Trojan.Generic

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	211
Threat Level:	90 % (High)
Infected Computers:	779,998

First Seen:	July 24, 2009
Last Seen:	February 7, 2026
OS(es) Affected:	Windows

Trojan.Generic is a detection used by anti-malware utilities to inform users if there are Trojans on their computers. The Trojan.Generic detection may be used to identify more than one threat, so it isn't impossible to offer you detailed information about the dangers that threats detected as 'Trojan.Generic' may hide. However, it goes without saying that this detection is used to describe threatening Trojans that may be used to download additional threats to the targeted computer, as well as to execute other unsafe operations that may put the infected machine in danger. Trojan.Generic infections are spread with the help of a broad range of threat distribution techniques, and that's why users must make sure always to have their computer protected by a reputable anti-malware utility.

One method that con artists may use to spread Trojans is e-mail spam. The evil-minded people behind Trojan distribution campaigns may send thousands of misleading e-mail messages containing false information whose purpose is to trick users into downloading and executing a corrupted file that might be disguised to look like a legitimate document, image or other common files. The best way to avoid threatening files that may be associated with Trojan.Generic is to restrain from opening e-mail messages from unknown senders, as well as to be more careful while browsing the Web or downloading files hosted on less popular websites. Naturally, the best protection from Trojan.Generic is installing a trustworthy and up-to-date anti-virus product that can stop the infection before causing any damage.

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
AVG	Generic.A6F
Fortinet	Adware/Amonetize
Panda	PUP/Multitoolbar
GData	Win32.Application.Agent.ORYHPJ
AhnLab-V3	PUP/Win32.Amonetize
Antiy-AVL	GrayWare[AdWare:not-a-virus]/Win32.Amonetize
Sophos	Generic PUA GL (PUA)
McAfee-GW-Edition	Artemis!PUP
TrendMicro	TROJ_GEN.R047C0OK415
Kaspersky	not-a-virus:AdWare.Win32.Amonetize.btms
Symantec	PUA.SwVersionUpdater
McAfee	Artemis!E3B45AB10134
Panda	Generic Suspicious
AVG	PSW.Generic12.CIMP
Fortinet	W32/Inject.EDIZ!tr

SpyHunter Detects & Remove Trojan.Generic

File System Details

Trojan.Generic may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	2274007.exe	c0c058b51003cafcf8c0315769aec7a1	547
Name: 2274007.exe MD5: c0c058b51003cafcf8c0315769aec7a1 Size: 1.85 MB (1851974 bytes) Detections: 547 Type: Executable File Path: C:\Users\<username>\AppData\Local\2274007.exe Group: Malware file Last Updated: September 4, 2024
2.	wkou.exe	b709493d37e9ffb67aff1c3dfc9b2706	126
Name: wkou.exe MD5: b709493d37e9ffb67aff1c3dfc9b2706 Size: 486.91 KB (486912 bytes) Detections: 126 Type: Executable File Path: %ALLUSERSPROFILE%\wccuqt\wkou.exe Group: Malware file Last Updated: February 14, 2022
3.	network.exe	8e9b90a20a604013e37ebf0806025e06	31
Name: network.exe MD5: 8e9b90a20a604013e37ebf0806025e06 Size: 298.95 KB (298950 bytes) Detections: 31 Type: Executable File Path: %ALLUSERSPROFILE%\network.exe Group: Malware file Last Updated: August 2, 2020
4.	458b8b62a3dea11f18a4ead71770dcba0d18a367955bd4f82413e28f53c3339e	45aa1d943161c988f7391b0cad4e2b89	9
Name: 458b8b62a3dea11f18a4ead71770dcba0d18a367955bd4f82413e28f53c3339e MD5: 45aa1d943161c988f7391b0cad4e2b89 Size: 1.78 MB (1783808 bytes) Detections: 9 Path: %SYSTEMDRIVE%\Users\<username>\Desktop\compare2\458b8b62a3dea11f18a4ead71770dcba0d18a367955bd4f82413e28f53c3339e Group: Malware file Last Updated: February 2, 2021
5.	87cf63728ccbd48ba914f6f5a95ce0a902c76e5fc74ba4ab3e5218eec403ada4	73047a5697ecefcaba722286acc12c2a	9
Name: 87cf63728ccbd48ba914f6f5a95ce0a902c76e5fc74ba4ab3e5218eec403ada4 MD5: 73047a5697ecefcaba722286acc12c2a Size: 602.62 KB (602624 bytes) Detections: 9 Path: %SYSTEMDRIVE%\Users\<username>\Desktop\compare2\87cf63728ccbd48ba914f6f5a95ce0a902c76e5fc74ba4ab3e5218eec403ada4 Group: Malware file Last Updated: February 2, 2021
6.	7518b32bd790d697357b740cd3aa76ca77d5fd3ede391124519dbd55874ce2d0	2a5a512f3c04262a34762e23daf5c47b	8
Name: 7518b32bd790d697357b740cd3aa76ca77d5fd3ede391124519dbd55874ce2d0 MD5: 2a5a512f3c04262a34762e23daf5c47b Size: 1.47 MB (1478656 bytes) Detections: 8 Path: %SYSTEMDRIVE%\Users\<username>\Desktop\compare2\7518b32bd790d697357b740cd3aa76ca77d5fd3ede391124519dbd55874ce2d0 Group: Malware file Last Updated: February 2, 2021
7.	aee23d72e06c96f0b7fb6ee985bddff6f13986b67918f9bc9997f6c921b4b8e4.exe	9563838c069be84370d547120ed35316	7
Name: aee23d72e06c96f0b7fb6ee985bddff6f13986b67918f9bc9997f6c921b4b8e4.exe MD5: 9563838c069be84370d547120ed35316 Size: 305.15 KB (305152 bytes) Detections: 7 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Desktop\m\aee23d72e06c96f0b7fb6ee985bddff6f13986b67918f9bc9997f6c921b4b8e4.exe Group: Malware file Last Updated: October 18, 2020
8.	RemoteAppLifetimeManager.exe	de1465236e152ea854a10d1cb1f9aa62	5
Name: RemoteAppLifetimeManager.exe MD5: de1465236e152ea854a10d1cb1f9aa62 Size: 1.23 MB (1231880 bytes) Detections: 5 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\DiagnosticsHub.StandardCollector.Service\RemoteAppLifetimeManager.exe Group: Malware file Last Updated: June 26, 2020
9.	5178316a133ee4ce629f5b31ddc2fdb8fd6ff8a581174c0a21f41d44ebfcd88d.exe	2dbfc31d570c7db069024f30fd16af19	5
Name: 5178316a133ee4ce629f5b31ddc2fdb8fd6ff8a581174c0a21f41d44ebfcd88d.exe MD5: 2dbfc31d570c7db069024f30fd16af19 Size: 1.31 MB (1315840 bytes) Detections: 5 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Desktop\m\5178316a133ee4ce629f5b31ddc2fdb8fd6ff8a581174c0a21f41d44ebfcd88d.exe Group: Malware file Last Updated: October 18, 2020
10.	73010e37fc4f4cd571c70b6e98560bdf342e3ca9364fd699c1d63611fcf4311e.exe	d126669244f967af96759da5417d4884	5
Name: 73010e37fc4f4cd571c70b6e98560bdf342e3ca9364fd699c1d63611fcf4311e.exe MD5: d126669244f967af96759da5417d4884 Size: 668.67 KB (668672 bytes) Detections: 5 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Desktop\m\73010e37fc4f4cd571c70b6e98560bdf342e3ca9364fd699c1d63611fcf4311e.exe Group: Malware file Last Updated: October 18, 2020
11.	756573b42896abe1b44357b47902252a845fe567e1fdc056939f2fa206dd2189.exe	b14ee20b9f6cb4e6600de451f83e8d3a	5
Name: 756573b42896abe1b44357b47902252a845fe567e1fdc056939f2fa206dd2189.exe MD5: b14ee20b9f6cb4e6600de451f83e8d3a Size: 625.15 KB (625152 bytes) Detections: 5 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Desktop\m\756573b42896abe1b44357b47902252a845fe567e1fdc056939f2fa206dd2189.exe Group: Malware file Last Updated: October 18, 2020
12.	a72d19bc0c550d6ac3e8e6ef34bf507091219e72091a76bb7d1950848d4837b7.exe	441d11556e98852e9cd720a2a04e4b74	5
Name: a72d19bc0c550d6ac3e8e6ef34bf507091219e72091a76bb7d1950848d4837b7.exe MD5: 441d11556e98852e9cd720a2a04e4b74 Size: 707.07 KB (707072 bytes) Detections: 5 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Desktop\m\a72d19bc0c550d6ac3e8e6ef34bf507091219e72091a76bb7d1950848d4837b7.exe Group: Malware file Last Updated: October 18, 2020
13.	aecbe7bff2da0caa0649ec01488a1a836b2c638a824bba67b78ad50fb137d7be.exe	dd4ad6e90dfc9496cb56150376a6c181	5
Name: aecbe7bff2da0caa0649ec01488a1a836b2c638a824bba67b78ad50fb137d7be.exe MD5: dd4ad6e90dfc9496cb56150376a6c181 Size: 416.25 KB (416256 bytes) Detections: 5 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Desktop\m\aecbe7bff2da0caa0649ec01488a1a836b2c638a824bba67b78ad50fb137d7be.exe Group: Malware file Last Updated: October 18, 2020
14.	b625d3a356f627b81becdfc0945396da37e762a3bae3462bd59b625fb6d091aa.exe	ed4df0ef06520be7da64261107f0f527	5
Name: b625d3a356f627b81becdfc0945396da37e762a3bae3462bd59b625fb6d091aa.exe MD5: ed4df0ef06520be7da64261107f0f527 Size: 698.36 KB (698368 bytes) Detections: 5 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Desktop\m\b625d3a356f627b81becdfc0945396da37e762a3bae3462bd59b625fb6d091aa.exe Group: Malware file Last Updated: October 18, 2020
15.	cc883d294c58d5b061c9754bf4c8a69f34609c62a609cd5a3922fdcb90957fcc.exe	035d53ac51763375f50876494bb80d86	5
Name: cc883d294c58d5b061c9754bf4c8a69f34609c62a609cd5a3922fdcb90957fcc.exe MD5: 035d53ac51763375f50876494bb80d86 Size: 440.32 KB (440320 bytes) Detections: 5 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Desktop\m\cc883d294c58d5b061c9754bf4c8a69f34609c62a609cd5a3922fdcb90957fcc.exe Group: Malware file Last Updated: October 18, 2020
16.	d16f873e2941fb953e381f4bcf8bcb347bfa1125efa06c71706e02c960717213.exe	f8c9cb4c4898e077e4454d510f3bca11	5
Name: d16f873e2941fb953e381f4bcf8bcb347bfa1125efa06c71706e02c960717213.exe MD5: f8c9cb4c4898e077e4454d510f3bca11 Size: 736.76 KB (736768 bytes) Detections: 5 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Desktop\m\d16f873e2941fb953e381f4bcf8bcb347bfa1125efa06c71706e02c960717213.exe Group: Malware file Last Updated: October 18, 2020
17.	d19e690275e1eec487544552366accd109567893c79b3634cef31515b9a0a19b.exe	586fa8fea2272a93224d52ea5c32c331	5
Name: d19e690275e1eec487544552366accd109567893c79b3634cef31515b9a0a19b.exe MD5: 586fa8fea2272a93224d52ea5c32c331 Size: 525.31 KB (525312 bytes) Detections: 5 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Desktop\m\d19e690275e1eec487544552366accd109567893c79b3634cef31515b9a0a19b.exe Group: Malware file Last Updated: October 18, 2020
18.	fa67c0d0bac1f60c00b103773d7dba352956dc4db285f13e266a03ab46796b04.exe	e60f2ae7d0109364e0a18bb7a5dc4a03	5
Name: fa67c0d0bac1f60c00b103773d7dba352956dc4db285f13e266a03ab46796b04.exe MD5: e60f2ae7d0109364e0a18bb7a5dc4a03 Size: 1.33 MB (1339904 bytes) Detections: 5 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Desktop\m\fa67c0d0bac1f60c00b103773d7dba352956dc4db285f13e266a03ab46796b04.exe Group: Malware file Last Updated: October 18, 2020
19.	fafa6767621f62637d1baf9a44c160eecef66481beabde38b2a87bdd0b1b161a.exe	ef2bd3821b7ff576ad7a213d5e819a0d	5
Name: fafa6767621f62637d1baf9a44c160eecef66481beabde38b2a87bdd0b1b161a.exe MD5: ef2bd3821b7ff576ad7a213d5e819a0d Size: 429.57 KB (429572 bytes) Detections: 5 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Desktop\m\fafa6767621f62637d1baf9a44c160eecef66481beabde38b2a87bdd0b1b161a.exe Group: Malware file Last Updated: October 18, 2020
20.	2629ac8299cad363747c43caf52dd46d0267fa40ef1b95ce7f316668ec23055b	ab42ffcbd0f9e3d761af81bb31e8eb7d	4
Name: 2629ac8299cad363747c43caf52dd46d0267fa40ef1b95ce7f316668ec23055b MD5: ab42ffcbd0f9e3d761af81bb31e8eb7d Size: 328.19 KB (328192 bytes) Detections: 4 Group: Malware file
21.	cfce0479f252d8a37a069a9cb0e514593dea1dba7888d8b81212d2c594b44cba	ac4a0fc175f0210e60a9aa04cef7501c	2
Name: cfce0479f252d8a37a069a9cb0e514593dea1dba7888d8b81212d2c594b44cba MD5: ac4a0fc175f0210e60a9aa04cef7501c Size: 432.64 KB (432640 bytes) Detections: 2 Group: Malware file
22.	f15a3417501358c054990f42cc96dd6fc1677fbef3a87d0dc36b18b2f583cfa5	7b5f22804e53f0ee5dd6f49343253725	2
Name: f15a3417501358c054990f42cc96dd6fc1677fbef3a87d0dc36b18b2f583cfa5 MD5: 7b5f22804e53f0ee5dd6f49343253725 Size: 315.39 KB (315392 bytes) Detections: 2 Group: Malware file

More files

Registry Details

Trojan.Generic may create the following registry entry or registry entries:

CLSID

{00011268-E188-40DF-A514-835FCD78B1BF}

{038cb5c7-48ea-4af9-94e0-a1646542e62b}

{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}

{9233C3C0-1472-4091-A505-5580A23BB4AC}

{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}

{BB4C402F-882A-4526-8C08-51278EA437C1}

{BB4C402F-882A-8C08-4526-51278EA437C1}

File name without path

_file_!.tmp

Adobe!.exe

bazoulla.exe

cccam.vbs

dowloadx.exe

Exit To Dos.pif

ifhvvyy.exe

kissq.exe

loader.vbs

NYANxCAT.vbs

QUALITY PORN.url

QuicTime.EXE

searzar.exe

svchost.vbs

svchostw.exe

svcnosts.exe

tempsystem32bit.exe

Twitchilych.exe

windows.gaming.xboxlive.storage.exe

winnewsserv.exe

worm.vbs

Regexp file mask

%ALLUSERSPROFILE%\Application Data\Console.exe

%allusersprofile%\application data\keygen.bat

%ALLUSERSPROFILE%\Application Data\run.exe

%ALLUSERSPROFILE%\Application Data\WorkflowAppControl.exe

%ALLUSERSPROFILE%\Console.exe

%ALLUSERSPROFILE%\cpsvchost.exe

%ALLUSERSPROFILE%\des.exe

%ALLUSERSPROFILE%\dllhost.exe

%ALLUSERSPROFILE%\ggse.exe

%allusersprofile%\keygen.bat

%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\startup\[RANDOM CHARACTERS].pif

%ALLUSERSPROFILE%\NvContainer.exe

%allusersprofile%\qspeak.dll

%ALLUSERSPROFILE%\run.exe

%ALLUSERSPROFILE%\Service.exe

%ALLUSERSPROFILE%\start.exe

%allusersprofile%\sv[RANDOM CHARACTERS]ost.exe

%ALLUSERSPROFILE%\svshost.exe

%ALLUSERSPROFILE%\WorkflowAppControl.exe

%ALLUSERSPROFILE%\worm.exe

%APPDATA%\[NUMBERS].exe

%APPDATA%\AMonitor\w{0,1}comspc.exe

%APPDATA%\app.exe

%appdata%\backdays.exe

%APPDATA%\BBCC.exe

%APPDATA%\Certificates\sixhost.exe

%APPDATA%\Chromm.exe

%APPDATA%\Cousins

%APPDATA%\csrssw{0,4}.exe

%APPDATA%\explorer.exe

%APPDATA%\fix.exe

%APPDATA%\FolderN\name.exe

%APPDATA%\Google Auto Updater.exe

%APPDATA%\images.exe

%appdata%\images\img.exe

%appdata%\jjj.exe

%APPDATA%\jusched121.exe

%appdata%\kerorerohek.exe

%APPDATA%\load[RANDOM CHARACTERS].exe

%APPDATA%\loader.exe

%APPDATA%\logger.p

%APPDATA%\LogMeInUpdService\logmeinusvc.exe

%APPDATA%\Media Center Programs\update.exe

%APPDATA%\Microsoft\Authawex\dssetLib.exe

%APPDATA%\microsoft\security\security helper.exe

%APPDATA%\Microsoft\Windows\dwm.exe

%APPDATA%\Microsoft\Windows\Sound.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\app.exe

%APPDATA%\microsoft\windows\start menu\programs\startup\111.exe

%APPDATA%\microsoft\windows\start menu\programs\startup\[RANDOM CHARACTERS].pif

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS]ame.vbs

%appdata%\microsoft\windows\start menu\programs\startup\[RANDOM CHARACTERS]payload[RANDOM CHARACTERS].exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\AdobeDll.exe

%appdata%\microsoft\windows\start menu\programs\startup\cwds.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe

%appdata%\microsoft\windows\start menu\programs\startup\mscv[NUMBERS].exe

%appdata%\microsoft\windows\start menu\programs\startup\runpe.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\scvhost.vbs

%appdata%\microsoft\windows\start menu\programs\startup\startab.vbs

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\SystemAutorun.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\usvc32.lnk

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\virus.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Windows Security Update.exe

%APPDATA%\Microsoft\Windows\Stealer.exe

%APPDATA%\Microsoft\Windows\Templates\System.Dll.Exe

%APPDATA%\MSBUILD.exe

%appdata%\netflix.exe

%APPDATA%\omsecor.exe

%APPDATA%\PR_Updaters_Service.exe

%APPDATA%\puddlings.exe

%APPDATA%\qop.exe

%APPDATA%\RSSCom\SCG.exe

%APPDATA%\scvhost.exe

%APPDATA%\smss.exe

%APPDATA%\sumuel.exe

%APPDATA%\taskger.exe

%APPDATA%\taskkor.exe

%appdata%\tbgrvfcer.exe

%APPDATA%\update.exe

%APPDATA%\van.exe

%APPDATA%\xpsr[RANDOM CHARACTERS].exe

%APPDATA%\zero.exe

%HOMEDRIVE%\dllhost.exe

%HOMEDRIVE%\IMG001.exe

%LOCALAPPDATA%\adobe.exe

%localappdata%\firefox utility.exe

%localappdata%\idlsvcs\idlsvcs.exe

%LOCALAPPDATA%\Local Settings.exe

%LOCALAPPDATA%\micro\micro.dll

%LOCALAPPDATA%\Microsoft\WUDHost.exe

%LOCALAPPDATA%\svchost.exe

%localappdata%\svx.exe

%LOCALAPPDATA%\temp\trojan.exe

%localappdata%\temploader.exe

%LOCALAPPDATA%\Temptilusorel.exe

%localappdata%\winrar.exe

%ProgramFiles%\phc?????????\[RANDOM CHARACTERS]

%ProgramFiles%\rhc?????????\[RANDOM CHARACTERS]

%ProgramFiles%\thc?????????\[RANDOM CHARACTERS]

%ProgramFiles%\thc[RANDOM CHARACTERS].[RANDOM CHARACTERS]

%ProgramFiles%\whc[RANDOM CHARACTERS].[RANDOM CHARACTERS]

%SYSTEMDRIVE%\escaped.exe

%SystemRoot%\System32\lphc[RANDOM CHARACTERS].[RANDOM CHARACTERS]

%SystemRoot%\System32\phc[RANDOM CHARACTERS].[RANDOM CHARACTERS]

%SystemRoot%\System32\rhc[RANDOM CHARACTERS].[RANDOM CHARACTERS]

%SystemRoot%\System32\thc[RANDOM CHARACTERS].[RANDOM CHARACTERS]

%SystemRoot%\System32\whc[RANDOM CHARACTERS].[RANDOM CHARACTERS]

%TEMP%\[NUMBERS].exe

%TEMP%\hey.exe

%TEMP%\IELOGIN.abc

%TEMP%\Microsft.exe

%TEMP%\mine.exe

%TEMP%\moving.txt

%TEMP%\name.exe

%TEMP%\server2.exe

%TEMP%\systemWow64.exe

%TEMP%\test[1].exe

%TEMP%\wininetsvc.exe

%TEMP%\xxx[RANDOM CHARACTERS].exe

%UserProfile%\643f[RANDOM CHARACTERS].[RANDOM CHARACTERS]

%USERPROFILE%\Desktop\firefoxe.exe

%userprofile%\documents\app.exe

%USERPROFILE%\Documents\LeaderTask\ltask.exe

%USERPROFILE%\Downloads\KEYS?.exe[RANDOM CHARACTERS]

%USERPROFILE%\Downloads\Order[NUMBERS].exe

%USERPROFILE%\Downloads\pady.exe

%USERPROFILE%\Downloads\scar.exe

%USERPROFILE%\Local Settings\Application Data\svchost.exe

%USERPROFILE%\Music\Disney\aiming.exe

%USERPROFILE%\NVDisplay.Container.exe

%UserProfile%\phc[RANDOM CHARACTERS].[RANDOM CHARACTERS]

%UserProfile%\rhc[RANDOM CHARACTERS].[RANDOM CHARACTERS]

%userprofile%\rrinstaller\RtlUpd64.exe

%USERPROFILE%\taswexuahoft.exe

%UserProfile%\thc[RANDOM CHARACTERS].[RANDOM CHARACTERS]

%USERPROFILE%\Update\Updater[RANDOM CHARACTERS].exe

%USERPROFILE%\user.exe

%UserProfile%\whc[RANDOM CHARACTERS].[RANDOM CHARACTERS]

%USERPROFILE%\windows\svchost.com

%WINDIR%\assembly\w{1,15}.exe

%WINDIR%\configuration\configuration.exe

%WINDIR%\CTS.exe

%WINDIR%\debug\cmghost.exe

%WINDIR%\debug\item.dat

%WINDIR%\debug\ok.dat

%WINDIR%\Defender.exe

%WINDIR%\Fonts\sqlserver.exe

%WINDIR%\Max\maxup.exe

%WINDIR%\Max\sammui.exe

%WINDIR%\Max\wincore.exe

%windir%\svchost.exe.exe

%WINDIR%\System32\seth.exe

%WINDIR%\System32\Tasks\At1

%WINDIR%\System32\Tasks\Peoria

%WINDIR%\System32\workout.exe

%WINDIR%\SysWOW64\Microsoft\crrcs.exe

%WINDIR%\SysWOW64\mqls.exe

%WINDIR%\SysWOW64\seth.exe

%WINDIR%\Tasks\At1.job

%WINDIR%\Tasks\At[NUMBERS].job

%WINDIR%\userinit.exe

%WINDIR%\windows.bat

%WINDIR%\windows.vbs

%WINDIR%\Windows\ProgramData\svchost.exe

%WINDIR%\Windows\ProgramData\wincore.exe

HKEY..\..\..\..{RegistryKeys}

Software\Microsoft\Windows\CurrentVersion\##

Software\Microsoft\Windows\CurrentVersion\Run\5725c62dbe5ccceaeca7741be17a45b5

Software\Microsoft\Windows\CurrentVersion\Run\Google Helper 2

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System.vbs

Software\Microsoft\Windows\CurrentVersion\Run\Windows Update

SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Update

SOFTWARE\vítima

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\5725c62dbe5ccceaeca7741be17a45b5

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Regedit32

Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Update

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Windows Update

SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{4826EBDF-CA2E-40D0-8CD8-1D7C1603E46F}

SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{7A67B53B-F94B-4D5B-A554-0817C58A3ABA}

SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{4826EBDF-CA2E-40D0-8CD8-1D7C1603E46F}

SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{7A67B53B-F94B-4D5B-A554-0817C58A3ABA}

SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{4826EBDF-CA2E-40D0-8CD8-1D7C1603E46F}

SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{7A67B53B-F94B-4D5B-A554-0817C58A3ABA}

Run keys

Cognac

FixCamera

SmartMon

Directories

Trojan.Generic may create the following directory or directories:

%ALLUSERSPROFILE%\Application Data\google helper 2

%ALLUSERSPROFILE%\HDD Integrity Checker

%ALLUSERSPROFILE%\Java Update Controller

%ALLUSERSPROFILE%\Orihoni

%ALLUSERSPROFILE%\VagJelr

%ALLUSERSPROFILE%\application data\services

%ALLUSERSPROFILE%\google helper 2

%ALLUSERSPROFILE%\services

%ALLUSERSPROFILE%\windows host

%ALLUSERSPROFILE%\windows security

%APPDATA%\Adobe\SWF Frame Renderer

%APPDATA%\Imminent\Logs

%APPDATA%\Micrososft\infin

%APPDATA%\NvidiaAdapter

%APPDATA%\Systemrc

%APPDATA%\Windows Updates Files

%APPDATA%\XReg32

%APPDATA%\ZSmsWin

%APPDATA%\abode

%APPDATA%\dclogs

%APPDATA%\lime

%APPDATA%\wnetworkmgmt

%COMMONPROGRAMFILES(x86)%\sfbsbvy

%HOMEDRIVE%\UsbFixer

%HOMEDRIVE%\skycloudtemp

%LOCALAPPDATA%\Michael

%LOCALAPPDATA%\syshealth

%PROGRAMFILES%\CompanyExpertChange

%PROGRAMFILES%\acoustic talk

%PROGRAMFILES%\data_up

%PROGRAMFILES%\labelwoka

%PROGRAMFILES%\memory cafe

%PROGRAMFILES%\xyrz

%PROGRAMFILES(x86)%\CompanyExpertChange

%PROGRAMFILES(x86)%\data_up

%PROGRAMFILES(x86)%\microsoft games\game

%PROGRAMFILES(x86)%\microsoft games\games

%PROGRAMFILES(x86)%\subdir

%TEMP%\FoldfoerN

%TEMP%\MyOtApp

%TEMP%\Subvon

%TEMP%\avas32

%TEMP%\get_away_from_me

%USERPROFILE%\videos\captures\news

%WINDIR%\System32\System32

%allusersprofile%\VkontakateDJ

%appdata%\appnt

%appdata%\baocv

%appdata%\bssvchost

%homedrive%\Sysmain

%localappdata%\windowssvnc

%programfiles%\EyeDetaca

%programfiles%\MinuteBapivi

%programfiles%\MoneyKigaha

%programfiles%\copa

%programfiles%\doper

%programfiles%\fufo

%programfiles(x86)%\copa

%programfiles(x86)%\doper

%programfiles(x86)%\fufo

%temp%\wup

%windir%\fonts\xxx

Analysis Report

General information

Family Name:	Trojan.Generic
Signature status:	No Signature

Known Samples

MD5: 586cbb805e80658cd850b0de008e70f4

SHA1: 6994b9148741992253881342dc556f3769692085

File Size: 4.04 MB, 4042456 bytes

MD5: 0c178933244dc511196ecddb8e9c7d58

SHA1: 2db666a45f1218e495d860af133654925689ce00

File Size: 20.99 KB, 20992 bytes

MD5: da7c29842a8cc3658551afb12373a7cd

SHA1: 1ce55238ae1217d95e67aaee19b347216c980e44

File Size: 2.95 MB, 2950272 bytes

MD5: de3c444d2ad0732b8ca69e642e0cb2cc

SHA1: adff35bbaa0e9e7debb54660f2d49443d4e4f782

File Size: 110.59 KB, 110592 bytes

MD5: d0339013082d9a863d410f6805a44617

SHA1: 4c012e5c409c2c4b541f33320b847f0583d285a4

File Size: 104.45 KB, 104448 bytes

MD5: 41ec890cad597434962992e222648867

SHA1: 0d0d278b5e9797d78cae16f364c316567bb22869

File Size: 4.15 MB, 4153344 bytes

MD5: e25771d684b109cd6a8febf7b7a899ae

SHA1: f1919a9049b3196951fa1092ab2f0904ac6a8144

File Size: 1.81 MB, 1807360 bytes

MD5: 6a8f565b8613b6390b2096438bed2cec

SHA1: fbcb9c5f7ed488b73aa3bf8df88ffe248c2ad1e5

File Size: 5.63 KB, 5632 bytes

MD5: cdf88f4b6261f256598ee0e37d25377b

SHA1: d786e873d79a9a3e78828f3ff1d862b026bf6a03

SHA256: D57938B0E36EC987B428B75117E0E1759C92148A5CB197E8940694BB96B54431

File Size: 31.23 KB, 31232 bytes

MD5: 0a591a5902d1bdf8170d8aaee57f2dc6

SHA1: eb9f20421cdb5194a5b9079c6a778d5681b2e605

SHA256: 41C60A40216A7BAA49947D0FF4598B8A6A46E881F8948430E814A2261CCC8E41

File Size: 3.23 MB, 3226494 bytes

MD5: c6d73a7fa5b7ecdf3e6f96a1e838471d

SHA1: baad28289231b7d19afcdba89a1535ea653a9903

SHA256: CF02E1CAD47E220B6FA24D05689356D70173C86BE10E3E213E8E90E859C3A542

File Size: 157.70 KB, 157696 bytes

MD5: ae784818826baa7a80f298cd1d16a7a7

SHA1: 7d23c6c942737285e922b565e47205000190a94a

SHA256: 72007320F05E75057FF8F3B43B702B6683B10A787BE1C915ED44FC8F5E93FC2B

File Size: 619.28 KB, 619280 bytes

MD5: 3a98e44bd0adc83a89fd5ae5c365504e

SHA1: 4f3b638d5e71dd53ed71911440911ec2653725dc

SHA256: 5890910A865694AE07F918BDF7682701BCEC44443FD3227F54E8E22A654E137C

File Size: 2.41 MB, 2408448 bytes

MD5: 70a4c3db74a4a4a4524825458501d554

SHA1: 73002f6ecc39fd37e745804a625a34d1fe7c4d2b

SHA256: 4A27748D0C20579931D04EF12FB5C52C0A2998F71B17E870567E0C6FB5B4409E

File Size: 1.15 MB, 1152000 bytes

MD5: 02d70c9e65f108b5c4f7d9049fa082ab

SHA1: 9bee285399f916daea956742a0d715ed40290306

SHA256: 948AF8AF23797012AD4F677FBCAE2FDDAF5587AE268EC515738EA741C07D23B6

File Size: 9.24 MB, 9243176 bytes

MD5: cb95d9ca0a3deff3b723c4d5ddf81c18

SHA1: 2d544e93bc79771b73b0d4d65373d08f39708510

SHA256: 5A3B12D519CC4F706CC801A006355DA39C0532C0EA9DB7C3E6217DAD14DBA012

File Size: 4.15 MB, 4145941 bytes

MD5: b29dad1caff1ce1d17c9b867cccc1815

SHA1: 249644e2210148c3406ffedd96f422da4170cdf5

SHA256: 64584B98B5FA1CA2C1724649F8CEAD60FF3A714815645171875E5323B9383FED

File Size: 199.68 KB, 199680 bytes

MD5: 425a4f37c327d3448a07145ff52a4b88

SHA1: 444ee116daf4fc89562723325b827d5c06922566

SHA256: 184F5319983A8E2D8B79ADBF77F40AB73395634D55A35A83F5D5E36D55C09D92

File Size: 236.03 KB, 236032 bytes

MD5: d58faebdd6655b6881003442e25c9149

SHA1: 9fc0f590c15f15a7e67fb94370b60cd6400b9e8e

SHA256: 2A452C46C33671607A6CFAA0CF3278A858640F2F2C8F7E33EB8799DA9FA4DEEA

File Size: 4.15 MB, 4150272 bytes

MD5: b6239322347bdfa6d0e4d6984cc6ac49

SHA1: 97f1028079a151815c2fe4ecd2110454df7dee16

SHA256: C574A80D150FBB7BD429A83E6E586CC4591167E50BB4AB4D1F95B55C603F0FC6

File Size: 3.12 MB, 3115008 bytes

MD5: 1703e29ac49d4d8b58b4a77073a8107d

SHA1: 74ff8b6be638aaaaebb955ba3e93160d8f925e86

SHA256: AD608B852E512048E7C07A09484623CC66EBD7AA3F7282AA46AF36723A677060

File Size: 3.16 MB, 3164277 bytes

MD5: f26cd80b5b22442fd6d15e2a707aba77

SHA1: fa9b9a00d27aa9033ab7ab632e1708014178b91e

SHA256: 4A066E282CCD1763FA8F6BD1E4A266EB487CC827CC5FE61DEF59873B34063C26

File Size: 6.10 MB, 6104576 bytes

MD5: 88e003cd6dea955d95bb56529058f6c8

SHA1: 9d92328466591fa17ffdf22b3c5aa809a1c162eb

SHA256: 267F20630FF5CC961772F6A7DD081F2C8ACA5A1BB540D40967381A3F7154480C

File Size: 147.97 KB, 147968 bytes

MD5: 44c06bf66a64c520d1aabc5bd3a52ce5

SHA1: e01da84c513919523ae580abea95e49cb88b9d17

SHA256: D094F73C4B6809758F9EA34636A5A97BDC8A1C0E4188ED1BE1B421B2A6AA930C

File Size: 6.53 MB, 6526976 bytes

MD5: c3ab3df498adf049c0a3089c68d5bfee

SHA1: 3f5d796ba7e562273bc5a7a2d884ddec5d05489b

SHA256: 6247D1A2EACC253A67356554C12877CB57A293DDA2C9983547115442EAFB20B3

File Size: 108.03 KB, 108032 bytes

MD5: c35935a4a628c3fd3704cb5a8efe2877

SHA1: a2afbe926d827755f6b692396bddf69a91727b10

SHA256: 1D55E79361EEB511FAC3918960DC16F67F1452E1531B70200F5C8B4CFB86924C

File Size: 12.29 KB, 12288 bytes

MD5: cfd9e64f66dafe1292c8d8a604f9cd73

SHA1: b33478d45946a574769169b6c18bfd2b20397883

SHA256: CB0FF37F8D498C76A90CA681D76B8190727F58D01B00DC0F6C32C45F85D37B56

File Size: 426.69 KB, 426688 bytes

MD5: 9a422bb0fe6f183e99fb79ec8aee1a06

SHA1: 32d0c1afb06460844070f3b04aba464597d1c826

SHA256: C65EA3BDF07137F9545AA807182E3C000C7E2A4EADF3C4F1C79525F1B665B465

File Size: 5.38 MB, 5384704 bytes

MD5: ceef74cd8675671c780cef4c4f832c8d

SHA1: 3062d57e0644079c66b07707a4d6714cf1689b57

SHA256: A7366398F194A5E88C108B16DF293C21B9304F1B3AF35E4D89F48FC432BB9711

File Size: 3.14 MB, 3140608 bytes

MD5: 4aa3fed3f24093578cd4e67493312119

SHA1: 2f192fa70794a1fc2fdba0c43cb00cbee3e28ecd

SHA256: BE12F920B0F768A5E9D1D8781C4ED6171B1E0FA6FBAA4DC7050794E0D1CE436A

File Size: 827.39 KB, 827392 bytes

MD5: 210814badd2b47d01ac4353961e1c2bb

SHA1: 58a307821bf001da4bc9327c284bc49b1a28205c

SHA256: 470A791F2E9E6754A03590E13F6C5A6DF281FC424C2F8396BC6F9CC294A73F4C

File Size: 87.66 KB, 87664 bytes

MD5: f7c291c602bb7e075795a9e6ce909810

SHA1: e36ce2a7bea21e0118f911486fd8bca9a5ae909b

SHA256: A9007A94627C974C7178EC7C515FAD3DBEC962E8627F01532FB500445AF5A4AE

File Size: 3.06 MB, 3060345 bytes

MD5: 7fb782d26e4b144dcf15098a1f9c5bf3

SHA1: 71ea723717988362dc4f645f2464a825325b8582

SHA256: 0B2E8DB894B75B28C25F94BDE68E6654DCA178D3251EB3FC1C925B0091C7CB25

File Size: 5.78 MB, 5777502 bytes

MD5: 87aa0fbc176a4974c24119961a068217

SHA1: f52c0468df9b511e7e50d953b3ec9cdad72c0d28

SHA256: CE5C42E8C3005BD0F1555140AE2256B3F3A526CDBD2CF6E39E2345C718EF510A

File Size: 4.15 MB, 4149248 bytes

MD5: 16587981e6e0c08a4a6b68242837e5dc

SHA1: e442bbbea628794662e15a17f959c3fe370bfeec

SHA256: 7B44FFD0FB9E0E357AEB3FA66CD38F95CDB74F2D4A23BFB8E44380A335BBA918

File Size: 642.56 KB, 642560 bytes

MD5: 0a4a0b3d69ec297ac0a05f0c0351f03f

SHA1: b6569b52b4a94e181efb10bdb54cceaa4361fcc6

SHA256: 93BA6E2BB60273D46166957565B732B3AD1AE7F9D44AFD6E268607C90DDB5B61

File Size: 987.14 KB, 987136 bytes

MD5: 879639374497b63e27a51ea4c16ee8fe

SHA1: 676d36f88113a0bf811391b71c843a52d84bbc67

SHA256: E94219271DE84E574BBD2DA81E83C93681655BE2A989FBA66A40BA505CE69BC9

File Size: 631.30 KB, 631296 bytes

MD5: e25d122ceebfe10a66c3c1d64a8a8503

SHA1: 63359914ca95ce676552905a52675969dda54c93

SHA256: 77D937AE1FF1C503B36E31F7EA07E25F9A7ADAB472AB231840361F228ECE70EC

File Size: 1.16 MB, 1155584 bytes

MD5: 0d43365065f9e47a2f9083df6bbc9060

SHA1: f5c95ae2d65972a7e1d36e4e6be669eb0ef55e38

SHA256: 0943FE9996E9983F31798F1407DEA6A74727466E8557D9F7C6743ABB5B9069B2

File Size: 77.96 KB, 77959 bytes

MD5: 7a3041474aaa8a2b65ac8b94740eca0f

SHA1: be15a1fdbb9191742d4d04cc11a80c8e296e33c5

SHA256: ECB43D21CE3583C10D47BA414CFA29AC7C663ABF307C2C04E197E2BC0CE72628

File Size: 249.86 KB, 249856 bytes

MD5: 8c117ab14a419c87e620badcdbd66e10

SHA1: 8ca223c01f48553fb449b392c8eb4d1320e0764c

SHA256: 985A89A4A6EFF42CBD4A62300D70B32518F3E9A1088022F3D1DBFDD825CDC71B

File Size: 609.28 KB, 609280 bytes

MD5: de2e22afe4128a6c093d122a338b49d6

SHA1: 0b0159f03e4b5ede784de3f74bc06458694c55a5

SHA256: F452E65A50A056530D0F1668F97EBBEE2C079429EDDCE8C42FEEFA4864455DBC

File Size: 646.14 KB, 646144 bytes

MD5: ef3e118ed341c65bc58eec370099f213

SHA1: 1656864adb5d93649a8f63e0859baa5687ee5b7c

SHA256: 47CD3C7F89D1E400EC120CF62A3BD7A3016AAB95C6DF9370338F28CB1E271486

File Size: 827.39 KB, 827392 bytes

MD5: bbab3735fb03b69a10fcd0e0050ca678

SHA1: 93cb4a896ab2446cf4bac16f7c8df667eccef3e4

SHA256: 9F30FBA501C293C06B5F994509ABA1F5D766ED687F6C236525305AE554320DA3

File Size: 244.22 KB, 244224 bytes

MD5: 6e42c07e17350111fc871d7ce825372f

SHA1: 384746986511141bc4c155044492f5e46f820792

SHA256: DA14BDDB3AF98AE459BDDCE1A2D71A8782149A47776998D532BA05A465543280

File Size: 9.48 MB, 9476172 bytes

MD5: 9baeeeae71b443d2525996ea20a33701

SHA1: 40b051586ee2c774d347a0148d89aba0302a660d

SHA256: 5DC186EDACF9FD0FDAF1F3EDE77705F51CB120B641B492EF8A5B1B9ACD705884

File Size: 3.51 MB, 3507543 bytes

MD5: ddda42ed9edd4b17fe167fba8cf00b61

SHA1: 0df86c76698e7800bf6ac2ec6a7de71f54cb10bd

SHA256: 858BE570C336C6BA6C74DC4BA24AAE15D6BE81AFE74F0FC6E6923E5C1C736E32

File Size: 676.57 KB, 676566 bytes

MD5: b096a4fd985df5869da0fc5ff55bbf80

SHA1: f3a23b9f323f026bf0250d80973a588f62ecc46a

SHA256: 06E63F17590A47CF780637DFF29A2625394EF2A45775F98EF057B4EBD37C8143

File Size: 628.22 KB, 628224 bytes

MD5: b74762d71e63159076189b6d38b2b381

SHA1: 51c60a8b8567bc5ea77d755912bdf7754353e054

SHA256: AEF3AACA2052675C224884C528A9FB8FF5F0DE278FBA23BDEE8C2689277A3386

File Size: 693.80 KB, 693803 bytes

MD5: 16d43e6b7d4625cdd6959b47c2ea0bef

SHA1: afd8e5cb1bc3b1c5bf5be4f3af5793989e68b6ac

SHA256: C1CC815F63EF7C37693103BE8C86B03ECA0C1BF98D9B1992CE5157A9DB329FA1

File Size: 273.92 KB, 273920 bytes

MD5: 858f1eb136ea776b5e55100e36c7a4df

SHA1: 8c1de884ff36ebf6a3595a8e1eefc39d9d0f41b5

SHA256: 0E6284AFF4CC27282956AC2891431C28F1F31EC56B522D801513588A2D79F737

File Size: 1.32 MB, 1316958 bytes

MD5: abe8636587e893636d79357a88805acf

SHA1: c4f31a2e56564002713301f7b47661359f32ee3a

SHA256: 9305E9403F1DDB304F7AD933DE923CF544BE918342066B1D42EAB6DE5D677C5C

File Size: 1.09 MB, 1089536 bytes

MD5: 586b28a748c29b8181b3f338517aa845

SHA1: 0f607d3199003872916cd127b0583f873c71a16a

SHA256: CD0D7E009641238CAB0F2190976FFA3E098EB38C1578D20CE4B2D2205A7666B5

File Size: 20.99 KB, 20992 bytes

MD5: a742a94e4ea8b9416d1b8661980ae09e

SHA1: 4c4f5718f70de0eaebf6b11a71abd895715794bd

SHA256: FF4BEB75918335514D3A5CAC689C6D81781418F44AF218550F36EB4C9DBF05F4

File Size: 710.14 KB, 710144 bytes

MD5: 431cd9e8a841f8ff07e0d163d4ccfb5a

SHA1: 132cdd4d9c15d90ba7ad07fe05f62f27bd7a6db8

SHA256: 9B0C37CA85116366AF59302A80D276391AC95DB9E86541FC14D83D08723090FA

File Size: 679.71 KB, 679709 bytes

MD5: cb60dbeda725e8d96cf85a677e618334

SHA1: 905a1bb007eaca06b808e5e506d6a7371424b69f

SHA256: 3EC404C6D6B8599EFA4E780598F8495C87113C325EDDF526357FEA382B51D3C1

File Size: 147.97 KB, 147968 bytes

MD5: df69d02c111bc6bcd5c65fbfac174232

SHA1: c3473d5f3beb076af5bcb7eab3cce85b4eecaeb5

SHA256: 4B3E02DED194DAE120DBDBD6F9E7C6DEB7CF6903B2FF0A1A8D29A4E3DEE332A3

File Size: 165.89 KB, 165888 bytes

MD5: 6f92c831721d2f175236e82df8a7215c

SHA1: 6fb5e35ac3f2e591eb6832e79d4660067e0c8199

SHA256: FFD20511BF4A465B9B7425ECACA4E0B9A3DA623BB8E9657863AC5D405840AA49

File Size: 248.32 KB, 248320 bytes

MD5: 8c4e973648948fdc6483eb6810295876

SHA1: e97334d4acd3e3444dc2b9b4ce2de5228994f929

SHA256: 30A951D373EA6DFFD4C2A50E928642AC952DE3ABABC1C86F5228655A908ABDF1

File Size: 7.80 MB, 7796224 bytes

MD5: 15024fab85ed9a639b7e060d7a96a2b8

SHA1: 2e044655ab7d9f8072f8d14c8ae650875651ffa9

SHA256: 271C172A06D7083F3E9A122DFEC7D8E0F8E75760FE510C3CFC693855556C2396

File Size: 402.39 KB, 402392 bytes

MD5: 8d05f792cde48a32a47b9fe8c2798e63

SHA1: 4d9c7b956009915ac6fe019c43e96e2ee87b1ac7

SHA256: CCF76B0657C33B572A29A3923955BD5F9D01DCC75F34E9A9725B037665EE456B

File Size: 1.20 MB, 1199043 bytes

MD5: 9d4f0b3e315790eec74657a8b50f2330

SHA1: e69b6dc0ea89221b749aac1ea9a6fd58526e3c7c

SHA256: 3BA5476A9884C17E1DD0FA5AAF10131269A176A4CD158F517CB9E63C999E66D6

File Size: 6.61 MB, 6610432 bytes

MD5: cff8bc141c1bf398e56ce250900b7958

SHA1: ff572faba24e91577578718630c4d706186eb3d8

SHA256: 9B35254492BA5E8B49F7E0AFF797C5632CE0F7B705AB25D18A344744B1CD1456

File Size: 877.29 KB, 877286 bytes

MD5: 85c538bd16b5790dc48467cd431b7254

SHA1: e1ca0e4011ef7c8715cfec028fc746f951b7f840

SHA256: 7C5C85A610CBDFF08996E5760E3F9C9B81F2455F90A4C4B117406C7456852E32

File Size: 20.99 KB, 20992 bytes

MD5: 374645c77ba89a6343dd145055b45de0

SHA1: 113de11579c3b99ce5cfdb7a3b99737e1e9f5a98

SHA256: E01D5F9A9A1E0DC345B95CC7E63592882271ABBB6AFF4C477CA9FCDF98255329

File Size: 513.54 KB, 513536 bytes

MD5: 1e54fdf82448ede51720bf85e1d35b02

SHA1: 06cb8e93a4d79a90a64454736ce539cdf7a127ca

SHA256: 08E408EA0A4270F32D5AEB37B7F4B9B04F497FF0EEB9D2372D27EBE08B003D4C

File Size: 32.26 KB, 32256 bytes

MD5: 2cb78f83951378c18894fdfdb4aa9d92

SHA1: 2caa9c7983a363c402be1a4413da5c314ab52fd9

SHA256: 09519BB5D7CEF6E4C18B310BE0F9C1F8F33FE2372932FC1085FF9782AAC48305

File Size: 254.46 KB, 254464 bytes

MD5: a4865a3ec9756f8718b294e5351d1cd9

SHA1: 6301165e0d0cc10ae78e61c893a871d055fd8313

SHA256: 55A40B81E380AF133761953084F8788B4703584CC8E587C1ADDBBC96815BAB1B

File Size: 674.30 KB, 674304 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application

File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

130 additional icons are not displayed above.

Windows PE Version Information

Name	Value
App Host	.NET Runtime Bootstrapper v2.5.4 (GUI)
Assembly Version	5.3.21.0 5.3.15.0 3.2.2.0 3.1.0.2 2.11.0.0 2.2.49.0 2.0.0.0 1.2.7.2 1.0.7.0 1.0.4.0 Show More 1.0.0.0
Comments	.NET 9.0, .NET 8.0, libwebp_x64.dll v1.5.0. Wrapper for libwebp in C#. The most complete wrapped in pure managed C#. Exposes Simple Decoding API, Simple Encoding API, Advanced Encoding API (with statistics of compression), Get version library and WebPGetFeatures (info of any WebP file). The wrapper work only 64 bit system. 2 Created with AutoPlay Media Studio Download all images from websites easily This installation was built with Inno Setup. tomcat.apache.org WinTotal Main DLL Zephyr Conquer Effect Changer
Company Name	* Altenwerth-Kautzer LLC Apache Software Foundation Asiasoft Online Pte.Ltd. Blizzard Entertainment Chauvet SAS Code Systems Corporation CoServices Danphone A/S Denis Tulupov Show More Denkformat GmbH & Co.KG e-con Systems ElectronicObserver Extreme Internet Software Extreme Internet Software github.com/Master0fFate IncrediMail LosslessScaling Mgame Microsoft Corporation Multron_File_Guardian Obfuscar.Console PowerShellToolsPro.Packager Sage Schweiz AG Samuel Guerra TE Connectivity The OpenRA team THS UnrealNetwork4D Wizet Zenit Games
File Description	4RTools 4Story abrir web Apache Tomcat Installer AutoId Automatically installs Lossless Scaling AutoPlay Application Crack 6.0.1.4296 Installation DeltaJay 2.10.55.898 DeluxeConquer Show More Diablo DTSharpIntegration Dune2000 mod for OpenRA e-CAMView ElectronicObserver elevator prototype 5.4.49.365 Extreme Picture Finder Extreme Picture Finder Setup FSzbiorcze FUTRONIC MKII Manager Setup IT Hub 2.0 LML_Installer Lossless Scaling MapleStory MapleStorySEA Setup MineCinemaLauncher 5.1.1 Multron_File_Guardian Obfuscar.Console PowerShellToolsPro.Packager RH.HeadShop Sage 50 Rechnungswesen Datenmanager Sendet Abrechnungsdateien gemaess VDDS-Standard. Setup/Uninstall Turbo Virtual Machine Executable WebpWrapperLib Windows Media Player Configuration WinTotal WinTotal (C) Main DLL Yulgang Launcher Zephyr Conquer Effect Changer
File Version	v7.2.01 51.1052.0.0 19.0.1.38665 17.7.1217.1 12.0.19041.1 (WinBuild.160101.0800) 8.1.0.0 6.0.1.4296 5.4.49.365 5.3.21.0 5.3.15.0 Show More 5.2.8, build 1 3.60.2.0 3.15 3.2.2.0 3.1.0.2 3.0.0.0 3, 4, 0, 0 2.11.0.0 2.10.55.898 2.2.49.0 2.0 1.2.7.2 1.00 1.0.65.94 1.0.19.0 1.0.7 1.0.4.0 1.0.1 1.0.0.0 1, 0, 0, 1 1, 0, 0, 0 0.4.5.3 0.0.0.0
Internal Name	4RTools.exe ams_launch apache-tomcat-10.1.24.exe AutoId.exe CombinedArms Diablo DTSharpIntegration.exe Dune2000.dll e-CAMView EffectChanger.exe Show More ElectronicObserver.dll ElectronicObserver.exe EscapismConquer.exe FSzbiorcze.exe Launcher LML_Installer.exe LosslessScaling.dll LosslessScaling.exe ManutencaoSAFE MapleStory Multron_File_Guardian.dll Obfuscar.Console.exe PowerShellToolsPro.Packager.dll RH.HeadShop.exe Sage 50 Rewe Datenmanager SendeClient setup StubExe.exe TClient TJprojMain tmp34A7.tmp tmpF4C5.tmp WebpWrapperLib.dll WinTotal.exe wmpconfig wtu.dll Yulgang Launcher
Legal Copyright	2 Autoinstaller by github.com/Master0fFate Copyright (c) 1999-2024 The Apache Software Foundation Copyright (C) 2001 Copyright (C) 2001-2016 Copyright (c) 2001-2021 TE Connectivity Copyright (C) 2022 Copyright (c) 2025 Denis Tulupov Copyright (c) The OpenRA Developers and Contributors Copyright (c) Zemi Interactive Inc. All rights reserved. Show More Copyright 2021 by Denkformat Copyright 2024 Altenwerth-Kautzer LLC Copyright 2025 Chauvet SAS Copyright 2025 Zephyr Conquer Copyright © 1996 Copyright ©2001-2012 Extreme Internet Software Copyright © 2014 Andante Copyright © 2017 Code Systems Corporation Copyright © 2018 Copyright © 2018 NEXON Korea Corporation All Rights Reserved, Licensed to Asiasoft Online Pte.Ltd. i Copyright © 2022 Copyright © 2023 copyright © 2024 Copyright © 2024. Zenit Games. Todos os direitos reservados. Copyright © 2025 Copyright © 2025. Zenit Games. Todos os direitos reservados. Copyright © AKOM Copyright © Sage Schweiz AG Copyright ⓒ 2001 Copyright ⓒ 2003 Danphone A/S IncrediMail Runtime Engine Copyright © 2012 Indigo Rose Corporation (www.indigorose.com) THS ©2001-2022 Extreme Internet Software © Microsoft Corporation. All rights reserved. © MineCinema Team
Legal Trademarks	AutoPlay Media Studio is a Trademark of Indigo Rose Corporation This product is licensed under GPLv3
Original Filename	4RTools.exe ams_launch.exe AutoId.exe CombinedArms.exe Diablo.exe DTSharpIntegration.exe Dune2000.dll e-CAMView EffectChanger.exe ElectronicObserver.dll Show More ElectronicObserver.exe EPF.EXE EscapismConquer.exe FSzbiorcze.exe install.exe Launcher-launch4j-0.exe Launcher.exe Launcher.EXE LML_Installer.exe LosslessScaling.dll LosslessScaling.exe ManutencaoSAFE.exe MapleStory.exe Multron_File_Guardian.dll Obfuscar.Console.exe PowerShellToolsPro.Packager.dll RH.HeadShop.exe SendeClient.exe StubExe.exe TClient.EXE TJprojMain.exe tmp34A7.tmp tmpF4C5.tmp WebpWrapperLib.dll WinTotal.exe wmpconfig.exe wtu.dll
Product Name	4RTools 4Story Apache Tomcat AutoId AutoPlay Media Studio Launcher Blizzard Entertainment Diablo DeltaJay 2.10.55.898 DeluxeConquer DTSharpIntegration e-CAMView Show More Effect Changer ElectronicObserver elevator prototype 5.4.49.365 Extreme Picture Finder Extreme Picture Finder FSzbiorcze FUTRONIC MKII Manager LML_Installer Lossless Scaling Lossless Scaling ManutencaoSAFE MapleStorySEA Microsoft® Windows® Operating System MineCinemaLauncher Multron_File_Guardian Obfuscar.Console OpenRA PowerShellToolsPro.Packager2 Priston Tale Brasil Priston Tale Brasil Reloaded (Beta) Project1 RH.HeadShop Sage 50 TransferClient.exe Turbo Virtual Machine WebpWrapperLib WinAutomation Job WinTotal Main DLL WinTotal v7 Wizet MapleStory Yulgang Launcher
Product Version	v7.2.01 20250330-release 20231010-release 19476814 610.0019.003 96, 12, 26, 3 19.0.0.0 17.7.1217.1 12.0.19041.1 10.1.24 Show More 8.1.0.0 5.14.4 5.4.49.365 5.3.21.0+c64414f66c1b05bffc6ebd2bf9166658d0db7f09 5.3.15.0+ee9287457ede57b618a00e3f3d57ba18b07eec91 5.2.8, build 1 4.22.7 3.60.2 3.15 3.2.2 3.1.0.2 3, 4, 0, 0 2.32.0 2.13.2 2.11 2.10.55.898 2.2.49+Branch.master.Sha.a98c72db77ba893abecbbdcd1b1acf91987ca0e4.a98c72db77ba893abecbbdcd1b1acf91987ca0e4 2.0.0+a98441eb39d1e6dc301fdbb2acdda1e87fd40a1f 2.0.0+0b01e9daaf32f4f1660d3ecccbb7b7c91d2b3dfa 1.2.7.2 1.00 1.0.65.94 1.0.19.0 1.0.7+d2b1e761793accad2fb21f9b6679c95d6b02bf4b 1.0.4.0 1.0.0.0 1.0.0 1.0 1, 0, 0, 1
Special Build	1.0.65.15022021

Digital Signatures

Signer	Root	Status
B-LP-D-0821-013\user	B-LP-D-0821-013\user	Self Signed
The Apache Software Foundation	DigiCert Trusted Root G4	Root Not Trusted
Victori Industrial Co., Ltd.	GlobalSign GCC R45 EV CodeSigning CA 2020	Self Signed

File Traits

.adata
.NET
2+ executable sections
Agile.net
AMS
ASPack v1.08.03
big overlay
CAB (In Overlay)
dll
Fody

fptable
HighEntropy
imgui
Inno
InnoSetup Installer
Installer Manifest
Installer Version
MPRESS
MPRESS Win32
Native MPRESS x86
NewLateBinding
nosig nsis
No Version Info
ntdll
Nullsoft Installer
packed
Run
SIM
vb6
VirtualQueryEx
WinZip SFX
Wix
WixToolset Installer
WriteProcessMemory
x64
x86
ZIP (In Overlay)
ZIPinO

Block Information

Total Blocks:	1,083
Potentially Malicious Blocks:	2
Whitelisted Blocks:	871
Unknown Blocks:	210

Visual Map

? ? 0 0 ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? 0 0 ? 0 0 ? ? ? 0 ? ? 0 0 ? 0 0 ? ? ? ? 0 0 ? ? ? 0 ? ? ? 0 0 ? 0 ? ? ? 0 ? ? ? ? 0 ? ? ? ? 0 ? ? 0 0 ? ? 0 ? ? ? ? 0 ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? 0 ? 1 0 0 0 ? ? 0 ? 0 0 ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 ? ? 0 0 ? ? 0 ? 0 ? ? 0 ? ? 0 0 0 ? 0 ? 0 ? 0 0 ? 0 ? ? ? ? 0 0 ? 0 ? ? 0 ? 0 ? 0 ? ? ? 0 ? 0 ? ? 0 0 ? ? 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 ? ? 0 ? 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? 1 0 0 ? 0 ? 0 ? ? ? 0 ? ? 0 ? 0 ? 0 ? 0 0 ? ? ? ? ? 0 x 0 0 ? 1 0 ? 0 ? ? 0 0 ? ? 0 ? 0 0 0 0 ? 0 0 ? ? 0 ? ? ? ? ? 0 ? ? 0 ? 0 ? 0 0 0 ? ? ? ? ? 0 ? ? 0 ? 1 0 0 ? ? ? ? 0 0 0 0 x ? ? ? ? 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.EDA
Agent.HI
Agent.LA
Banker.GT
Banker.LH

Banker.R
BestaFera.G
Chapak.HBX
CobaltStrike.GI
CobaltStrike.GIA
CoinMiner.BB
Delf.DA
Disabler.KY
Dropper.Delf.CD
Dropper.Fignotok.D
Emotet.AAJ
Emotet.AAL
FakeAV.EC
IEHelper.B
Injector.AK
Kryptik.FHE
Lamer.CF
Lumma.GFD
MSIL.Krypt.CATBM
MSIL.Krypt.MBEAI
MSIL.Krypt.MII
MSIL.Orcus.C
MSIL.Orcus.D
MSIL.Orcus.F
MSIL.Orcus.J
MSIL.Snakelogger.ADA
MSIL.Stealer.FZP
MSILZilla.TC
Meduza.A
Orcus.J
Orcus.L
Ousaban.V
Parite.U
Parite.V
Parite.VA
Patcher.AC
PcClient.X
Rozena.XC
Rugmi.IA
STOP.GS
Sheloader.A
Stealer.A
Stealer.BBA
Stealer.KF
Tofsee.BP
Upatre.WIA
Vundo.J
Wapomi.F

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\discord-ipc-0	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-1	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-2	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-3	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-4	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-5	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-6	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-7	Generic Read,Write Data,Write Attributes,Write extended,Append data

\device\namedpipe\discord-ipc-8	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-9	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar	Synchronize,Write Attributes
c:\kodar\thestore	Synchronize,Write Attributes
c:\kodar\thestore\borlndmm.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\borlndmm.dll	Synchronize,Write Attributes
c:\kodar\thestore\data	Generic Write,Read Attributes
c:\kodar\thestore\data	Synchronize,Write Attributes
c:\kodar\thestore\data\thestore.gdb	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\data\thestore.gdb	Synchronize,Write Attributes
c:\kodar\thestore\forms	Generic Write,Read Attributes
c:\kodar\thestore\forms	Synchronize,Write Attributes
c:\kodar\thestore\forms\billainvoice.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\forms\billainvoice.dll	Synchronize,Write Attributes
c:\kodar\thestore\forms\f-b.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\forms\f-b.txt	Synchronize,Write Attributes
c:\kodar\thestore\forms\f-e.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\forms\f-e.txt	Synchronize,Write Attributes
c:\kodar\thestore\forms\f-k.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\forms\f-k.txt	Synchronize,Write Attributes
c:\kodar\thestore\forms\f-m.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\forms\f-m.txt	Synchronize,Write Attributes
c:\kodar\thestore\forms\f-p.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\forms\f-p.txt	Synchronize,Write Attributes
c:\kodar\thestore\forms\f.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\forms\f.txt	Synchronize,Write Attributes
c:\kodar\thestore\forms\metroinvoice.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\forms\metroinvoice.dll	Synchronize,Write Attributes
c:\kodar\thestore\forms\stdbl.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\forms\stdbl.dll	Synchronize,Write Attributes
c:\kodar\thestore\forms\stdinvoice.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\forms\stdinvoice.dll	Synchronize,Write Attributes
c:\kodar\thestore\startirane.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\startirane.bat	Synchronize,Write Attributes
c:\kodar\thestore\storecli.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\storecli.exe	Synchronize,Write Attributes
c:\kodar\thestore\storecli.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\storecli.ini	Synchronize,Write Attributes
c:\kodar\thestore\storesrv.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\storesrv.exe	Synchronize,Write Attributes
c:\kodar\thestore\storesrv.tlb	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\kodar\thestore\storesrv.tlb	Synchronize,Write Attributes
c:\program files (x86)\verifadmin.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\history\minner.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\microsoft\windows\history\minner.exe	Generic Write,Read Attributes,Delete,LEFT 262144
c:\users\user\appdata\local\microsoft\windows\history\minner.exe	Generic Write,Read Attributes,LEFT 262144
c:\users\user\appdata\local\microsoft\windows\history\minner.exe	Generic Write,Read Data,Read Attributes,Delete,LEFT 262144
c:\users\user\appdata\local\microsoft\windows\history\minner.exe	Generic Write,Read Data,Read Attributes,LEFT 262144
c:\users\user\appdata\local\microsoft\windows\history\minner.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_mei19562\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\auto.tcl	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\clock.tcl	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\ascii.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\big5.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cns11643.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp1250.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp1251.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp1252.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp1253.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp1254.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp1255.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp1256.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp1257.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp1258.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp437.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp737.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp775.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp850.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp852.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp855.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp857.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp860.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp861.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp862.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp863.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp864.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp865.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp866.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp869.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp874.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp932.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp936.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp949.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\cp950.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\dingbats.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\ebcdic.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\euc-cn.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\euc-jp.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\euc-kr.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\gb12345.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\gb1988.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\gb2312-raw.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\gb2312.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso2022-jp.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso2022-kr.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso2022.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-1.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-10.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-11.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-13.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-14.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-15.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-16.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-2.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-3.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-4.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-5.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-6.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-7.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-8.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\iso8859-9.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\jis0201.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\jis0208.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\jis0212.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\koi8-r.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\koi8-u.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\ksc5601.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\maccenteuro.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\maccroatian.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\maccyrillic.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\macdingbats.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\macgreek.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\maciceland.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\macjapan.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\macroman.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\macromania.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\macthai.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\macturkish.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\macukraine.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\shiftjis.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\symbol.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\encoding\tis-620.enc	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\history.tcl	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\http1.0\http.tcl	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\http1.0\pkgindex.tcl	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\init.tcl	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\af.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\af_za.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\ar.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\ar_in.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\ar_jo.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\ar_lb.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\ar_sy.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\be.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\bg.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\bn.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\bn_in.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\ca.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\cs.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\da.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\de.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\de_at.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\de_be.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\el.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\en_au.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\en_be.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\en_bw.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\en_ca.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\en_gb.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\en_hk.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\en_ie.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\en_in.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\en_nz.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\en_ph.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\en_sg.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\en_za.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\en_zw.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\eo.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_ar.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_bo.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_cl.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_co.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_cr.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_do.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_ec.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_gt.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_hn.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_mx.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_ni.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_pa.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_pe.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_pr.msg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei19562\_tcl_data\msgs\es_py.msg	Generic Write,Read Attributes

674 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\discord-1067854754518151168::	URL:Run game 1067854754518151168 protocol	RegNtPreCreateKey
HKCU\discord-1067854754518151168::url protocol		RegNtPreCreateKey
HKCU\discord-1067854754518151168\defaulticon::	c:\users\user\downloads\adff35bbaa0e9e7debb54660f2d49443d4e4f782_0000110592.exe	RegNtPreCreateKey
HKCU\discord-1067854754518151168\shell\open\command::	c:\users\user\downloads\adff35bbaa0e9e7debb54660f2d49443d4e4f782_0000110592.exe	RegNtPreCreateKey
HKCU\software\winrar sfx::c%%kodar%thestore	c:\kodar\thestore	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	쓍溻ऍǜ	RegNtPreCreateKey

HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes	(NULL)	RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes		RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version	139.0.3405.102	RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::acceptlanguage	en-us	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::aftercompleteexportfilelistsearchonlyexisting	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::allowmultiplyinstances	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::alwaysexpandfolders	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::anotherpictureviewerpath		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::autocontributeproject	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::autoselectnewfile	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::browserlistviewstyle	evsThumbs	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::browserpanelheight	Ĭ	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::checkforupdates	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::confirmations	icDeleteSingleFile,icDeleteAllSelectedFiles,icDeleteFolder,icDeleteAllDownloadedFiles,icDeleteAllSearchResults,icDeleteCategory,	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::connections		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::connectiontimeout	田	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::copymovefiledestination		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::copymovefolderdestination		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::datadir	C:\ProgramData\Extreme Picture Finder	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::defaultdeatinationfolder	%43%3A%5C%55%73%65%72%73%5C%75%73%65%72%5C%44%6F%77%6E%6C%6F%61%64%73%5C%45%78%74%72%65%6D%65%20%50%69%63%74%75%72%65%20%46%69%6	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::deletetorecyclebin	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::donotshowimagefapinfo	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::etgincludesubfolders	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::etgusenewgallery	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::exclpartstesterformfontname		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::exclpartstesterformfontsize		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::exclpartstesterformpartresultsleftwidth	È	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::exclpartstesterformtoppanelheight	Ò	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::exclpartstesterformwraplonglines	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::exportfilelistaddheaderrow	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::exportfilelistcreatesampleoutput	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::exportfilelistcustomseparator	%7C	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::exportfilelistfolder		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::exportfilelistprojectmode	d	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::exportfilelistsearchmode	È	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::exportfilelistseparator	d	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::foldersortcriteria	fsDate	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::folderstreeviewwidth	ú	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::isfirsttime	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::languagefilename	%65%6E%2E%6C%6E%67	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::lastupdatechekdate		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::leftpanelwidth	Ĭ	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::logviewercol1width	2	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::logviewercol2width	d	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::logviewercol3width	d	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::logviewercol4width	d	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::minimizetotray	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::monitordepthwidth	2	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::monitorpanelminimized	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::monitorprogresswidth	<	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::monitorsizewidth	Z	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::monitorspeedwidth	d	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::monitorstatewidth	s	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::previewpanelminimized	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::proxypassword		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::proxyport		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::proxyserver		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::proxyservertype	ptHTTP	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::proxyusername		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::retestformfontname		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::retestformfontsize		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::retestformmatchinfoboxwidth		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::retestformtoppanelheight	Ò	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::selectedcategory		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::selectedproject		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::shareprojectstats	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::showadvancedprojectproperties	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::showcustomprojectssection	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::showdbprojectssection	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::showjsonlinksmanuallogininfo	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::showsearchprojectssection	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::showtrayicon	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::slideshowdelay	ஸ	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::sortfilelistby	FILE_LIST_COLUMN_FILE_NAME	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::sortfilelistdescending	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::startminimized	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::startprojectaftercreate	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::templatesupdatecheckdate		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::templatesupdatecheckfrequency	ucfEveryDay	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::thumbnailbordersize		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::thumbnailheight		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::thumbnailwidth		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::updatecheckfrequency	ucfEveryWeek	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::updatecheckshowprogress	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::usedpictureviewer	pvBuiltIn	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::useproxy	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::useproxypass	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::useragent	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::usetemplatesupdatecheck	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::viewerfullscreen	False	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::viewerheight	È	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::viewerleft		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::viewermaximized	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::viewershrinkpicturetofit	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::viewertop		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::viewerwidth	Ş	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings::warnaboutoutdateddbtemplates	True	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::selected0		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::width0		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::alignment0		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::number0		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::selected1		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::width1	P	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::alignment1		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::number1		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::selected2		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::width2	d	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::alignment2		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::number2		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::selected3		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::width3	d	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::alignment3		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::number3		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::selected4		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::width4	Ų	RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::alignment4		RegNtPreCreateKey
HKCU\software\extreme internet software\extreme picture finder 3\settings\columns::number4		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Auoftcdm\AppData\Local\Temp\~nsu1.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Auoftcdm\AppData\Local\Temp\~nsu1.tmp\??\C:\Users\Auoftcdm\AppData\Local\Temp\~nsu1.tmp\Un.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9\??\C:\Users\Dpskruky\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9\??\C:\Users\Dpskruky\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Use	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version	143.0.3650.66	RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\st_ncm::xvez	1	RegNtPreCreateKey
HKCU\st_ncm::xvez	2	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::minner	C:\Users\Rpmuvsub\AppData\Local\Microsoft\Windows\History\minner.exe	RegNtPreCreateKey

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess ShellExecute ShellExecuteEx WriteConsole
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserObjectInformation
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAllocateLocallyUniqueId ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateSectionView Show More ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtLoadKeyEx ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile 171 additional items are not displayed above.
Network Urlomon	URLDownloadToFile
Anti Debug	IsDebuggerPresent NtQuerySystemInformation OutputDebugString
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Keyboard Access	GetKeyState
Process Terminate	TerminateProcess
Network Winsock2	WSAConnect WSASend WSASocket WSAStartup WSAttemptAutodialName
Network Info Queried	GetAdaptersAddresses GetNetworkParams
Network Winsock	bind closesocket freeaddrinfo getaddrinfo gethostbyname gethostname inet_addr recv send setsockopt
Network Winhttp	WinHttpOpen

Shell Command Execution


							"C:\Users\Ehgfxbzz\AppData\Local\Temp\is-DSE7L.tmp\1ce55238ae1217d95e67aaee19b347216c980e44_0002950272.tmp" /SL5="$20244,2520568,140800,c:\users\user\downloads\1ce55238ae1217d95e67aaee19b347216c980e44_0002950272.exe"


							(NULL) c:\kodar\thestore\startirane.bat


							WriteConsole:


							WriteConsole: c:\kodar\thestor


							WriteConsole: StoreSrv.exe


									WriteConsole:  /regserver


									c:\kodar\thestore\StoreSrv.exe StoreSrv.exe  /regserver


									WriteConsole: StoreCli.exe


									c:\kodar\thestore\StoreCli.exe StoreCli.exe


									open http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html


									"C:\Users\Jrcrvgsx\AppData\Local\Temp\is-K5KTU.tmp\2d544e93bc79771b73b0d4d65373d08f39708510_0004145941.tmp" /SL5="$40214,3445924,780288,c:\users\user\downloads\2d544e93bc79771b73b0d4d65373d08f39708510_0004145941"


									C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 748


									"C:\Users\Auoftcdm\AppData\Local\Temp\~nsu1.tmp\Un.exe"  _?=c:\users\user\downloads\


									"C:\Users\Equcnjdk\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:c:\users\user\downloads\71ea723717988362dc4f645f2464a825325b8582_0005777502"


									"C:\Users\Dpskruky\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									open http://java.com/download


									"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://java.com/download


									(NULL) C:\Users\Rpmuvsub\AppData\Local\Microsoft\Windows\History\minner.exe


									schtasks /create /sc minute /mo 1 /tn "minner" /tr "C:\Users\Rpmuvsub\AppData\Local\Microsoft\Windows\History\minner.exe"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\06cb8e93a4d79a90a64454736ce539cdf7a127ca_0000032256.,LiQMAxHB

Trojan.Generic

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Trojan.Generic

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed