Multi-License Discount Quote

Change Region

English
Threat Database Viruses Virus.Floxif.L

Virus.Floxif.L

By CagedTech in Viruses

Threat Scorecard

Popularity Rank: 2,353
Threat Level: 80 % (High)
Infected Computers: 6,206
First Seen: June 18, 2022
Last Seen: April 21, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Virus.Floxif.L
Signature status: Hash Mismatch

Known Samples

MD5: 05449f273acffaac5f919c2b37be0d8c
SHA1: 0e46b1635c057a921a2a6b8fb3c2d75f2404d44d
File Size: 1.01 MB, 1007121 bytes
MD5: 4b3b61fbd0d813224a23a40cab359d55
SHA1: 672cf44977c0a2a781b050a0c2b0f86e0b9a4c2d
File Size: 7.37 MB, 7366111 bytes
MD5: 10d85cf66c31f8035d6f57f1c442e22f
SHA1: 39747319489dcf02c9666040f5554d2bb40fa666
SHA256: 32F27F1037575B50502A61E39184F1D8534A08D5396243E36FF64D0636910266
File Size: 1.22 MB, 1215447 bytes
MD5: 6cbf89dfb3fe739b9c96c195abd6edb4
SHA1: f4434d433d5c13b2bf38966bc5ff21d24ceea102
SHA256: 2B9DD89621E36DF0777B3722711AD87DF0A6929A5DE80CEEF04223FC5FE5E46F
File Size: 7.37 MB, 7366111 bytes
MD5: ff441374a315a7180ab762419b711516
SHA1: 1689a29796146e5cf40023375c25030dda3af272
SHA256: 1E440A3877D635B3DF67833C77AB3FB596D582CBDA248794FEAA08F76EF349FB
File Size: 7.37 MB, 7366111 bytes
Show More
MD5: 87408df2019d0e279a6114ad55246180
SHA1: b1df19ddded800765255ad32397ed00c4088c558
SHA256: 2F310E7C8584E14D4E6CCC7FFC6D7C66342AD869B6BEF4295980555313A48E34
File Size: 7.37 MB, 7366111 bytes
MD5: 144903d10310b5c6a8715bb6de9927c3
SHA1: 1e605b9db101b5ea6e4717a540ed7efee371dd71
SHA256: 14E421FABB17DE1B2B297A805E53DCF317DD34B161F6F66546C8F79594BEE515
File Size: 3.14 MB, 3138351 bytes
MD5: c8cfd62fd42ac36156b255bbe7e3fcb6
SHA1: 7088954bbc9eb77c4546e5c1a7f05ceeab6a54dd
SHA256: BC031EE72F9622304530BF4485F7869BBBDA1F22A8DE41207B0C9FAC16261DF0
File Size: 1.04 MB, 1044503 bytes
MD5: d9d7c2b4eb08b528872b6eb6edd02e4c
SHA1: c2d413feafd78c81b61c7008fb04cb2f6d128065
SHA256: CD95C38E6C74C08B8B8C8EA6601694FCBB332CD31F104FB2CD3E38A3A88EABE8
File Size: 2.25 MB, 2246007 bytes
MD5: f4c31578922ae98e96200330923e8df0
SHA1: 81a3de9af496f78c1629fe490959be5b2d990780
SHA256: D305CE5F3521CC466E4B4FDAF12EBA3BA611804207096F4075C7AE4000C236C4
File Size: 6.66 MB, 6662381 bytes
MD5: 363618f6623e521a94ecd38d0945e766
SHA1: f26e68f6f9bce1f2e9468cff07b3d5b0e6368a55
SHA256: EEE8DCBF759B6A95701EC04B51F3E6A857476DBE1CA70AD96AB617AC9E635688
File Size: 1.66 MB, 1657237 bytes
MD5: 8b724b1a8f1fb2c224db4b8fdd4249d8
SHA1: 69cf71562bcd78b0aaccb3aced4e646e4fe6bc36
SHA256: 28F8B35CB138CC235D8505FE0E38F1F7E9AD6934625CEFA2EF931ADCCD234F09
File Size: 7.37 MB, 7366111 bytes
MD5: c193e577ef7b61379bb00a81f3eb0b59
SHA1: 5d5d5c41612df655b87253ed294bdc886d135ae8
SHA256: C9C61AF3C61480E6B27AACA335F9DE075152146F4D116D81B07010FD232714F5
File Size: 573.23 KB, 573231 bytes
MD5: 26e5f7d4ebd158e59f3e567cbb725e48
SHA1: 4f69d90487e4ec46411c0f1648117b270652bd4a
SHA256: 68C3459A8EA467CA2FC6105E4292F0D2B918742A9670754173EC233C03FF1D11
File Size: 2.12 MB, 2118375 bytes
MD5: a2b21170a846c1da23dbb848cdb55e09
SHA1: 60d9f331a09d31111c38e811f58de39ac9c378f5
SHA256: E297D9E5613931E2A433AE83DFBEB81BA0B5347BE7F5BB42747770E7A74A1FE9
File Size: 7.37 MB, 7366111 bytes
MD5: 15f5278265762b30c654065e69dbc021
SHA1: ffffa8d1fcd28be2e40bacf30b29deba86f9c1d3
SHA256: FC850D8F7C98562495E1A77892E55C52B34605F70ADF23D66C129FFDB8917FDF
File Size: 896.04 KB, 896039 bytes
MD5: f1ee97bbc05f6b5908481643e6d14a81
SHA1: c7d43491815a983db16c43de2b48ae19af69ca82
SHA256: 96D79F9A2ACE6C0EE321F86B545D37BD82F4DB8EEBB799175A50B4CE3F0FF73E
File Size: 1.54 MB, 1536431 bytes
MD5: f65a7b4930923dcaca0f5d613aaf7c2e
SHA1: d8a704455596e4e29f390d6987631fb68e1323ed
SHA256: 1A11C0A4C148545A945C0ED26ED10536DE4D33D47A36D88EE781A49CD73F5FAA
File Size: 9.01 MB, 9006023 bytes
MD5: a09402b3b7fa3bd8e18441925e963d6d
SHA1: 26656d6e2d00784930650d0c696a551fdde11731
SHA256: 30602FF328ACE4E9D9CE3F409A5A3AB7BFB23E4C62F1F717CE705F72CA3A2F8B
File Size: 971.89 KB, 971887 bytes
MD5: 488b034ad8ffe7180ae18030d4696ccd
SHA1: b763552c1ed5cfc869b11807746d88d446ae3557
SHA256: 97F1F946BADC05899D198BD9F7EC3CE5CAF9EB0342CBFA7D780465F9D2CA4660
File Size: 999.05 KB, 999047 bytes
MD5: 784fce4c7064b37fcb828a8f502d9757
SHA1: 1b3072d9838509354b7d499093b99978698bf27a
SHA256: E670075045A7A084ABFA0397B2C247E05489D9041FA2A029F91AAF767B56F925
File Size: 1.21 MB, 1212903 bytes
MD5: 75c1d3ea506f5eae9b757584546ca28d
SHA1: 30573719fd1a9ed7af0c44f1c903ff257489cbe0
SHA256: 7B9058D25FD95A1A10EB28C0920A0D82B51BE0DA14EC66205A2008E72DFE2370
File Size: 999.05 KB, 999047 bytes
MD5: 5b0b9a15104c29dcf3cf72e1a91628b8
SHA1: 1b9f102377198f7a20ab5fe5e0e75e13e1f3d5f0
SHA256: 180BB3D86CFC76DA392DBEB209EA90B3C6F3F3E610E180A6A44FD6BAE7F619A9
File Size: 999.05 KB, 999047 bytes
MD5: 5ea8d93ee4d351133dd291ddb0da4908
SHA1: b0677f47b9f6339b3e1a7b8edc0cf5cc6d92394b
SHA256: D1373698FB5BE47187A523BAC1230157A64F55BC841F13035F5056D365190F22
File Size: 998.27 KB, 998271 bytes
MD5: e4dac98508f40d0b4fd2e4beafb580cb
SHA1: 2fc40197b5a5b1b0168ef6e5ff851b6652d3c238
SHA256: 5115FA1BC69A670AA3494E43538F73918319CDD0204E2F8E8262969EDCBBEE64
File Size: 1.17 MB, 1169431 bytes
MD5: e62903abfac1c0f5084a9ddac9932a6f
SHA1: 6e1ce9dd0f979cd43bd743e39d9f4fa2616b5d63
SHA256: C210046608AD97B470EA09FB6E7B54DC208E85B7093BA247788B8971CAF1836B
File Size: 1.01 MB, 1011711 bytes
MD5: a0f0640c93f14b5a42feedc7b0a08cd6
SHA1: 14e8e2bc739e7bc5d27672d024f1591ef34dd048
SHA256: C90439B71947896E25D4928CD212C1A22508D5F21DE191A3F9A3536E1765151B
File Size: 8.77 MB, 8766567 bytes
MD5: 26abb73156b557d501ad9821a49c64a6
SHA1: 2c6e52cc5e1a63b73978a14c4afc372ba2787a3e
SHA256: 5A841992423A874721ADA1F9946C4C71DA63B29907B8AFA313F8A757913FC53E
File Size: 1.54 MB, 1536431 bytes
MD5: 5e13cf38b6dc12ed6a1ae0f7a0ffa1c9
SHA1: 6e68458b391e3e6b986eab4829fda54acf3073f1
SHA256: D1392620E923860ECA288E9B3AF0E1FA2CFDB6A331830A36C780C608087775B6
File Size: 1.01 MB, 1013631 bytes
MD5: 95a7d19eb72152873c3118f8d366ee5e
SHA1: d099822ed973fd717308eadd94b61afc5015b5ef
SHA256: 3E77A6403BF0145CA318A6934158F66F07C7AF09F858F74AADF3ADB3CC069369
File Size: 8.77 MB, 8766567 bytes
MD5: 5ff17b64bddfa54a1a43d897fcb2401d
SHA1: 5a5e63da2139c8b2883d172eacba2543ad8da0a6
SHA256: 3D7432FC98DB846BAC807316CAD4EE58262C78D50C603904A5BB3C447577C690
File Size: 1.70 MB, 1704383 bytes
MD5: 117cc548298512950de395fd9823c836
SHA1: b47c5b85819480ad19f354a587746f7d8440dd94
SHA256: BD768D17694BCD72672A0F15E9A364857D0AB2A2E856830212AE961298420E30
File Size: 9.01 MB, 9006455 bytes
MD5: 5be5150cbf8b77eb15715ba3f6172c60
SHA1: fe89dc5ef9ee2af992a6352fe88e1ae95e86e2e3
SHA256: 011FCDFA0B3B48AB479D7C6FF13B86DB9107D914187D152847EBDE86013743DC
File Size: 3.24 MB, 3243855 bytes
MD5: 381d610d394e8c74bbb709ec07662c21
SHA1: d246d42b4b233de82ccc9a0e3ab6e90576f7dd46
SHA256: 3D8E897DBB9249E26CBC8C0C4D12F3EBC50FF5B5064315EB655AACB40F37B668
File Size: 8.77 MB, 8766567 bytes
MD5: f5d607c946b9de2c22a84e3ed6a2fc2a
SHA1: 5fc9270410b1fd3c71aee016d35f7e0f4daa5ccf
SHA256: AAC700099144A97E2411B9F09AC74D29DE9A7171014605F7DA518C20E6CC9284
File Size: 1.17 MB, 1169431 bytes
MD5: 0f8212aaebbf273a613e605199b85306
SHA1: 761322f1d0d224c9dc14b824a16a4c7a103a7f86
SHA256: 9A59E0ADF7DB7B521068FCCC1B09A3B0E06118DD2E62DA71F29297DBCE096D6D
File Size: 2.69 MB, 2686255 bytes
MD5: c586fa89c850e7cb329976604f402324
SHA1: 8b531a7ee81c3491228c774d7882bd7235ee3ea1
SHA256: C0F2A1318934144C52CA619C3C8FDA7B2A054FA18E3BD9DEA6045ABC5789866B
File Size: 8.77 MB, 8766567 bytes
MD5: 89706bd1b4882a2e39468025e05978c0
SHA1: dfaccda281d4c9c447a047f318c410f12488f58f
SHA256: B53EA81F687D424EB09DA5B20DEA82EEBDA86096C9BEDB31D2F29A25B0E71554
File Size: 7.37 MB, 7366111 bytes
MD5: 99767d603759973116bd9a577473f961
SHA1: dcb69a9b4ec1c565401dc5e7dd6fd04bbce6f8b6
SHA256: E271287B5ADB6B2F3B579F734824CEFFEF72C905A32A859022C3A52DFEFB3B4C
File Size: 3.39 MB, 3391447 bytes
MD5: 2ebd102b640e305fce5d0b2358c330c5
SHA1: 97e74b403f4cabf725d7a48141840c9bbc6f5e7a
SHA256: CCADA0CFB61C8D53BA4647C8E5E059FA079CBF7C7FA7FF013E01D201D34ECD87
File Size: 1.01 MB, 1011711 bytes
MD5: 3fbfb760a115e66d181f319d90f40ef2
SHA1: f9f45ce98bd5a1aea488215940ed3c5e8150c0af
SHA256: 49AC7D64D64BD7D5FE3B8E81D22C5105CF38D31E92D26B82573F7F4F3C0F4A97
File Size: 3.56 MB, 3558783 bytes
MD5: 5d30c33349ffb776ceb4cde377ca40eb
SHA1: 27d15c00630a5709bbd8b7df7479f3f007d69a3d
SHA256: AF7E5B4EE6120CCA2812D25FED8344DD7D5C7142FE80347B40FD32A0B65DF025
File Size: 1.73 MB, 1732375 bytes
MD5: 70ff4f3787bff7e7663282e43b71f4e9
SHA1: 477f3ce7f9d3a34807c0853be684734e91c7f23a
SHA256: 96F8B7D15761C6423A17783AC9D6C6BBFDCBEF4A1C3301AFBD19522E592ACD64
File Size: 1.01 MB, 1011711 bytes
MD5: 320ec64501fbba0a3d8b0c62e4b3c558
SHA1: 2f9e869b2835be2aa9f46ea6f54f3a521823a94d
SHA256: C4B8DD43232763B9331B54ABDEB2D4C369EE79CC4F6E5724B2E38CBD5945E4D5
File Size: 8.77 MB, 8766567 bytes
MD5: cb63376a3e3c1d5a54ca8708a384c258
SHA1: 431383dfc8d0e7c92795da05e64c06c2cf896e10
SHA256: D840C1307C5E853FB1F89D88BCB4C70D4AE26E7682F11AE7F1855C32C981646C
File Size: 999.05 KB, 999047 bytes
MD5: e4c6c0d020bae113d10a4c4a0aed6435
SHA1: ca6bcadf27c1b71184d333c443577df707029a6a
SHA256: 6395AA07302AA4A729892416A53B1DDDCFD3B0750713E6AE6BBB74DF97EE1AA5
File Size: 999.05 KB, 999047 bytes
MD5: eb74a4d8d253ef8d5f26c0d672d2291a
SHA1: c98f88e2a952aa728249fcce07d3444228626fe5
SHA256: F8E3F034139C14FD9041ED365900D74755581778BBD05175CCEC97774D07D8EA
File Size: 3.46 MB, 3464343 bytes
MD5: 7c1c99c25eae7fb62ac8d4280556bd58
SHA1: d01f517e6b95020d1e3a4c464927cb5bde48515d
SHA256: F2C55A4A0E1BA53E168A23BF19437AEFEDCF9421267E5B7F2563F9747EFC6DCB
File Size: 1.01 MB, 1011711 bytes
MD5: eaf9a27d017924f091fe9c99ab48398d
SHA1: eb20acc8db42fce9856117f4e202eda07e3b9605
SHA256: CA5E555FC7BBB938A3A04800E35F69E3B5272F9FF20C9CF665C5D613A03B8294
File Size: 1.01 MB, 1011711 bytes
MD5: 15fba368d0a8a42d5f98af3e8ef9a842
SHA1: 9b5e8e5cfdbb4884f94246883a665c1a91d0e5fa
SHA256: FC5568720D7942558106983300B1BE3E724765BCDDE52FF87D2BD483BA3B29B6
File Size: 8.77 MB, 8766567 bytes
MD5: 354e4d074f645b491c08a5029311fcd7
SHA1: 6acf3cb3cd15190153392ce3d3b758f4934eaa04
SHA256: 6ED8F620B849BF35B088947483F27AA34C69CCA1BCF0883E89BF57FC35315534
File Size: 8.77 MB, 8766567 bytes
MD5: cee559825e51b72f84ff26474cc162f2
SHA1: ff151ecc24542313ef2d40b1877426eee688026c
SHA256: B243EA72C2E7FB6A380A50A62C291EF8AD7E742D4DE542DE345AC8E2614C2D22
File Size: 8.77 MB, 8766567 bytes
MD5: 9f8d65b1a70616b8702bddd0632b9b9f
SHA1: d9128f1c65c30b938114ff985d79c8112879290b
SHA256: B675838F57838C127926336263EB6C62528459D59D3B9696FDA0624C71A92506
File Size: 9.70 MB, 9704343 bytes
MD5: a19e5606605c84394ff30f4851112856
SHA1: 6cdc41282a157908dd7f2f7b8a5cdf0555cee696
SHA256: 428BAE2D75848722EA737A54EADA85C47401B607F439054609B98A122306E886
File Size: 3.15 MB, 3145335 bytes
MD5: 3a35ee31fdf418ad2c4145e12575458e
SHA1: 9426f175cef42118b31ad330e19fcc898ba24c7a
SHA256: 4CC38CC2397F90D75F8013D71F68519BB871950461B0588C64FF082403C67F85
File Size: 1.66 MB, 1659847 bytes
MD5: 750bd872239038b2da2632e059f5fed0
SHA1: 3a1232c961a9f66de0b06b1d92861791f83a453d
SHA256: D6C007E50485D204DC3621DB463F219B6AF30C2F4AD0589A935E424E81D1B195
File Size: 8.77 MB, 8766567 bytes
MD5: 5ee886ef2f3087ef88501d15dbb8e2de
SHA1: 62327132cfc4222aa7cf728dbdb32b4d39acdbb6
SHA256: 42B5AB554712E6364FE94E7A269BFD60FACF7D5EEF25D7A32F02069FB5C5E3CA
File Size: 999.05 KB, 999047 bytes
MD5: 66d43b7c9a13635ad3a72b64e26b5af9
SHA1: 60c5554d8685a115da56b84283fb351fe9ffb6fa
SHA256: 8488A0BBF26A5F24F7BFC86CA6ED94FE8543FF7A676503F543F9EE98B07C4D89
File Size: 999.05 KB, 999047 bytes
MD5: f013a0e537a3c75d9966a5cf1150f882
SHA1: 1ba0c0666813796e879a3ddc56a19643ce520d33
SHA256: 27C65C975805B74BD477AB91F8F1B817FA9E7711E64AE0B2F1AC2F7FEA608E40
File Size: 8.77 MB, 8766567 bytes
MD5: 3816a629f611ef57cd4a3e7b846bef34
SHA1: ddbf9effe3b63be8b0b6b315007297486e55ab57
SHA256: ABAE81D1DC5EDF3939AA489A0D072B56F0B45601877E162DE19814A0CCE794B7
File Size: 1.23 MB, 1226783 bytes
MD5: 79d987365d4b4ea647926ad3cdecfb71
SHA1: 1689d27a8e9a1fba4b921e17cb7422ee7a13f3a4
SHA256: 70141FB8C1DBE861AF345F19BB56F0E486193AC7E47D06EB52E5FE6892F468C0
File Size: 1.66 MB, 1659847 bytes
MD5: c3df5461d267e9197e1b2151d2ee3729
SHA1: 13066c2c9739ce479447fda34ea2e62ed7db6fa1
SHA256: 234E8A636A16E100BDF07F869F2FB230872B79A9A5F0C76022F73C551768DD1F
File Size: 3.56 MB, 3558783 bytes
MD5: aef30dde131dc9e37dd4432f75aad7ab
SHA1: ad84c3007ef98e5eb9139c7a7a28d34103c55973
SHA256: 7B5675A9540FC5E2D143F43236630AC90B2936CEB9FE97CDCC0AE847C832B0CB
File Size: 1.12 MB, 1123183 bytes
MD5: fbf467a3cd9a0ea7d1af351f49b0fb13
SHA1: 810e3ab48c3887dbb35ef5d62d31034cadc6fd4a
SHA256: D366B6F94E414B6F72DAD68E155C5A7675BCCD7726F25C491AB7DEF02DBD665E
File Size: 1.56 MB, 1558335 bytes
MD5: ddc41269911722a63adac108cb6d3af6
SHA1: c87a088d4fbefc73ad112e186188f7530839cfe8
SHA256: 7CCFAC37E60AB5B744AD674036B7B9B6630FFD0C6B90FC28434A3C4206B5DB35
File Size: 1.89 MB, 1885487 bytes
MD5: 1c4953f7914e11153dfbd4b746a6195c
SHA1: 4a76ca8e0338bada557f5a7c22c6e91f6a200198
SHA256: E8232BEFCDDCB79B9E3A9903A907B556D875E86AF271246F5B41F252E8770970
File Size: 1.01 MB, 1011711 bytes
MD5: d7bf9b2165d6e56438642f7f389f14a8
SHA1: 2b31d0665ad167f4194d30a964d5ed958a31863c
SHA256: AE3367CB867E2278D49021D9E44A5D407A3F931F8D4ACAAD156D5E3376AF2AC9
File Size: 1.17 MB, 1169431 bytes
MD5: b4be29edfc2f3a9f9a3e6a3030da56c3
SHA1: 38523d50cbd8860d56adedab400881a56a98178d
SHA256: 3DC5FE8F960662D1090A40A0165557C87FB9AC63FC06C06DC6424B662CD0EC57
File Size: 1.66 MB, 1659271 bytes
MD5: ddf2d0c6e4852122449a852b87068d8a
SHA1: 2f250cd9115299336ed78bfbba15d60a0388eec8
SHA256: 92B605860FB6DBBB6385FCEBE8E37BBE407A3315A6C5B3079DC2C21022F3BE88
File Size: 4.47 MB, 4467829 bytes
MD5: 25030edc6e953204282137876f07caf2
SHA1: 674cf14a1abd8e6a7bd7602ef75755f82e86814a
SHA256: 58784279DFD65DEF13B867E3F0A519910454C15500A3051C1CE9CAAFEB0620E4
File Size: 3.14 MB, 3142453 bytes
MD5: a3c24f8dd374d147a4dea27612999d22
SHA1: 015b8e8c950eb11de104c7db49f9d365d2942957
SHA256: FFEA14BCE0741E7F787D6511E82113A8014234321D3400A9752C1BBD8B696A1E
File Size: 1.02 MB, 1016055 bytes
MD5: e0cba74303254475c281a751c7be478b
SHA1: 1788c381b31c978f45849352e1243c88cf6697b8
SHA256: D7E44412022C63D383285D1A344656E93EA2AEF70CE867F5980E37F313A61991
File Size: 1.01 MB, 1011711 bytes
MD5: dce352049814523214e67dfa7817388c
SHA1: 7088caf72ae21570a9623f40768e8ddaed2ff11e
SHA256: 10EFD46005BA317B1FBBFB4E71AC15AD30661B491F7570CEFA12F596B22EEAC2
File Size: 3.56 MB, 3558783 bytes
MD5: aba87965fd7ad68cad36708f8882c800
SHA1: 81dfcca5df30f7316845621af1003e03b27cb9be
SHA256: FA34427228EC580488904B153BD23F8314785461C3E1B80D93ADB52B1EBCD88E
File Size: 999.05 KB, 999047 bytes
MD5: 9937178728396485dfb6ecb9706aa02c
SHA1: 39d8d1b0c6e7667392d310731d0cb937f8687ef2
SHA256: B60154F39AB7F6B042A008346C51BDFD6D5BA16662818ED0B7266947EA03E78C
File Size: 8.77 MB, 8766567 bytes
MD5: f2eb5afdb66edbec61c1674c7dc70e31
SHA1: 68a0bdb23123ddb8963d6a4e1ff02fea48b49a7b
SHA256: 7923EB3043F9F97DB723B7789F43E644BCBD5648AA4780D27A75380DFE928A05
File Size: 1.01 MB, 1011711 bytes
MD5: 83664a1eefb77eede42291c0a3142cf2
SHA1: ada9a7e9b56810f2acb59c19b2331a71a3639f84
SHA256: 24034231A835B7572CF36B22523558AC4CCABB2BF3801A042ED71A08F383F222
File Size: 2.78 MB, 2781407 bytes
MD5: ce7dd3d6ca8e58cffb4785a8caf948ba
SHA1: 6ac5a8727884764e6c038b87e6441b4779c9d1c1
SHA256: 34A1138CE9403BD47C2E868F9EF1F00C386E3D66F687D1C111485B65323DF9B9
File Size: 1.01 MB, 1011711 bytes
MD5: 53a2cdc02d4107a447ab60a0cc0ac277
SHA1: 162c9dd5e878bb68f3c8721d795d5513b3b3a9ca
SHA256: 7470689C5575381085867E5C0AE9DF36C20E2B6748329617BABA2F6AFAA3F605
File Size: 3.19 MB, 3194015 bytes
MD5: 5a328c2d017b9e73a2a5dcc80d5e1d1e
SHA1: 800b18aec75a9480fe3d8f2f911c5685ef149aaf
SHA256: 64AA494B589F59192B16CF25CECC2E7E8B18E101BA52198F6654A212CA5390DC
File Size: 2.45 MB, 2449103 bytes
MD5: 80d687754882aa3173d9f38c0a3c4eef
SHA1: aedfb841f46002b8d9c636be2c9f2bd419f10f14
SHA256: 17FC123B190AB999A59A30158AAA499EB85DA2DE6403BDCB68D5DD936923982F
File Size: 1.01 MB, 1011711 bytes
MD5: a5dbaa2de226cfa75c8938a64f6dfc81
SHA1: 6a4197392df27acf0bd79c469dce04f08ee6aae8
SHA256: 77C7B6A3236ADD91258B0A26E6810BA72BFD9DC637D661AE6E352151A22878D4
File Size: 999.05 KB, 999047 bytes
MD5: 0d7ba9f1fa17d536fa4a6f8bd525cc47
SHA1: 10b6a0a24abd67cdda53405ace39c29161204ca8
SHA256: 82BBBA0A275DAB1FC6C4C9D1408B16014637D6951BB62A990CAE8D42A846374C
File Size: 999.05 KB, 999047 bytes
MD5: 7fc232689dcab4fc06b1dcb54d919fc4
SHA1: 893c04d916f860d02389e351e4c14b2acf529231
SHA256: 29443879EF9072239245DEF2B7C06CB586F11870B3DDE2396CAED96F69CB6DA8
File Size: 2.12 MB, 2118375 bytes
MD5: c11d2562be5dd35b41592c1dbf70733a
SHA1: 8bd45c2060f406d5c680c6d53f735904a10342ef
SHA256: E50647CCEADFBB822F0BC8B10D8BF766D62BBCB4D915ACDD728E45B1ADADAEFB
File Size: 8.77 MB, 8766567 bytes
MD5: 5b0d4c950b147488d2b352e0d57e7f35
SHA1: 7c56a8cb8bc362ada4a8ae5c17bf85b8c38e3acd
SHA256: 94CD786BE3126DEAC36B420642E41C978A659E2E4602FFC740BBE96431D108B4
File Size: 3.19 MB, 3186205 bytes
MD5: 52ea4475aad021883cd4ab1dcf025f0d
SHA1: 461886f9eb518d4a3dfbe87c3e29d5fcf557e41d
SHA256: 8E52BAD0AFD088FF07A1F0B1DF0A64033D365869ED2820DCDB333F601B6ED74D
File Size: 681.81 KB, 681807 bytes
MD5: 990a0eedfc2492127a46896cd1fdb5b0
SHA1: 4fb2c28ee326c9d6e55a591d69a93c315f2ec908
SHA256: 97FBA40278EB30790224C02F1B13251A2873F31744541A54C5AE54AEB3071A6A
File Size: 9.01 MB, 9006455 bytes
MD5: bcbbcf14b63ee2e24968522b95b11cce
SHA1: 6ab126ebddaa701b1393e28805fb0f73c929bf10
SHA256: BE433A44C9E6248BB531726D48F74B7A9DAAD131921BA629CCD269FBE6B72216
File Size: 8.77 MB, 8766567 bytes
MD5: f649c78cf4f22a24716aab3f5e116c55
SHA1: b60efd6d7cf8827890c94a2054edbea81dbf72d6
SHA256: B852249FABE98AB485FF77E240FE29D46F31BCB8B2913D035AB2474B4B9E57DA
File Size: 1.63 MB, 1625487 bytes
MD5: 966ca84a6d9b5c39b54ad527cb85e998
SHA1: 7d55eb46bbc5391533ef26aeee3f6bacde31b943
SHA256: 8C35D10132464E95F91901B0C631FC4DC9AC4EA63A1642AFEFA4A46FB653179E
File Size: 1.01 MB, 1011583 bytes
MD5: a87c4371a042a340811b934a3f483f6b
SHA1: 88e0b9c9794f15569a4d8ee16ed3ab11277bc84d
SHA256: 90761473CB9373C3289965ADBDB857B7607A7C6E5DF353D8A631886D633815BE
File Size: 9.55 MB, 9554479 bytes
MD5: 5b76f178e24d2e77caad2ccc9a2e218f
SHA1: 2b88419423ffd627fbae4d9d3f51d4ecaa911eaf
SHA256: 476184505BDAB4305822EECC35665BBCCFEC48689409FF0D81B0A6D26FC7EBD4
File Size: 1.01 MB, 1012679 bytes
MD5: b1905e0bd324a509bab39331a0bd16b7
SHA1: e4484966930df026034d060582dd8cc17997ee39
SHA256: 980818E81B2586BA80D9BAA9D2A6F63221AEA810550549A9F6CB2CA4CA09A173
File Size: 427.86 KB, 427855 bytes
MD5: f7dc4ea2b30461a807d1d4e17ad79b01
SHA1: 61c7bb9a555520fabc65178367c01dfe7ba1fda7
SHA256: 882A582EF56AF5881C3647DF863B80C55AC6734F3E75E4F2308606F4C0804078
File Size: 437.01 KB, 437015 bytes
MD5: e7b29a1bd7d10cbe5babe925233afb1e
SHA1: 6581d56401077935e017b8276e27c7fe28d8c010
SHA256: C9D9415EF550C121B06195B110D8AEC5A0B404233CA796DC691F5DA9EBDC3E10
File Size: 1.01 MB, 1011711 bytes
MD5: 3df382a19c53fe92a027f8c6f9d9433b
SHA1: e0d85c731c1782b4830f0bb72e1e6d8869cf7e41
SHA256: C325DE8C668B124E7C044A5EA40466713F8E6D15C7DD88B59F805C783C0708F5
File Size: 2.12 MB, 2118375 bytes
MD5: be0d434445b55fbaf585f8a3bd212cb1
SHA1: 45cd58dd95a6c581d2f1668b247e326efafdcbe2
SHA256: 053DAAD03D6BAEDF75F66894C0136243EA97C43E794E582D14B248F36E48A04B
File Size: 8.77 MB, 8766567 bytes
MD5: 1bce5df93c1c49efef9e13e11e3dbf60
SHA1: fa94bc359aba1e5cc5cdc8fe64d2f062cca0904d
SHA256: B1AB063BA6EA62F011D4CFFA74453DA3B34722F5A9F9F3C831176AB974A07347
File Size: 2.21 MB, 2207151 bytes
MD5: d59c0df7d81f8d57ed369052ce06b5f8
SHA1: e45df5135fab0d8a2b0106e2c78242538283da55
SHA256: DBB4DCC075D3FE2D6F0FADB163C91532DD437B57C504A450374BDC5A3CC6EF9A
File Size: 1.66 MB, 1659271 bytes
MD5: ef11b034b99efae449cee60aa40ebd2d
SHA1: baa1d750bb070a7dc7d400d1e61cc6f9b7214c72
SHA256: D02A683BC67E8BD70D38FCC0C011B329E51777F0E311541CA08552BDF543DDFB
File Size: 1.63 MB, 1625487 bytes
MD5: 35dcfc06bfc78005a0c8f073a67b2a07
SHA1: 8cac03148ab76eadf2c31fa0233bd24e1d1159ee
SHA256: 44457347F5639BD4236AD4D5573ABAB305CB5B7FEACD8653E62E186D701E40DE
File Size: 9.55 MB, 9554479 bytes
MD5: 269cbbbd5d622036f60824d52da79487
SHA1: 0738d08e218afeff14e8422ee827b720b4f33794
SHA256: 7A283486F0FA01C254C9149E74C6BC7AD8BF467CB08B8DA932E9C66D35EB793D
File Size: 999.05 KB, 999047 bytes
MD5: 05aa0906cec095de9bbf25ad1953013a
SHA1: 354090bbb3d12e1540bbc3bdc02ce5e4cfe445a8
SHA256: EB7C44FF554E73CC65631A4004C81793F62E0D0857BA742DFB02EA81FB34AADF
File Size: 1.69 MB, 1691079 bytes
MD5: d8fe0b40ecefb9479b2f7f2f137b5579
SHA1: fce8e2b731663867b0c82c5db69d1ce1e51deb44
SHA256: C0EB715D4F31823BF2E4AAAFF9D7E69B46619C9F788FC877D7B748F9634E8C5B
File Size: 1.66 MB, 1659847 bytes
MD5: af5bb35e0f6db13f93c7d617219bdcec
SHA1: f375c0d0f389a2fdf0c4eecc39cfd1133c515d01
SHA256: 654278E71CDE41E4BC92FE48A80725C119B08D6CFBCDD29ACB15E6F13F9B9FF4
File Size: 3.14 MB, 3138351 bytes
MD5: 7b50f0b07fec7eb090dc2dbd15598166
SHA1: 3582b26ee0741eddc1b6ca9fb2814d03e5888d49
SHA256: A05B01EEB10A9398EF32C5033392F088ECC5BB27C27F25009D181620EB55C6F1
File Size: 1.65 MB, 1653135 bytes
MD5: 73775f9eda0a833bb03191383e39baff
SHA1: a299f3b82dcc9207ef61f9ab3bf17a008f4dcb90
SHA256: 114D14648DC1BA903055746E7B6EAA5EEE34CB611627642DABAD5FDAEB01EEDA
File Size: 5.16 MB, 5156647 bytes
MD5: 4ba5ed1ad81c9813d8a8093bc8fe2867
SHA1: 901d8857f50bd5807c35f96d370c05394f9479cf
SHA256: 49ADF7865E5601E94FA291C9146ABCFEEA7E0C201D78B4AE72C18B78901C9AB0
File Size: 7.37 MB, 7366111 bytes
MD5: aa2ff064a9a2692bed77ce912096138c
SHA1: fafa8e53c289be0e4ab607df9ac861c349c7a4d3
SHA256: 72D3107819C7F144DFDA8E6C0D670BA4D62A83039219C9C3B72374EE99077FC0
File Size: 8.77 MB, 8766567 bytes
MD5: 4ab79d8eae89c34df840a0b0e08995ae
SHA1: f74e17bb94e7b551c88df20104ebab3cd8c4cd26
SHA256: 8490DD18E24F42770B7640BC1A58C981C86C615ED78DDE0A9860CFD8404D27D5
File Size: 3.18 MB, 3179695 bytes
MD5: 3dd84e7db6e2bffebb81803062f7d04b
SHA1: 8ea3a8e0d80466ed6f082b64396f06ba45c02243
SHA256: 0B64CBDBA2AA27C4ED4CB57673420B74250E4BED7DE0D83FBB39F038490C0A39
File Size: 1.01 MB, 1011711 bytes
MD5: ab2dd19e7f99ddac4db6325d0e998f02
SHA1: 86f5d59b3a02516c94ce1125479ded88aaaa1e66
SHA256: 9600A10105B86AAD72905486131C9DBCD90653750948A0792C8E60786ECA8064
File Size: 1.01 MB, 1011711 bytes
MD5: f0301a8b51c5b69b0628d3f3e5918f22
SHA1: 50ca97950e39262b197722ec5dcefc03c9a9a1bc
SHA256: 586FF3A303EA4C2506C2681BC8AF9789D252027F1C9DACFF5F4D035C6861A95D
File Size: 8.77 MB, 8766567 bytes
MD5: 88e8ff68fe63cd1a7396e27e7cb81af6
SHA1: 371a5e39036982dbac15491fe540c2c6d689d84e
SHA256: 30701481367613609BA987ED2FD4635FF7C246367F58C686D368C47AA448EEAD
File Size: 1.17 MB, 1169431 bytes
MD5: 85d8421de0447fd1ee81f48cc11443a3
SHA1: 5ad6cfc14866f4f719bdcf9b3d3bbe80ef0bc9bd
SHA256: 72834D21EFE427E17EDAF7EBE8CF9BF659AC168EEDDB90404C75DD7B03EDE759
File Size: 999.05 KB, 999047 bytes
MD5: ef08b231765e279c6da0c25a1c8cf588
SHA1: 4da789c2c62228e1769515470153feae975cbec8
SHA256: 3236E17DF39E12E4615D50BAB243BF73E31605A58AFCB41BB362074AF5A83EC6
File Size: 3.84 MB, 3844591 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

12 additional icons are not displayed above.

Windows PE Version Information

Name Value
Build Date
  • Fri May 11 2018 11:15:36
  • Wed Mar 04 2020 11:54:30
Build Version
  • 6.6.0.204,6.6
  • 5.0.0.950,5.0
Comments
  • CxImage 7.0.1.0 CRT DLL
  • http://www.autoitscript.com/autoit3/
  • Used by TeamViewer Remote Control
Company Name
  • Adobe Inc.
  • Adobe Systems, Incorporated
  • Adobe Systems Incorporated
  • AdvancedWindowsManager
  • ASUSTeK COMPUTER INC.
  • AutoIt Team
  • BitTorrent Inc.
  • Blizzard Entertainment
  • BraveSoftware Inc.
  • BrightData Ltd.
Show More
  • DEVGURU Co., LTD.
  • EnigmaSoft Limited
  • Epic Games, Inc
  • Euro-Server S.r.o.
  • Famatech Corp.
  • Flextech Inc.
  • Gaijin
  • Gen Digital Inc.
  • Google LLC
  • Intel Corporation
  • Micro-Star Int'l Co., Ltd.
  • Microsoft Corporation
  • Pizzolato Davide - www.xdp.it
  • Roblox Corporation
  • Sysinternals - www.sysinternals.com
  • TeamViewer Germany GmbH
  • WORKPRODUCT, INC.
  • Zhuhai Kingsoft Office Software Co.,Ltd
  • 联想软件
File Description
  • Adobe Genuine Software Integrity Service
  • Adobe Reader and Acrobat Manager
  • Adobe Update Service
  • AutoIt v3 Script
  • Battle.net Admin Agent
  • BraveSoftware Update
  • BrightData service allows free use of certain features in an app you installed
  • CCleaner CCleaner emergency updater
  • CCleaner Software Updater Host
  • ChimeraTool mobile service software
Show More
  • Configuration for Visual Studio Setup
  • cximage
  • EasyAntiCheat Service
  • EnigmaSoft Installer
  • Gaijin.Net Updater
  • Google Update
  • Intel(R) Local Management Service
  • LightingService
  • Microsoft Edge Update
  • Microsoft OneDrive Shell Extension
  • Microsoft® C Runtime Library
  • MSI Center Service
  • MSS CS Connectivity Service
  • OB Installer
  • Radmin VPN Control Service
  • Roblox
  • Standalone Updater
  • Sysinternals Process Explorer
  • Systenternals ADRestore
  • TeamViewer
  • Tenorshare SoftwareLog Library
  • Windows Updater 5.0.5
  • WPS Uninstall Application
  • µTorrent Helper
  • 联想帐号
File Version
  • 2444.7.1.0
  • 2025.11.4.647
  • 25.222.1112.0002
  • 25.1.17.0
  • 23.038.0219.0001
  • 21.220.1024.0005
  • 16.22
  • 15.71.4.0
  • 12.00.20617.1 built by: PREVIEW
  • 12,2,0,23196
Show More
  • 7, 0, 1, 0
  • 6.6.0.204
  • 6, 0, 0, 0
  • 5.0.5
  • 5.0.0.950
  • 4.3.2028.6109
  • 4.3.0.256
  • 3.2025.0203.1
  • 3.08.18.0
  • 3.0.919.5476
  • 3.0.891.5380
  • 3, 3, 14, 5
  • 3, 3, 14, 2
  • 3, 3, 12, 0
  • 3,0,0,136
  • 2.39.2.9262
  • 2.18.0.0
  • 2.17.17.0
  • 2.17.7.0
  • 2.17.0.0
  • 2.6.9.0
  • 2.1.13.3217
  • 2.1.11.3203
  • 2.0.4899.9
  • 1.824.460.1149
  • 1.824.460.1120
  • 1.824.460.1110
  • 1.824.460.1102
  • 1.824.460.1067
  • 1.824.460.1032
  • 1.562.221
  • 1.42.4.156
  • 1.42.2.150
  • 1.3.361.151
  • 1.3.173.55
  • 1.3.81.10
  • 1.3.36.372
  • 1.2
  • 1.1.0.223
  • 1.00
  • 1.0.56
  • 1.0.51
  • 1, 6, 3, 7020636
  • 1, 00, 0000, 0
Internal Name
  • AdminHelper
  • AdobeARM.exe
  • Adobe Genuine Software Integrity Service
  • Adobe Update Service
  • adrestore
  • AutoIt3.exe
  • BraveSoftware Update
  • CCUpdate
  • chimera_browser
  • Client Application
Show More
  • cximage
  • EasyAntiCheat.exe
  • Gaijin.Net Updater
  • Google Update
  • helper.exe
  • Installer.exe
  • KUninstall
  • LightingService.exe
  • LMS
  • lsf_lenovoid_win.exe
  • Microsoft.VisualStudio.Setup.Configuration.Native
  • Microsoft Edge Update
  • MSI Central Service.exe
  • msvcr120.dll
  • net_updater.exe
  • OB Installer
  • OneDriveStandaloneUpdater.exe
  • Process Explorer
  • RvControlSvc.exe
  • SoftwareLog.dll
  • TeamViewer
  • TJprojMain
  • wa_3rd_party_host_32.exe
  • Windows Updater
Language Id en
Legal Copyright
  • Copyright (c) 2007-2021 Tenorshare Co.,Ltd.
  • Copyright (C) 2010 Mark Russinovich
  • Copyright (C) 2016
  • Copyright (C) 2025 AdvancedWindowsManager
  • Copyright (c) 2026 Gen Digital Inc. All rights reserved.
  • Copyright (C) ASUSTeK COMPUTER INC. 2015-2024
  • Copyright (C) DEVGURU 2002-2013 (www.devguru.co.kr)
  • Copyright 2014 Adobe Systems Incorporated. All rights reserved.
  • Copyright 2016-2024. EnigmaSoft Limited. All rights reserved.
  • Copyright 2016-2025. EnigmaSoft Limited. All rights reserved.
Show More
  • Copyright 2018 Google LLC
  • Copyright 2025 Adobe Inc. All rights reserved.
  • Copyright 2025 WORKPRODUCT, INC.
  • Copyright Microsoft Corporation
  • Copyright © 1998-2018 Mark Russinovich
  • Copyright © 2001 - 2011
  • Copyright © 2006-2024, Intel Corporation. All rights reserved.
  • Copyright © 2017-2025 Famatech Corp. and its licensors. All rights reserved.
  • Copyright © 2020 Adobe Inc. All rights reserved.
  • Copyright © 2020 Micro-Star INT'L CO., LTD.
  • Copyright © 2020 Roblox Corporation. All rights reserved.
  • Copyright © 2023 Adobe Inc. All rights reserved.
  • Copyright © 2025 Bright Data Ltd.
  • Copyright © 2025 Gen Digital Inc. All rights reserved.
  • Copyright©2025 Kingsoft Corporation. All rights reserved.
  • Copyright © Epic Games, Inc
  • Euro-Server S.r.o.
  • Flextech. All rights reserved.
  • TeamViewer Germany GmbH
  • ©1999-2014 Jonathan Bennett & AutoIt Team
  • ©1999-2018 Jonathan Bennett & AutoIt Team
  • © 2013-2017 Adobe. All rights reserved.
  • © 2023-2025 Blizzard Entertainment Inc.
  • © Gaijin Games KFT
  • © Microsoft Corporation. All rights reserved.
  • ©1999-2015 Jonathan Bennett & AutoIt Team
  • ©2023 BitTorrent Limited. All Rights Reserved.
Legal Trademarks Copyright (C) 1998-2018 Mark Russinovich
Original File Name Windows Updater.exe
Original Filename
  • AdobeARM.exe
  • Adobe Update Service.exe
  • adrestore
  • AgentHelper.exe
  • AGSService.exe
  • AutoIt3.exe
  • CCUpdate.exe
  • chimera_browser.exe
  • cximagecrt.dll
  • EasyAntiCheat.exe
Show More
  • FileSyncShell.dll
  • Gaijin.Net Updater
  • goopdate.dll
  • helper.exe
  • Installer.exe
  • KUninstall.exe
  • LightingService.exe
  • LMS.exe
  • Lsf.exe
  • Microsoft.VisualStudio.Setup.Configuration.Native.dll
  • msedgeupdate.dll
  • MSI Central Service.exe
  • msvcr120.dll
  • OBUpdateService.exe
  • OneDriveStandaloneUpdater.exe
  • Procexp.exe
  • Roblox.exe
  • RvControlSvc.exe
  • SoftwareLog.dll
  • TJprojMain.exe
  • tv_w32.dll
  • wa_3rd_party_host_32.exe
Product Id
  • piriform-cc
  • piriform-ccl
Product Name
  • Adobe Genuine Software Integrity Service
  • Adobe Reader and Acrobat Manager
  • Adobe Update Service
  • adrestore
  • AutoIt v3 Script
  • Battle.net Admin Agent
  • BraveSoftware Update
  • Bright SDK
  • CCleaner
  • ChimeraBrowser
Show More
  • cximage
  • EasyAntiCheat
  • Gaijin.Net Updater
  • Google Update
  • Installer
  • Intel(R) Management and Security Application Local Management Service
  • LightingService
  • Microsoft Edge Update
  • Microsoft OneDrive
  • Microsoft® Visual Studio® 2013 Preview
  • MSI Center Service
  • MSS CS
  • OB
  • Process Explorer
  • Project1
  • Radmin VPN
  • Roblox Bootstrapper
  • TeamViewer
  • Tenorshare Product Library
  • Visual Studio
  • Windows Installer
  • WPS Office
  • µTorrent Helper
  • 联想帐号
Product Version
  • 2450.7.2.0
  • 25.222.1112.0002
  • 25.1.17.0
  • 23.038.0219.0001
  • 21.220.1024.0005
  • 16.22
  • 15.71.4.0
  • 12.00.20617.1
  • 12,2,0,23196
  • 7.4.1172.0
Show More
  • 7, 0, 1, 0
  • 6.6.0.204 BuildVersion: 6.6; BuildDate: Wed Mar 04 2020 11:54:30
  • 6, 0, 0, 0
  • 5.0.5
  • 5.0.0.950 BuildVersion: 5.0; BuildDate: Fri May 11 2018 11:15:36
  • 4.3.2028+17ddeff0c9
  • 4.3.0.256
  • 3.2025.0203.1
  • 3.08.18.0
  • 3.0.919.5476
  • 3.0.891.5380
  • 3, 3, 14, 5
  • 3, 3, 14, 2
  • 3, 3, 12, 0
  • 3,0,0,136
  • 2.39.2.9262
  • 2.18.0.0
  • 2.17.17.0
  • 2.17.7.0
  • 2.17.0.0
  • 2.6.9.0
  • 2.1.13.3217
  • 2.1.11.3203
  • 2.0.4899.9
  • 1.824.460.1149
  • 1.824.460.1120
  • 1.824.460.1110
  • 1.824.460.1102
  • 1.824.460.1067
  • 1.824.460.1032
  • 1.562.221
  • 1.42.4.156
  • 1.42.2.150
  • 1.3.361.151
  • 1.3.173.55
  • 1.3.81.10
  • 1.3.36.372
  • 1.2
  • 1.1.0.223
  • 1.00
  • 1.0.56
  • 1.0.51
  • 1, 6, 3, 7020636
  • 1, 00, 0000, 0
Special Build
  • b/build/2c205c5c-e050-0ffd-f7d0-63786687edbc
  • b/build/99ef318f-4a5e-3f26-1aec-9189e9879a9a
  • b/build/4962c20a-a1e3-6817-e82e-9b4142a5b4e1
  • uthelper
Upstream Version 1.3.99.0

Digital Signatures

Signer Root Status
Adobe Inc. DigiCert EV Code Signing CA (SHA2) Hash Mismatch
Adobe Systems Incorporated DigiCert EV Code Signing CA (SHA2) Hash Mismatch
Adobe Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Blizzard Entertainment, Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Bright Data Ltd DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Show More
Famatech Corp. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Gen Digital Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Google LLC DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Griff Gate Pte. Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Roblox Corporation DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Samsung Electronics CO., LTD. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Zhuhai Kingsoft Office Software Co., Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
ASUSTeK COMPUTER INC. DigiCert Trusted Root G4 Hash Mismatch
BitTorrent Inc DigiCert Trusted Root G4 Hash Mismatch
Brave Software, Inc. DigiCert Trusted Root G4 Hash Mismatch
Bright Data Ltd DigiCert Trusted Root G4 Hash Mismatch
EnigmaSoft Limited DigiCert Trusted Root G4 Hash Mismatch
Samsung Electronics CO., LTD. DigiCert Trusted Root G4 Hash Mismatch
TeamViewer Germany GmbH DigiCert Trusted Root G4 Hash Mismatch
Tenorshare (Hongkong) Limited DigiCert Trusted Root G4 Hash Mismatch
Zhuhai Kingsoft Office Software Co., Ltd. DigiCert Trusted Root G4 Hash Mismatch
FLEXTECH INC. GlobalSign Hash Mismatch
MICRO-STAR INTERNATIONAL CO., LTD. GlobalSign Code Signing Root R45 Hash Mismatch
AutoIt Consulting Ltd GlobalSign CodeSigning CA - G2 Hash Mismatch
AutoIt Consulting Ltd GlobalSign CodeSigning CA - SHA256 - G3 Hash Mismatch
Promresurs LLC GlobalSign Extended Validation CodeSigning CA - SHA256 - G3 Hash Mismatch
GAIJIN NETWORK LTD GlobalSign GCC R45 EV CodeSigning CA 2020 Hash Mismatch
EasyAntiCheat Oy GlobalSign Root CA Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA 2010 Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA 2011 Hash Mismatch
Microsoft Corporation Microsoft Windows Code Signing PCA 2024 Hash Mismatch
Microsoft Windows Hardware Compatibility Publisher Microsoft Windows Third Party Component CA 2012 Hash Mismatch
WORK PRODUCT, INC. SSL.com EV Code Signing Intermediate CA RSA R3 Hash Mismatch
Gen Digital Inc. Sectigo Public Code Signing CA R36 Hash Mismatch
Intel Corporation Sectigo Public Code Signing Root R46 Hash Mismatch
ORYON TECH LIMITED Sectigo Public Code Signing Root R46 Hash Mismatch
Adobe Systems Incorporated Symantec Class 3 Extended Validation Code Signing CA - G2 Hash Mismatch
Lenovo Symantec Class 3 SHA256 Code Signing CA Hash Mismatch
Brother Industries, Ltd. VeriSign Class 3 Public Primary Certification Authority - G5 Hash Mismatch
Samsung Electronics Co., Ltd. VeriSign Class 3 Public Primary Certification Authority - G5 Hash Mismatch

File Traits

  • 2+ executable sections
  • 7-zip (In Overlay)
  • 7-zip SFX
  • Autoit
  • Badsig autoit
  • big overlay
  • CryptUnprotectData
  • dll
  • fptable
  • HighEntropy
Show More
  • Installer Version
  • JMC
  • No Version Info
  • ntdll
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 8,751
Potentially Malicious Blocks: 15
Whitelisted Blocks: 4,398
Unknown Blocks: 4,338

Visual Map

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? ? ? 0 0 ? ? 0 ? 0 0 0 0 ? 0 ? 0 ? ? ? 0 ? ? 0 0 0 0 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 1 ? 0 ? 0 0 ? ? 1 ? ? 1 ? ? ? 1 1 0 ? ? ? 0 ? ? ? 0 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 x 0 0 0 ? 0 ? ? 0 0 0 0 0 0 ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 ? ? 0 0 0 0 ? 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? ? 0 0 0 0 0 ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 0 ? 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 ? 0 ? 0 ? ? 0 ? 0 ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 0 0 ? ? 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 ? ? 0 0 0 0 ? 1 0 ? ? 0 0 ? 0 0 0 0 0 ? 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 ? ? 0 ? ? 0 0 0 ? ? 0 0 0 ? 0 0 ? 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 1 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 ? 0 0 0 ? 0 ? 0 0 0 0 ? 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? 0 0 0 0 ? ? 0 ? 0 ? 0 0 0 0 ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 ? 0 ? ? 0 0 ? ? ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 0 0 0 ? 0 ? ? ? ? ? 0 ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? 0 ? ? ? 0 0 0 ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 ? 0 0 ? ? ? 0 ? 0 ? 0 ? 0 0 0 ? 0 ? ? 0 0 0 ? ? ? 0 0 0 0 0 0 ? ? 0 0 0 ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? ? 0 ? ? 0 0 ? ? 0 ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? 0 ? ? 0 ? 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 ? 0 ? 0 0 0 ? 0 ? ? 0 0 ? ? 0 ? 0 0 ? 0 ? ? ? ? ? 0 ? ? 0 ? ? 0 ? ? ? ? ? ? 0 ? ? 0 ? ? ? 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.FDTA
  • Agent.MAC
  • Agent.TJA
  • Autoit
  • BadJoke.FH
Show More
  • BadJoke.JB
  • BadJoke.XAB
  • CobaltStrike.EK
  • Coroxy.D
  • Delf.Q
  • DialupPass.A
  • Filecoder.GYT
  • Filecoder.VBC
  • Gamehack.PGA
  • Keylogger.KG
  • Kryptik.JON
  • LockerGoga.F
  • Philadelphia.A
  • Philadelphia.B
  • Quasar.U
  • Redline.FAF
  • Trojan.Downloader.Gen.NL
  • Trojan.Filecoder.Gen.AG
  • Trojan.Filecoder.Gen.C
  • Vidar.FA

Files Modified

File Attributes
\device\namedpipe\32b6b37a-4a7d-4e00-95f2-6f0bf3de3e001290184913thsnyavieboda Generic Write,Read Attributes
\device\namedpipe\dav rpc service Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll.dat Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll.tmp Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\msedgeupdate.dll Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\msedgeupdate.dll Synchronize,Write Data
Show More
c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\msedgeupdate.dll.dat Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\msedgeupdate.dll.tmp Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\install\{410be7ab-f924-4a5b-9ecb-43dfa053d586}\microsoftedgeupdatesetup_x86_1.3.211.7.exe Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\install\{410be7ab-f924-4a5b-9ecb-43dfa053d586}\microsoftedgeupdatesetup_x86_1.3.211.7.exe Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\install\{410be7ab-f924-4a5b-9ecb-43dfa053d586}\microsoftedgeupdatesetup_x86_1.3.211.7.exe.dat Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\install\{410be7ab-f924-4a5b-9ecb-43dfa053d586}\microsoftedgeupdatesetup_x86_1.3.211.7.exe.tmp Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000 Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_256.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_32.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rteghn.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rteghn.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rteghn.exe Synchronize,Write Attributes
c:\windows\2ca840 Generic Write,Read Attributes
c:\windows\system.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\temp\13394.txt Generic Write,Read Attributes
c:\windows\temp\adobearm.log Generic Write,Read Attributes
c:\windows\temp\armreport.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\temp\armreport.ini Generic Write,Read Attributes
c:\windows\temp\armui.ini Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls C:\PROGRA~1\COMMON~1\System\symsrv.dll RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::1 Z1畋扩潹瑲B 뻯.Kuibyort RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::0 \1坛㰨佄啃䕍ㅾD 뻯啫嬯夸匹.샒documents RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::mrulistex ￿￿ RegNtPreCreateKey
Show More
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::nodeslot … RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bags\133\shell::sniffedfoldertype Documents RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKCU\software\stvncyfrlda::m1_0 䱞Ꮞ RegNtPreCreateKey
HKCU\software\stvncyfrlda::m2_0 ׁ RegNtPreCreateKey
HKCU\software\stvncyfrlda::m3_0 権ă RegNtPreCreateKey
HKCU\software\stvncyfrlda::m4_0 RegNtPreCreateKey
HKCU\software\stvncyfrlda\168128873::1735290733 ` RegNtPreCreateKey
HKCU\software\stvncyfrlda\168128873::-824385830 RegNtPreCreateKey
HKCU\software\stvncyfrlda\168128873::910904903 RegNtPreCreateKey
HKCU\software\stvncyfrlda\168128873::-1648771660  RegNtPreCreateKey
HKCU\software\stvncyfrlda\168128873::86519073 C RegNtPreCreateKey
HKCU\software\stvncyfrlda\168128873::1821809806 http://slwocfd/sobaka1.gifhttp://46.105.103.219/sobakavolos.g RegNtPreCreateKey
HKCU\software\stvncyfrlda\168128873::-737866757 RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::1 Z1浇瑪桶煴B 뻯.Gmjtvhtq RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::0 \1坛㰨佄啃䕍ㅾD 뻯啫嬯存暙.⦰샒documents RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::nodeslot è RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bags\232\shell::sniffedfoldertype Documents RegNtPreCreateKey
HKCU\software\sysinternals\process explorer::originalpath c:\users\user\downloads\ada9a7e9b56810f2acb59c19b2331a71a3639f84_0002781407 RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::1 Z1畐潸歵晥B 뻯.Puxoukef RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::0 \1坛㰨佄啃䕍ㅾD 뻯啫嬯宒䄕.蓡,샒documents RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::nodeslot Ù RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bags\217\shell::sniffedfoldertype Documents RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerName
  • GetUserObjectInformation
Network Winhttp
  • WinHttpOpen
Network Winsock2
  • WSAStartup
Service Control
  • StartServiceCtrlDispatcher
Other Suspicious
  • SetWindowsHookEx
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7088954bbc9eb77c4546e5c1a7f05ceeab6a54dd_0001044503.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c2d413feafd78c81b61c7008fb04cb2f6d128065_0002246007.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5d5d5c41612df655b87253ed294bdc886d135ae8_0000573231.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4f69d90487e4ec46411c0f1648117b270652bd4a_0002118375.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2fc40197b5a5b1b0168ef6e5ff851b6652d3c238_0001169431.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5fc9270410b1fd3c71aee016d35f7e0f4daa5ccf_0001169431.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\761322f1d0d224c9dc14b824a16a4c7a103a7f86_0002686255.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ddbf9effe3b63be8b0b6b315007297486e55ab57_0001226783.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ad84c3007ef98e5eb9139c7a7a28d34103c55973_0001123183.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2b31d0665ad167f4194d30a964d5ed958a31863c_0001169431.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\893c04d916f860d02389e351e4c14b2acf529231_0002118375.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\461886f9eb518d4a3dfbe87c3e29d5fcf557e41d_0000681807.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e0d85c731c1782b4830f0bb72e1e6d8869cf7e41_0002118375.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\371a5e39036982dbac15491fe540c2c6d689d84e_0001169431.,LiQMAxHB

Trending

Most Viewed

Loading...