Trojan.Floxif

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	2,169
Threat Level:	80 % (High)
Infected Computers:	53,653

First Seen:	January 4, 2013
Last Seen:	February 6, 2026
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove Trojan.Floxif

File System Details

Trojan.Floxif may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	symsrv.dll	1458e1451cf701b363c99cfb81317789	2,196
Name: symsrv.dll MD5: 1458e1451cf701b363c99cfb81317789 Size: 73.43 KB (73436 bytes) Detections: 2,196 Type: Dynamic link library Path: %COMMONPROGRAMFILES%\System\symsrv.dll Group: Malware file Last Updated: January 25, 2026

More files

Analysis Report

General information

Family Name:	Trojan.Floxif
Signature status:	No Signature

Known Samples

MD5: c689097a67a94ac20c1f517e351e91c7

SHA1: 7315078bc73ee2fe8fd46ee94d18390b61a1177b

File Size: 628.07 KB, 628073 bytes

MD5: a0f19aeef075e45b9bdde145987aef8d

SHA1: b3fef0e72a2993edcacf296891b4e9c45237a6e8

File Size: 1.69 MB, 1694830 bytes

MD5: 2ea1298542e778ec21fc1e5e50ed4368

SHA1: 8534d8487a5bf6039cb297610332950bd11eb3c0

File Size: 3.69 MB, 3689370 bytes

MD5: b605efb7d82e9598b1180aa3cb66527c

SHA1: c73005302f63328aef2fb7f401b242aa0b149a73

File Size: 1.19 MB, 1194812 bytes

MD5: 00079de8b0a8936c8599ee48c7f8b2d8

SHA1: 5feb073b087204fe3fa4534a176e2f92d185bcf2

File Size: 149.96 KB, 149959 bytes

MD5: 20e901dda0cfa2f7d13750e5c15234db

SHA1: af49f90f047b3e820e20b5f8d1d055a05ecc2638

File Size: 4.41 MB, 4411663 bytes

MD5: cc7876e8de11a680f4c3c42832e53f8c

SHA1: 8e10fd460a4d7d3b2fac30b71000bdd6db0c5aa0

File Size: 886.15 KB, 886147 bytes

MD5: d68d8cc06c73607e2ed9c8086f0ae05a

SHA1: 51f52128c0e1c18da0cf267a6656ff4366c31b49

File Size: 9.94 MB, 9941823 bytes

MD5: 24c0902972b6143a18778396707a6bc8

SHA1: 136158a37aea8fd26eb7fa6f68dfcdc512585a72

SHA256: 502BE78A1A154DCB0E4A1E1B3F51D422C44EC8B62599FF0C59D242B9AB15E261

File Size: 55.81 KB, 55808 bytes

MD5: 4cf46615b9c96360dd1f86714d6a616b

SHA1: 0980221ea8ec2038f7ce2fce2cbd7562984b839b

SHA256: AE3A34789971EDBE22A0D7845DD711F139A18E21C932EAB377BB6E05D0E502B0

File Size: 464.99 KB, 464991 bytes

MD5: 330addd7553165862a78dd04eaf836c4

SHA1: c9eb64d8470533c5cec0b2ec831dab76cbf1093e

SHA256: 1D069120832F876B8A1AA3711424ACE5F4E4E209FE3A7F3BB232D7DB2E375A43

File Size: 8.31 MB, 8311829 bytes

MD5: 5ebac72bd8c68a5133c33518ad214fa2

SHA1: 394f2e7d46a769602bbc8cbcfc12ed542f9ee6fa

SHA256: 6D77700ED0460AD73278C64273CDA2B6686C9844949DC7713500FED15F46813A

File Size: 2.07 MB, 2068052 bytes

MD5: 2ea5b351e21bf9450a1008ba0c39c981

SHA1: a956f9d15250f5170973ce85c0031640adcc01e3

SHA256: 2388C2CA75E71EB352D254A7B4814D36FACA8CD0330922EE91E943B437807501

File Size: 2.64 MB, 2643552 bytes

MD5: 4127387856a04c50fe78433cd116f2e8

SHA1: 6c79b0fe034707483a05d8024b13d290f093a537

SHA256: 715480DD674E2796CBB7F09966BBE00128343897560394E9F85F58C035C4C244

File Size: 592.46 KB, 592460 bytes

MD5: 2659a2e684dcfead9f1fe964d3327f5b

SHA1: 368b362645d9a14736a37f6add72b06bc0514765

SHA256: 4521C75C164316DB5DF981FE2434E31522865DA42C7CB6AC0A42E2DEFF59E8D8

File Size: 416.24 KB, 416242 bytes

MD5: 480c668a328c8b9505e29063e32e7a21

SHA1: 11f1ac814554e15b93640f8bab72ec69c6e492c9

SHA256: 869D31847B472716EEE73AF29CA3B45C1990A4D420D4D57829A674A62A351150

File Size: 498.17 KB, 498165 bytes

MD5: e7f8f9866ec61bf451568d75c4eff967

SHA1: 97135bcb119b4138598fbd0f1115b18557b629b1

SHA256: ED5BFB0DC8994EC55E4C68740028E8F66D8F794D6CC3E0EDE9E1E628B71A7D13

File Size: 5.57 MB, 5573863 bytes

MD5: 6d37c6dd009b5536a58a0dc724cdbb93

SHA1: 7c07cb5472ae391dcabcd1438aae05697af15e31

SHA256: 37DE39688373ED33E938ACA28DF7E8F641A4639E1A8AE13683C1899360C417B4

File Size: 3.14 MB, 3137404 bytes

MD5: 7765774ec068fb6c5b9d46eb3d4c9bb1

SHA1: 72f8627ea495a916e677eb0e352d59881b9fb245

SHA256: 3D5E1B1435C444F0FB92C25D9723E1605716FF1F3033D7BA1121740DCB6857E4

File Size: 4.89 MB, 4890055 bytes

MD5: 61a4ac3c300995c06e145f3fc47c497d

SHA1: b7235bb39b5c5ca5c7c0bb8237a88209a5e93165

SHA256: 69C9F48302E192853876775798C4EBBDF3847C2A82453C642856FDF7B878AD1E

File Size: 801.57 KB, 801573 bytes

MD5: 369e8bdd49f13783048963bacd0a069c

SHA1: e088689658d3cfd5130def2faad24afab5560a11

SHA256: 66124F6390BFD4F3CB941174D8832F62E71FF9BE8F7DE03A7ECEB1E229EAB4E3

File Size: 3.24 MB, 3243320 bytes

MD5: 47874b6bf6bf32dfd495030f3efb8cdb

SHA1: 7fd586937b4862422a79d5f4dc2aff0e88089356

SHA256: CC6AE10F9B35CDBF85621497184A9F13F77CBFF59F0347F706AAB1BA96C63C88

File Size: 162.94 KB, 162944 bytes

MD5: 26eaf9ecad407214ddbe6088a2105914

SHA1: 1e5789c940754fda3410093d5903892667c13644

SHA256: 5AFD5961A1851303992A64B01DF320AF424A322C54A8D1BE111FBCE1EDED7EAC

File Size: 2.21 MB, 2208521 bytes

MD5: 97467627d7d539fb232be044d5d8b927

SHA1: 655a28a70ff4861c72c5cb212c8b3b7d7783b426

SHA256: 9BF934C556B19B32E09D6A558BEA752546CE34CE9D45C7C5AA8A9C3C20E6DFDD

File Size: 469.94 KB, 469935 bytes

MD5: 7447d452c0d7e86ec4db902ce0b37655

SHA1: c0a9a0ee20b6cc54e9b205e425318824fdc15223

SHA256: 656E365D665CC79EB57A973594B35E12523D3603B93A3B010F9AA290AA345E1B

File Size: 1.82 MB, 1816326 bytes

MD5: 38b265312dc2df9e920954dd85ed4afd

SHA1: d89cdbb07958948edb1da0c0f2675d594e87ca6a

SHA256: 4B67F18028C8527AFD97611356FFA7371EBEA6FB9539F557FC4F5B8DB1BC379A

File Size: 267.77 KB, 267767 bytes

MD5: f3cd26a0fd93a95cd01010323aaaa1d5

SHA1: 9c63febf7a2022da4e239456c8a20a928ed016e9

SHA256: F5CA89A39B81D4F3128BBCF2D23C36197C2A6B31CE8C7FA10BCA180EDCC373E5

File Size: 5.98 MB, 5976236 bytes

MD5: 03cf638627ea3a67771360c2ee356d66

SHA1: 22299ff9aec5b9f6b97456928c3d919c123a1ca7

SHA256: 7652A8E88A6FAE5E0F1439049C729387FD0BD2C1F3BE002EDEE98CDA9B388FB5

File Size: 681.20 KB, 681200 bytes

MD5: 38d7006302dfb0728f29c9aadae72a60

SHA1: f1b41ba61c2ee594ea5364296c7a0650a8d2dc68

SHA256: FD4010DDDBD9CC57D8DFCC4CA5CC175C9B769C7A5871C38E365028836F86F326

File Size: 269.73 KB, 269730 bytes

MD5: 036098368c9f89d2b4d4a6d36ac436d2

SHA1: 8c840e7773a3f1b779be987e53454b3e60c51483

SHA256: C693594B52B42780DB1817B80202BF73C03EDF41F4961B630AA0EC7AC90BF60A

File Size: 3.82 MB, 3820235 bytes

MD5: 9eada605af1fe4a7b7ff9dbc2a973be5

SHA1: 00f3b41c698b4c82cb95d6b102129496cc7e32e0

SHA256: 2F06EEAFB8FB2FB3C4BC0E5E853E085F41CABDBB07A8DB89C49E958A1FBD2FAC

File Size: 267.77 KB, 267767 bytes

MD5: e1120523b1f0f4d8b6bfb85f4054bfa8

SHA1: 0c19806abb83f544546d62f11aa9f0f9ab2ea35c

SHA256: 6519ADE8762FB1D27C06A01C1013A31897EE78BA4991ECB268729E621287DF25

File Size: 481.10 KB, 481103 bytes

MD5: bf3b75e3ddb5aa466e2af8e0168d6cee

SHA1: 24d64c3bda8be71de299f9001487b9c2e1972335

SHA256: 6170C403243E57157918367067F620D093D552EAD1485E76B2AC190CAC0AA3AC

File Size: 3.61 MB, 3606752 bytes

MD5: fad81a39e7d764a614239168d86139e5

SHA1: f573933ae37ea1bfee57d1caa4a7c4a519b338a3

SHA256: 4B744136D1D0492F22CBA29033C55A3DD37E1A721C8E175FBFB39A1D38F8EFF1

File Size: 151.03 KB, 151027 bytes

MD5: 810c6b9820cb07a1d64891d5faba6cb1

SHA1: 1088bd6336c80de5a569b67f0212605180c564fb

SHA256: D8ED2E4AF02927CD667AAF0ABACD54259924E084F6923F97E4047C9C8499A903

File Size: 1.39 MB, 1387816 bytes

MD5: 0d13a3a3254923c42ff09d413f7ee0e5

SHA1: 63754eb17cf586875f313791135fe1ce869a21d6

SHA256: 069F2525FEFD9506D2166DB30422131CC3DD6E0740142E62C328D612C5696E71

File Size: 719.77 KB, 719768 bytes

MD5: 094f864e10a9161e1bba528c0fef1285

SHA1: 772e01e64a1dd60f19b797ba527855cec49b7873

SHA256: 8AD230C4A95A2A4F9DAC7300E59459CEC335461936F20FDE8067F239958BBC9F

File Size: 134.09 KB, 134087 bytes

MD5: 2fd60a2e0100817fb311a9a7a7818839

SHA1: feac6b3c1b64607ed3e9593865fcf2df971a1c78

SHA256: 3F25D2BEC6E870D0E93FE5DF3175289FFF939E93419205F1397C52BF1C6535C3

File Size: 218.95 KB, 218951 bytes

MD5: ae2fb1ea144fa33f95f40f0ca50da041

SHA1: 2c640f87531d2b6c604afff843ae1ef5ef5fd3c3

SHA256: BFE686A53E26702CA1C6972AEA5766650E574C58AC22E68BF135331941A3CF7E

File Size: 270.51 KB, 270511 bytes

MD5: 2873c812ad242d9769193d99a68cdd5d

SHA1: 890b6e1466e38f27ba3d760ea6aac07160d48b58

SHA256: A120625E7D631F5A796A006DB00B20A4E4941BE620AD14FB9865347B3D3B9D98

File Size: 230.83 KB, 230830 bytes

MD5: eb5a6aa86fd5f3339ef0f81a9f37dca0

SHA1: 859e83cc6012f446fff2da7be47a39271562761c

SHA256: 781BAE42A189023168446678F46BA22DBB5054B3CC7AD328D37C6C3027D55F57

File Size: 3.06 MB, 3055837 bytes

MD5: ba2a5ecf04a62a231bb5c7bd6aa1036d

SHA1: ac97c54f1759294d4988e3510f628f335afe91e2

SHA256: F25B54A718022B104B61A9B75032A8FD9203417A928DCDFE45B23BBA89B2CED9

File Size: 680.90 KB, 680903 bytes

MD5: 790ae9028c19a5d7a7e177e48a1159c1

SHA1: 74cc4521c278f1b7987bed8282e72b251498f69e

SHA256: 097F6A4FDA10468C22626B8CF74804023ED4B78A125E4CFED52F4CA4DCE74096

File Size: 847.63 KB, 847629 bytes

MD5: dba3b48660f7ebfa570e04f975270bb0

SHA1: 01efb2ba2ee2d1f4e5b5f8753f79de323d4d1bae

SHA256: 17091023689B26DE4B6B72FB360836DCEF69C70BAACF965CB3205D13288787CB

File Size: 719.77 KB, 719768 bytes

MD5: 21fb1eb1cda734d2ea95a06d00d1f3c4

SHA1: 5c9583a2fbe838582885d25de7019311aaf303b9

SHA256: 51B3A0E134BF9CE6EDD0381E38A22CFD91C7AE5AA6D11B1A6C6E6C229ECA584F

File Size: 41.47 KB, 41472 bytes

MD5: e245922ef9d0b998e07b3677c2a22096

SHA1: f89ba91e712ffbd473794d1e2eaf590af1ed2caf

SHA256: 12FA19AE4CDE2A0ECEA5E880F59A388FC4FB0CA2EA8AA05A388CF57831DB29F9

File Size: 801.24 KB, 801235 bytes

MD5: 4968710b8815823abb94601456d16d97

SHA1: 4e5b380961ef337827a7f15af6b342b97bfb1ede

SHA256: 4B62D3FD31FBC44EDA026F29FF0D976A9EACA7132F3EC3D11F2A6D65C53D8B5A

File Size: 719.77 KB, 719768 bytes

MD5: f6efca1114ea6fb2d688ce7e7af9c147

SHA1: afa8f19a9bad61df549a5c6fb10d3210fa0208f4

SHA256: E67502A42C195D9D65F7FC3B3E2D1FD4704F065BF32A20C069336CC0D55088C7

File Size: 5.83 MB, 5825680 bytes

MD5: 676c9ddcad92a558388c8ee4effc8261

SHA1: c65a14297557e5e0b273de0d840ff73d6940d755

SHA256: 956BFC89CF5F7419C5D67587A864934835711A1C581CA7397F4790FC3A63C261

File Size: 787.40 KB, 787399 bytes

MD5: 8d7ad44ac640c85e7f59e95f4eb63c08

SHA1: 0d45b1bec46bb42e9648b751f3ed2e7e30d5f984

SHA256: D2E288431617B200C279314C78094C272A81241815CB75025129439C045C83DA

File Size: 1.53 MB, 1525457 bytes

MD5: d174b6b4e118ff12f66710d467c17a94

SHA1: f1279be8a920ddd1376e05e41e41a0b85d71b926

SHA256: 6C28A3542BDBD7CEF57FA1538F43CFD472E435042140DDF7C01217B7949F7E58

File Size: 332.44 KB, 332443 bytes

MD5: b2ea21ba72c723ae64609738b11c4957

SHA1: f230016c72351743a959b72ff38711b3c13899c4

SHA256: 1D1B388A0235F7F499EAF92CA57AF1D0640DEC873749528F4A1D19F32F54FB49

File Size: 6.10 MB, 6104007 bytes

MD5: f52d27360feb24c1b68e424d596def83

SHA1: cb2662a7f1d2757d9ab9969d718e08b35c8a0a48

SHA256: E8D7DBABF58B077CC3DE3CE7AAA55E7C787DC759AABD54B3CB38ECA87104306A

File Size: 1.08 MB, 1075008 bytes

MD5: 667ae7f2b141fb4f1b108ae9fcb36589

SHA1: d965096bdf9b2a1a6db6d9072fa5ca12ec5ce90a

SHA256: 6DE7B8B7852654C138D8F72052F28787CA88705BF96A1B716CDEC06A74211570

File Size: 1.53 MB, 1525457 bytes

MD5: 209425dd928d63d70510f30294f9c4f8

SHA1: f599b08ad6b0ac69a43186566a9c85532e20d922

SHA256: 7005169795036212A63D789400929BB48DED27482568CCA87D3F56191837A97C

File Size: 2.45 MB, 2447303 bytes

MD5: 7570c12afd6c9bc94699c762cb9d5a71

SHA1: db409623598a68021336c73985e1eb3996eaf3bb

SHA256: 0F1FE03723C2C39E9A447C0E452F5DC5738D37506885C766FE121615FC5B86D2

File Size: 7.80 MB, 7798280 bytes

MD5: 1751142e508e99e6925bd6fe0b8f1e68

SHA1: 7ec8a05b6ddefbce7ac2aa504650d9d145c8dbe4

SHA256: 0B6DFB6B2318F3C900F5BA84B6D676E0DCABACFCD6C706FA3350DE86CA3EF13E

File Size: 315.33 KB, 315335 bytes

MD5: 73802ef3d5809127346991da7cb7cb97

SHA1: 5a3ebf8b67a5835e4cb47896541bf7470ddd9700

SHA256: 86609F6D36C42345965EB59ECB58200DBF29A246C50BDD5335C2D70D9612D7EE

File Size: 2.86 MB, 2861744 bytes

MD5: 701491dc30d883c2e91093ee411c6f03

SHA1: e677f5d4554e86c597f9e3a9526f818bdb0d40a1

SHA256: 0DE81A181FBC01CFC406134CC2B333EF9E9B4833B2D06FDA96A27A746C4F1F42

File Size: 1.85 MB, 1847751 bytes

MD5: 669befd9d18665c4370c1d9c5bedf3cc

SHA1: 5a98c1ab2f8ecddd243b0e378eda43eb3b577b59

SHA256: 687215D47C542B78A792BE80E11ABA3106663218722727D105E633122CDA7281

File Size: 114.63 KB, 114631 bytes

MD5: 0e25fc5c5a2d867383c8a7ea3eda231f

SHA1: 645ea8113bbde9b419d11293c1b5406cb511f9d0

SHA256: 68037EE0C1ECC54C54CD4D2D6E27205502EB01F9BBC7207DA8033ACFA82A3FF8

File Size: 6.09 MB, 6092231 bytes

MD5: b5583633f9478af281acf1cefd615705

SHA1: 319710c217c734a5c0daa200d1ba1a64d40ee283

SHA256: E473B1D80CAD40F0D7537532A90AB35A6815B87B21828049D6475F492F49B440

File Size: 2.17 MB, 2168775 bytes

MD5: f70441787bae0395897e158df51d62c8

SHA1: 652a788064737273c032d0bc2052657319c727d3

SHA256: 929ED0DDFF176023F33014A1FDC68D559B6ABAC547E99BDE72140F60B6C39042

File Size: 1.85 MB, 1850107 bytes

MD5: 43409892857e93d4635fbd0726b6a20b

SHA1: e97b2d3e96d6168bbb59171dd5d0d9800d8e6d1c

SHA256: 90D4BBAFD9FDB311D0A47FE2869CAB48BC4BD641AE2A55642081E3B1546FD909

File Size: 6.10 MB, 6104007 bytes

MD5: 8d45c6fde699db58ded981190701061a

SHA1: ff3ac3382bd8c40ea9b8a5d960ef77d53582361c

SHA256: A2972381A2758A1D0E1482D451D2AE10C439E7BF2ABE50E6FF8DA0F58AF6E143

File Size: 527.30 KB, 527303 bytes

MD5: 92b34dff3d47ca533a1e1ae29d7ba08e

SHA1: ccf09be46167dab6540e0158ac917f0fc86bdca0

SHA256: 0A873B9368D39B908559CB2F6CBBA40F2A27195772F682A26AD8CDA1ECDC62FF

File Size: 680.90 KB, 680903 bytes

MD5: 17a0cc6288c80c16ea7e0e6082474caa

SHA1: bf4f4a0b3b0ff477183ccf73cad237b2d5d2e595

SHA256: 515BA292A6542CE9CB49DD76E118CC311AD78F863B9A5A0AE255E6B8A3B1734D

File Size: 4.43 MB, 4428931 bytes

MD5: 0333d64ea47cbacd4355d17f55964133

SHA1: cd10ffe8791dda411b4c01f039cb90aac6030520

SHA256: 2267D9E7C351D7D8845F03BE6FE8911FE20980F467A18343156524367377788F

File Size: 763.85 KB, 763847 bytes

MD5: 932129810ed2bd947cd4d090a9fe0f12

SHA1: 36e744679a0d16311af57b122b0cd627e14ca303

SHA256: 5CDDF95688E7E6F94F2B0E3033B7F872C6BC895ADF1D096842AC403B69560A40

File Size: 2.13 MB, 2127815 bytes

MD5: f2527f57fa89ad003aecc8d692bbdbd0

SHA1: e32ec0c53edeae42452b2ebc9d1022bb2e3c5e66

SHA256: B7E595BA20A66532CA0B9423D97D065BACEE0B41199479DFABF8C5AFFE58D09F

File Size: 266.52 KB, 266519 bytes

MD5: cfc63b98e2491f6b531ddebf843295f5

SHA1: 9d962a480f809eab2de732aa18355cca032f3dbd

SHA256: A3107ECB38E0CEA5D8E9340F6A3B9DF9033618169CA919168340B1E2DEC2DA81

File Size: 6.93 MB, 6932878 bytes

MD5: 0d18ec4c2800a3f79bee51289f3b2f84

SHA1: 3fc6c9325f86487b7f551a8459e8daa61678a1b8

SHA256: 336E0545E615A7384532053B0C59A9C8992EBF6A69EE7033F0DA020FF7A9105A

File Size: 129.48 KB, 129479 bytes

MD5: 70df73df180236185eedce15dfe4d718

SHA1: 15f2251a0130ade269bad2363ec5bd349d1463c0

SHA256: 88B5B6828C6177F5520BF2FFB9B1E0E8370870352573C3E9DA56AF04011D8EF1

File Size: 573.89 KB, 573895 bytes

MD5: 95985b00a23a35b7b6c0a42725a88ec7

SHA1: 348e931905d3d9ecf69299fe4604e4a2e8cc876f

SHA256: 9004A311243EF622FF71E0DEDCB64C67F351F9EEB4D9A0F341201A41B98418FA

File Size: 4.73 MB, 4731335 bytes

MD5: a19176359b836005e8e820f970bead26

SHA1: 1e49a7adf3f49ca208b9da28f93bbc8a57442abe

SHA256: B6E32D1959E2C2D352EF7598292D758E9C96B80BE0E19F69B2F56077DEE226D2

File Size: 6.10 MB, 6104519 bytes

MD5: 42f632e7237db2d88f13378e3a27d9d7

SHA1: 71c70334ac7039ea57ca0d8a0c8b07398f39837f

SHA256: A999CA4785BA54C35377AA485887267396D7BDABEA5D40465D4F14F3ACAC3FF9

File Size: 910.28 KB, 910279 bytes

MD5: ef72e8f65f94260efe814b6e34a2d7bf

SHA1: ed43c532ea4531919754fc2f8c75f5e11e82feab

SHA256: 462B36298FDB736964B72683F4E0FC983AB677BE2A505FC498ED7654ED01CAD2

File Size: 6.11 MB, 6107591 bytes

MD5: 9b6ab30f167d19c85d49825bd066f08d

SHA1: dc968029ee51f9fd0005895cb26f49847dceadd1

SHA256: 2964EB65A60244DF5F10D2A54DDD2EF4221124D1660C41F793F6131D14599EA8

File Size: 3.25 MB, 3251143 bytes

MD5: bd184925a255ef821b4526d1829f1f7b

SHA1: 78cd595479fff4cf83ad42255c7fceb6cba5d629

SHA256: A65D37C12A0299B6D22ED0F4407B4B289A437696D39B69C23509856DE3FDB9BF

File Size: 3.42 MB, 3421639 bytes

MD5: 1cde08c717c033f983397b623ecbdf04

SHA1: f4f64287a51449a696e5715e2388a535a3b12ba4

SHA256: 54C2FCCF3EA160F9FBA15901DDB139B9475E524052647B2B93D22F69CC8C2F1B

File Size: 211.40 KB, 211399 bytes

MD5: 1431e420f8524c68bb4e57ff5eff49d9

SHA1: 9a98afb6ba534309c7081723571009ba640fb3a8

SHA256: D1437BF8DDF195DC82C8223F020F373BE059B25BF4F59076D0B77076B19ABEFF

File Size: 631.09 KB, 631090 bytes

MD5: 336c2680812f64032847a863e10c9258

SHA1: 7cb7f640e7d9b40584af05af14c81e4fdfa77acf

SHA256: 46877B56B61F07CDF1A82287ECF4C748FB8326F70407BD3F1DB30A87B47BA627

File Size: 271.30 KB, 271303 bytes

MD5: bf4064655231f4ef2923ee76636b6563

SHA1: cff7c507c58c0ae0aac2b53118f25eaf5360703a

SHA256: 78AC12681EADDB59229F9BF8A603891F221103715111810CFD726161C0A15C57

File Size: 161.74 KB, 161735 bytes

MD5: ca79ca98c2cba9648efada3692dc8b01

SHA1: 6b7d33a4e1127cf9426dd1ebadc83b3d23e28a01

SHA256: 6F90A3CAAABC6469654BB081127EC284E83610A626E9CE14BE3B8F8DE1CC7C4B

File Size: 161.74 KB, 161735 bytes

MD5: f1b1124246329a006b37a3b54b54197d

SHA1: 3bf4bec539d3604ebd7f319d47d48038cf0fd6ef

SHA256: 1F64A1F24AC352BBB578F9966E3CD01F7E4DAAE25AFD5C3BD3CD2949B84F5DD8

File Size: 630.41 KB, 630415 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is 32-bit executable

File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

172 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Authors	tittoproject - winPenPack Team & winPenPack community
Comments	Creado por XPyro - X' Portables - Mejorando el mañana hdl_dump - Windows-based game installer for Open PS2 Loader Wizard of 0z (AKA b...) w1zard0f07@yahoo.com revisited by AKuHAK https://github.com/ps2homebrew/hdl-dump http://www.internetdownloadmanager.com Inno Setup home page: http://www.innosetup.com microsoft Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com RuntimePack x86/x64 This installation was built with Inno Setup. This installation was built with InstallAware: http://www.installaware.com Winaero Tweaker 32bit support process Show More X-Launcher allows you to change at will the options for initiating programs undertaken in order to make them portable.
Company Name	AdAvoid Ltd. AKuHAK https://github.com/AKuHAK/hdl-dump w1zard0f07@yahoo.com ASSAYYED Bils Blue Marble Geographics BonSoft DSDCS EternalCast funhacker's EO Pserver Apps http://jameszero.net Show More http://winaero.com http://www.xportables.co.cc/ Igor Pavlov Intel Corporation Jordan Russell Kerish Products KLCP Lenovo LibUSB-Win32 MediaTek microsoft Microsoft Mozilla Corporation PDFLogic Corporation Power Software Ltd QUALCOMM, Inc. Samsung Electronics Co., Ltd. SaT-Dz TeaM Spreadtrum Communications Inc. Tonec Inc. UNISOC Communications INC. Vetronix Corp. www.SamLab.ws www.winpenpack.com ZaraSoft
Compile Date	2020oct05
Compiled Script	AutoIt v3 Script : 3, 2, 12, 1 AutoIt v3 Script: 3, 3, 8, 1
File Description	7-Zip Installer AdBlocker Ultimate ALi.Hassani.DD A Program To Edit All Android Components ClocX CmdDloader Creates an SQL script from your NPC.ini which will translate you Delayed launcher dll loader DriverSetup Show More Dz-LZMA Tool EternalCast Everything Firefox Helper Global Mapper 26.1 64-bit hdl_dump - Windows-based game installer for Open PS2 Loader Identification Service - 01234567890123456789 Inno Setup Uninstaller Internet Download Manager (IDM) Kerish Doctor LenovoUsbDriver LibUSB-Win32 Setup Mozilla Maintenance Service Installer PC Equalizer 1.3.2.1 Installation PDF Reader for Windows 7 Setup PowerISO Setup qcmtusvc RuntimePack Lite x86/x64 Screen Saver Installer Setup/Uninstall Snappy Driver Installer This installer database contains the logic and data required to install InputMapper. UltraISO Premium Winaero Tweaker 32bit support process winPenPack X-Firefox Launcher WinSFX32M Self Extractor for Win32 ZaraRadio Setup
File Version	PDF Reader for Windo 2021.1.17.0 115.29.0 115.28.0 115.12.0 51.1052.0.0 51.52.0.0 51.5.0.0 26.10.0000 22, 19, 13, 2 Show More 19.00 17.3.14 9.3.6.2750 8.1.0.0 7.7.0.0 6, 42, 58, 3 6, 42, 58, 2 6, 42, 50, 2 6, 42, 19, 2 4.85.0.0 3.58.0.0 3.8.4.0 3.6.3 3, 3, 8, 1 3, 2, 12, 1 2.71.2.11 2.4.73.82 2, 0, 0, 49 1.20 1.20.0 1.12.44.1 1.6.10.19991 1.6.2.0 1.6.0.0 1.5.4 1.3.2.1 1.2.6.0 1.1.33 1.1.0.0 1.02.0057 1.00 1.0.2.3 1.0.0.0 1, 19, 32, 1 1,8,2,0 1, 2, 1, 371 1, 0, 0, 1 1,0,0,0 0, 9, 2, 0
Internal Date	27071500
Internal Name	7zipInstall al ALi.Hassani.DD.exe ClocX CmdDloader DriverSetup Dz-LZMA Tool EternalCast.exe Everything hdl_dump Show More Identification Service InputMapper Internet Download Manager Kitchen LaunchDelay qcmtusvc RuntimePack.exe TJprojMain Win winaerotweakerhelper.exe WINSFX32M X-Firefox
Legal Copyright	(C)Micco 1997-2001 All rights reserved. (c) Samsung Electronics. All rights reserved. 2015 http://winaero.com ASSAYYED: © xda-developers.com Bils Contact: geohelp@bluemarblegeo.com Copyright (C) 1998-2001 Jordan Russell Copyright (c) 1999-2018 Igor Pavlov Copyright(c) 2004-2020 Copyright(c) 2004-2021 Show More Copyright (c) 2005 - 2014 Vetronix Corp. All rights reserved. Copyright (C) 2005-2008 David Carpenter Copyright (C) 2013 Copyright (C) 2016 - 2019 Spreadtrum Communications INC. Copyright (C) 2016 DSDCS Copyright (C) 2019 UNISOC Communications INC. Copyright (C) 2024 Industrial Contracting LLC Copyright (c) AdAvoid Ltd. All rights reserved. Copyright (C) Lenovo Corporation. All rights reserved. Copyright (C) QUALCOMM, Inc. Copyright 2004 ScreenTime Media. All Rights Rsvrd. Copyright 2011, Intel Corporation Copyright © 2005-2021 PDFLogic Corporation GNU General Public License GNU GPL v3 http://jameszero.net Kerish Products 2005-2021. All rights reserved. microsoft compiler Mozilla Corporation SaT-Dz TeaM Shannon Talbot Tonec FZE, Copyright © 1999 - 2024 Tonec FZE, Copyright © 1999 - 2025 X' Portables © 2004, 2005, 2006, 2007 Wizard of 0z, 2012, 2013 AKuHAK
Legal Trademarks	Credits goes for Sony and the creators of HD Loader. Remember guys, you're the one, that opened Pandora's box. Firefox is a Trademark of The Mozilla Foundation. http://jameszero.net http://winaero.com Intel Corporation Internet Download Manager SaT-Dz TeaM ScreenTime is a registered trademark of ScreenTime Media. winPenPack
Original File Name	InputMapper.aiui
Original Filename	7zipInstall.exe al.exe ALi.Hassani.DD.exe ClocX.exe CmdDloader.exe DriverSetup.exe Dz-LZMA Tool EternalCast.exe Everything.exe hdl_dump.exe Show More helper.exe IDMan.exe LaunchDelay.exe LZHSFX32.EXE maintenanceservice_installer.exe qcmtusvc.exe RuntimePack.exe SDI_1.20.0.exe TJprojMain.exe vci-ident.exe Win.exe winaerotweakerhelper.exe X-Firefox.exe
Private Build	14.03.2017
Product Group	01234567890123456789
Product Name	7-Zip AdBlocker Ultimate Android Editor ClocX Application CmdDloader Delayed launcher DriverSetup EternalCast Everything Firefox Show More Global Mapper 26.1 64-bit hdl_dump Identification Service InputMapper Internet Download Manager (IDM) K-Lite Codec Pack Kerish Doctor LenovoUsbDriver 1.1.33 LibUSB-Win32 MediaTek Log Installer microsoft dll loader NPC Translator NVR Odin Downloader PDF Reader for Windows PowerISO Setup Project1 QUALCOMM qcmtusvc RuntimePack x86/x64 SaT-Dz TeaM ScreenTime for Flash Snappy Driver Installer UltraISO Premium Win Winaero Tweaker Helper winPenPack X-Firefox WinSFX32M for Win32
Product Version	Unlimited PDF Reader for Windo Ini Rev 8 2021 115.29.0 115.28.0 115.12.0 26.10.0000 22, 19, 13, 2 19.1.5 Show More 19.00 17.3.14 9.3.6.2750 8.1.0.0 7.7.0.0 6, 42, 58, 3 6, 42, 58, 2 6, 42, 50, 2 6, 42, 19, 2 4.85.0.0 3.58.0.0 3.6.3 2.71.2.11 2.4.73.82 2, 0, 0, 49 1.20.0 1.8.2.0 1.6.10.19991 1.6.0.0 1.2.6.0 1.1.33 1.02.0057 1.00 1.0.2.3 1.0.0.0 1.0 1, 19, 32, 1 1, 2, 1, 371 1, 0, 0, 1 1,0,0,0 0, 9, 2, 0
Products	0123456789012345678901234567890123456789
Program I D	com.embarcadero.AdblockerUltimateGUI
Special Build	command-line http://jameszero.net
E Mail	winpenpack@gmail.com

Digital Signatures

Signer	Root	Status
Mozilla Corporation	DigiCert Assured ID Root CA	Hash Mismatch
Mozilla Corporation	DigiCert Trusted Root G4	Hash Mismatch
Mozilla Corporation	Thawte Premium Server CA	Hash Mismatch

File Traits

.adata
00 section
2+ executable sections
7-zip (In Overlay)
7-zip Installer
7-zip SFX
7zSFX
AdvInst
Autoit
big overlay

CryptUnprotectData
GetConsoleWindow
HighEntropy
imgui
Inno
InnoSetup Installer
Installer Manifest
Installer Version
No CryptProtectData
nosig nsis
No Version Info
ntdll
Nullsoft Installer
packed
RAR (In Overlay)
RARinO
SIM
upx
UPX!
vb6
VirtualQueryEx
WinRAR SFX
WinZip SFX
WRARSFX
WriteProcessMemory
x86
ZIP (In Overlay)
ZIPinO
zlib (In Overlay)
zlib overlay

Block Information

Similar Families

Agent.DJB
Agent.GDSG
Agent.TRB
Agent.TRC
Agent.WO

Ahead.B
Autoit
BadJoke.XA
Banker.YC
CheatEngine.A
Chuyun.A
DarkGate.B
Downloader.Agent.XE
Dropper.Delf.C
Dropper.Delf.CF
Expiro.IE
Farfli.KB
Floxif.E
GandCrab.BM
Goldrv.A
Injector.AJA
Injector.GPB
Injector.ISA
Injector.KPD
Keylogger.XA
Kryptik.KABL
Kryptik.KBBJ
Kryptik.KBD
Kryptik.KBH
Kryptik.KBP
Kryptik.REA
Kryptik.REC
KuwanBar.B
Lumma.GFD
Lumma.XC
Marte.W
Morto.B
Mulinex.C
PornTool.B
Rozena.FGB
Rozena.XAC
Rozena.XAE
Rugmi.IA
ShellcodeRunner.YC
Sheloader.A
Softcnapp.N
Stealer.BPE
Sybici.A
Votos.A

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\polisoftware	Synchronize,Write Attributes
c:\polisoftware\nfe	Synchronize,Write Attributes
c:\polisoftware\nfe\__tmp_rar_sfx_access_check_84796	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\istar	Synchronize,Write Attributes
c:\program files (x86)\istar\__tmp_rar_sfx_access_check_25890	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\istar\iformat.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\program files (x86)\istar\iformat.exe	Synchronize,Write Attributes
c:\program files (x86)\istar\ipclock.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\istar\ipclock.exe	Synchronize,Write Attributes
c:\program files (x86)\istar\star.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\istar\star.exe	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.213.7\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.213.7\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.213.7\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.213.7\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files (x86)\mozilla maintenance service\uninstall.exe	Generic Write,Read Attributes
c:\program files (x86)\windows defender\mpoav.dll	Synchronize,Write Attributes
c:\program files (x86)\windows defender\mpoav.dll	Synchronize,Write Data
c:\program files (x86)\windows defender\mpoav.dll.dat	Synchronize,Write Data
c:\program files (x86)\windows defender\mpoav.dll.tmp	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000	Generic Write,Read Attributes
c:\programdata\servecas.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\servecas.exe.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbox_live\injected-win32.dll	Synchronize,Write Attributes
c:\sandbox_live\injected-win32.dll	Synchronize,Write Data
c:\sandbox_live\injected-win32.dll.dat	Synchronize,Write Data
c:\sandbox_live\injected-win32.dll.tmp	Generic Write,Read Attributes
c:\sandbox_live\shsandbox32.exe	Synchronize,Write Attributes
c:\sandbox_live\shsandbox32.exe	Synchronize,Write Data
c:\sandbox_live\shsandbox32.exe.dat	Synchronize,Write Data
c:\sandbox_live\shsandbox32.exe.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_32.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\2.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\4.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\4.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\4.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\5.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\5.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\5.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\7.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\7.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\7.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\8.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\8.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_mei10682\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10682\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10682\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10682\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10682\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei2882\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei2882\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei2882\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei2882\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei2882\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36162\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36162\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36162\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36162\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei36162\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei39482\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei39482\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei39482\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei39482\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei39482\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51122\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51122\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51122\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51122\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei51122\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52042\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52042\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52042\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52042\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei52042\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei53242\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei53242\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei53242\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei53242\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei53242\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei53482\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei53482\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei53482\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei53482\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei53482\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54562\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54562\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54562\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54562\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54562\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54642\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54642\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54642\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54642\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei54642\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei60562\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei60562\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei60562\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei60562\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei60562\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei60682\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei60682\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei60682\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei60682\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei60682\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei61162\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei61162\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei61162\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei61162\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei61162\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei61402\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei61402\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei61402\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei61402\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei61402\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei9202\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei9202\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei9202\python36.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei9202\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei9202\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\3b1011c17e4.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\3c48e2c17fc.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\3d81d64398.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\3da4aa02310.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\3eaaa50468.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\3ff2133417a8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\411b147013f8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\424417c4e20.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\436ce841454.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\44862301230.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\44c415d014cc.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\45fd82014e4.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\47455f8120.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\487de5842c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\49a611e8f6c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\4a6215181258.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\4adf123c17b4.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\4aeb7a4140c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\4c1714dc1550.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\4d4010b41558.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\4e6916f8368.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\513c161c15e0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\514714a41128.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\5285171816d8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\52de41817dc.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\53fc175c1714.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\549d17f814f0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\567c17b41768.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\589f15c41530.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\5a35168c1644.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\5b1011841188.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\61241d701fe0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\635df8c14c0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\63da170416bc.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\66d81d9c1ea8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\6bba17f41770.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\7228e81458.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\8f6181c1060.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\a3faef82a4.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\a7071c7816e0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\a8bd11fc172c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\aaffbc8938.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\d25a12901b00.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut570a.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut67d3.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut6822.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut68af.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ct4c0.tmp\is-qmfue.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc6c0a.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsca8ce.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsca8ce.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca8ce.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsd54af.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsd54af.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd54af.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsh52b6.tmp\nsexec.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh52b6.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh6c2a.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh6c2a.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh6c2a.tmp\system.dll	Generic Write,Read Attributes

59 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ⷹǛ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\easyboot systems\ultraiso\5.0::language	4	RegNtPreCreateKey
HKCU\software\easyboot systems\ultraiso\5.0::registration		RegNtPreCreateKey
HKCU\software\easyboot systems\ultraiso\5.0::username	XPyro	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls	C:\PROGRA~1\COMMON~1\System\symsrv.dll	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Lkuoevoc\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Lkuoevoc\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Lkuoevoc\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKCU\software\winrar sfx::c%%polisoftware%nfe	C:\POLISOFTWARE\NFE	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cfdebdgk\AppData\Local\Temp\~nsu1.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cfdebdgk\AppData\Local\Temp\~nsu1.tmp\??\C:\Users\Cfdebdgk\AppData\Local\Temp\~nsu1.tmp\Un.exe	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\mozillamaintenanceservice::displayname	Mozilla Maintenance Service	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\mozillamaintenanceservice::uninstallstring	"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\mozillamaintenanceservice::displayicon	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe,0	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\mozillamaintenanceservice::displayversion	115.28.0	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\mozillamaintenanceservice::publisher	Mozilla	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\mozillamaintenanceservice::comments	Mozilla Maintenance Service	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\mozillamaintenanceservice::nomodify		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\mozillamaintenanceservice::estimatedsize	d	RegNtPreCreateKey
HKLM\software\mozilla\maintenanceservice::attempted		RegNtPreCreateKey
HKLM\software\mozilla\maintenanceservice::installed		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Vjlodldu\AppData\Local\Temp\nsiD27C.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Rxroilvp\AppData\Local\Temp\nsw4E8A.tmp\	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::regname	RmK-FreE	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::regkey	1234-1234-1234-1234-1234-1234-1234-1234-1234-1234-1234567	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::apppath	c:\users\user\downloads\App\KerishDoctor\KerishDoctor.exe	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::installpath	c:\users\user\downloads\App\KerishDoctor	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::language	Russian.lng	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::instanceid	ƶ	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::serverdate	!	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::installdate	!	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::messagehistory	1;4;27;	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::messagecenter	21,6;4,4;1,3;39,2;27,2;	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::issystemdiskssd		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::lastrecommends	2;11;21;22;25;27;36;37;42;	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::moduleswork		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::realtimemode		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::usekerishcloud		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::version	4.65	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::globalsettings		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::scheduleruserchanges		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::scantypes		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::scancustomtypes		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::scantrashtypes	āāā	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::scantrashcustomtypes	āāā	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::helpshowed		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::reportenable		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::clearreport		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::debugmode		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::backupenable		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::clearbackup		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::ignoreremovable		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::tempcontrol		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::scanacpoweronly		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::scanpcidleonly		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::scanfailures		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::failurescanprocesses		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::failurescanservices		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::failurescansettings		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::failurescanassociations		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::failurestate		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::windowsvisit		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::newrecommendtips		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::messagestips		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::reminddiagnostics		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::remindupdate		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::tempcelsius		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::showdailytips		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::tempcheckcpu		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::tempcpuwarning	P	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::tempcpucritical	Z	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::tempcheckgpu		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::tempgpuwarning	P	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::tempgpucritical	Z	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::tempcheckdisk		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::tempdiskwarning	2	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::tempdiskcritical	A	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifyshow		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifyfix		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifystartup		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifystartupdel		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifyservices		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifyscheduler		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifyupdate		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifyrestore		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifygamemode		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifyaddons		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifyblacklist		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifyblacklistinterval	<	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifyalertshowagain		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifyalertinterval	<	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::notifyautohide		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::playsound		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::soundfix		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::soundstartup		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::soundstartupdel		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::soundservices		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::soundscheduler		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::soundupdate		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::soundrestore		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::soundgamemode		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::soundblacklist		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::socialrecommend		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::asktoolshortcut		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::integrationrecoverydrive		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::integrationrecoveryrecyclebin		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::integrationshredderdelete		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::integrationshredderrecyclebin		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::integrationunlocker		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::integrationappinfo		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::fileshredderused		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::malwareprotect		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::riskwareprotect		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::scansuspicious		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::hostsprotect		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::quarantineenable		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::sysfilesprotect		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::freezeprocesses		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::securitycontrol		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::appvulnerabilitiescheck		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::lastupdate		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::lastscan	30.12.1899 00:00:00	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::laststart	21.10.2017 14:54:31	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::updatestatus		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::updatecheck		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::updatenews		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::updatebeta		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::updateproxy		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::proxyadress	-	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::proxyport		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::updatemodules	āāā	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::deblockerenable		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::deblockerinterval		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::internettitle		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::internettext		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::internetlink		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::showsystemservices		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::serviceslistorientation		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::servicescolumnsort		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::showsystemprocesses		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::showprocessservices		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::processlistorientation		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::processescolumnsort		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::showsystemlocks		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::connectionlistorientation		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::connectioncolumnsort		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::uninstalllistorientation		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::uninstallcolumnsort		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::bigfilesminimumsize		RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::recommendenabled	āāāāāāāāāāāāāāāāāāāāāāāā	RegNtPreCreateKey
HKLM\software\kerish products\kerish doctor::recommendinvisible		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\uninstall\mozillamaintenanceservice::displayversion	115.29.0	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Nkbuohrt\AppData\Local\Temp\nsd54AF.tmp\	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name	24d64c3bda8be71de299f9001487b9c2e1972335_0003606752	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Windows\SystemTemp\77e37ce0-8214-4414-aced-551c5ae204d7.tmp\??\C:\Windows\SystemTemp\e28eadcf-6ab0-4d8c-8821-7ce9a6aba1	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\iexplore::name	Internet Explorer	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\iexplore::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\msedge::name	Microsoft Edge	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\msedge::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\firefox::name	Mozilla Firefox	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\firefox::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\chrome::name	Google Chrome	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\chrome::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\opera::name	Opera	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\opera::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\safari::name	Apple Safari	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\safari::int		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKCU\software\microsoft\multimedia\drawdib:: 1920x1200x32(bgr 0)	31,31,31,31	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini		RegNtPreCreateKey
HKCU\software\bonsoft\319710c217c734a5c0daa200d1ba1a64d40ee283_0002168775::ontop		RegNtPreCreateKey
HKCU\software\bonsoft\319710c217c734a5c0daa200d1ba1a64d40ee283_0002168775::alpha	ÿ	RegNtPreCreateKey

28 additional registry modifications are not displayed above.

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent NtQuerySystemInformation OutputDebugString
User Data Access	GetComputerName GetUserName GetUserObjectInformation
Process Shell Execute	CreateProcess ShellExecuteEx WriteConsole
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile Show More ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory win32u.dll!NtGdiAnyLinkedFonts win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateRectRgn win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiDoPalette win32u.dll!NtGdiDrawStream win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiExtTextOutW win32u.dll!NtGdiFontIsLinked win32u.dll!NtGdiGetCharABCWidthsW win32u.dll!NtGdiGetDCDword win32u.dll!NtGdiGetDCforBitmap win32u.dll!NtGdiGetDCObject win32u.dll!NtGdiGetDeviceCaps win32u.dll!NtGdiGetDIBitsInternal win32u.dll!NtGdiGetEntry win32u.dll!NtGdiGetFontData win32u.dll!NtGdiGetGlyphIndicesW win32u.dll!NtGdiGetOutlineTextMetricsInternalW win32u.dll!NtGdiGetRandomRgn win32u.dll!NtGdiGetRealizationInfo win32u.dll!NtGdiGetTextFaceW win32u.dll!NtGdiGetTextMetricsW win32u.dll!NtGdiGetWidthTable win32u.dll!NtGdiHfontCreate win32u.dll!NtGdiIntersectClipRect win32u.dll!NtGdiQueryFontAssocInfo win32u.dll!NtGdiRestoreDC win32u.dll!NtGdiSaveDC win32u.dll!NtGdiSelectBitmap win32u.dll!NtGdiSetDIBitsToDeviceInternal win32u.dll!NtGdiSetLayout win32u.dll!NtGdiStretchDIBitsInternal 61 additional items are not displayed above.
Keyboard Access	GetAsyncKeyState GetKeyState
Network Winhttp	WinHttpOpen
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Network Winsock2	WSAStartup WSAttemptAutodialName
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Service Control	OpenSCManager OpenService StartServiceCtrlDispatcher
Network Winsock	gethostname

Shell Command Execution


							C:\WINDOWS\system32\cmd.exe /c "C:\Users\user\downloads\7315078bc73ee2fe8fd46ee94d18390b61a1177b_0000628073.ini"


							 UltraISO.exe


							"C:\Users\Ejootttb\AppData\Local\Temp\is-CT4C0.tmp\is-QMFUE.tmp" /SL4 $2003C "c:\users\user\downloads\8534d8487a5bf6039cb297610332950bd11eb3c0_0003689370.exe" 3340939 70656


							(NULL) C:\Program Files (x86)\iStar\Star.exe


							c:\users\user\downloads\e088689658d3cfd5130def2faad24afab5560a11_0003243320 "c:\users\user\downloads\e088689658d3cfd5130def2faad24afab5560a11_0003243320"


									"C:\Users\Lkuoevoc\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Cfdebdgk\AppData\Local\Temp\~nsu1.tmp\Un.exe"  _?=c:\users\user\downloads\


									"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" install


									"C:\WINDOWS\system32\CMD.EXE" /C "C:\WINDOWS\system32\regsvr32 /s "c:\users\user\downloads\App\Sys32\asycfilt.dll"


									"C:\Users\Ayeonqeo\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"  _?=c:\users\user\downloads\


									WriteConsole: Register Window


									WriteConsole: Create Window...


									WriteConsole: Create Window ti


									WriteConsole: create tray noti


									WriteConsole: command_line "c:


									WriteConsole: ui_t::create()


									WriteConsole: ui_t::on_create(


									WriteConsole: db::load


									WriteConsole: db::destroy


									WriteConsole: load db...


									WriteConsole: ui_t::create():


									WriteConsole: begin create_db


									 C:\ProgramData\servecas.exe "del" c:\users\user\downloads\71c70334ac7039ea57ca0d8a0c8b07398f39837f_0000910279


									c:\users\user\downloads\bin\MetaGUI.exe


									(NULL) C:\Users\Vdpqyjli\AppData\Local\Temp\RarSFX0\KeyboardTest\KeyboardTest.exe


									C:\WINDOWS\regedit.exe /s "c:\users\user\downloads\config.reg"


									c:\users\user\downloads\DPInst64.exe

Trojan.Floxif

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Trojan.Floxif

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed