PUP.Keygen

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank:	119
Threat Level:	10 % (Normal)
Infected Computers:	342,539

First Seen:	July 24, 2009
Last Seen:	December 14, 2025
OS(es) Affected:	Windows

Table of Contents

Aliases

12 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Ikarus	Trojan.SuspectCRC
AhnLab-V3	Trojan/Win32.Gen
McAfee-GW-Edition	Heuristic.BehavesLike.Win32.Suspicious-BAY.G
AntiVir	TR/Gendal.4040493
Sophos	Mal/Packer
Symantec	Trojan.Gen
F-Prot	W32/Heuristic-210!Eldorado
K7AntiVirus	Trojan ( 0036e6f71 )
McAfee	Generic.grp!dw
CAT-QuickHeal	(Suspicious) - DNAScan
BitDefender	Gen:Trojan.Heur.JP.pmGfau1C@mc
NOD32	probably a variant of Win32/HackTool.Patcher.A

File System Details

PUP.Keygen may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	FabFilter_KeyGen.exe	374382cbe56b5834046a681cb7dc2662	3,914
Name: FabFilter_KeyGen.exe MD5: 374382cbe56b5834046a681cb7dc2662 Size: 820.78 KB (820787 bytes) Detections: 3,914 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Downloads\FabFilter.Total.Bundle.v2019.03.13.Incl.Patched.and.Keygen-R2R\Win\R2R\FabFilter_KeyGen.exe Group: Malware file Last Updated: November 24, 2025
2.	$$.tmp	c368ee3dede8f39bccf4f99f63186e0e	2,205
Name: $$.tmp MD5: c368ee3dede8f39bccf4f99f63186e0e Size: 603.51 KB (603519 bytes) Detections: 2,205 Type: Temporary File Path: %ALLUSERSPROFILE%\$$.tmp Group: Malware file Last Updated: June 10, 2025
3.	Dll-Files Fixer Keygen.exe	fac08e03dfc8644c553c721165449926	1,040
Name: Dll-Files Fixer Keygen.exe MD5: fac08e03dfc8644c553c721165449926 Size: 49.66 KB (49664 bytes) Detections: 1,040 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Dll-Files Fixer Keygen.exe Group: Malware file Last Updated: November 29, 2025
4.	MB3-ToolBox-2016.exe	35b8a803fdddafb8b7dcbc3508abb862	479
Name: MB3-ToolBox-2016.exe MD5: 35b8a803fdddafb8b7dcbc3508abb862 Size: 293.56 KB (293568 bytes) Detections: 479 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Desktop\Programas\M41W4938Y735-9C\Malwarebytes.Premium.v3.0.6.1469.Multilingual.Keygen-URET\MB3-ToolBox-2016\MB3-ToolBox-2016.exe Group: Malware file Last Updated: October 24, 2025
5.	bdreg.exe	3b6f2c0f488835f80d67aca8795ce2ef	161
Name: bdreg.exe MD5: 3b6f2c0f488835f80d67aca8795ce2ef Size: 12.28 KB (12288 bytes) Detections: 161 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\is-5A1R4.tmp\bdreg.exe Group: Malware file Last Updated: March 26, 2024
6.	dvt-vmware_workstation_pro_v17.x_keymaker_windows_amd64.exe	523a7a9c892c4eaef21b9a6bff055073	139
Name: dvt-vmware_workstation_pro_v17.x_keymaker_windows_amd64.exe MD5: 523a7a9c892c4eaef21b9a6bff055073 Size: 1.47 MB (1470976 bytes) Detections: 139 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\Rar$EXa4644.15666\dvt-vmware_workstation_pro_v17.x_keymaker_windows_amd64.exe Group: Malware file Last Updated: November 18, 2025
7.	2_Arc105_keymaker_DavidAcasi.exe	0d528ccf1a8664466e076a39cbb85133	103
Name: 2_Arc105_keymaker_DavidAcasi.exe MD5: 0d528ccf1a8664466e076a39cbb85133 Size: 1.29 MB (1298432 bytes) Detections: 103 Type: Executable File Path: C:\Users\<username>\Downloads\ArcGIS Desktop 10.5.0.6491\ArcGIS Desktop 10.5.0.6491\Crack\2_Arc105_keymaker_DavidAcasi.exe Group: Malware file Last Updated: November 24, 2025
8.	ELSA_Keygen.exe	1356786b8c5e55e4a7ff792cc392da30	78
Name: ELSA_Keygen.exe MD5: 1356786b8c5e55e4a7ff792cc392da30 Size: 298.49 KB (298496 bytes) Detections: 78 Type: Executable File Path: C:\Users\<username>\Downloads\ELSA_Keygen.exe Group: Malware file Last Updated: November 26, 2025
9.	kn.exe	0b997d7e6bb4df05b25321b425184c4b	77
Name: kn.exe MD5: 0b997d7e6bb4df05b25321b425184c4b Size: 447.58 KB (447584 bytes) Detections: 77 Type: Executable File Path: C:\Program Files\SysTools Hard Drive Data Viewer Pro\kn.exe Group: Malware file Last Updated: December 12, 2025
10.	kg.exe	731c273108684a07ed897dcfc4ff5a64	66
Name: kg.exe MD5: 731c273108684a07ed897dcfc4ff5a64 Size: 264.67 KB (264678 bytes) Detections: 66 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\nsa4B68.tmp\kg.exe Group: Malware file Last Updated: December 9, 2025
11.	KeyMaker.exe	879995e6ee840de4a60a2c3ada85130c	59
Name: KeyMaker.exe MD5: 879995e6ee840de4a60a2c3ada85130c Size: 419.32 KB (419328 bytes) Detections: 59 Type: Executable File Path: F:\Software\WinAmp Pro v5.541.2189+Keygen[h33t]MasterUploader\Keygen\KeyMaker.exe Group: Malware file Last Updated: March 5, 2025
12.	KEYGEN NERO 8.EXE	b8f4c37bbbe4eb5403986f7bc7985f7a	59
Name: KEYGEN NERO 8.EXE MD5: b8f4c37bbbe4eb5403986f7bc7985f7a Size: 398.84 KB (398848 bytes) Detections: 59 Type: Executable File Path: C:\Users\<username>\Desktop\NERO 8\KEYGEN NERO 8.EXE Group: Malware file Last Updated: October 29, 2025
13.	AnyTrial.exe	4eb860cbaba3bd812b032a0c8aeb4da8	41
Name: AnyTrial.exe MD5: 4eb860cbaba3bd812b032a0c8aeb4da8 Size: 64.27 KB (64277 bytes) Detections: 41 Type: Executable File Path: C:\Users\<username>\Desktop\chiavetta\AnyDVD.HD.7.0.1.0.Incl.Forever.Key.and.Trial.Pack.collected.by_theluckyman\AnyDVD.HD.7.0.1.0\Trial Pack\AnyTrial.v0.2-JW\AnyTrial.exe Group: Malware file Last Updated: November 22, 2025
14.	CB-Keygen.exe	03eba8a1a1adb5337d8b43ccb6b554af	37
Name: CB-Keygen.exe MD5: 03eba8a1a1adb5337d8b43ccb6b554af Size: 3.79 MB (3790494 bytes) Detections: 37 Type: Executable File Path: C:\Users\<username>\CB-Keygen.exe Group: Malware file Last Updated: October 4, 2025
15.	PDMWorks.2015.KeyGen.SSQ.exe	4012d63d275502a9d3c263ed52798563	35
Name: PDMWorks.2015.KeyGen.SSQ.exe MD5: 4012d63d275502a9d3c263ed52798563 Size: 330.24 KB (330240 bytes) Detections: 35 Type: Executable File Path: C:\Users\<username>\Downloads\SW2015_SP4.0_Full_SSQ\_SolidSQUAD_\PDMWorks.2015.KeyGen.SSQ.exe Group: Malware file Last Updated: October 13, 2025
16.	Keygen.exe	4145d2864ae01aefb90d08657630674f	33
Name: Keygen.exe MD5: 4145d2864ae01aefb90d08657630674f Size: 698.36 KB (698368 bytes) Detections: 33 Type: Executable File Path: C:\Users\<username>\Downloads\r74859614\KEYGEN by BTCR\Keygen.exe Group: Malware file Last Updated: June 17, 2025
17.	keygen-32bits.exe	0763befacee02757a541cdd952006e11	27
Name: keygen-32bits.exe MD5: 0763befacee02757a541cdd952006e11 Size: 331.73 KB (331733 bytes) Detections: 27 Type: Executable File Path: e:\программы\autocad\keygens\keygen-32bits.exe Group: Malware file Last Updated: June 7, 2025
18.	TSplusLM.exe	4bb8c5563c99e58958f5ae95476076a9	20
Name: TSplusLM.exe MD5: 4bb8c5563c99e58958f5ae95476076a9 Size: 390.65 KB (390656 bytes) Detections: 20 Type: Executable File Path: C:\Program Files (x86)\TSplus\UserDesktop\files\TSplusLM.exe Group: Malware file Last Updated: November 21, 2024
19.	keygen-srm.exe	1a22c1091fb2a109f21b3d3afc2b98a8	16
Name: keygen-srm.exe MD5: 1a22c1091fb2a109f21b3d3afc2b98a8 Size: 46.08 KB (46080 bytes) Detections: 16 Type: Executable File Path: k:\software\programs general\programs indexed\system tools\winpatrol plus 29.0.2013.0 final incl keygen - scenedl (pimprg)\medicine\keygen Group: Malware file Last Updated: June 21, 2023
20.	R2RHXNKG.exe	26197973bf5890afb1dbf47368c3be94	13
Name: R2RHXNKG.exe MD5: 26197973bf5890afb1dbf47368c3be94 Size: 48.12 KB (48128 bytes) Detections: 13 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Downloads\Line.6.Helix.Native.v1.92.Incl.Keygen-R2R\R2R\R2RHXNKG.exe Group: Malware file Last Updated: August 21, 2023
21.	KeyFileMaker.exe	fc839686115f334dd636ff6076578247	11
Name: KeyFileMaker.exe MD5: fc839686115f334dd636ff6076578247 Size: 330.24 KB (330240 bytes) Detections: 11 Type: Executable File Path: C:\Users\<username>\Downloads\_Getintopc.com_BatteryBar_Pro_3.4.3\BatteryBar_Pro_3.4.3\BatteryBar_Pro_3.4.3\KeyFileMaker.exe Group: Malware file Last Updated: August 1, 2024
22.	PDMWorksKeyGen.exe	796546b94e3fb0408e527a0ab02dc830	9
Name: PDMWorksKeyGen.exe MD5: 796546b94e3fb0408e527a0ab02dc830 Size: 290.81 KB (290816 bytes) Detections: 9 Type: Executable File Path: C:\Users\<username>\Downloads\SW2012_SP0.0_SSQ\PDMWorks Server\PDMWorksKeyGen.exe Group: Malware file Last Updated: July 14, 2025
23.	2.-GenKGA3.exe	a7b563964a827416fa9d4b5ea0670abc	6
Name: 2.-GenKGA3.exe MD5: a7b563964a827416fa9d4b5ea0670abc Size: 218.11 KB (218112 bytes) Detections: 6 Type: Executable File Path: C:\Users\<username>\Desktop\Новая папка\3.Activator\2.-GenKGA3.exe Group: Malware file Last Updated: July 26, 2024
24.	plugout_kg.exe	cf32e1020396f46cf89bf3165b09e37f	3
Name: plugout_kg.exe MD5: cf32e1020396f46cf89bf3165b09e37f Size: 272.89 KB (272896 bytes) Detections: 3 Type: Executable File Path: c:\Users\<username>\appdata\local\temp\temp1_plugout_kg.zip Group: Malware file Last Updated: June 20, 2023
25.	eatag5kg.exe	ec0334ed9720bb9a837c01d11fb4bb9c	2
Name: eatag5kg.exe MD5: ec0334ed9720bb9a837c01d11fb4bb9c Size: 33.8 KB (33800 bytes) Detections: 2 Type: Executable File Path: C:\Users\<username>\Desktop\autopano 3.7\agkg\agkg\eatag5kg.exe Group: Malware file Last Updated: March 9, 2024

More files

Registry Details

PUP.Keygen may create the following registry entry or registry entries:

File name without path

xln_keygen.exe

Analysis Report

General information

Family Name:	PUP.Keygen
Signature status:	No Signature

Known Samples

MD5: f83fa14c0d83ddb5888634fb526dda61

SHA1: fecb77eecf39a25e62cae75003655dd767bc07aa

File Size: 33.79 KB, 33792 bytes

MD5: 34adb4fa4c675383d5abde768eb61ee6

SHA1: 600dbabe9b4f02260dc8974adb906bc56d60b74a

File Size: 44.61 KB, 44612 bytes

MD5: 79f62279fbc6e861772a38bfd82823da

SHA1: 7e3c24de3c09846642db7916fad7db3dd684a223

File Size: 5.17 MB, 5171200 bytes

MD5: b5ac31d193a2df31cfbba3a8637b164d

SHA1: 6500d4b8dcac78307aad11f4ed9691ee92721244

File Size: 32.26 KB, 32256 bytes

MD5: a76f0ff14db7dfa7a3374857d945ba0f

SHA1: 33dadd4953654632381cccae42daccffbe706fe5

File Size: 1.73 MB, 1728000 bytes

MD5: 820ea3a51c0ccfd8e030a9c7017f29f3

SHA1: dc247d34030f46f178d3f62f4481b0001ec184b6

File Size: 3.94 MB, 3937205 bytes

MD5: 08c595f74adc57949a30e74118627217

SHA1: 7e5d48229afe0d3ba67c8014a26136ab45565fc7

File Size: 1.03 MB, 1032778 bytes

MD5: c8fc7460da37ec82fbfdc0cff97c3520

SHA1: f6a6f2ff43b5a17a175391f0eb0e8b4fd754ac7e

File Size: 6.15 MB, 6146082 bytes

MD5: 1c5d434a504e636cf9ff93ef80ab63bd

SHA1: 650596dd93b391afdd79f783ecd0abaa1071ba99

File Size: 244.74 KB, 244736 bytes

MD5: 7bc8ca1c1366721880bcbe9549591a0c

SHA1: 777ac6b5d126f7c190e5c955f1dcf23cd783cfc0

File Size: 549.38 KB, 549376 bytes

MD5: a4588ccd69a326ec6f2f5053e038c272

SHA1: 4997b41ae9d932ec12ca92fe43ed6d062abf91f4

File Size: 165.83 KB, 165831 bytes

MD5: f4cee28e6a4bc018cb60f7209e2b24ed

SHA1: 7dc90d06cf8399ea3d1dab145155fd447c3e62f7

File Size: 1.49 MB, 1486848 bytes

MD5: e2245631514664b984679cf6f905e7ac

SHA1: 76eb005c13027be20348025666f5fc6862815d1f

File Size: 80.90 KB, 80896 bytes

MD5: bd4ece4a703af4336680885b5f731ac2

SHA1: d52d66071d030f3a43b13afd1609f835df37aaae

File Size: 1.73 MB, 1730560 bytes

MD5: 649b8aafd559cce4e600e9aecfd0cdbe

SHA1: a215fb941b6e09fe60ef1e5d5a3f5a88d8faac87

File Size: 139.26 KB, 139264 bytes

MD5: 5259eea0e669d4a42c007feabc0ef3f0

SHA1: d0b47409e2fadecda9bebb0bb5be72cfb0da5f2f

File Size: 43.01 KB, 43008 bytes

MD5: 32140470746bbc8275ab5ece3307fc63

SHA1: a141b6eab2a2139bafd57b3f9c4ff16c314a03da

File Size: 7.30 MB, 7299015 bytes

MD5: e74961bda7c86fe33c734734227ad178

SHA1: a046c818fc16f4e2b77594dcc92e3594ef3e0268

File Size: 756.74 KB, 756736 bytes

MD5: 538c4447f25ef4590905c30434155476

SHA1: 1ba5930b6ac5139ad407d9d5a9a3a31702c4e428

File Size: 40.45 KB, 40448 bytes

MD5: c3eba7f634847d065fb4bf5d4fd5ac46

SHA1: 29dc035a4713ea9b74def5e93f385ad864a8c3a8

File Size: 3.77 MB, 3773952 bytes

MD5: afdc271330302aff8075b8e9e5d85029

SHA1: eb597cb5801dc2b96e59a9b53ad73e3a8194c47b

File Size: 64.56 KB, 64558 bytes

MD5: 02d546f1b5da84f2f0e0d344cef3b700

SHA1: 8e467670dda01bbf60a4667683a30ad90583d1c0

File Size: 8.70 KB, 8704 bytes

MD5: 30d59a8a98272aa06c82b4284ef9fc5a

SHA1: 1b726587a6200de5d8e4495320f5c43947e70fe9

File Size: 409.60 KB, 409600 bytes

MD5: ebb0cee34bb487fe22fb38d3aeb5a2e3

SHA1: 3bb5c6ed064d33845163e5b165bf3d37780d3352

File Size: 1.66 MB, 1660928 bytes

MD5: 8b8ce28f32d9adc09406abff5f05cdbe

SHA1: fdfc6c280cf03aed8de4dc9e15de27bfa57ec411

File Size: 606.21 KB, 606208 bytes

MD5: 786792916a2e379ca675b0cc23ece5a8

SHA1: ea4a3f597ac2ddba725e4563f2b2381998882eb1

File Size: 1.73 MB, 1730560 bytes

MD5: f7ae4d31474759971a6c50d317048a29

SHA1: 381362c72a3b8cbb9a49f0589febf6032c48ff19

File Size: 367.10 KB, 367104 bytes

MD5: 7a7fabecfa099ac3c02aca1ca836c915

SHA1: f01add3faa6d5d9d4671cbf0bc8d3ccc1907fd1d

File Size: 23.04 KB, 23040 bytes

MD5: d04a22ead472025529f9c14f3dd99436

SHA1: 8ccee2571fdee4a9a50065612fe430dba595349c

SHA256: 9079CBB6E59937442048B162F8E8FCC067C9FE307996785C38CB63D23EB8C95F

File Size: 92.16 KB, 92160 bytes

MD5: 83de34a059d99c153bc3e0827d52ed77

SHA1: 29ae600134d32518891c65a0670c0fbd52802b80

SHA256: 3D32D49F96567BAB258483BC9D1762FA98C87B14AFBE0D4FE76D0940EB099B4F

File Size: 203.26 KB, 203264 bytes

MD5: 861b0b31af107da1468cf10c64eb0e13

SHA1: 088cf4220625075b126e539988e987206cde8df5

SHA256: FE133B487DD13302C6768F7FC250CB5495291311F5E302474D1ED98FC60B89A7

File Size: 1.06 MB, 1061967 bytes

MD5: 9a259ac155e90aaa4ab19a0febf45a15

SHA1: 4ac3c525d91e7d63e4fbcfd626f987d8d149b8ab

SHA256: 487FFE621AD61F59E6039CD9DC42457184655D06A4B7830902D3E0CEADFBC355

File Size: 8.14 MB, 8137216 bytes

MD5: 7ab1a7aad873f9e3bf516e09646d01ff

SHA1: 265da0b6db7d81bc8dc2772c26472caa85ee9e91

SHA256: EE59E324E309B0D6A95ABD538DED6C38F02203C7EC6B2D2CED9756E64A8456BE

File Size: 281.09 KB, 281088 bytes

MD5: 53d57fbc5c628012b9d6659af992411e

SHA1: 4ae0596c53fa96840318166f94bac35f43d0ae4e

SHA256: 8177A50B182AC824B3951C96CF74CAD5326ACDE5F5069454905C64B0503B3482

File Size: 414.03 KB, 414028 bytes

MD5: 1d67332e3592c60b66f4ac245643408c

SHA1: d9b014ba5de3915ea40f965fc3f89e8bc8e56f26

SHA256: 3FA053B18B92022D9856C130A87969D71BB167E967D747D72AC6B541BB5FA228

File Size: 2.05 MB, 2048404 bytes

MD5: eba8f7fc18406c9069993c2286e09bd6

SHA1: 4ed0872cf06391c493c8f14dd304e7fce45d6e1b

SHA256: F0B4D25A6D742517DD6E13F91388ABAFFC7D54AD6E281EAFD75B9A9E2EA02D43

File Size: 1.87 MB, 1868432 bytes

MD5: da5c77faf702913c9929c73da8ee3824

SHA1: c198d97106e5c678b184794d9dafd70591e0c020

SHA256: A66E683B70E012C79232DC461B956B2A638A0B9F246B6794828F9B1776BE69BA

File Size: 147.46 KB, 147456 bytes

MD5: 1c4f0953a68b98fad108a6ad1524b698

SHA1: 6bd58896c29bea0a4297c6a0ff738536b2873fe9

SHA256: 7D63D35B8CE70847BD60538A9928B05E8CF80A4D5E8DD2FCBC0FB2EC3E685E13

File Size: 6.00 MB, 5998269 bytes

MD5: 7bd8eae139fbe3e9be0d20916960a63f

SHA1: 9543db356291143e9e747912269b147505c93049

SHA256: 1B3FE59E1F696FC217FDB6861DB3CABB5810B273AFCF8FAD0410F696C0C40BB7

File Size: 49.15 KB, 49152 bytes

MD5: 620a17e07ed46eb6c8443e19895eea84

SHA1: 1989290a0755899e013c52bd8d148813a3e6e739

SHA256: 77B008B9E410C0B070885352F81CE8260EA6CE5DF64737B8C7CDC14A9D6D8BC5

File Size: 2.14 MB, 2135040 bytes

MD5: 4b7a0504db8fe8ab0c6dbc0895161c65

SHA1: 0b399d088e6c6ef358328b1b666e30a52b1cabb2

SHA256: 24383BFBEEACB1BBE8BFA65896ADD60C373BB8FC4E68543BECC80319E7CF0A5A

File Size: 8.70 KB, 8704 bytes

MD5: 36adf5e3f9921dcb236ea36a5255ed28

SHA1: 4346da7bb07f9f48aa8dcce72c8bf50935cdf60c

SHA256: 2B1D59AAB0A1317DFFBCC034E8F57880B597EF263FDC685133A6C15D1FADAAAD

File Size: 14.85 KB, 14848 bytes

MD5: 1177526c8ced1c1a9d4d4e9d0aeb2a4c

SHA1: 673c6748bb3ce82d1ac5574647730450c83cda7a

SHA256: 332492EF154912419458E7CD608750B076784FD892ECDD171855A0C057A9EC72

File Size: 51.98 KB, 51981 bytes

MD5: 2dead99bcd83d2228c661394e5ac9071

SHA1: b306eed494ed7d9d611a71433d6eb84f21d3e944

SHA256: E2AD35E4BB16EB5C9C945BEA62E952C45E852459398BAD333CE59FA3A53EEAD9

File Size: 45.57 KB, 45568 bytes

MD5: e25a9cf49f3dc5cc29f1e07ce5b44753

SHA1: 9e93638ac347a03ec3e2a54bd897bddbf51ba1cb

SHA256: 3DA1127521CFBFC855945BB981B73E72E00BED69946304C09AD0F2698CCD2760

File Size: 83.46 KB, 83456 bytes

MD5: 46c90330429593ff7d65a888dfbf1f8a

SHA1: 7a45df83edfd06e931eabee93c823d6a72c16481

SHA256: 6C9DB0C42B5575616D495BA406E96F90580344BA1BB71688BF3336696E7F250B

File Size: 1.73 MB, 1730048 bytes

MD5: de0ee907e77170b0db060aebd729054e

SHA1: 12394efa7146f6a7c0a25a53a1971a2df6f265b3

SHA256: 2CD26CCAD47D81D7F7FBBD51A93AB147B684C91DCE4762117408397DD3000D32

File Size: 1.73 MB, 1730560 bytes

MD5: a00d1bf35f6944b0cc253951c50ce37b

SHA1: 64c793a3a8595e820d2fcd3bd209ae035b53ae9d

SHA256: 166D76C18D731EB58046404162FCE1C472A8A1524E106258C6E1768F98A11A2A

File Size: 3.72 MB, 3715072 bytes

MD5: 124564b3736b08d88493017f191c4733

SHA1: 82f3fa66e858fd427261fbbb041bf3c1ba359917

SHA256: 6414F4F2F4C524C7A237FA76256C529F4D75449140F5385F860693D2AF8F88E8

File Size: 1.87 MB, 1868406 bytes

MD5: 682f1176518295a3f0e51d5e777a28dc

SHA1: dee55153e74b67a322c8538cf061b54a583e82a9

SHA256: EC2B4272DCA9713F1BAFF326CFF9B8649715303B5AE1AE03703DC935B64C8A0E

File Size: 1.72 MB, 1724928 bytes

MD5: 233d6635ddbc4e71e3cf1d8dca000388

SHA1: 5527e26d3e4ad5de599516c6eeacab39550a76f2

SHA256: 5B3A49034B8716EC6E2E1007EC021CE1B00AF8C787FFC59A1EF3CE82EA269CC6

File Size: 43.52 KB, 43520 bytes

MD5: 959b423ab3c32a27dc2a47b2c676f72f

SHA1: 592afc21de927f0c464faa830b5304d012bde0ee

SHA256: DD4960B06B12A209741F7E9E2EC7CC7D31A30D565BEAC656BF518BC7CC949283

File Size: 120.32 KB, 120320 bytes

MD5: 89166677320baa136bcd438d754fd572

SHA1: 1000f6ab80bf7d8f40bb207c3e6a7aacee573f1e

SHA256: EC123F167A2118CDBF0710403E85A25E6A485ABBEBD49DD1B2DB6C405AAEAF22

File Size: 518.14 KB, 518144 bytes

MD5: a2631ec90535e6f3fa6ad0da60fd572a

SHA1: af95f13c6f7b958fb34817635885eff67cd614a9

SHA256: 2A13FAE24854B685503CE808E787F854DFF3D334737AB0913F4111949A2A7256

File Size: 1.94 MB, 1936868 bytes

MD5: 93a087a5801dd935d0d7c26aaf5d33aa

SHA1: e02130220d28fb5fc4b6e724b5a5a264db2e7c45

SHA256: 0DE7D12124B398C604F91B59CF1013C3225122838718ABA199D9676EC431AE21

File Size: 37.89 KB, 37888 bytes

MD5: 6e299d7d8f03f4c4580f2c9069a07ec7

SHA1: 3d1bb73baa124ced0a55168f9de86055e98ee4e8

SHA256: 71658088BFE78BB71ED66E0B1B113988F93E825DC917CE276AD9543CCB63754F

File Size: 15.62 KB, 15616 bytes

MD5: 4d2ccdcd77ef2a75da559f572ea98314

SHA1: 6a9e1f6dfbb1226f807c5a8d70ce83d903ed1f26

SHA256: 6993FF853B3EEB49E8555EEFDAB2CE3F5B1BD9AF6E8F80D52E21663EC42415B2

File Size: 373.25 KB, 373248 bytes

MD5: 0034b59162024d626a647bb9fbb1cc37

SHA1: 3276977bfb9ee43b073a65f80e9f4eca1147c835

SHA256: B3BCEA88065FE23B78E59324137BB44A904370E1587CE037D630EFB46404524F

File Size: 950.27 KB, 950272 bytes

MD5: 1dd5b3988ebfc7f5f23de6abff7315c4

SHA1: dd0e4d143450612ae41c555e25cbd367088559ef

SHA256: 27EEF361B430AECB199E527A53E5C05CFE8F73D8B0F5EF2A50048678385C39A1

File Size: 94.27 KB, 94269 bytes

MD5: 4b2082bc76b27ca8a594291dca3c9118

SHA1: 7b81996872229eeece3db8ef8e728f5de366b843

SHA256: 936402C024122549FBFC960EEF5F583C73F8D9ED310F1D3AF34B6A4EB1D7B2A0

File Size: 7.97 MB, 7973790 bytes

MD5: 03d170eb53fd4b28f0312ad6d8a8350a

SHA1: ea4fe4f5ed12b7bd0b73c3f2de12c90dc6fee953

SHA256: 7A38FC88DCC5B6DE7853BD700ADF9E588F06D4179BE5410A5ED89D5F10AE1030

File Size: 64.00 KB, 64000 bytes

MD5: 850ea0247b9ed83f04e73eef0faf696f

SHA1: 4575ab12f1fb0dd97416d7f8b52e3eb4f5b39be2

SHA256: 272B9FA337ACF0AC981699788D6E3395083292473021F70DFCFF869E5D64A63F

File Size: 775.79 KB, 775792 bytes

MD5: 06fd3a81e0a439c2319e8af0cab1c553

SHA1: f34d4f127f9aaae696b56b5276bef9d0a92d9e52

SHA256: B7F57B4C1ADF582793BCE100198A707D576D54CF5348664ACB014FE7C3CC5FE7

File Size: 2.16 MB, 2155176 bytes

MD5: 31d3c11c6b139d6ae6fa3030de30c03c

SHA1: 87b9f55b07b1ba46cff092ce3fcafb8f505ce77d

SHA256: 924737ED3911E070D45357848B6B0F148A50E335A0F2F8DF22990E4F29B95CD9

File Size: 906.78 KB, 906781 bytes

MD5: 271f6c245b62b1c36c3f055f7cf99850

SHA1: baab5d000bbc0ff1285f371e92c6b88efe55058f

SHA256: 668C453EA8D65821629657104FFDFD4DB1B90FD47BBB779CB1765D1C3658A13E

File Size: 1.71 MB, 1708544 bytes

MD5: f4817fe5a82cb083bac4e6aa06097360

SHA1: 302d4d43744717a752e2d6c5955dc07bbeac25a7

SHA256: 8B1A47B26E276ECADBE2976CB28921C8357D687DC2847A58C82DE8A089BA1A0B

File Size: 4.84 MB, 4837376 bytes

MD5: 599a7d48fb1b69de5b46c003cb111c65

SHA1: 29ac10dc2721119cd0533fae22aa56efc1de838d

SHA256: 992A1654C51E57A82F9C5E08BBD50AF068F664FD4935D62977C839DBE0891081

File Size: 4.98 MB, 4981384 bytes

MD5: c314236f5aaa29ed01f5f961abed0a97

SHA1: d82a11f52c4d9f914b6bed5f517e69e4b909ea1c

SHA256: F7207F70CF1DC23551E943D4DB4F732D72B2412A4029913EFA1C232F46BBA39F

File Size: 3.80 MB, 3799341 bytes

MD5: 8027d3a0763a27e3b468e6b7564fead6

SHA1: 7575537a491256ab5f42f5fa465d86ca2c6afa66

SHA256: 94C861F2707262CE13B6D538D6E75A5C2CF5DE3B6F87C3002A0F5544A736B71A

File Size: 1.62 MB, 1621504 bytes

MD5: 9602b30ce5723c00d78ac54b488469bf

SHA1: 1669d26b370c71d25810e1b8b80cc9791ef1cd2c

SHA256: E181EDEFE4E6C7A82143BF82F4DB5D53C23DE697E3ACBC2F11070467FF397E5C

File Size: 60.53 KB, 60528 bytes

MD5: f3fb28e0b5468aea8ce084e0ff8e6d9d

SHA1: 4945b05942b30c248b258ee9055663e5202d595b

SHA256: EE0D98E3BCEAA1937F295C8E35F665C765B6EF2CC8183949B8F4E1EA2CC4B81E

File Size: 27.14 KB, 27136 bytes

MD5: 7c3e91538701280b6db6567c46f8f70e

SHA1: d834ce0b8ccb1b21b47b487ed14f30607b538c0b

SHA256: B7724CF2C47E2DA0C06E28379117D848789E7D0273FB9B305D50208DA1428466

File Size: 53.25 KB, 53248 bytes

MD5: ca5242c9a3197d10ef349100e6651446

SHA1: 7fdeec8852f45c639de3c8ece446a9f010717b42

SHA256: D79ED5DF6CE16CA06FD853031F16307DD3E55F173F13A4EFEC7A8F524B2EAA89

File Size: 112.64 KB, 112640 bytes

MD5: aff7c76791782eba3837e71a1d35a7d1

SHA1: 6ac4fb0639a9239a0115cfd8eaf8170d59fa9065

SHA256: 9A5FA6C1400F6A6BB9E43616032B485CE0BC9FFC9BEDEF70A07783501D48CE85

File Size: 3.75 MB, 3748864 bytes

MD5: 912153446491a1ac4f472b75aaae9038

SHA1: f74c49ade4345cc04971f8dfb21f2b0752981482

SHA256: DDA71222AB97D1C853F3612F23CA89F2ED6AC6C9ED67DDD2D19F8B3A9E05FFF6

File Size: 1.88 MB, 1884672 bytes

MD5: 09d1b94eca11b9d068506a330637de38

SHA1: f86eaab3c7dcc097fff123a7a9d884906200fe74

SHA256: FEAD4AA6806F8F0BB8E01C21A2FD7FD3A21AA7B7D4251B14F06CC7CDDD5DFA15

File Size: 581.91 KB, 581907 bytes

MD5: eee2dc841c80bc2afe5e826c2dfc03d3

SHA1: 9f38468a7663fc664541726b5104423081756f43

SHA256: 0B8B2B855DD4516D3A88521C9136DEEB452F49DE92E3AB75F9D8A72B15E863C4

File Size: 4.85 MB, 4849076 bytes

MD5: afe0633650a3fff8581d0b72635326ed

SHA1: 62f97e67a5a1377bb21221d78a84f33a5917396f

SHA256: 20CC23D8954A658113EA002F212AFECC06B98EAE3E289969B79223D4134F3C4B

File Size: 1.90 MB, 1897472 bytes

MD5: fd5ac48925d64cec9c66791bc0737aca

SHA1: 7a465f240d513dcfaf8e48c2c3e174f07a2caccc

SHA256: 00541EEE1B5A60195C21046CDBB0797BEACFE710A70C691395F9444C5547BE9F

File Size: 88.58 KB, 88576 bytes

MD5: 68d062e523903ca2dd4a0ec6660d70a6

SHA1: 1caaab131057fbac6da93047602e5457c11f2b41

SHA256: 0617E135F671589BFE24120B3112C1918EEA2DB717D75FC69A255DF8E84B9E1D

File Size: 371.71 KB, 371712 bytes

MD5: 70afe5cb23cbe717acad8953c89083b8

SHA1: f5abdfaed1a0ff9f035ec2b90e5b759d02fc638d

SHA256: 2D148DA67D8587AC9E215FDF428A64E0E7DE817FC18DCD182452DFF3DF7AC628

File Size: 82.46 KB, 82458 bytes

MD5: 7e980f04afdd89f580fc432242a7eb87

SHA1: dc7ef14548577ff9734baa2fdb1da3bf91ce0a3f

SHA256: 52493876BE3E2A6C53B1511446A918207E3BDC5A1EBD45780768DABBDDDCACB8

File Size: 1.20 MB, 1199616 bytes

MD5: 8209e25213dd7bea868fcaca2d138eba

SHA1: f905a2d7dd8aaf201c69da25c42244f76a577992

SHA256: F1425D217BA55D0760FA987B1AA19B498C2E0E89E31354DB7D29A3A519ED32AE

File Size: 181.32 KB, 181320 bytes

MD5: 9fa504f6e034668eb290ece194ab200d

SHA1: da96531ab4fd32c7d0956ce2ca9cf1255165605d

SHA256: FF9BC1DB7F2CA2C466A9D579D6ACDDE12843CFD3EA0911DB79D12C88D2416E44

File Size: 155.65 KB, 155648 bytes

MD5: c672cf1504d39ec4ba9302f73e871b60

SHA1: c171ef973066b4e6d24cefd6f0af7324c23d6f14

SHA256: CEAD76B781AE4456F397EE1671248968F8411CC9F28E28F39E0807B4093226E7

File Size: 876.94 KB, 876936 bytes

MD5: 9e2ac71d70509846ecc878e6b00a5922

SHA1: 340093cddffb84e1a8822503a8d1053140b80edb

SHA256: 5FB23D65F1778788685F21ED24C2037DB887F78B11A7BCFEDB0ED2BA26440C85

File Size: 205.31 KB, 205312 bytes

MD5: b454d09614adb18066796814be64eeca

SHA1: c37bc316e04b336d16abf9bdb6d2900447a697f9

SHA256: 9B02B75E4BD0CDEEACDAA45E6E81D28931D9E103F4AEC68825E8EE5EF9A54041

File Size: 8.52 MB, 8519680 bytes

MD5: a66a6eca5546e22340c3cfd3c06e4d88

SHA1: 38e3ad2e5a4c1be94dfa441bc379ead28bb553fd

SHA256: B52B940CC2C803F17684C8481839179142EFB53ACB025C5541BF2EE6E62A65DD

File Size: 62.46 KB, 62464 bytes

MD5: 00e9727fb035b2f02da2bed5144ce271

SHA1: aecb4c5f2d54b8bfec0602625f85240789652c3d

SHA256: 14B7F6660D1DBD056365A0F8539D6174801B68BBA987407D5DAB3BCB419F6563

File Size: 29.18 KB, 29184 bytes

MD5: d7ec6840f56aad3ef9a74a7d400dab75

SHA1: d38572f2447a2124d9895b1185e2bef5f82f62a5

SHA256: B28674DE4C009B1C36A90021EC8354A3A82B2683EDE035B49A096A8C2A080695

File Size: 1.76 MB, 1759867 bytes

MD5: c2f2d31d9bc258ba55444a9aff4f43a6

SHA1: 1d8d61413a8f397814f57590b1a2d8cd4bb96d72

SHA256: 788EC0B43C32E74EA9EC2A2267C3EDD0DCD0BAAF69F0F63D5AC2DCD24D74E756

File Size: 583.47 KB, 583472 bytes

MD5: 421756f4a9e1c183172545507159bacf

SHA1: 1b2ec7bf604deee2276fb969223877bc63728b07

SHA256: F2AB949431C39B9467D3F9A97CD680642C1D4564CE1288D3FB20F47F62821FC8

File Size: 184.83 KB, 184832 bytes

MD5: 6a6c6c12940e8e0f8e0d3313804b2f4a

SHA1: 55b826754399d4cb07b4e21c2ec4f1942fe15ee1

SHA256: A6B52074EE880A81FF97D3FC8FF76C70CC1E46EEB6A4F0134C4C2331EE256796

File Size: 7.29 MB, 7289344 bytes

MD5: 7d16ad701eb7cc0e46a4a8b27d8ad713

SHA1: 1142352bf2f871fe46c84b022090d0db244ae9ae

SHA256: 9A75270F33D5BEB0AD2BAB7AB86CB016A34CD871F87C9D09EBFABACE778A8CE5

File Size: 45.06 KB, 45056 bytes

MD5: 8557d88fb8bad92fa9daee86ec47f446

SHA1: 85f6a4bc9f9d541d32afbd1c31f3f4955111b769

SHA256: 3177D8169A25AEB5929290B7F5F120A6A50E0DB094393CE9AA4B44F301098425

File Size: 707.58 KB, 707583 bytes

MD5: f7380509d9ff227b5edb80b5fee4a207

SHA1: 10a83aec2b612ab6d614cd13cb46869d875fcc71

SHA256: 8DA5AA363215C60EDED7E39EA0792EA3CBF077A84DB114468249F35A039B2234

File Size: 731.24 KB, 731239 bytes

MD5: d6ee65579d305010a136541f3ad0d32b

SHA1: 4c1ce8eca32f547493f1a8449684c9c5ed80df16

SHA256: 4D3B6096B5A77DE4A896824FE40F3197C8E7CE110C67A04275FFCC60C8D4DF21

File Size: 223.27 KB, 223269 bytes

MD5: 24321b6d215fde327612b86ae728b07e

SHA1: de1b5aed9f8c9f4247fc58c00a5b65c5e01b6d55

SHA256: 86285F5F6BDFE76BEDF88799F683B1BF30CEEA6FF74442F5BD1C5093C154312C

File Size: 8.76 MB, 8760701 bytes

MD5: b3a79ed0dd80176c223a3770f4aded02

SHA1: 68cc30950238465f6761779ea9ef1d5e3b991e92

SHA256: 36E3B4D35AAF5053D3E7F0EB7D1FC8A658A351EDCED2B23BA9B12FE3901D023E

File Size: 33.79 KB, 33792 bytes

MD5: 8f95125dee533556d68a6a0e18575eda

SHA1: 290ec3cf3d0ff428760cedc35e4a20aa1111f615

SHA256: F3563B8B369F7B64CC1E214FD07E494B263DD228CA790BC000819141BB4BC826

File Size: 382.69 KB, 382693 bytes

MD5: 56cf9779a8e4aff6a70dcc7604d22d95

SHA1: e90a0350cefd47b0daa1795f5691192f35413731

SHA256: A81D80079DB42E7AAF2066A80B81CED35021C96A383EEDE013A9B1D6D01FA501

File Size: 1.71 MB, 1711278 bytes

MD5: 2e7eb71f16a26d7890685183d212f372

SHA1: 38f054a9226df98eef8cc50074799b608c7844b9

SHA256: D2C8EC2F48E8D9BBB33BD496E4A885CF27E9A7B188179BEC18D79097BE194AF0

File Size: 20.51 KB, 20512 bytes

MD5: 6d3d5fc293b7897ec53a3cc1fcadf32b

SHA1: 0626bfd1ba74c1d84590140d81fbe975a05b8316

SHA256: 1FE84218288B6A641BE4F1E1E3BB5C57A146400FA0FC13A75AD149594F99210E

File Size: 28.67 KB, 28672 bytes

MD5: 0399fa606ef1ed51ff21c9672132ae98

SHA1: bb2656a71ba13e20696e86b3cb260c0a32dafb3f

SHA256: D7C78CC837325C85DD717E4BCBC06BF27C77F92E19FB566AF3A25A4D9FF73ED2

File Size: 635.90 KB, 635904 bytes

MD5: 99dc5cbd538902166ba9ac67da0ebec0

SHA1: b37fd5a93b5146edd7fa9fc907a3050f9fe44d80

SHA256: C18ED8383FD5C56481D7169017010DFF078131600FA1A6AA0979354D3239685D

File Size: 184.32 KB, 184320 bytes

MD5: 301ee1f7e970f6cbc6675cc37fe74fe9

SHA1: 78cfcdd986df1e34cafddc68552decfac9327939

SHA256: EA1E1D6D2B9496F688C5F263DE106D21DF52AAA535DF9D0DE0048670D7997063

File Size: 43.52 KB, 43520 bytes

MD5: af698f27bfd6fa4d9c41710ddc54ec39

SHA1: 09276f3789a03782cd65a4788afe67d978b63547

SHA256: CDCD9AC74DEC134989A5FB6E2C1A900FAFEE1D3B4DE6697940BF694DDCDC3BF8

File Size: 239.10 KB, 239104 bytes

MD5: ea29ed230e6f4621dba29b7ca9d61c7e

SHA1: aaf621f4c495aa28e3edf8384590b16542a34999

SHA256: FF5FC7C8332DA4D92D05504491A0CEE1CC58B9731926FA55C9FCA9C074DAABCB

File Size: 7.22 MB, 7220736 bytes

MD5: 3f2d2a9a901e131dfbe4efce6d8c7129

SHA1: a92759f8b014b5d7b60cf58d97e12b925fb2d41b

SHA256: B9F6DE7D82081075F016995072A49517232442B9A51ACEE08756BA2919529AE7

File Size: 1.94 MB, 1941892 bytes

MD5: 6b7cc6b257901c208783e4cc8f2662ea

SHA1: 887360ac6c052b3ebdb0a99f2736cfaa34990a9f

SHA256: 24EED8AAF7DCC156C3F4991C840ACC858998C71D907A6BF902B8523C271E6757

File Size: 2.33 MB, 2332160 bytes

MD5: 79c11f569d3c82bef805acb93ab560ae

SHA1: b048a0262756f6cfd71de2ac527ea24623a3b17a

SHA256: 2AA488A07E712C25C478F783663EADB68F6D8272EEE2C6BBB9F282BBD82F72CF

File Size: 29.18 KB, 29184 bytes

MD5: d38e75df7aa164765dfbac785443a00c

SHA1: 58629d7835ca1815a904b90ed11044fbd1634358

SHA256: 37041C37DAE73472C3D9D60E00848824C4DBEE3AA4E0F6D7458BA65BBB3687A5

File Size: 1.75 MB, 1748480 bytes

MD5: d0c4cc0511afb1180173acc741748378

SHA1: 104c058ec68346010a7913bd6510ce0d0db52b9b

SHA256: 9F3C7D75BCDDAD546E7EB231E9DCB18399EE7E164C03CBD3594C52C3C287D831

File Size: 1.75 MB, 1746944 bytes

MD5: f981240668ed04ebc23db38942feb672

SHA1: def3eaff3a09cf6d5809fcb04320fd101c6a9347

SHA256: BD5DC206AA94F5CC43177FB33B2FDBCDD454F9062C83EAE7597130DD23FE8FA4

File Size: 8.74 MB, 8741761 bytes

MD5: 9513813c8f3c564c3abb0ec8ade88384

SHA1: 4d814eb663dd61f2cbdd601e24caec2509c8733c

SHA256: B90DA9ED39E093904AA33DD91EED703B8B4F0639936DC2ED99682F32F106EBFB

File Size: 1.73 MB, 1729536 bytes

MD5: a247ceb23520337652aafb3561547853

SHA1: 347abe736137be7bb64fe061bb737b45efcc7640

SHA256: CCABFF82F1D915B6EC7E9BD58C81CB611808C4F0D610DBB10846652888591280

File Size: 25.60 KB, 25600 bytes

MD5: 6d08fd56d3c08e21d61ef90713509bec

SHA1: 84a1018640f2d61f61f7a76c996eb3b7f0f21c95

SHA256: 2BB06F6F265396D6D0C40B2BF976FB7E32E717C76BA987BC5395102BEA0B520C

File Size: 664.56 KB, 664559 bytes

MD5: f1eee71e87e3c3971e2ada2931f16a16

SHA1: ca95b18e36aaec57a61613dfa0398bef715fca05

SHA256: E727697681D21BE127A8914596CA66890B48016512EC156B05DDA0CEA9E4DE62

File Size: 812.03 KB, 812032 bytes

MD5: 8e067514fbfc3762f8d807301d10b500

SHA1: e83a85c46aa5beede5ab5eae52555eb136fec5b6

SHA256: 254CBBEAE1F26281589606BE92BCD76C862B90CA2C42CC744162DD7BC94C1AA1

File Size: 3.07 MB, 3072000 bytes

MD5: 020b81d2490c185c065ccfc57d044533

SHA1: 4e37782cbc1967d4f334bde53515b55bc0e4f53a

SHA256: 9800CE70AA8DF715E44694164C48AAFCCB4393B8C72F06EBDDCF1070C7E93D55

File Size: 3.15 MB, 3145728 bytes

MD5: 87d78b4e1a24a0a83564d4faf8b80f3b

SHA1: 60c55bb8792fb0203c4be9797b722fd1303d6a07

SHA256: 676F014429F62AB92E7908D47E74F23452E2A1A867104A8C8A51CE1092C79EEC

File Size: 3.79 MB, 3790061 bytes

MD5: 88b3a80cd8fef500856ad7830352a3af

SHA1: ec0b93d7df8895e2328421a725622811a0e79d63

SHA256: 41EF2FCC6E5E1BB3A032DC571029E705206B182538DDEAA377E21D720D5AB5E7

File Size: 61.95 KB, 61952 bytes

MD5: d7c65e3a0ab0d94b2cc7b934c2a6a380

SHA1: 91ec12329961b97a295bd39fbcd576ddd4f0cf68

SHA256: D4C271A70C519871F8004C3E99694FE2340A3BD9F99CF12D9F206E88B6E76E2D

File Size: 26.11 KB, 26112 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application

File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

181 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Assembly Version	2013.3 6.5.0.31248 3.2404.1.0 3.0.3.1 2.3.0.3 1.72.0.0 1.6.6.6 1.0.2.45528 1.0.1.0 1.0.0.1 Show More 1.0.0.0
B Build Signature	1.00, 20.07.10
Comments	Apus Available on https://forum.ru-board.com Deep Server Key Generator Encuentra los seriales de los productos Macromedia Generates bitcoin keypairs and compares their addresses to a list of addresses with balance. Just lick my pussy 💗💗💗 Niech żyje MP3!!!!!!!!!!!!!! Offline Driver Updater Project X This installation was built with Inno Setup. Show More Windows 7 Ultimate Keygen \$Revision: 173792 \$
Company Name	- Angelic Software Autodesk, Inc. Bematech S/A BetaMaster Cracking the code 4 fun! DAMN Emily Croop's Juicy Pussy F-Secure Corporation Groza Trainers Team Show More HP Inc. Hummingbird Ltd. ida_keygen_v2 Insane Corp IObit k Marcin Grenda Medical Microsoft Mootools MTU Aero Engines AG n/a NEC Infrontia Corporation Paradox ParhamTorabi Right Hemisphere Ross-Tech, LLC Star TOTVS TRiViUM VanDyke Software, Inc. Warez_Down Xcidi
Creation Date	18.03.2008
File Description	- 3D Photo Browser Slides Show Autocom/Delphi Keygen blowfish-apux BTCKeygen DAMN keymaker DSKeyGen ES-Computing EditPlus 5.x - 6.x KeyGen F-Secure SSH Key Generator FM.Player.UI Show More GhostControlInc HardWareKeyGenerator Hokm_KeyGen ida_keygen_v2 KerioPatchKeygen MFC Application keygen KeygenJPRO2024v1 LockOn: Flaming Cliffs 2 Key Generator Mister Chef.net MTU.EET.KeyGeneration.Console Native Instruments Traktor v1.0 Installation OConnect Offline Driver Updater ORiON KeyGen Program do obróbki, miksowania i słuchania plików mp3. Project X Red Alert 2 v1.003 TRAiNER SAMMY Schwho Security Pack KeyGen for Win32 Setup/Uninstall T-RackS 24 v2.0.1 Installation test1 Module TMPGEnc Plus Working TOH Keygen TOTVS Food Services (Linha Chef) VAG-COM VKeygen WHW Windows 7 Ultimate Keygen WindowsFormsApplication1
File Version	latest 2013.R3 409.1 51.1052.0.0 16.36.0014 12.0.0.117 9.6.3.3599 5.7.0.0 5.0 Build 35 FIPS 03.2404.0001.00 Show More 3.9.0.0 3.3.0.3 3.2.0.3200 3.0.71.121 3.0.3.1 2.59.47.155 2.2.0.0 2.1.2.4736 01.72.00.00 1.3.2.6061 1.01.0098 01.00.02.45528 1.00.000.000 1.00 1.0.1.0 1.0.0.1 1.0.0.0 1, 0, 0, 1 0.2 0.1.0 -
Internal Name	Autenticador.exe Autocom-Delphi Keygen 2013.3 Autodesk AutoCAD 2010 BTCKeygen.dll DSKeyGen.exe FM.Player.UI.exe ftc.exe GhostControlInc.exe HardWareKeyGenerator.exe HSPKEYGEN Show More ida_keygen_v2.dll KerioPatchKeygen keygen KeyGen.exe keygen.exe keygen4MAPPY10 KeygenJPRO2024v1.exe keygen macromedia 8 MADARA.exe MTU.EET.KeyGeneration.Console.exe OConnect.exe OfflineUpdater ORiON KeyGen PlyWood_KeyGen.exe Red Alert 2 +5 Trainer Rzeznik SAMKEYGEN.exe SlideShow spsv6.exe SSH TEST1 TJprojMain TOH Keygen.exe VAG-COM VKeygen Win Windows 7 Ultimate Keygen.exe
Legal Copyright	(c)MTU 2015. All rights reserved. - All rights reserved. Arnold Garces - Xcidi - Hackermax auto-professionals.co.uk by Apus Copyright (C) 1995-2025 VanDyke Software, Inc. Copyright (C) 2000-2004 Copyright (C) 2004 Copyright 2002 Show More Copyright 2022 Parham Torabi Copyright 2023 Copyright © 1996 - 2001 F-Secure Corporation Copyright © 2000 Ivanopulo / DAMN Copyright © 2001 Hummingbird Ltd. All Rights Reserved. Copyright © 2001 Ivanopulo / DAMN Copyright © 2002-2005 Angelic Software Copyright © 2005 Copyright © 2013 Copyright © 2014 Copyright © 2016 Copyright © 2019 Copyright © 2020 Copyright © 2022 Slygoose Copyright © 2024 Copyright © 2024 Warez_Down Copyright © Bematech S/A 2014 Copyright © HP Inc. 2022 Copyright © Medical 2009 Copyright © Mizta Insane 2009 Copyright © NEC Infrontia Corporation 2009 Copyright © Right Hemisphere 2007~2011 Copyright © TOTVS 2017 Groza (c) 2001 k KeygenFOOTBALLMANAGER26.exe Marcin Grenda Paradox VDOWN 2008 © IObit. All rights reserved. © Olenevod
Legal Trademarks	IObit Right Hemisphere Rzeźnik MPEGów, MP3 Butcher
Loader Version	1.8
Original Filename	Autenticador.exe Autocom-Delphi Keygen 2013.3.exe Autodesk AutoCAD 2010 keygen.exe blub.exe BTCKeygen.dll DSKeyGen.exe FM.Player.UI.exe ftc.exe GhostControlInc.exe HardWareKeyGenerator.exe Show More ida_keygen_v2.dll KerioPatchKeygen.EXE KeyGen.exe keygen.exe keygen4MAPPY10.exe KeygenJPRO2024v1.exe keygen macromedia 8.exe keymaker.exe MADARA.exe MTU.EET.KeyGeneration.Console.exe NetKey.exe OfflineUpdater.exe PlyWood_KeyGen.exe RA2v1003Trn.exe Rzeznik.exe SAMKEYGEN.exe SFKeyGen.exe SlideShow.exe spsv6.exe ssh-keygen.exe Ssh-keygen2.exe TJprojMain.exe TOH Keygen.exe VagCom.exe VKeygen.exe Win.exe Windows 7 Ultimate Keygen.exe XPButton.exe
Product Number	15
Product Name	Autocom-Delphi Keygen 2013.3 Autodesk AutoCAD 2010 Baltie 3 blowfish-apux BTCKeygen Deep Server Driver Booster F-Secure SSH Console Application FM.Player.UI GhostControlInc Show More HardWareKeyGenerator Hokm_KeyGen ida_keygen_v2 Info Angel KerioPatchKeygen Application KeyGen KeygenFOOTBALLMANAGER26.exe KeygenJPRO2024v1 Keygen Macromedia 8 Keymaker Key Protection Data Signing Tools Mister Chef.net OConnect ORiON KeyGen Project1 Project X Red Alert 2 v1.003 +5 Trainer Rzeźnik MPEGów, MP3 Butcher SAMMY Schwho Security Pack Slides Show template TOH Keygen TOTVS Food Services (Linha Chef) VAG-COM VKeygen WHW Win Windows 7 Ultimate Keygen WindowsFormsApplication1 XPButton Module
Product Version	2013.R3 409, 1, 0, 0 16.36.0014 12.0 9.6.3.3599 7.1.0.0 5.7.0.0 5.0 Build 35 FIPS 03.2404.0001.00 3.71 Show More 3.3.0.3 3.0.3.1 3.0 2.1.2.4736 01.72.00.00 1.01.0098 01.00.02.45528 1.00 1.0.1 1.0.0.1 1.0.0.0 1.0.0.0 1.0.0 1, 0, 0, 1 0.2 0.1.0
Protection	StarForce 5.7.14.0

Digital Signatures

Signer	Root	Status
SGP Systems, s.r.o.	Certum Code Signing CA SHA2	Hash Mismatch
NEC Corporation of America	Thawte Code Signing CA	Self Signed
VanDyke Software, Inc.	VanDyke Software, Inc.	Hash Mismatch

File Traits

$Id: UPX
.adata
.NET
.sdata
.UPX
00 section
2+ executable sections
ASPack v1.08.03
ASPack v2.11d
big overlay

dll
HighEntropy
imgui
Inno
InnoSetup Installer
Installer Manifest
Installer Version
MPRESS
MPRESS Win32
Native MPRESS x86
NewLateBinding
nosig nsis
No Version Info
ntdll
Nullsoft Installer
packed
PEC2
PECompact v2.20
RAR (In Overlay)
RARinO
RijndaelManaged
themida section variant
upx
UPX!
vb6
VirtualAllocExNuma
VirtualQueryEx
WinRAR SFX
Wise
WRARSFX
WriteProcessMemory
x64
x86

Block Information

Total Blocks:	21
Potentially Malicious Blocks:	1
Whitelisted Blocks:	15
Unknown Blocks:	5

Visual Map

? ? ? x 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.AFD
Agent.AG
Agent.DFGH
Agent.GTL
Agent.XFG

Agent.XXS
Autorun.X
Banker.GT
BestaFera.G
Crack.K
Dapato.AG
Delf.DA
Delf.Spy.B
Fareit.L
Floxif.E
HEUR.Malware.Win32.Posin
Heinote.A
HomeGuard.A
Injector.EU
Injector.FGGA
Injector.FHBC
Injector.GDSA
Injector.JO
Injector.JV
Injector.KFR
Injector.KS
Injector.PMB
Injector.XD
KeyLogger.B
Keygen.NCC
Kryptik.FGV
Kryptik.FTSB
Kryptik.NRR
Kryptik.YFH
KuwanBar.B
Lotok.T
MSIL.Agent.GDFD
MSIL.Agent.XFA
MSIL.Agent.XGG
MSIL.Agent.XX
MSIL.Downloader.CNK
MSIL.Downloader.CPB
MSIL.Downloader.ND
MSIL.Downloader.XL
MSIL.Dropper.HG
MSIL.Heracles.IK
MSIL.Injector.XR
MSIL.WinActivator.A
NSPack.Gen
NetBus.A
OpenSUpdater.LD
Ousaban.V
Patcher.B
PcClient.L
Ramnit.AP
Sadenav.B
ScriptExpert.A
SnakeLogger.A
Sqwire.AA
Wana Decrypt0r.A
Wingo.A

Files Modified

File	Attributes
\device\harddisk0\dr0	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\xyplorer\catalogdefault.dat	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\licensexy.txt	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\readmexy.txt	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\startup.ini	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\uninstall.exe	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\xy64.exe	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\xy64contents.exe	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\xy64ctxmenu.exe	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\xycopy.exe	Generic Write,Read Attributes

c:\program files (x86)\xyplorer\xyicon_folderdenied.ico	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\xyicon_folderempty.ico	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\xyicon_foldergeneric.ico	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\xyicon_foldergray.ico	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\xyicon_foldergreen.ico	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\xyicon_foldertagged.ico	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\xyplorer website.url	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\xyplorer\xyplorer.chm	Generic Write,Read Attributes
c:\program files (x86)\xyplorer\xyplorer.exe	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\programdata\microsoft\windows\start menu\programs\xyplorer\xyplorer website.url	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\bwshow.wav	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\bwshow.wav	Synchronize,Write Data
c:\users\user\appdata\local\temp\glc1a8.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glc51c5.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glc5b7e.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glc660e.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glc76a1.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glcca28.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glf5a26.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\glf5a26.tmp	Synchronize,Write Data
c:\users\user\appdata\local\temp\glf67f6.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\glf67f6.tmp	Synchronize,Write Data
c:\users\user\appdata\local\temp\glf6f2a.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\glf6f2a.tmp	Synchronize,Write Data
c:\users\user\appdata\local\temp\glf82ab.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\glf82ab.tmp	Synchronize,Write Data
c:\users\user\appdata\local\temp\glfc2c.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\glfc2c.tmp	Synchronize,Write Data
c:\users\user\appdata\local\temp\glfd52a.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\glfd52a.tmp	Synchronize,Write Data
c:\users\user\appdata\local\temp\glg59f6.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glg6788.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glg6ecb.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glg828b.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glgc0c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glgd4fa.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glj1e7.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\gljca58.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glk3dc.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glk51f5.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glk5bce.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glk669b.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glk76e0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glkcc5d.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\kg46b6.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\mp3pdx.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\mp3pdx.exe	Synchronize,Write Data
c:\users\user\appdata\local\temp\nsaacae.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsf4b1f.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsffa2b.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nspb5a3.tmp\browsersetupoptions.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nspb5a3.tmp\browsersetupoptions.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nspb5a3.tmp\browsersetupoptions.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nspb5a3.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv4b30.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsv4b30.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv4b30.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsv4b30.tmp\userinfo.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv4b30.tmp\userinfo.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsvfa3c.tmp\bass.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvfa3c.tmp\bass.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsvfa3c.tmp\dat_bgm.ogg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvfa3c.tmp\dat_image.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvfa3c.tmp\dat_skin.skf	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvfa3c.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvfa3c.tmp\nsis_skincrafter_plugin.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvfa3c.tmp\page_component.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsvfa3c.tmp\page_component.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvfa3c.tmp\page_image.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsvfa3c.tmp\page_image.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvfa3c.tmp\skincrafter.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvfa3c.tmp\skinnsis.skf	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvfa3c.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pdx.mp3	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\pdx.mp3	Synchronize,Write Data
c:\users\user\appdata\local\temp\rarsfx0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_563625	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_83812	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\audio	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\audio	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\audio\click1.ogg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\audio\click1.ogg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\audio\high1.ogg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\audio\high1.ogg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\autorun.cdd	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\autorun.cdd	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\about.pqg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\about.pqg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\af.cmd	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\af.cmd	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\btinint.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\btinint.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\drvmap.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\drvmap.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\inetwh32.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\inetwh32.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\license.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\license.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\master.cnt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\master.cnt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\partin.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\partin.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\partin9x.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\partin9x.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\partinnt.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\partinnt.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pe07.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pe07.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pe09.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pe09.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pe0a.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pe0a.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pe0c.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pe0c.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pe10.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pe10.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pe11.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pe11.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\peabout.pqg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\peabout.pqg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pesp.pqg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pesp.pqg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pm.cnt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pm.cnt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pmagic.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pmagic.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pmagic9x.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pmagic9x.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pmagicb.pif	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pmagicb.pif	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pmagicbt.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pmagicbt.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pmagicnt.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pmagicnt.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqboot32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqboot32.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw.rtc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw.rtc	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw07.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw07.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw09.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw09.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw0a.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw0a.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw0c.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw0c.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw10.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw10.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw11.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbw11.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbwabout.pqg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqbwabout.pqg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqlaunch.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqlaunch.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqpb.rtc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqpb.rtc	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqpe.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqpe.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqpe.rtc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqpe.rtc	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqpe9x.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqpe9x.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqpent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqpent.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqvxd.vxd	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\pqvxd.vxd	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\ptedit32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\ptedit32.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\readme.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\roboex32.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\roboex32.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\splash.pqg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\splash.pqg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\unicode.fnt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\docs\unicode.fnt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\icons	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\icons	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\icons\icon.ico	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autoplay\icons\icon.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\images	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\images	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autoplay\images\ico_alpha_error_32x32.png	Generic Read,Write Data,Write Attributes,Write extended,Append data

55 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\app paths\xyplorer.exe::	C:\Program Files (x86)\XYplorer\XYplorer.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\xyplorer::displayname	XYplorer 27.00	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\xyplorer::uninstallstring	C:\Program Files (x86)\XYplorer\Uninstall.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\xyplorer::displayicon	C:\Program Files (x86)\XYplorer\XYplorer.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\xyplorer::displayversion	27.00.0400	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\xyplorer::nsis:startmenudir		RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\xyplorer::urlinfoabout	https://www.xyplorer.com/	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\xyplorer::publisher	Donald Lessau, Cologne Code Company	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\xyplorer::installlocation	C:\Program Files (x86)\XYplorer	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\xyplorer::versionmajor	'	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\xyplorer::versionminor		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\xyplorer::nsis:startmenudir	XYplorer	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Evmecwfn\AppData\Local\Temp\nsv4B30.tmp\	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes	(NULL)	RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317	✝	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324	#	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	ö	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://1000autohits.wz.cz/left.gifhttp://www.centreyoughourta	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey
HKCU\software\apcr::u1_0	奆	RegNtPreCreateKey
HKCU\software\apcr::u2_0	ᶪ	RegNtPreCreateKey
HKCU\software\apcr::u3_0	権ă	RegNtPreCreateKey
HKCU\software\apcr::u4_0		RegNtPreCreateKey
HKCU\software\apcr::u1_1	樒焴	RegNtPreCreateKey
HKCU\software\apcr::u2_1	漎牥	RegNtPreCreateKey
HKCU\software\apcr::u3_1	ᥜ獦	RegNtPreCreateKey
HKCU\software\apcr::u4_1	獵牥	RegNtPreCreateKey
HKCU\software\apcr::u1_2	撂灀	RegNtPreCreateKey
HKCU\software\apcr::u2_2	樂	RegNtPreCreateKey
HKCU\software\apcr::u3_2	賃	RegNtPreCreateKey
HKCU\software\apcr::u4_2		RegNtPreCreateKey
HKCU\software\apcr::u1_3	艫	RegNtPreCreateKey
HKCU\software\apcr::u2_3	䓌地	RegNtPreCreateKey
HKCU\software\apcr::u3_3	ぶ嘳	RegNtPreCreateKey
HKCU\software\apcr::u4_3	婟地	RegNtPreCreateKey
HKCU\software\apcr::u1_4	필	RegNtPreCreateKey
HKCU\software\apcr::u2_4		RegNtPreCreateKey
HKCU\software\apcr::u3_4	ꟽ좖	RegNtPreCreateKey
HKCU\software\apcr::u4_4	췔즕	RegNtPreCreateKey
HKCU\software\apcr::u1_5	馀宅	RegNtPreCreateKey
HKCU\software\apcr::u2_5	娮㯻	RegNtPreCreateKey
HKCU\software\apcr::u3_5	⭠㫸	RegNtPreCreateKey
HKCU\software\apcr::u4_5	䅉㯻	RegNtPreCreateKey
HKCU\software\apcr::u1_6	撊킩	RegNtPreCreateKey
HKCU\software\apcr::u2_6	鋺깠	RegNtPreCreateKey
HKCU\software\apcr::u3_6		RegNtPreCreateKey
HKCU\software\apcr::u4_6	뒾깠	RegNtPreCreateKey
HKCU\software\apcr::u1_7	ਲ玸	RegNtPreCreateKey
HKCU\software\apcr::u2_7	ワ⃆	RegNtPreCreateKey
HKCU\software\apcr::u3_7	䈚⇅	RegNtPreCreateKey
HKCU\software\apcr::u4_7	⠳⃆	RegNtPreCreateKey
HKCU\software\apcr::u1_8	뼢鷺	RegNtPreCreateKey
HKCU\software\apcr::u2_8	빢錫	RegNtPreCreateKey
HKCU\software\apcr::u3_8	鈨	RegNtPreCreateKey
HKCU\software\apcr::u4_8	鮨錫	RegNtPreCreateKey
HKCU\software\apcr::u1_9	见䩒	RegNtPreCreateKey
HKCU\software\apcr::u2_9	ᅍ֑	RegNtPreCreateKey
HKCU\software\apcr::u3_9	攴Ғ	RegNtPreCreateKey
HKCU\software\apcr::u4_9	༝֑	RegNtPreCreateKey
HKCU\software\apcr::u1_10	蟬	RegNtPreCreateKey
HKCU\software\apcr::u2_10	饻矶	RegNtPreCreateKey
HKCU\software\apcr::u3_10	盵	RegNtPreCreateKey
HKCU\software\apcr::u4_10	芒矶	RegNtPreCreateKey
HKCU\software\apcr::u1_11		RegNtPreCreateKey
HKCU\software\apcr::u2_11		RegNtPreCreateKey
HKCU\software\apcr::u3_11	鰮	RegNtPreCreateKey
HKCU\software\apcr::u4_11		RegNtPreCreateKey
HKCU\software\apcr::u1_12	⌌㞞	RegNtPreCreateKey
HKCU\software\apcr::u2_12	䓽峁	RegNtPreCreateKey
HKCU\software\apcr::u3_12	͕巂	RegNtPreCreateKey
HKCU\software\apcr::u4_12	楼峁	RegNtPreCreateKey
HKCU\software\apcr::u1_13	◍縆	RegNtPreCreateKey
HKCU\software\apcr::u2_13	숧켦	RegNtPreCreateKey
HKCU\software\apcr::u3_13	뛘츥	RegNtPreCreateKey
HKCU\software\apcr::u4_13		RegNtPreCreateKey
HKCU\software\apcr::u1_14	ᆬ혦	RegNtPreCreateKey
HKCU\software\apcr::u2_14	仗䆌	RegNtPreCreateKey
HKCU\software\apcr::u3_14	㩏䂏	RegNtPreCreateKey
HKCU\software\apcr::u4_14	偦䆌	RegNtPreCreateKey
HKCU\software\apcr::u1_15	겄礚	RegNtPreCreateKey
HKCU\software\apcr::u2_15		RegNtPreCreateKey
HKCU\software\apcr::u3_15	꧲닲	RegNtPreCreateKey
HKCU\software\apcr::u4_15	쏛돱	RegNtPreCreateKey
HKCU\software\apcr::u1_16	疂╧	RegNtPreCreateKey
HKCU\software\apcr::u2_16	᝚♗	RegNtPreCreateKey
HKCU\software\apcr::u3_16	嵹❔	RegNtPreCreateKey
HKCU\software\apcr::u4_16	㝐♗	RegNtPreCreateKey
HKCU\software\apcr::u1_17	ꘃ뿨	RegNtPreCreateKey
HKCU\software\apcr::u2_17	裑颼	RegNtPreCreateKey
HKCU\software\apcr::u3_17	샬馿	RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\627f8d7827656399d27d7f9044c9feb3f33efa9a::blob	㵟ꘚ燴悧㹦䈥S%⌰ℰଆ虠ňŅ〇、〒ؐ⬊ĆĄ㞂ļ́拀Ā ꬀㙰尶呱⦪싂嶟酁㬖⨖┢ጁ핗ݭꟿᾼॲĀᘀ　ؔ⬈Ćԅ̇؃⬈Ćԅ̇ᐁĀ᐀开⓳转⒑鮯㹟㒰尭嶨᷌Āက퐀㪀泃栥퐗姬쒛௧Ā฀琀栀愀眀琀攀栀Āࠀ蜀	RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\root\certificates\be36a4562fb2ee05dbb3d32323adf445084ed656::blob	\Ѐ볝蚽㾜ࠛ컯퇄춈ᔻᰘ兘槹镹⍋.Thawte Timestamping CA ਰࠆثԁ܅ࠃ㚾嚤눯׮돛⏓괣䗴丈囖晿煺硩騠ᑑ莝⃚ꗨ뺘芄ﺎ炮ᔑ㔁뉶 ʥ	RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\627f8d7827656399d27d7f9044c9feb3f33efa9a::blob		RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\627f8d7827656399d27d7f9044c9feb3f33efa9a::blob	鼆祩昖ʐ谛ꊌ߃㩯㵟ꘚ燴悧㹦䈥S%⌰ℰଆ虠ňŅ〇、〒ؐ⬊ĆĄ㞂ļ́拀Ā ꬀㙰尶呱⦪싂嶟酁㬖⨖┢ጁ핗ݭꟿᾼॲĀᘀ　ؔ⬈Ćԅ̇؃⬈Ćԅ̇ᐁĀ᐀开⓳转⒑鮯㹟㒰尭嶨᷌Āက퐀㪀泃栥퐗姬쒛௧Ā฀琀	RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\627f8d7827656399d27d7f9044c9feb3f33efa9a::blob		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\classes\.key::		RegNtPreCreateKey
HKLM\software\classes\.key::	regfile	RegNtPreCreateKey
HKCU\software\headlight\getright\config::grcode	SORRYO-7TY28-BBG07-XXNRX-7OR1Z-B9WQV-97A0M	RegNtPreCreateKey
HKCU\software\headlight\getright\config::grcodechk		RegNtPreCreateKey
HKCU\software\headlight\getright\config::pir8		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version	142.0.3595.53	RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent NtQuerySystemInformation OutputDebugString
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Other Suspicious	SetWindowsHookEx
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Process Shell Execute	CreateProcess ShellExecute ShellExecuteEx
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl Show More ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteKey ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtLoadKeyEx ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSetValueKey ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtSuspendThread ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtTraceEvent ntdll.dll!NtUnmapViewOfSection 101 additional items are not displayed above.
Network Winsock2	WSAStartup
Keyboard Access	GetKeyState
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Network Info Queried	GetAdaptersInfo
Network Winsock	inet_addr

Shell Command Execution


							C:\WINDOWS\system32\fondue.exe "C:\WINDOWS\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll


							C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 880


							C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 860


							(NULL) C:\Users\Evmecwfn\AppData\Local\Temp\RarSFX0\XYplorerInstall.exe /S


							(NULL) C:\Users\Evmecwfn\AppData\Local\Temp\RarSFX0\License.exe


									(NULL) rundll32 url.dll


									(NULL) "https://www.cybermania.ws"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f905a2d7dd8aaf201c69da25c42244f76a577992_0000181320.,LiQMAxHB


									(NULL) C:\Users\Vnivptdm\AppData\Local\Temp\svchost.exe


									(NULL) C:\Users\Vnivptdm\AppData\Local\Temp\xf-adobecc.exe


									(NULL) regedit.exe /s data.reg


									(NULL) http://www.masterkreatif.com //www.masterkreatif.com


									"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://www.masterkreatif.com/


									(NULL) C:\Users\Vhzungib\AppData\Local\Temp\RarSFX0\autorun.exe


									C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 824


									C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 740


									(NULL) C:\Users\Ruippqed\appdata\local\temp\mp3pdx.exe C:\Users\Ruippqed\AppData\Local\Temp\pdx.mp3

PUP.Keygen

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

File System Details

Registry Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed