recv recvfrom send sendto setsockopt socket
Process Shell Execute	CreateProcess ShellExecute ShellExecuteEx WinExec WriteConsole
Service Control	OpenSCManager OpenService StartServiceCtrlDispatcher
Network Info Queried	GetAdaptersAddresses GetAdaptersInfo GetNetworkParams
Network Winhttp	WinHttpConnect WinHttpOpen WinHttpOpenRequest WinHttpQueryHeaders WinHttpReceiveResponse WinHttpSendRequest
Process Terminate	TerminateProcess
Keyboard Access	GetAsyncKeyState GetKeyState
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory VirtualAllocEx
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetOpenUrl InternetQueryOption InternetReadFile InternetSetOption
Thread Create Remote	CreateRemoteThread

Shell Command Execution


							c:\users\user\downloads\ca0012b72c9c38cd216a2601e52a65a3cfa6cb9b_0001665536.exe c:\users\user\downloads\ca0012b72c9c38cd216a2601e52a65a3cfa6cb9b_0001665536.exe -retry-non-windows


							"C:\Users\Mviujwbn\AppData\Local\Temp\is-J0GOV.tmp\2c181bf825c8c6253edb97334a750d4252422857_0002204629.tmp" /SL5="$2026C,1710227,152064,c:\users\user\downloads\2c181bf825c8c6253edb97334a750d4252422857_0002204629.exe"


							c:\users\user\downloads\86b7033d4b5349216bd3ad5fa23becbb429a2838_0001619456.exe c:\users\user\downloads\86b7033d4b5349216bd3ad5fa23becbb429a2838_0001619456.exe -retry-non-windows


							"C:\Users\Ecueggta\AppData\Local\Temp\is-G1F1O.tmp\34624ee42e5ae67d8932c5c5861fbe5276c35578_0001914125.tmp" /SL5="$70040,934334,844800,c:\users\user\downloads\34624ee42e5ae67d8932c5c5861fbe5276c35578_0001914125.exe"


							"C:\Users\Hekcckle\AppData\Local\Temp\is-ET7JT.tmp\b689c1a49eb78f92aa09c5ec42ad7f7b0d398058_0001695324.tmp" /SL5="$20252,1200957,152064,c:\users\user\downloads\b689c1a49eb78f92aa09c5ec42ad7f7b0d398058_0001695324.exe"


									"C:\Users\Rtuijhje\AppData\Local\Temp\is-40KDP.tmp\83a2a7754302bc00f259f3d73dd617eea2b645de_0001677285.tmp" /SL5="$301FA,1182755,152064,c:\users\user\downloads\83a2a7754302bc00f259f3d73dd617eea2b645de_0001677285.exe"


									"C:\Users\Cvodgllh\AppData\Local\Temp\is-SNM17.tmp\dd113baddb30d05e121d32b75ab03bfc2a786663_0001914673.tmp" /SL5="$3021A,934334,844800,c:\users\user\downloads\dd113baddb30d05e121d32b75ab03bfc2a786663_0001914673.exe"


									"C:\Users\Yahqpvrs\AppData\Local\Temp\is-2P8AL.tmp\3717f1f4d9444d77d503ec9cd07a424e5b5b564b_0002568213.tmp" /SL5="$5003E,2073650,152064,c:\users\user\downloads\3717f1f4d9444d77d503ec9cd07a424e5b5b564b_0002568213.exe"


									"C:\Users\Joexpsxt\AppData\Local\Temp\is-QN7A2.tmp\cd49f2f44be34999cc04baafc80d521f63c38310_0001695098.tmp" /SL5="$1023E,1200602,152064,c:\users\user\downloads\cd49f2f44be34999cc04baafc80d521f63c38310_0001695098.exe"


									C:\Users\Public\vb2.vbs


									(NULL) C:\Users\Public\vb2.vbs


									"C:\Users\Gyhqmjkn\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"  _?=c:\users\user\downloads\


									c:\users\user\downloads\8b98eaad7c8fce23661cf8ec1069a08a5ea16952_0001711104.exe c:\users\user\downloads\8b98eaad7c8fce23661cf8ec1069a08a5ea16952_0001711104.exe -retry-non-windows


									"C:\Users\Wzqbjjwz\AppData\Local\Temp\is-0VT8B.tmp\ea6b5bb814a3ebaab538a2e7d17b7497f84ee8c1_0005735793.tmp" /SL5="$40064,5241261,152064,c:\users\user\downloads\ea6b5bb814a3ebaab538a2e7d17b7497f84ee8c1_0005735793.exe"


									taskkill /f /im FLiNGTrainerUpdater.exe


									taskkill /f /im FLiNGTrainer.exe


									"C:\Users\Uzhyxxsj\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"  _?=c:\users\user\downloads\


									c:\users\user\downloads\0ca7c2cb2ea3eb1fa88fdb8a4f1c53a43b726fcc_0001087488 c:\users\user\downloads\0ca7c2cb2ea3eb1fa88fdb8a4f1c53a43b726fcc_0001087488 -retry-non-windows


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bfe2971c8e99915eb611f017874ff6ba104c4e1c_0000028672.,LiQMAxHB


									c:\users\user\downloads\5781a383ce8249131ede4d94de7d4bf5a55d61c7_0001713664 c:\users\user\downloads\5781a383ce8249131ede4d94de7d4bf5a55d61c7_0001713664 -retry-non-windows


									"C:\Users\Eumnngvp\AppData\Local\Temp\is-C90CE.tmp\72f810120fae88b81e446593c6e608f3340875ae_0001914666.tmp" /SL5="$5020A,934334,844800,c:\users\user\downloads\72f810120fae88b81e446593c6e608f3340875ae_0001914666"


									(NULL) c:\users\user\downloads\TeknoParrotUi.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b4d2b42498ac3ca4cfe0e2ec42f024e7a14a1a83_0001337348.,LiQMAxHB


									C:\WINDOWS\system32\intell32.exe intell32.exe (null)


									C:\Program Files\Internet Explorer\IEXPLORE.EXE IEXPLORE.EXE (null)


									C:\Program Files\Internet Explorer\iexplore.exe iexplore.exe (null)


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e84497b01e168d589c16218c80ce8db468fae726_0001298432.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8c9d249346652aae144f8af1602a6534f3dcbcbd_0000452568.,LiQMAxHB


									"C:\Users\Pklnkjzc\AppData\Local\Temp\is-EBFAF.tmp\be73867807b7ec5b96a3386e5776355b3ed71b6c_0001683807.tmp" /SL5="$20218,1191185,152064,c:\users\user\downloads\be73867807b7ec5b96a3386e5776355b3ed71b6c_0001683807"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3a1f5af6bab4580283df99617583703c6e458ce6_0006684392.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\082480594b00db1b9194da70ef7e78acd0d30726_0006684392.,LiQMAxHB


									taskkill /f /im chrome.exe


									WriteConsole: ERROR: CoInitial


									"C:\Users\Wajsbhfo\AppData\Local\Temp\is-513HV.tmp\edb8548e1952773ac2defb867b072dcbf1facf61_0001683335.tmp" /SL5="$20136,1189129,152064,c:\users\user\downloads\edb8548e1952773ac2defb867b072dcbf1facf61_0001683335"


									"C:\Users\Aqpjtztc\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"  _?=c:\users\user\downloads\


									"C:\Users\Jpgoyowp\AppData\Local\Temp\is-KFR1M.tmp\e62cb74472bc4cb1b82139aba3627b1f56e74a19_0001693120.tmp" /SL5="$20138,1198756,152064,c:\users\user\downloads\e62cb74472bc4cb1b82139aba3627b1f56e74a19_0001693120"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\262edcecb071ed9697c220bbde0b2fd2d8e0906d_0000370176.,LiQMAxHB


									"C:\Users\Ecfrkyxh\AppData\Local\Temp\is-TSA1G.tmp\d879776dde270d4d53a45b139b26f4d13e6121a1_0002025895.tmp" /SL5="$302B4,1531547,152064,c:\users\user\downloads\d879776dde270d4d53a45b139b26f4d13e6121a1_0002025895"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\61f6b48a29174038b72b40861f82a6d7d8ab76bf_0001525760.,LiQMAxHB


									"C:\Users\Wgatidcj\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"  _?=c:\users\user\downloads\


									cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Pulse.exe" | %SYSTEMROOT%\System32\find.exe "Pulse.exe"


									C:\WINDOWS\system32\tasklist.exe tasklist  /FI "USERNAME eq Wgatidcj" /FI "IMAGENAME eq Pulse.exe"


									C:\WINDOWS\System32\find.exe C:\WINDOWS\System32\find.exe  "Pulse.exe"


									"C:\Users\Hpzbgmic\AppData\Local\Temp\is-B1TR2.tmp\257f1cbb9f66f49089b9334530a5f49d0267c786_0001726614.tmp" /SL5="$1024E,1232380,152064,c:\users\user\downloads\257f1cbb9f66f49089b9334530a5f49d0267c786_0001726614"


									"C:\Users\Pirglcsk\AppData\Local\Temp\is-T2P5O.tmp\5dc343d23fdeaecf69e290535f457673b56ac18a_0001682369.tmp" /SL5="$10258,1187980,152064,c:\users\user\downloads\5dc343d23fdeaecf69e290535f457673b56ac18a_0001682369"


									C:\WINDOWS\system32\mode.com mode  con: cols=100 lines=40


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\10ebf9ed9a3435a93eefede9026a279794a2adfa_0008321912.,LiQMAxHB


									"C:\Users\Btrifepx\AppData\Local\Temp\is-P5QKL.tmp\4d9e4606af4dc68b577bf3dd33b6fb29e72c3d9d_0001881691.tmp" /SL5="$1023E,1387219,152064,c:\users\user\downloads\4d9e4606af4dc68b577bf3dd33b6fb29e72c3d9d_0001881691"


									"C:\Users\Levvfxmq\AppData\Local\Temp\is-8AFSA.tmp\d0f0fc8a9791ab6476c47acc4321ef6a56e2d370_0001954377.tmp" /SL5="$10240,957374,867840,c:\users\user\downloads\d0f0fc8a9791ab6476c47acc4321ef6a56e2d370_0001954377"


									"C:\Users\Etbpwdne\AppData\Local\Temp\~nsu1.tmp\Un.exe"  _?=c:\users\user\downloads\


									c:\users\user\downloads\ec87d5f3f0e1c5a50fc0e43d9cea7d749af38504_0001692672 c:\users\user\downloads\ec87d5f3f0e1c5a50fc0e43d9cea7d749af38504_0001692672 -retry-non-windows


									c:\users\user\downloads\f0426e5772bb033969c74456c429377660541795_0001655808 c:\users\user\downloads\f0426e5772bb033969c74456c429377660541795_0001655808 -retry-non-windows


									"C:\Users\Pmebmvrl\AppData\Local\Temp\is-KO2IF.tmp\f889ecfd4018b7f41f4e3ff0dcb84111da9359dc_0001682281.tmp" /SL5="$300FA,1187874,152064,c:\users\user\downloads\f889ecfd4018b7f41f4e3ff0dcb84111da9359dc_0001682281"


									"C:\Users\Qtsfsmdq\AppData\Local\Temp\is-J6IKQ.tmp\d2d28ffa171a3a929a152b5cd8e3466185b9b841_0001720368.tmp" /SL5="$B01D2,1226127,152064,c:\users\user\downloads\d2d28ffa171a3a929a152b5cd8e3466185b9b841_0001720368"


									"C:\Users\Qjzzywdm\AppData\Local\Temp\is-4IJDJ.tmp\abfe5869344c9575a25aad56d47522bdceb8fbe2_0004847061.tmp" /SL5="$6021A,4352500,152064,c:\users\user\downloads\abfe5869344c9575a25aad56d47522bdceb8fbe2_0004847061"


									"C:\Users\Xapjlbou\AppData\Local\Temp\is-N57VF.tmp\9fa5e4c80d26bb91e204d7d57b98bbcf592fb470_0001682410.tmp" /SL5="$40048,1188005,152064,c:\users\user\downloads\9fa5e4c80d26bb91e204d7d57b98bbcf592fb470_0001682410"


									"C:\Users\Iatmegbb\AppData\Local\Temp\is-O19G8.tmp\516f936fcfb73b14b33742d62f5a77b3bb803a5f_0001935116.tmp" /SL5="$4005C,916606,867840,c:\users\user\downloads\516f936fcfb73b14b33742d62f5a77b3bb803a5f_0001935116"


									"C:\Users\Bgsggbqe\AppData\Local\Temp\is-9V11P.tmp\e4ed6cb40b3d011788acca5d94041e3addab8f33_0002052444.tmp" /SL5="$60048,1558132,152064,c:\users\user\downloads\e4ed6cb40b3d011788acca5d94041e3addab8f33_0002052444"


									"C:\Users\Xltiivks\AppData\Local\Temp\is-HCS00.tmp\1fb4c901e9b9968dcea760dc9b327b3ccad6d347_0001693772.tmp" /SL5="$30214,1199392,152064,c:\users\user\downloads\1fb4c901e9b9968dcea760dc9b327b3ccad6d347_0001693772"


									c:\users\user\downloads\f12927e98d9377cc4035a72e198edca18f4a4a01_0001635344 c:\users\user\downloads\f12927e98d9377cc4035a72e198edca18f4a4a01_0001635344 -retry-non-windows


									C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 768


									"C:\Users\Ualogmnq\AppData\Local\Temp\is-FGJLD.tmp\7e5f20a38107f812ee77dfeeeaeb1625d2b4acc8_0007200687.tmp" /SL5="$401EC,6706297,152064,c:\users\user\downloads\7e5f20a38107f812ee77dfeeeaeb1625d2b4acc8_0007200687"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\381ed8f7619e9881046ca0c132eb921c8f0cb337_0000078848.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1b39d32819e2158f4a2674fcd9021df274aacfe2_0000453489.,LiQMAxHB


									c:\users\user\downloads\afbd78e9d0dcdf5f0d276d142fa509d36f6685f2_0001829888 c:\users\user\downloads\afbd78e9d0dcdf5f0d276d142fa509d36f6685f2_0001829888 -retry-non-windows


									"C:\Users\Fjbbrsln\AppData\Local\Temp\is-B765I.tmp\50aa6539325013d036afb7d19687b7105e87d033_0001714564.tmp" /SL5="$4021A,1220241,152064,c:\users\user\downloads\50aa6539325013d036afb7d19687b7105e87d033_0001714564"


									c:\users\user\downloads\32d47ff6ecfc05c14f044502469c31549359707e_0001805312 c:\users\user\downloads\32d47ff6ecfc05c14f044502469c31549359707e_0001805312 -retry-non-windows


									"C:\Users\Zjmophgm\AppData\Local\Temp\is-11CVC.tmp\790baeb3e3aefdef9f8cc33668035a813822695d_0002566757.tmp" /SL5="$700A0,815104,0,c:\users\user\downloads\790baeb3e3aefdef9f8cc33668035a813822695d_0002566757"


									"FC26.exe"


									(NULL) FC26.exe


									c:\users\user\downloads\88c5f846a3b06ea2ec074d3a56e861d1ffb9f038_0001696768 c:\users\user\downloads\88c5f846a3b06ea2ec074d3a56e861d1ffb9f038_0001696768 -retry-non-windows


									C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c pause


									WriteConsole: Press any key to


									WriteConsole:


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\665c978eb485f41e24286327f01c6379125fa212_0003702288.,LiQMAxHB


									open .\resource\focom.exe


									"C:\Users\Wzzumuuv\AppData\Local\Temp\is-JBD9I.tmp\14890e896331c80f1929f40f9f0301c9515d4c11_0001754144.tmp" /SL5="$90042,1259669,152064,c:\users\user\downloads\14890e896331c80f1929f40f9f0301c9515d4c11_0001754144"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d7e314b9cee4957b356b29bba8f885e070451a19_0006858408.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4612b312ddf90a59926fafcf79b6fcf29b70da44_0000012800.,LiQMAxHB


									"C:\Users\Sthnauir\AppData\Local\Temp\is-R9Q4YYXIS6.tmp\f2bb49e71ca135b437c40ba272144f03c82f557d_0002089075.tmp" /SL5="$800478,999895,882176,c:\users\user\downloads\f2bb49e71ca135b437c40ba272144f03c82f557d_0002089075"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a873070cbdaddf2eed0833538e3e254db27519a6_0000452568.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\aa68218e5ffa9b1bfdda201ca396576be95d8a9e_0000095232.,LiQMAxHB


									"C:\Users\Opibfnmc\AppData\Local\Temp\is-O0J9V.tmp\46e064c7829fbd9691b212bdff12340243cddf3d_0002039442.tmp" /SL5="$990432,957984,882176,c:\users\user\downloads\46e064c7829fbd9691b212bdff12340243cddf3d_0002039442"


									"C:\Users\Ituzaabg\AppData\Local\Temp\is-5DIKO.tmp\47e4da3faeedeb19befd3c8e1ec39d68100ed3be_0001693956.tmp" /SL5="$2C0750,1199576,152064,c:\users\user\downloads\47e4da3faeedeb19befd3c8e1ec39d68100ed3be_0001693956"


									C:\Users\Wtyrnkyr\AppData\Local\Temp\SearchIndexer.exe (NULL)


									c:\users\user\downloads\63bbe4ef1874f3dc4cffcb2541a3a331e4cbc0d6_0001860608 c:\users\user\downloads\63bbe4ef1874f3dc4cffcb2541a3a331e4cbc0d6_0001860608 -retry-non-windows


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\655f46c28f7dfc9462ee3d2b278241b44b7ccc70_0000082944.,LiQMAxHB


									c:\users\user\downloads\927efd03d64af063a664dc5561d9590eddff4d01_0002132480 c:\users\user\downloads\927efd03d64af063a664dc5561d9590eddff4d01_0002132480 -retry-non-windows


									"C:\Users\Bzgqyoym\AppData\Local\Temp\~nsu1.tmp\Un.exe"  _?=c:\users\user\downloads\


									c:\users\user\downloads\ecccadc8801d793f9eb2a55cf26d3163516f9b87_0001627648 c:\users\user\downloads\ecccadc8801d793f9eb2a55cf26d3163516f9b87_0001627648 -retry-non-windows


									"C:\Users\Cqrdqfup\AppData\Local\Temp\is-3AF8T.tmp\c43c09fbed1b8509fb1e9c9cfb8ce7b5e58848d3_0001714941.tmp" /SL5="$40326,1220898,152064,c:\users\user\downloads\c43c09fbed1b8509fb1e9c9cfb8ce7b5e58848d3_0001714941"


									c:\users\user\downloads\b5cdce5e23dd844ba496aafe7f77f076b9df7a3f_0001648128 c:\users\user\downloads\b5cdce5e23dd844ba496aafe7f77f076b9df7a3f_0001648128 -retry-non-windows


									"C:\Users\Qtglnabe\AppData\Local\Temp\is-1UMCN.tmp\c539772905cfe392fd5b15fb5b8933dc3aa45667_0001253345.tmp" /SL5="$6032A,760884,152064,c:\users\user\downloads\c539772905cfe392fd5b15fb5b8933dc3aa45667_0001253345"


									c:\users\user\downloads\6742b107f8dd0baf5e37336d36adceee22955aa9_0001792000 c:\users\user\downloads\6742b107f8dd0baf5e37336d36adceee22955aa9_0001792000 -retry-non-windows


									c:\users\user\downloads\93b6c0a4d1726d3eb14cbdb88fe46a54f2dc29ab_0001725952 c:\users\user\downloads\93b6c0a4d1726d3eb14cbdb88fe46a54f2dc29ab_0001725952 -retry-non-windows


									"C:\Users\Gftymbqz\AppData\Local\Temp\is-71BTA.tmp\d77a2d8c9ad69d73fe3be48234da95667bd44608_0001814192.tmp" /SL5="$802EC,1408947,121344,c:\users\user\downloads\d77a2d8c9ad69d73fe3be48234da95667bd44608_0001814192"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\eb36472d444b6341fb73f23a6d6c6ccca232806e_0000453639.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\37caef5a2a13a82793e9582e31a8af5140838307_0000791552.,LiQMAxHB


									"C:\Users\Ilrckmna\AppData\Local\Temp\is-GAD1C.tmp\a29c4e6a544154dc1a87b867a990e824d9589499_0001797735.tmp" /SL5="$303BC,1303437,152064,c:\users\user\downloads\a29c4e6a544154dc1a87b867a990e824d9589499_0001797735"


									C:\WINDOWS\system32\cmd.exe /c "net start w32time"


									C:\WINDOWS\system32\net.exe net  start w32time


									WriteConsole: Access is denied


									C:\WINDOWS\system32\cmd.exe /c "w32tm /resync /force"


									C:\WINDOWS\system32\w32tm.exe w32tm  /resync /force


									WriteConsole: Sending resync c


									WriteConsole: The command comp


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c596012c37cd8f4592e84d3087695f448393b88d_0000598528.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e9198799f51d004a5d32b9558ffe43da6eb9cedc_0001492480.,LiQMAxHB


									"C:\Users\Sxdkeqak\AppData\Local\Temp\is-2U0NR.tmp\8c04bec7cb09a7d4973a0a761792bf1941b3ded4_0001733000.tmp" /SL5="$4030E,1238705,152064,c:\users\user\downloads\8c04bec7cb09a7d4973a0a761792bf1941b3ded4_0001733000"


									C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 924


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9eb26791f0abfed1734b70d87cafa30e8e520d99_0000701952.,LiQMAxHB


									"C:\Users\Eubsycrx\AppData\Local\Temp\is-6KII2.tmp\b480e664546ccf2b2e47501102048ccfa6a2fdce_0001726198.tmp" /SL5="$6004C,1231871,152064,c:\users\user\downloads\b480e664546ccf2b2e47501102048ccfa6a2fdce_0001726198"


									c:\users\user\downloads\33d95726c00d912584f491662a761dd2220f54e1_0001105408 c:\users\user\downloads\33d95726c00d912584f491662a761dd2220f54e1_0001105408 -retry-non-windows


									Updater.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d5cfb3b9a717c94f528ba835128d92de6debe382_0000269316.,LiQMAxHB


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\32ed583bf2b84ac4013315bb6ded885534e66375_0003691520"


									"c:\users\user\downloads\32ed583bf2b84ac4013315bb6ded885534e66375_0003691520"


									c:\users\user\downloads\9a7705c4eb78ec6e584a046ddefb01f411730261_0001740800 c:\users\user\downloads\9a7705c4eb78ec6e584a046ddefb01f411730261_0001740800 -retry-non-windows


									"C:\Users\Boqhnnav\AppData\Local\Temp\is-G7IDE.tmp\9e3213ced0565ca1ab4db453c6804bd907403ca7_0003895464.tmp" /SL5="$A017A,3605821,54272,c:\users\user\downloads\9e3213ced0565ca1ab4db453c6804bd907403ca7_0003895464"


									c:\users\user\downloads\93c99cd9c5dca6cfef3df5b885e7b303af489b86_0001735168 c:\users\user\downloads\93c99cd9c5dca6cfef3df5b885e7b303af489b86_0001735168 -retry-non-windows


									c:\users\user\downloads\99c187626915b423a1733c889703817a77ca7377_0001645072 c:\users\user\downloads\99c187626915b423a1733c889703817a77ca7377_0001645072 -retry-non-windows


									c:\users\user\downloads\29bbe475451f840b802854e5ae22cf840c49f5b1_0001673728 c:\users\user\downloads\29bbe475451f840b802854e5ae22cf840c49f5b1_0001673728 -retry-non-windows


									c:\users\user\downloads\9080386e2fc681b8aec77d9f2c9ae73740aea13e_0001550848 c:\users\user\downloads\9080386e2fc681b8aec77d9f2c9ae73740aea13e_0001550848 -retry-non-windows


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b8b8dfab5212598f1bb2e4d378a3baea2a056a92_0005577216.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\acd7a08e7c8f5a1b17f88cdcb2ae9674e196f555_0004506640.,LiQMAxHB


									c:\users\user\downloads\ed2678ee54900656b1e040f72d652b72dc5c0158_0001567232 c:\users\user\downloads\ed2678ee54900656b1e040f72d652b72dc5c0158_0001567232 -retry-non-windows


									c:\users\user\downloads\020c0614029c4cad7fc7104efd801ab5fcff0ad2_0001520128 c:\users\user\downloads\020c0614029c4cad7fc7104efd801ab5fcff0ad2_0001520128 -retry-non-windows


									c:\users\user\downloads\f3486d827f57a28110fbdae3b1298d010486cab0_0001645056 c:\users\user\downloads\f3486d827f57a28110fbdae3b1298d010486cab0_0001645056 -retry-non-windows


									"C:\Users\Hzrwjljj\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"  _?=c:\users\user\downloads\


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\03bf909141c7543b31dfec14a6bc82d1049eb61c_0002710528.,LiQMAxHB


									"powershell.exe" Disable-NetAdapter -Name "*" -Confirm:$False


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a4108607c102be460d67e78b00ddcf8708caac68_0000257024.,LiQMAxHB


									c:\users\user\downloads\54bb9a1ffd15dba603347a1cb6aa8b0a5a89cb86_0000692736 c:\users\user\downloads\54bb9a1ffd15dba603347a1cb6aa8b0a5a89cb86_0000692736 -retry-non-windows


									c:\users\user\downloads\817ab52b9fb6583670332762a7a7ceeab0d13cef_0001327616 c:\users\user\downloads\817ab52b9fb6583670332762a7a7ceeab0d13cef_0001327616 -retry-non-windows


									c:\users\user\downloads\327dc8c477f86b1b1112244a12ac98c39479a1e0_0001531392 c:\users\user\downloads\327dc8c477f86b1b1112244a12ac98c39479a1e0_0001531392 -retry-non-windows


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\da2aa25f74c8ff40af4920647ca97b372d43748b_0000548648.,LiQMAxHB


									"C:\Users\Swhtblcg\AppData\Local\Temp\is-V7OHK.tmp\c7c83ae5e8876a01062c862c33482de745b94158_0001680847.tmp" /SL5="$F0240,1186473,152064,c:\users\user\downloads\c7c83ae5e8876a01062c862c33482de745b94158_0001680847"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4ed141982f5181073f85649c3dc854103bf8c540_0000619520.,LiQMAxHB


									c:\users\user\downloads\656a1cc51df30021bc729b8c7c45425bbc41208d_0001655296 c:\users\user\downloads\656a1cc51df30021bc729b8c7c45425bbc41208d_0001655296 -retry-non-windows


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\602d2c0986dd17c011f5febca2406c9657b95b6b_0001442816.,LiQMAxHB


									"C:\Users\Cfgxlrlg\AppData\Local\Temp\is-23IB6.tmp\73f93d4ab7a301917b4d4053efa56b89af08f8c2_0001693993.tmp" /SL5="$A0302,1199550,152064,c:\users\user\downloads\73f93d4ab7a301917b4d4053efa56b89af08f8c2_0001693993"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0eb7201632fd465945428dfa0aa5d64844340d9c_0000485376.,LiQMAxHB


									"C:\Users\Csivniwv\AppData\Local\Temp\is-7NU60.tmp\b8c9aa7423ccff8af526838bf6c7aa26a7312dd3_0001712727.tmp" /SL5="$602A4,1218225,152064,c:\users\user\downloads\b8c9aa7423ccff8af526838bf6c7aa26a7312dd3_0001712727"


									"C:\Users\Uoynzyfv\AppData\Local\Temp\is-AQHF4.tmp\3f0c1bc5ebed2b2867692376f66d6133ecb329b1_0002793424.tmp" /SL5="$902A0,1661034,918528,c:\users\user\downloads\3f0c1bc5ebed2b2867692376f66d6133ecb329b1_0002793424"


									RunAs C:\Users\user\downloads\de56eca4609750eda83b53768914bb3d781d93ad_0005548032 /restart


									mu.exe


									"C:\Users\Ixsiqxwx\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"  _?=c:\users\user\downloads\


									cmgr.exe


									setx DOTNET_TieredCompilation "0" /m


									WriteConsole: 
SUCCESS: Specif

16 additional execution are not displayed above.

PUP.Gamehack

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed