Virus.Obfuscator.AAO

By CagedTech in Viruses

Threat Scorecard

Popularity Rank:	1,277
Threat Level:	80 % (High)
Infected Computers:	46,384

First Seen:	February 25, 2013
Last Seen:	February 6, 2026
OS(es) Affected:	Windows

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Panda	Generic Trojan
AVG	Dropper.Generic6.BPRF
Fortinet	W32/Zbot.MZ!tr
AhnLab-V3	Spyware/Win32.Zbot
AntiVir	TR/Obfuscate.aao.5
BitDefender	Gen:Variant.Zusy.18016
Kaspersky	Trojan-Dropper.Win32.Dapato.brjb
Avast	Win32:Downloader-QMV [Trj]
Symantec	Suspicious.Cloud.5
CAT-QuickHeal	TrojanDropper.Dapato.brjb
AntiVir	TR/Agent.32256.145
BitDefender	Trojan.Generic.6984125
K7AntiVirus	Riskware
McAfee	Artemis!D46DB521BA89
Panda	Generic Malware

SpyHunter Detects & Remove Virus.Obfuscator.AAO

File System Details

Virus.Obfuscator.AAO may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	svchost.exe	d46db521ba89671d86a650a403691b75	15
Name: svchost.exe MD5: d46db521ba89671d86a650a403691b75 Size: 32.25 KB (32256 bytes) Detections: 15 Type: Executable File Path: %PROGRAMFILES%\FIle Group: Malware file Last Updated: February 26, 2013
2.	sqlncli.exe	ede614548a976bbfb2a5b3e9e59290b0	4
Name: sqlncli.exe MD5: ede614548a976bbfb2a5b3e9e59290b0 Size: 71.68 KB (71680 bytes) Detections: 4 Type: Executable File Path: %LOCALAPPDATA%\Microsoft\Windows\2575 Group: Malware file Last Updated: February 25, 2013
3.	termmgr.exe	7c055c8b0f24614c335a6d852f854067	2
Name: termmgr.exe MD5: 7c055c8b0f24614c335a6d852f854067 Size: 89.6 KB (89600 bytes) Detections: 2 Type: Executable File Path: %LOCALAPPDATA%\Microsoft\Windows\758 Group: Malware file Last Updated: May 1, 2013

Analysis Report

General information

Family Name:	Trojan.Floxif.E
Signature status:	Hash Mismatch

Known Samples

MD5: da915612bc53c1e7cc4e819e92903502

SHA1: c511f1a7ea5bbf50671f19b73916d2e507644b52

File Size: 7.37 MB, 7366111 bytes

MD5: aff776ae166e1cd29583c3df85c24a7e

SHA1: d2d37268499c058831fd0bbf252b4774af1661f2

File Size: 7.37 MB, 7366111 bytes

MD5: 1dcb51d7c0cd9279dcfa151b4ee176de

SHA1: 4ff32bc4f38012d34bcf0758d2fbe2bee19525af

File Size: 7.37 MB, 7366111 bytes

MD5: 259b14376c55f136134e1d1410078235

SHA1: 5f0dba6c498524885404e9fb5732037e91bf36c0

File Size: 7.98 MB, 7982855 bytes

MD5: 92faa614df3c3c5c8f3af66a47f1e3e7

SHA1: 4d1c36352ab3dd127b43944af789150387591a60

File Size: 7.37 MB, 7366111 bytes

MD5: ae89d9694240897610906fe982a421f5

SHA1: d9e55da7aea967563c3cd09338e40542c9a9fc04

File Size: 8.94 MB, 8937623 bytes

MD5: e8a8617ff0411f7e3892e1161f6d9fbe

SHA1: a059fd1780108b4366376f03897855aa757415c9

File Size: 7.37 MB, 7366111 bytes

MD5: ccbbac122a95c2e694d2193bf63d21df

SHA1: 12f0f7888679cd82da7f52597e84f4ba15f9bbbd

File Size: 2.93 MB, 2931822 bytes

MD5: 2f45099984064769503b18b4396995ca

SHA1: 6f9a84e844535921be8cbb10f5c9bdf728935e72

File Size: 3.56 MB, 3555919 bytes

MD5: 288b38cd98594e71e9c586de04841aa6

SHA1: 4df6e00653701708b5f39866675435a316692c0c

File Size: 5.71 MB, 5710087 bytes

MD5: d3efb971e7896b36733a8f5aeee09f3c

SHA1: 25960c4f78f761e911b4f4c250c1dcf943a27c69

File Size: 7.37 MB, 7366111 bytes

MD5: fc127c8c17377af33e3e58f80bfbd969

SHA1: 90ca19d84229121c0d61d7db670e7b95cf20c001

File Size: 2.66 MB, 2664151 bytes

MD5: ca5a5c8b89125a496fa3d111d89c5358

SHA1: 39d72476d416d8951a44663a48715e9ba6f5065a

File Size: 7.37 MB, 7366111 bytes

MD5: 75e9c67ece5f66f4c86561c5714ec8e3

SHA1: 5db16cdff03199013e7a9ad511577cdc0a5539a3

File Size: 534.00 KB, 533999 bytes

MD5: d0b5ea59d64cb3099e7e26fedc951da8

SHA1: a03ec6aca372d9832e6c2b3d84e3b66389d6944c

File Size: 301.06 KB, 301063 bytes

MD5: 76803bcb9a95038e684bd448a3a80141

SHA1: 8a7b3388c5ba964ca86a11c8f34e102129c7f5c2

File Size: 8.00 MB, 8002943 bytes

MD5: f586180d60713f2a91846869de02cc11

SHA1: eeef52e2d4c7385f73f3fb1125d294115f631245

SHA256: B2B55EF5D98B479814AD646159533FEF8E2ECDC21F32CC5069F26B007BF86E81

File Size: 3.55 MB, 3545135 bytes

MD5: 4f1fe0d507f1108d6f6d55c22a17f04c

SHA1: 5123aa412f89e2388b1eb683a5ad7b63c7b99b46

SHA256: 3E78271DBE0D4460BE2910DF12FF16A7E706AD326039F1CADED605E26C5570BC

File Size: 3.83 MB, 3825799 bytes

MD5: 21c4405e48574acd34ea0af80dd94f76

SHA1: f1682beb2adbd2566f51f77e396273625ecc4667

SHA256: 27953820AB46822076A432627CDA07081A951E87774F13ECE22E9BB4EDF98072

File Size: 8.88 MB, 8876247 bytes

MD5: 9244910e1ffbaf72767f3a00b59de28c

SHA1: 66f6250c292c9cf4322dc8862f0abcfcd634a54a

SHA256: 662AC7D1963FAEDDFABBE6AC7CD7C129182690DB83E6E78EA06A0CFA635B20F3

File Size: 7.46 MB, 7456215 bytes

MD5: 3a32e917fe9634a101b271e967dad711

SHA1: 9542e076257cbb90ee64cbb134e1a6867f73833e

SHA256: 2A8A3E30CCEACF6B0ED87A1A7341C594F9518B3096AF19BF640E063FB004C093

File Size: 521.22 KB, 521215 bytes

MD5: 44cac0631ae3b60661d02fabd263ea4a

SHA1: 080b9713856d90daad36384eac5b8c86f76b14a2

SHA256: 75D669A0A78D09E5CD420D68E2EE9623DB2A70CA1EED40A9919D566E4DEBD31E

File Size: 7.37 MB, 7366111 bytes

MD5: 14c25531b2b262ec7ecd040493dc39e1

SHA1: 00d90875058fdb9e8b624fb32062b0bfb9219282

SHA256: 140891302F99DB61D41E5A4646437A6C6DE1B76D0D8BD8FA22C0E2402DBB15B6

File Size: 293.21 KB, 293215 bytes

MD5: dd2600df41eddd06fdb9a2f4ae394702

SHA1: 5feeaeb9ae9670431ea1473f1699b4561581ce61

SHA256: 112C51EAFD5665B9C5C92760A5C67BD7B2AFEC5C95CEACF990F006B3838E6608

File Size: 400.40 KB, 400399 bytes

MD5: d957fbaab3c30fa8effda76da219e11f

SHA1: 4064c27d3a43b1eada5202b323ebc7cfcc3323bc

SHA256: 81BBD7FE69E7D775620641FC719662A14584B7C11C886C70A35FEC2DD5937C0D

File Size: 7.49 MB, 7490207 bytes

MD5: 181cd466fbb0d302f8f87346dfcd1543

SHA1: fcca2eb597b94ddadf0677a80e37de29ec934215

SHA256: 3B16E0A2C1A78587900A224BE0EEBA06790D882A494BD18FB0485DBC171C75DD

File Size: 8.97 MB, 8974623 bytes

MD5: 8a6d4e6ad0c5ceff70e1a552662730a4

SHA1: ff29d5db1f5bc0ac1bdf5001aa35f4ac90df6490

SHA256: 30F9C127029A74B3655BA937D4CD007CA46867AD3BEEC859C4167B1A6965FD3B

File Size: 7.37 MB, 7366111 bytes

MD5: 59065dccc3b6a2f80d005ec1262b03e4

SHA1: d35644cfe3b3b2a9061e4497de2c366371867cbb

SHA256: 4A29B6C97E3C7BC63060C42858B2782D058894FE377F13472F7E6DD40FE87680

File Size: 8.01 MB, 8014719 bytes

MD5: 54aad80cd9ea05faea8860f5d1904edd

SHA1: 3687dfe0127951dd34efb6bc06a8879b45c5ced5

SHA256: 483FD50ABC8039B7E5087390A13A571A3ADCBF426BCB0E97B9C6B2E7C30549C6

File Size: 9.33 MB, 9332181 bytes

MD5: 0789ea5bc0d721e4564211f1c3891d67

SHA1: 131795059cf7b1e34ff813e9e81153c96390d9f5

SHA256: 414167D419AC044202218C11769193643959D1A5DFC234C3E6D8252B331BA4CF

File Size: 7.37 MB, 7366111 bytes

MD5: 00504d39ad8fcbbd26b41d34cd3be12f

SHA1: ca3e55ab263af80fc297f86077603f6be0814a03

SHA256: D3A5D265359D622BB52B60ADC2220AF4AAC16143B5F534C07B5B80D53605B943

File Size: 830.49 KB, 830487 bytes

MD5: ec42b6a5a48b9b72156400bfa9d31371

SHA1: cb64209da339ffbd07e07db9f3597e6eb654cd26

SHA256: DF648D4794BFF968A785D6F52E8E3A205AF8017AE61972E0622FB6B0C90EA0FC

File Size: 1.98 MB, 1978599 bytes

MD5: 6bcbfcaa531419dd89d9caeef29f7237

SHA1: 7a5a7d2662259f791e5f626980e2dd45805d9935

SHA256: 79D4CB9587387CF65DEF8935B0E99544B91719809120F1B115FC761E296402CE

File Size: 1.02 MB, 1022319 bytes

MD5: e831112c5d128036726bd462f9bdc554

SHA1: 01715688e02f32b67d7e1c46b720ae973005a75e

SHA256: 76B3104BE81A3AE678541ED27AFA8612041D184A85278889C5D1285F9522296B

File Size: 8.63 MB, 8631927 bytes

MD5: 7dd551c625fbea3a4ffdc3385e84a79f

SHA1: 6252c572d67c3bf34bcb61329c1fa9cd2dad291a

SHA256: C35CA46972F28356F9E60F991DFFF1CF69A84B2FC66410B70E08EEAA2FDD1C37

File Size: 1.76 MB, 1760951 bytes

MD5: 2a9abfc1362f1c18906d18c92a695943

SHA1: 5169919972461799d3f6de41f3aa242e23adf2d5

SHA256: 3EA3F7BC0F54F02DB8C3D6A04E9F1097E5EA9D2EBA753CE658E61704E76CAE2A

File Size: 3.74 MB, 3736271 bytes

MD5: 43a92225089da17f9a18115208b33427

SHA1: 2d7f53c2ccea8fa2220c89c6d70d36f31a90ae60

SHA256: CBF056C1F1D473BE453ABE1BB785546C678B2DDC9248F3DD77D501191B46DD4C

File Size: 293.23 KB, 293231 bytes

MD5: 03964f84915c2c51af5dbbda39212213

SHA1: e832fa755b08e2ff158945441e04d5b96c180bea

SHA256: 138E72E27EC32C85FA1A72A51AB19AA94D60EE898C915DDDE4F69192756768D5

File Size: 375.52 KB, 375519 bytes

MD5: 97242f3c8efafa1fcc2b8a330a42cc70

SHA1: 12f9eba3a9b5116267eb94603bdb5ecbcbf08e56

SHA256: CF129D48FA29925C036CB729D527913E73EEC0CBF285A144755BC4064DF5004D

File Size: 303.17 KB, 303165 bytes

MD5: b3f08f15a5a88cca5722227d1649eee5

SHA1: 96266e6eccfe69013c829ce25bcb4d06dcf0498b

SHA256: 7E739A2169FA76473BC464DBDE62B1B96E8E4B3AEF8C5459E0CFCC4F28B7364A

File Size: 284.71 KB, 284711 bytes

MD5: abed00b2410b72ad393653c3c0e59811

SHA1: fa9d8a2eeab21da6f470d9a9bd63cc19d7fa910f

SHA256: AE23D087A0EBAEB06D0FFF1C72149D031D5B0C2A5358F7943ABA6A534FF03260

File Size: 830.49 KB, 830487 bytes

MD5: aeb9afa746987ad92c2665b13ab2d70e

SHA1: 1098fb151c3010727c25e03397c3f43004536ff7

SHA256: 1AF5FA5D527E0ECB88C8C7866D4E8F9B83652286D7E0FE6AD15F851EBDEEA859

File Size: 4.30 MB, 4298583 bytes

MD5: 9799c7d54dbf51438ef7e986eb75668c

SHA1: cfe366a8da0792ce3a063da8367a9daa1d23e787

SHA256: A1B74A53AEE90745DE5AB754C2A1C29C99A0968E4DE8679FAFCE0ED8096A0AF0

File Size: 462.59 KB, 462591 bytes

MD5: 246f4a75caf456c612f00a02567150e7

SHA1: 9baa27eb3c629c0c6fca268984220cd1404b47bb

SHA256: FC5E0667A92C2ED5CB5B8FFE789E31BFF367C48F8314424461CD62CE0542CF41

File Size: 827.02 KB, 827023 bytes

MD5: 7ae1078199eb6b7fef2ecbf4d0c1cafc

SHA1: 8e8abc53d9c9fff0749ad8ac3b2eb1adff37b2af

SHA256: A12EA41B18E6609B920BF90FB6EC4F78B5B542F7919232E752451119FFD66B65

File Size: 6.02 MB, 6024287 bytes

MD5: 333a118f74e39a4a5a21a9152a59174a

SHA1: 2ab2b22d73839d60382cfffe35f3a5b8945393e1

SHA256: D150A861102D34BDBDEE87CD9E175944089E152A5885CD8E58875B3B0A73417F

File Size: 534.25 KB, 534247 bytes

MD5: d2b88632914e74a90ef301fccdb53a60

SHA1: 606805c80867d270dfcf82bdff4858ecaec85396

SHA256: D56BD603B12DB4AC0DE47FF34A3FFCE2C9D1FE1714A19D524A92823230C1F599

File Size: 137.94 KB, 137935 bytes

MD5: c11072b6a183f6730710c100e5937a19

SHA1: 141bd1378f019e634f7ae9441f05462599ef562f

SHA256: 3F9663169D84CDCFBE29A016A2CEAF5C4912BF5BAC2C5FE9E3DAC6CCBA79CEC5

File Size: 396.18 KB, 396183 bytes

MD5: 8e2a777815bd0971d3dbbdc2110052f6

SHA1: c8bfb74b3c7869e7a9aa64cadace8c6edcf02290

SHA256: 193276A25F81A6F5A7D2A3F5E2469A6FE064E477831C11A29CA8157082F257B8

File Size: 8.07 MB, 8073599 bytes

MD5: 56d025b78707304b6473935f81493926

SHA1: 651f21f2f794ed1e4d778d597f149c2e4a707b1c

SHA256: 596A119FB62FD7F0FE1BF4CD6D55AB88FACF30D4D9CE9568ACC48FD64A71C41D

File Size: 7.37 MB, 7366111 bytes

MD5: 72de755d934254aa2fe90bff3ba56e26

SHA1: 90b7ebb0387b30ddefc3d552949486bee061e40d

SHA256: E46BD236FFCFAF2653B7945B90182C9F45FB42612AD1EFBB632FEDCD8B6A77CC

File Size: 830.50 KB, 830503 bytes

MD5: 1075d765b58440c9d45d02c5cf3a5a9a

SHA1: f75e46c54d726e97c0236a8a5f36e474b10aaf2b

SHA256: EDCA032146278388BECDDAD72CA17BDC85863A3E96D0B807CAAAAE1E71BC7D88

File Size: 7.37 MB, 7366111 bytes

MD5: f503e2c90764f75423f6fb82bc542c90

SHA1: 0bbfc90a244ce790c75c1f3cf375078cd60cdfe5

SHA256: 70903740DA4C95F3D7323E7DFEC4457B2F364DE80A510F98560A8BBED14FFDEF

File Size: 7.37 MB, 7366111 bytes

MD5: 056ec7fb837bbdb959780cb1e74c2a45

SHA1: 3a66d79350902f5debe0539510878cf206cda87b

SHA256: FDF91F9091206AC63F2C6D937F37AD8F95316E7863794F0ECED970E84EF489FE

File Size: 7.37 MB, 7366111 bytes

MD5: 25d347ec5b0262c4b3f10624df978aa8

SHA1: 993bffbbf4f596040fc037b39f7c7fc94f873b7b

SHA256: 58C1CF2127C14211527DE67323CB559F0177BD424ADB9581D382EF5545A417A2

File Size: 991.62 KB, 991623 bytes

MD5: 925118436372c3d4f7333887075d2aaa

SHA1: d1a59b94ff9a73b98a862e4fb75db002a7782af9

SHA256: 27CB590DCE87AAC5B440763DFE9E63F5A2F8882C0F61AC8832FFA56B8812DA45

File Size: 7.69 MB, 7694079 bytes

MD5: 20e324318b599b41514a038410cdb1de

SHA1: c1bfea59751daaf36474e87d4f338fd0239b0634

SHA256: 158FD48A8246FB46B0F681C44656D4E0B10CF27D5E43C8FF9DB96F6CC88008D7

File Size: 3.76 MB, 3757007 bytes

MD5: d198b5efd0c7b546b191852509c8fb4f

SHA1: 0fafeb342b5c355211807138db13c72643a82bfd

SHA256: 147FC3AEE3F2F1B146D88EA42C90B6DE2A4CA9715AA1A6728640936FE24DE52A

File Size: 6.02 MB, 6021159 bytes

MD5: e75508c3a6e216fb44f5f7b30e3470fe

SHA1: 090032a40d175049a1d48a230e85d62b34f7cb23

SHA256: 88D8FF78BA66ED880239FC609B25B3E30E0446F72EDB5E70D4FD0C4F18AE1FEB

File Size: 7.37 MB, 7366111 bytes

MD5: 8450ca278cebe3cb806e6adb2b3bd680

SHA1: 516966be80a3ad8a9cc443ca887eed59eea3ea51

SHA256: 3A5681A0ED70CA443CF0C5A99FB38BF0346A5359C474B823EEB3E7CB623FB8EA

File Size: 287.36 KB, 287359 bytes

MD5: 725148c3954d307f3a46d52455b11cf0

SHA1: 85a95166f05b3d42c7a6939e24b4a2242310a62d

SHA256: D18D171FF895B02D082ADEA4981E9F97C8CF2E56B2F6CD34F258B0D50D9F39F9

File Size: 7.37 MB, 7366111 bytes

MD5: 5cb3079aa7b53b8c6c5845cd08bde35e

SHA1: c5d83de3a457ff8857bc10c71562b622b9506a92

SHA256: 372A2053CCD7C2114E5B4C703769D2F7D527040D2FDCC2FF647C81228DDEA203

File Size: 9.91 MB, 9911407 bytes

MD5: 3fa862459f6b2e2efa57533b3365a007

SHA1: faf0658aa15680c341ee940a3fd33b89bc12a0d0

SHA256: 0D7CA6F381FAFF40F335E2ABC64464B05E9485AB1D3FC0E3C19015975079FDBF

File Size: 971.89 KB, 971887 bytes

MD5: 8d5162f5fe97af8bea5ecec77e41af3c

SHA1: eba35ef2a2a0a596b1d12a45f30f366f46aae4f9

SHA256: FBAD3605890868A3753594DC9E95542A577C9606B27D46E53D47BCD4DDA3FA0C

File Size: 2.44 MB, 2435079 bytes

MD5: 38a5f451a102d436fa11a040c1388e8b

SHA1: e622c2d1b4f9d2937d1dca9c3fc92920a7e2d561

SHA256: CED0F2F4543DBB60DEB4459628746E82398D91E70E7FDB1D100A44697E4590F6

File Size: 7.37 MB, 7366111 bytes

MD5: e5fa1e83f51e0ff40ac78dfc93c3b5de

SHA1: 63fca180d522c0b57f34208004e8cd2406161b9e

SHA256: 5473DE79FF1E8ED5D8FC0319F73B32BD309AF996AAE02FCC72C65FDC9EADA836

File Size: 8.32 MB, 8320919 bytes

MD5: bdce37904a6303edd0fc351b259973b5

SHA1: 93d42efc4871de9026a3aab258444c88c0ae22dd

SHA256: B24100F4748966C98BA2881783C81DAB75EF1FA148D3DEBDB9BB3F41E4F9D8D8

File Size: 519.73 KB, 519727 bytes

MD5: 6a44a5d6bedd5db558cc41fd7128b2f9

SHA1: 68c26af8bb0c22c9a5cef18faa4e1d3dc62e1e7e

SHA256: EB12CF5B50916EEBB2375EE8C5721F12D5CA4EC249705484297DCB9B50B370D6

File Size: 488.05 KB, 488047 bytes

MD5: cdd6648d990b72f8051d583647aea6d3

SHA1: c248d85ac8975ca18de7da56cce2884fda46c119

SHA256: 3A8433E17FFCB38DD268A016484B6CFA883908939227CB7EE61FF4C3F59D725D

File Size: 413.18 KB, 413175 bytes

MD5: e592a7e3b1af1fe128faa3fbc33b89ca

SHA1: 0f03ee81aa9d36e6c9ab0e0a2390a0dbd67ae79f

SHA256: 1CE01853445C4D24BDFD79E4C849418C08DA14E0EC318288A883A8F1EBA2AD0D

File Size: 4.95 MB, 4953023 bytes

MD5: c73de237c6c70545523c6781b265c4cc

SHA1: ac12cc84e6c661f24a052f244e2995aa45c5cd4c

SHA256: ECF202BF38E03C0BBAF5A8F8E72159083E321AB84C43D14756343F30AA34AEAD

File Size: 1.93 MB, 1928199 bytes

MD5: 7082df1f0b4a53c2f8b3a978386f4877

SHA1: 085dd2352862246769fcca034f56e911a6fba36c

SHA256: B11B2D92DC0DDFA2A26F520BFC12A8BC3BF7E19B90DF46F045169A5DC216EE4D

File Size: 199.98 KB, 199983 bytes

MD5: 8af10710718b286076baad67cadcc7f7

SHA1: b2e44195b10158a3b76e4ffafe699ee44bf5a7c7

SHA256: DA9905F702E8BCFBB3BED214165E5DA53B2279326EFD9558FA45E0350B61291E

File Size: 648.69 KB, 648687 bytes

MD5: c462bc301546b0c35c5a27a3da5fa6a2

SHA1: 24f29194097b34c71d8fc250004ecffde6b6fcc0

SHA256: F089ED24D68A6E900E06C84FC6EE09C7D4FAF5D2AF2B54B149AF36E6461DBB55

File Size: 1.01 MB, 1012927 bytes

MD5: c0a6ce7c488313ab57db25aa634b6a4d

SHA1: 5fbe3950a44feb7f39278454ae7601eb401c8d9b

SHA256: 5F40B85101ED69C812DD12D26100D5B3977A8F09FB7D68C231E71B366A521F49

File Size: 166.86 KB, 166863 bytes

MD5: 4bba4dc778d4103b5554d33e63765d20

SHA1: 8071cf2b9f410382860259ecf9447326d473ef9a

SHA256: FC31BC4D055455516C028FAE92B6A1CD990A1D10B573F8E659B61CE6F33E053A

File Size: 686.73 KB, 686727 bytes

MD5: feba8fbb3d23c4137bd64594e96d584f

SHA1: 31bd47a525daeb97633abc69c5d184915b87e729

SHA256: F3C7D962E2AB2E8597EDC8390A331B77E1FC5503B39FBD173E901498F98BD590

File Size: 1.20 MB, 1197871 bytes

MD5: dd77eae8e946850d83a6819b8bd4ca07

SHA1: 25b399250dff07826eba1a48d84c9da8147533c3

SHA256: 210D34331E70307B938073F9A25D889CCE02B8E2E5CCEA3DF8EAA2B827B12AF9

File Size: 524.08 KB, 524079 bytes

MD5: 274bb0ffed11d42f5569241d332aec6c

SHA1: d214f8cd012589e2eb90b427620f37fb33f67903

SHA256: 9294A7F805C33B66ABD83E251B7A0C511902A26C646B3E3445ACDFBA8D1D8906

File Size: 145.96 KB, 145959 bytes

MD5: d60c28846d8941a4fe9a1d53dd8de64a

SHA1: c6c360e002d56e5b9c503487e2ab93e7ee9dbe63

SHA256: 5C05C91AA87A62B10604CB41224E6A6A4B35FBD01B6EB2F23F13B3521324D39F

File Size: 6.92 MB, 6922007 bytes

MD5: 9466a5dfc95019fb6a931e3e9de1760c

SHA1: 04931dd8dc337d1ec9d8b938cb97670f72007f2f

SHA256: 574270E00462BA0ACAD670A294A7451047644297A04C1D36D2D2674FB4DC9A42

File Size: 4.79 MB, 4791199 bytes

MD5: 147034deeb93cb787322946e8dce3ef5

SHA1: 0ae533348ac2522054ba9d59fe23bfe46568e58a

SHA256: F38EF197C0732D5BFE9C9E5CBD5ED0381BB14B30E2F470B60FA25741CCC90729

File Size: 1.24 MB, 1238767 bytes

MD5: cb01d8c4c374bac4e4ae4db17c24010c

SHA1: 1738d54cbfe27db32b9b404b36bba1fc168e0eed

SHA256: DCA8C401D099E41E1DCEF939FF14BD40C6C6306CE0B99150D0054755EC1F218C

File Size: 4.78 MB, 4776999 bytes

MD5: 6348b475ac18bd6cb27c31f39ccd70cd

SHA1: dd888c9fe451a6edd999ee5e69d5e51b20809328

SHA256: A7A56D7CBC90674A4B74FB45B60DAC56734762C48F7408F337FB12EA98D98B99

File Size: 1.64 MB, 1641359 bytes

MD5: 5e2b42db1942be1226751c2b886395b3

SHA1: a91d55724bfead1b0eb3eafd831ac3fe9e53fbe0

SHA256: 64468D1417A50D8021331B3EB41BC3102B711A39F9A4EB21AD6055F0C0ABBBC1

File Size: 302.42 KB, 302423 bytes

MD5: 36b786d0555417553ba6f145104938b7

SHA1: 3024dbe75582edd3f1e629a250713d4d77db9f6e

SHA256: 87B0F2271D2875AB73F6CB87BF094DD85AA10F44361752A5B5E463635CFFE47B

File Size: 5.71 MB, 5710087 bytes

MD5: 87b169525ec7ba152a27940e67b328d3

SHA1: a688e18d23a6bd734673b33b4740d5b0464c162e

SHA256: 876871AECA1FF2889ABE943ABB2DF5C0279731CE1B019D0AFB794C79A06B6531

File Size: 534.25 KB, 534247 bytes

MD5: 90a85657be321712b2eab0314211856e

SHA1: e6df846bc8ad83047ba0f16665616a23b0b5fc04

SHA256: F37288878BA2803B5F13E877FB385F4B95EAA329FB7DEEF0CA2403332BAA5270

File Size: 4.50 MB, 4501271 bytes

MD5: 5c6808d9e304c2742a45f40a316c9532

SHA1: e7b78c1f5aef90d3fccc90244f29ac0f6bfc1ed1

SHA256: F71EA31F51C6F64545E9F3D586CCA02281A9E493A1BFA3FE469F727D0F88DF9C

File Size: 293.23 KB, 293231 bytes

MD5: 75772cf307911e9c9461a81e9d765dcf

SHA1: 19ff4e195fa8312642863abb635367f31846a898

SHA256: D450A0E67FE47C775B4DD8834CA958473A5BD6C6A0AF6F2111EC6EB81ED18614

File Size: 7.37 MB, 7366111 bytes

MD5: ba54a866dd5ae3076825de20d6ee0884

SHA1: 5ecd8d23ea49978159026bb70fb6c8f72bfe3f99

SHA256: B1EA79A9DB0291CE46774F7F56480BCA2390F62792288A993E546146F962EFAC

File Size: 118.69 KB, 118695 bytes

MD5: 36b41e1f69006d298cff3ef73fc81bd9

SHA1: 7705e7bf3139fcef0f0529d465c0b1ada4031acd

SHA256: 7C18BF150E80EF66891D25F92F9D301AE08294D3E24F3C86AE92ABE566B40432

File Size: 534.25 KB, 534247 bytes

MD5: 47531c1705bdac6df3a86ba647d4da91

SHA1: 264c7ef697b162bef9d70d2c0177d80fb3238b02

SHA256: 86A1B4D1765E7EDD88C6C5EE36BABC0503DFD92848FE842FEA3CB56EAD655038

File Size: 7.37 MB, 7366111 bytes

MD5: a0c04f27849d05babcf07787cf92d515

SHA1: 4858cdba621393585a77b09da487ee60d40a6b9b

SHA256: E655308D1CE84BC482BEACACF86A96CF5B519F428ED30C8F0197C5CF80AD6412

File Size: 1.51 MB, 1505455 bytes

MD5: 54359253012f699c86362d8b8274a6b9

SHA1: f64cf6d382cc6e08c41c97cdc3a0b21c242f1c9d

SHA256: 4ECD1D84258242885502032738B6B7E10F89164CB6DD7B4C432C3BDC2267AD31

File Size: 1.12 MB, 1116335 bytes

MD5: fbc868051a3432b5496e7904c507601f

SHA1: 4f40da08f4193cb605221cdb421f2dea8309e486

SHA256: FDF77E53038434C058F44AF3D387A16383D282FC6F460699933908660B8D9F38

File Size: 734.14 KB, 734143 bytes

MD5: bdc1035bfd387cf55c525974e4f2c817

SHA1: a7b939e9051c2466454d9b2031d1f54ed6fff873

SHA256: AEEB5C003217CA584D804DD2EEF5253E66410D4D4BD8D95D8DD89A7448BEEA5C

File Size: 293.24 KB, 293239 bytes

MD5: a61ada50e2494c4290af641c1a0c7f9f

SHA1: c5d51b07c634f6368800687d42b20d992a87f25a

SHA256: 44A1D3F4C82036C5C002028CFC799A8E3502F0DF4DCCD2C08370CB7B624C45EA

File Size: 534.25 KB, 534247 bytes

MD5: 29e3295df51ecd6640ba82d6f58bee6c

SHA1: fe1045b047d7b1fcbb1d995766a5161de859328b

SHA256: D7CF7ADEFA7315230A39225C5B9E1D381B346DCEE963D5351160530F3D096F9D

File Size: 3.57 MB, 3566750 bytes

MD5: 0c04335cdeb0e028050eb193e61e43c7

SHA1: dca21879951565c719fe8a9ee7b793e37ccdb4f0

SHA256: 0C2A756C26F44C78E8D43895AD116C334EC54E040DA81C914EA5FA60AB722E05

File Size: 293.23 KB, 293231 bytes

MD5: 2fc0f749cbba647244dc8df455a1e184

SHA1: 39d0b9a4377616b6dd2bbeac66f856603e44b28b

SHA256: FA20FD3A773F63F2600E1FE72D8DBAAD7F1F90BFF81EEEFB55D047483DBA888D

File Size: 199.98 KB, 199983 bytes

MD5: 9f7c4b0b60beba06f81844a6d5d2242a

SHA1: 9c263f465f246870a041dcccfa917720befc8262

SHA256: 51C06D5E3E8AF9B106172F87F252B137A18422CA6DA1306F9D013FB9F6E9376C

File Size: 288.75 KB, 288751 bytes

MD5: e094fb45c04b3695da08193f3692ae68

SHA1: e06e8f453e5987c4dae986bf81501842f1a844b3

SHA256: EEEB91B2CE9022B51F4552FABEECFA87599A7E865D4685E7677A0A22FB4686DD

File Size: 294.27 KB, 294271 bytes

MD5: c328780558b76cdc3ebd98ea27f3bff8

SHA1: 161de76825eae8113ac948e0a43c41c24c6131fb

SHA256: 487B2AD0F6E3292D4352BDF584EB7ECC10A6B63ED4813BB8077A5BF0BDBB79C2

File Size: 6.07 MB, 6068319 bytes

MD5: 8040995acf4b1a50c96f595c60135109

SHA1: 454f0431154d35b77bac4500f5df41ef6402d157

SHA256: 1F7E1BBE88502BB6B1F897176BA2388BC94D633FF605BAD5BE6C8DFE5F93218A

File Size: 830.54 KB, 830543 bytes

MD5: f48bfadc87c0d1c60848bc3841658f26

SHA1: 74cb8246a2be0060a38bf87b0cf66bf9e9c02131

SHA256: 225D179D5ED35172829A3CF2B510B100BC9C55A002680610DDA88DC2DCF469D1

File Size: 1.87 MB, 1874191 bytes

MD5: 2b494e1d3ae64cf230682394cf523466

SHA1: f8b3879a1dbdf3c083f48f014569a4e1c6d81b09

SHA256: 47F57C7186ACFF01D135F5D56DAEB0DA398F542300C84331262F50F6319AFAF9

File Size: 5.15 MB, 5145487 bytes

MD5: c86361417e4c779458c7b33189be8219

SHA1: 3f8f9ed92e2b55956ba5b758ba170d18dfe3e93c

SHA256: 72A5CF57C8B94339F5356F470C54E5BA36E41E1828A5074CF37233A743338D80

File Size: 8.02 MB, 8023423 bytes

MD5: f6e1c693774bfaa67531a1430b383882

SHA1: 735bc058892f340453d48f59f0954bbeb875f1bc

SHA256: D1FE569ACBEAB68BEB51D9649E499D28DD44F78CA963F827DF1592414A94A76B

File Size: 586.41 KB, 586407 bytes

MD5: 78d67cd98b382364829b10bf79eea09a

SHA1: 1bf2551ce995e6a42ffd7b8353cade629b8fda29

SHA256: 2B775A7C627E050C24C4B3F3727DC4A8C6D46E276C506A67ACDC81DAA5BF405C

File Size: 284.67 KB, 284671 bytes

MD5: b35a297af38788fb94005e70239ea4fa

SHA1: 590945881560c2d7312b3a7d2f8bc733e125ee0f

SHA256: 39DD03EABFAF5EEA59D47526BFC4048B5C725DF18C97821D687265EC2EB5959C

File Size: 299.06 KB, 299063 bytes

MD5: bd71ec4901f2ca9a478456c5546df84e

SHA1: 19206261a6fda5b400a121722736c544c426acd6

SHA256: E891B1662E7A4EF1534CE3F66B7ECA2AAEC42075BD6A48A637FB8C14690346E4

File Size: 313.47 KB, 313471 bytes

MD5: a98531b6d91884eb7007e9943a6c5621

SHA1: a92246fd779ac8559678f57d577da1cb7870e219

SHA256: CA59FC23A93184F42217AA1FB501BE5AF0404EA094CB7C32DF0CBF14A3819662

File Size: 830.49 KB, 830487 bytes

MD5: f340c9924c5c94f972e8022d70df8c93

SHA1: edaab9af209b7766bbeef99098920fd952e5f73c

SHA256: 67C4BC0994DF555423FA5965797072E059FD7B95C529436E8C58A027FF16BC04

File Size: 2.71 MB, 2713175 bytes

MD5: eb587f5c27f5f7e52ccd162b79a0e06a

SHA1: 18c746682bd41f2fe1bb994b0669e5b7411a7f2b

SHA256: 6A4FA64ACF014CB470B27BFB950A13A1EC362C0361831B32DF1DF91FCB8CA5C7

File Size: 826.90 KB, 826903 bytes

MD5: 050f830c59b0a75cc3e6a00bdfbb7a7f

SHA1: ce67721f6e08c502b7af101403c7b63e7b637484

SHA256: 3A33394036B23F39D8F6CCB8B6096844FC1EBD6E24B1E5B42CB1F46E74278FDE

File Size: 3.37 MB, 3369567 bytes

MD5: 1b38c864990a7fc7d10dccd2dee4c3f0

SHA1: eafb3b298194104bfb61115699585854eeebfce1

SHA256: 237F72BE629BC6A0762298A111DFB3EDE2CD0B8E263FEBF6003869CFA953ED74

File Size: 534.25 KB, 534247 bytes

MD5: a5da3a3b5f8630441e6a24ea01a543aa

SHA1: 73d4514ff46eac0d8190045771fa1c2c57981647

SHA256: EE0B195DCC850FA99920717F9966971B27CE410D78424501B80D1A87D58CBFA2

File Size: 4.30 MB, 4298583 bytes

MD5: 593b4fce4fb6896dbb0fb0dffad526ca

SHA1: 3023f9733c78ae41edde024a6d409f7082f40372

SHA256: 14FEC3DB51BCFC75AA2DA171D43E4CCC21835D35F3C3E23BE489AC2DEFE528E5

File Size: 293.21 KB, 293215 bytes

MD5: eebaeae022aaae3915ea50e6e7e4645d

SHA1: b0b3574fbd7e7fceddcc220445b907bc73a51642

SHA256: 6D82856FFE7D50A5D0E0D3E108E540B89C1A06F5E09C7CD3088DD5EF63134B04

File Size: 6.11 MB, 6113191 bytes

MD5: e337525b3c5ebc4cee1a58dd4da673cd

SHA1: 8216d12a1990d2e2bf785e50a3dcd19daccf3600

SHA256: D967F90D86F317D1AB7AAC1632E5265BDFB2E2148006536325F1CCBC59D6A6B1

File Size: 284.69 KB, 284687 bytes

MD5: 44d6d5a5c2479b6c5267d90de4a9f654

SHA1: 180a63276c7110c0ef00e07f9055e30d7dce06de

SHA256: CF09102940EA9854F7ABED487AF5E1542371E0E8C0067BAD89A2519FF322F856

File Size: 9.01 MB, 9006023 bytes

MD5: 0fa55d9050033746905277ff35e3e168

SHA1: 46e659345a59e15bd4c4e250d0a5e4ea9d54f7d8

SHA256: FD68E66FCA2CA2EE9B17E5EA6724CB8D627B8D990A8233AD054E2F4DEDE5A92B

File Size: 751.41 KB, 751415 bytes

MD5: 6d52f79af48449db7bb7c1f142467cae

SHA1: 73a77f95058e93243b5f2e9a923bfbf1b29ba704

SHA256: CA5F65437325DF3495EA6893D5BB26E3DC4EC53FA3550F192CC41DDAA8705493

File Size: 5.74 MB, 5736663 bytes

MD5: c2a1ca0218f64bbe68cd9fd32b0973fb

SHA1: 556b01a7e4a08c2b6ccbe5113ff33cf30ab0f35e

SHA256: 318C1A60E43034D3CE333779C7CC20C9544D2CD80C458B467253ADD3BE2881F6

File Size: 186.41 KB, 186415 bytes

MD5: e8e3ad01346bd7b0b8af8e8ff8e6efe6

SHA1: 95ec05cb9bab8cfeced58a3abf5e2c1f2e2af88f

SHA256: 81F8159735546B3C14A4481B592E9DAC045B0A850118A3D3D2CBEE6585E36A75

File Size: 4.34 MB, 4339703 bytes

MD5: c6d4c7cef4b9eb14beff2e01bd3616c6

SHA1: cd94b36c9bf7f43a06ee2052080cb13ac3b6cd96

SHA256: B764E6C6568F787A07C9F2B241B30DF1D7453B1B495E8FC0CA87CDAEAE318D1D

File Size: 377.87 KB, 377871 bytes

MD5: f299a1eb7a6115991209486cf4cfcf64

SHA1: a6fc7550cba3dd469ce6883dcbf9a95aed86c023

SHA256: 06415ED490687F81E82E3EB19EE04D3DAA3863BB64E7C2B3BE181E90F7B6567E

File Size: 1.19 MB, 1194399 bytes

MD5: d2c68a0ae98859d16ef9dd0efc6007ba

SHA1: aef299a7eb57b0be74e39de1e5c2c93475590081

SHA256: 373CDB8968D3D97DAFEF88C755EEC6A462DFD2A164C6C475D22630BD7D8C8127

File Size: 8.02 MB, 8020863 bytes

MD5: 2801ae4c8c203286fa26e33d6d91d7ea

SHA1: 3d7f5c17f92066cf98ee5e2117d7ede0a76b3093

SHA256: F5EE26BF2157F17A1C47CAE1FFC9324125120C4E341500687579C7C261AD1926

File Size: 6.13 MB, 6126687 bytes

MD5: 1bcf91ddea2096800d3783a5a9790af5

SHA1: bf8240aacd0f970dce9191d4786f8a710359c446

SHA256: 7D53E3283B46D4FEFD8C3E3040FBC4AF49A2564346ABB40DE0EC8CC3A5E09747

File Size: 7.98 MB, 7982855 bytes

MD5: 30c812de5761d085277bf7159e61e7c9

SHA1: 2d954f5e32f2af091362e6442537d816c5b72fda

SHA256: 7B7EFD5E0502144C67E30FFC8734A5866A54177FE51063D4F652D168E727D377

File Size: 830.54 KB, 830543 bytes

MD5: c541feeb043310a8ac8b9193f89d78d8

SHA1: 7f4f3ad078bd35ca9cefbe828d9bf39c59266381

SHA256: C310EAA56D57C870F8747C19FF9D69263FBD43AD86970D9970C6513B24DEB13B

File Size: 518.50 KB, 518495 bytes

MD5: 0509ee2f911af3ebc2f612dc30ac73ce

SHA1: c9deeb563e3fa80848f698c19f93d48aab27e24b

SHA256: BC10F82069D6C91A42FD0FB31C37843A02CF3B070F675FC169118C1053C0C187

File Size: 590.98 KB, 590975 bytes

MD5: bf8e4a60a26ca46c42206d2c807ea82a

SHA1: 37ce01e164fabbf9c77c1bc52699e4b6437bab17

SHA256: 7DA9AB6C5575B7190E8E2193A3E5BB5ADB9D6F3B2CBC92F80ADD114A9C395036

File Size: 1.87 MB, 1870815 bytes

MD5: 18f83e854eed5cc6b6f9e846e9338506

SHA1: 3bdd4d375f569d686b79447035c5dc30a0f8b4c6

SHA256: 688E4FF095E328B6085AD98FDB9EDB10748027A0F05A855A232C9BF1BB313ED6

File Size: 2.32 MB, 2322943 bytes

MD5: 543f1667c8acd83296d497356c038fc4

SHA1: 94df478c6092d2c1682d45e45a0ef4404404c5d7

SHA256: 8A23882DCC4531DCFAA9D107BE2C8148BB6DA133A3614AA4D99FC07D9BAC9CD4

File Size: 284.16 KB, 284159 bytes

MD5: c646bc4bf86ed7a8cc9b41f144d4feef

SHA1: 5ed7ff702ba8ca7814018740a4939bc42bb1dfef

SHA256: 09E2DA6978519ABEC041916A34BA7460A6FF82C050CF1169CF602C2277818C35

File Size: 370.63 KB, 370631 bytes

MD5: 15bd2367e74986a2f7583b2a9e8bde02

SHA1: c8828e6d1749252179f36ae3283040f0e41c3e7f

SHA256: E3FE8CC8BD36BC1FCE55F388F5263A685112CC558807F08911FC767F08D57A92

File Size: 8.37 MB, 8374239 bytes

MD5: c7cb70a62e99bc4c3f5af385c86ab8ce

SHA1: a92fa8352f76ffddd235b544b36ab3d201507ab1

SHA256: 2915499BF9CC842BC6C28864F5585BD8BEDB968778F1D4BE7A0741FCBF0CA948

File Size: 9.59 MB, 9592903 bytes

MD5: 6521556fcf3bf957e030a5b1df6fd348

SHA1: e065d5b151f4547d67d28f872a43b154a0e268ff

SHA256: 833ABE65614AB2E2702CC97EA8B7954110C162B4BC642C15084F5500362AB5C1

File Size: 6.11 MB, 6114615 bytes

MD5: e80a55a68b170a511f1ebe48d98caeb2

SHA1: bb913e0dfbb0a23299950bd49ef1a129bc735876

SHA256: DADC6F728A674BFFF4CD3F200AD22C3E9F442BBBCECA89268F01187983223CE1

File Size: 7.76 MB, 7761159 bytes

MD5: 77d1f00535a674b3570bf659170e6be3

SHA1: 899351e7665428c27cc239c25b669aee9d3bc509

SHA256: 5F919EC5C7A9A1E6132DEA72137BE73243D1F71906B41570FFE4FB4C3B47FEC0

File Size: 5.32 MB, 5319823 bytes

MD5: b5a8cf23bf89334751da5af0910ea966

SHA1: b69bc01a5a0e74659e2445e1a2391c7d3a664c01

SHA256: E34276493F344973441840ADD9E20B7CF944E0E3EEB00003C3191B1CD67D703E

File Size: 434.71 KB, 434710 bytes

MD5: 4f4ade90b640038b25c887cf97903056

SHA1: 4b263053eb9a2386d06cc8323fd9947b3f7705dd

SHA256: FE1DF752906E2D9AC7CAAB048EB2A4E8641D083C505E25CA0DEFD43D66F53D6B

File Size: 4.24 MB, 4235639 bytes

MD5: 4e98ebf85e0b622f17c0848e4021dd27

SHA1: 2fe119995794a83f8a41048be1fee266dc751f96

SHA256: 7BF297BFE881AE5190F61709AB3B4B0D62AA4A0AF9AB35287A0D42344560EA63

File Size: 7.99 MB, 7992191 bytes

MD5: 7e13684588e7e1a4ae9ccba120a1e729

SHA1: d28f7d5b9d7a3a8cd38a7db659dac4f5f9ee2a06

SHA256: DC6F716F7E802985B6A88B80D1F9830573376B3CA86588A2CBA64E9DA167E54E

File Size: 7.37 MB, 7366111 bytes

MD5: e37c12cda407069a397a58dee5c42bad

SHA1: 31ae1a6753b7f5bdb74c448114aaf0e9bbca9060

SHA256: DE287E11381AE92432BBCF1DBB3D0CF1BAD1CDBF5AB32D230E7C2B5861ABB163

File Size: 284.57 KB, 284567 bytes

MD5: 88458e882b5c5553e9bee4d0e0e0fe8c

SHA1: 99537ea8d074ac774c7f924299c308c058aeff8e

SHA256: EE55580A7C27B67D50F3F4BFF471691AFDB0BF6CE8DA6FEC66BE1B38DE03328A

File Size: 2.71 MB, 2713175 bytes

MD5: 1909a31a103b373648c6355571d1b1b3

SHA1: e66f64b38cf222871294728d63d4bcaffe9b1059

SHA256: 15F9B887FED4634643B5C038FBD7BE522988D4555A9D18A8CEE4C75C2CFAA13E

File Size: 7.37 MB, 7366111 bytes

MD5: db6baed5a74d70a726c9c8c63046ac78

SHA1: 85e37af52ad6c74605853134086ea4883285201e

SHA256: 1ED7A9BE6E1FC5FB20A321A82D5A7DD24270BF5D97B3A6D5CCF26DAFA3D4C833

File Size: 8.09 MB, 8087423 bytes

MD5: 4e786fe1fae9b656fc94c0ca9bd6a10f

SHA1: 0b86278bb4fedfd52e4f0c82ca5d352ceedd5bda

SHA256: 47123C2B19E16925552416779AE66F750DD4804842C75DD13A9373B78280ABBC

File Size: 1.01 MB, 1010471 bytes

MD5: 8e97fc362739384f506972c3a102c94f

SHA1: 48a620db4b0276a724a7dcb055c3f1c775f51e8e

SHA256: 83125D2DED1A5BBCC2EF0BBDEDCC8C1C0AC3E1533D5C923B17DA3C0C9A80DD64

File Size: 293.23 KB, 293231 bytes

MD5: fda708e96f1bf16684ded460307b9e0c

SHA1: d1ddf90e115910e4e4f7bba6d2ee0dd00955b3e1

SHA256: E1655E4B8A5B700196AA33864CD55ADE8D85BFA371FEFEEAB8DD5D0D9904821E

File Size: 413.18 KB, 413175 bytes

MD5: 4d970fbaa060574f6b503f4ae8053a24

SHA1: b2b91a6ee0b8f13f69ef467350e77f97fecd5a94

SHA256: DC47D4A6CA9A8AA0322D12A50FE16666D3F8F6D97C44A03B06D02B706BC7C415

File Size: 3.18 MB, 3183423 bytes

MD5: a62e104f2331fa4a99d034ef97b690a0

SHA1: 0d986a5d583dcf45191fe041c917afd8c3b14aef

SHA256: 35D20510179E08B8B565159AB838C59E6791B41F82F11232DE9C9EC9CF0BDD88

File Size: 5.76 MB, 5757319 bytes

MD5: f937f41206ae3396c3b06745193418ee

SHA1: 787cfd34eff895d7c295cf2e0306e61cf3c63e64

SHA256: D704CB37B2022E2E467F318FFBB51B6FB113BAEE273AB363006E093AB7408DFA

File Size: 460.66 KB, 460663 bytes

MD5: ae72b2f4db001e2891b33cd7634201b8

SHA1: d1aa8291eb5d00c2c9bb825592ff4fd53964c980

SHA256: 93DFDFCE32BBC5E87BEB8CB4125E062EFC7210D6DF8F98A2387CCB2CA1402A5A

File Size: 1.87 MB, 1870815 bytes

MD5: b1dd7c00a60d54a427335088365f12fb

SHA1: d4d9f5e8e5138f847219ad1b0738e6d9b3ce1c50

SHA256: 66E0B698672F7F0C6246077FFCDB96B9B3DDFC013669C6EC880EBED6841AE884

File Size: 328.33 KB, 328327 bytes

MD5: 7834ba15ebf984c3e17a9db4a1ec3a53

SHA1: 2948d11f49c59a72736ad6496992f8bbcad0c74a

SHA256: 815A75434F355D33EDC61A423E89D16F6DD1AAEDA912E4910B0F66CC14A0649E

File Size: 3.58 MB, 3582437 bytes

MD5: 3bf53ee86743586449d86fa04c0f0392

SHA1: b5856da67828efa74c18a6a8cf696539226c2b11

SHA256: F4CD52DDA8FE356B52BBB4324F74C8BFBED1FC210FE437367AECC0AFD17F4FFF

File Size: 113.97 KB, 113975 bytes

MD5: 57fb18d9ee39494e48fc08fbd555e4cd

SHA1: 0539e8daa3bf0060f994e6408abe0e75a900b066

SHA256: 2A52ED81B1952321F1E37DF0C930FEB6D0DB827CA61DDA35ABF50B283D96F4BC

File Size: 7.37 MB, 7366111 bytes

MD5: 5e7eda3f379db84a0a02711e06514c39

SHA1: c3b14d2e571863e715dbf8a3837838be9f7983d0

SHA256: 88E667FF4699172DE3E6236E3861FDF2B28C689A9FC94EFDBD9BD9602DC343B4

File Size: 7.65 MB, 7648503 bytes

MD5: 02dceadbdcedf559eb3c382fdd90135e

SHA1: 10114df1863098f89c686e801ca48bb2cafcabb4

SHA256: 572A2D41671D7FB450F6ACFA57163D118D5D7C64799E3589B560781124690814

File Size: 649.23 KB, 649226 bytes

MD5: fa65734c42c818106268d06c2446d534

SHA1: 73ae8b3f6d37b348118e95f1928d6302731bcc5c

SHA256: 1D1778D54713CAD9BD8E92EBF7DCE6B6BC708E03C93DD53637B958EC339C5FBA

File Size: 830.50 KB, 830503 bytes

MD5: fa665b7ee6327a686319c28e3c2e9dd7

SHA1: 35706c15187ab0ca4fa62fd4aadeab0ff0127855

SHA256: 46BBC356DEF6EB1EEB7961A8D7E5D690ECAA7223E6D9D621E9918FA17316615F

File Size: 159.16 KB, 159159 bytes

MD5: 4537d650f2643d7587c505e85bc23123

SHA1: 04d750821d8e1aec78fa9fc9999406c731bf67e7

SHA256: 31F5CE81C22C249242F0606FBDA2F0DC29E5459F83E0098A905CCA9BC3A0F25D

File Size: 234.83 KB, 234831 bytes

MD5: 3fad63be8cbff500b55ba77c7215d4cd

SHA1: de17dc912e020a1f6ac063643d5cd23555be1ec6

SHA256: FDE0D5BE2A9FB43FD0B97961BF39D1919DDDA93AB9A5FE9A2C300BADBFB9C48C

File Size: 1.21 MB, 1213927 bytes

MD5: 858e71adf9a3355b01d2289abd9aafbf

SHA1: 45fcfe349e62b93f52a61528964177920ed1dbd2

SHA256: EF4CC14AC6EB6F4A715CDC5C6A53C1626BCF1A9775994FAE82F202AF0F3591D0

File Size: 293.23 KB, 293231 bytes

MD5: e6a938bdf4c71232ab3302304f71a6bf

SHA1: c273907c5428fda4ec2065276cf71f190f76b85b

SHA256: C47E9C087E273618F85E826EFB3CEF704FDCA854DB2ADA79CB76A189F14B6E5F

File Size: 2.45 MB, 2445631 bytes

MD5: dcb6bd25a16290186d98ca1a2416a633

SHA1: ae364b673b74210fdd041ca93af43dbd74d7dc77

SHA256: A0DD106FB0E41D3F746B0A620E7B950A0EFE8049601F6C49DBEBF7D53F2333AD

File Size: 6.05 MB, 6047279 bytes

MD5: 8767c19e025e595b4e05ebacf911839d

SHA1: 7aa9dc623fe0a978f4d3b6fd5db5437f73f00bd9

SHA256: 9665442AED30C7FDB68FC4CB5EF7505106F2366155C896BA8F430185BD62D8EF

File Size: 3.97 MB, 3970335 bytes

MD5: 98920cabbd77c9a1704762ec5e3caffd

SHA1: aa5024e3f64fdbb6cbff4fc29466726fbd1060b4

SHA256: 12011E3A84878AE1CD08447E14648F6692CDA35E597963D4AAEC4AC52F3DE707

File Size: 7.97 MB, 7970751 bytes

MD5: b24cb0e5d88c2dd5ac3ba766b883043c

SHA1: a79a9637341b21e226b88c28f21773d87c9a68f1

SHA256: F3760524ACC783BDC3B1C92680C92D963599299FE33FFC3A0A86D04A6313EDA8

File Size: 8.77 MB, 8766567 bytes

MD5: 8bbbd8708ce4170e4449ad0f6454a9a0

SHA1: c8be5adea074d277d33fd57ec71d567a15396de9

SHA256: 48EFF9BEC7D66CEFAE2BEDB5AC789632B3BC4791B683B48FDEA6FC5DA90B9751

File Size: 9.09 MB, 9087567 bytes

MD5: 91316188216b632113a972e6cbd8c2d0

SHA1: 8d4422ea821216b9246c0e0d7432b9b053f495ce

SHA256: 31F82F290042691FFA53A2FB78EAE2345892B1B43CC98A81C5197E4B7C8A315E

File Size: 253.34 KB, 253335 bytes

MD5: c02a3d59a10fa1fafcf89683925baad8

SHA1: b7aae8143c8ffb1893250a768ea4a2684e0c49ba

SHA256: E3AA5FAFECFB56F1634985F0426CD4B04F294FC0B47FCD96DB7A8FFDD1FC3A13

File Size: 2.40 MB, 2401319 bytes

MD5: 801856c3903aaa43a7e0bb775631cea9

SHA1: 413ad90b9724e5decc3061423b45bbd2c8eee069

SHA256: 6ECF53174468FAEA0A671CC02F2B977581C22AE22AA3B2D9DDCF3A518721D4F8

File Size: 5.74 MB, 5742194 bytes

MD5: ff80595f1c645b64fea4ff03f5a5912a

SHA1: aeb9c6a9ffd8946c448b391aba6bba00d5bb773c

SHA256: 75C547E78A4B647DF548DDAF721B23BF5505EF27AD9A841F7E7209DEBAD2BE6C

File Size: 242.13 KB, 242135 bytes

MD5: 1a28f43a92ff9d8e43e49303e4348699

SHA1: 34c2b2468e177d6038e9a6a811cf4857e08efc30

SHA256: 0B27FC2A528FA7D7A4E95BEDBAEFF38C2216DD59F8F26C716EBD9D3916CA4918

File Size: 1.66 MB, 1659847 bytes

MD5: 9f86efe097c9b8609e1ac1838338d07f

SHA1: f0df2942a62f1fe06f7bae0bae79ff99f87b31b2

SHA256: AF39673EBC1E5454523115D6EA4BF988E0AF538C5D1231A0BFDE10FEB8295F5D

File Size: 1.10 MB, 1098887 bytes

MD5: 72b107fb955a7937e6e4dea93cc6ce15

SHA1: dbb4f8964ce6774a570fe210813019e40cc4d565

SHA256: F5874F883BA5AB33A6BBC36BC731EF8CC0A82DC2076D49BD3CDDBE62752E2A72

File Size: 2.63 MB, 2628551 bytes

MD5: 7409738a13f41565f482672b6b7a461f

SHA1: 57d0af008e5af5c5a95bb00cfdda4724ae45a4dd

SHA256: AD7DCD626B7CF5E5446C520B647E20C23986FF43899468FE872E8A4BDEC58607

File Size: 3.76 MB, 3758967 bytes

MD5: 867ac959ff66e4ffc94d856ade2de6dd

SHA1: 2e4fc369e17d45e2d00d467137749468e1e6f696

SHA256: 9273231FE148021E2ED4D7E067CBF945A7D195849DC2A275A98A4878D45913BF

File Size: 174.34 KB, 174335 bytes

MD5: 1e31662c08262c219308dea505e25a3c

SHA1: 2b83507a1a7bec6ffaefbde6fb9af22739010500

SHA256: A340473D1316C5E4A66222BB5574E63237BA733AA325BCD0596806E96932F8F3

File Size: 6.10 MB, 6104007 bytes

MD5: 6a69603afaf48ae06d54c9d0477293c2

SHA1: 02eb1b0efdc76eff3439df217366f87632b197c2

SHA256: 2076F563A0E1475A653D62029CAB12D0B7C652EAF307A2DE17FE54B9E8BBED3B

File Size: 5.22 MB, 5219159 bytes

MD5: 84b11094c5a10a596a267a7cc422f54b

SHA1: 77c0eaf53950a7607082a2c3254478b3435c17a5

SHA256: 674D9316DEA50680088FA23F2190D0AB83196B38F147402DA56CC98BB355CF54

File Size: 3.80 MB, 3797959 bytes

MD5: fc2d4da3b5c7cbb601772fb171850a92

SHA1: bcce4d5241e2d28f27d655dbfcd924082313ee6e

SHA256: F3AE760A883CC5696A6B8A189C0EDEC8154A8BFDEDCD5B968A9306B6FFC4C207

File Size: 2.63 MB, 2630063 bytes

MD5: 11dd709ea934759360291f04af94f678

SHA1: 1b76c238ab2562ed9cb84461faf5de4eec457209

SHA256: DE3D3D0A87DEA3C55DCDF2FE0AE48C080B393503CCF05CC2D1B0CEB17564030D

File Size: 972.04 KB, 972039 bytes

MD5: 6783e208d5ed8e8fc729a21fdb20c983

SHA1: 893d4e9161bd77615f11043237f67cedf04dd188

SHA256: 1437D82E7961AEBB9E3BE9B2EE91189292110686AFD952567FD1B36E0FF94D47

File Size: 8.57 MB, 8572581 bytes

MD5: 657a81cfba74804f8c4979d36748aa5e

SHA1: 5daca4107d0c61814ee38812407690636dea8486

SHA256: 0E5460242A6FAA71B127CDB3ADA668CE12BB7013121600B0FF05CC6F75798ABD

File Size: 296.56 KB, 296559 bytes

MD5: 6b7369d000278dbdaea5da88d9a8bbc2

SHA1: a05a67fef97c887bb1676d1bee78138540e8babe

SHA256: 2D94EAEC02056ED681426523B6643ED4974E521CECA221463658FA990F029464

File Size: 1.37 MB, 1365895 bytes

MD5: 7ac100db88a643fc72943f15517bc2a1

SHA1: 7fc3129b47e9a0c04328a1a0569dd2097b98ab18

SHA256: 8B908DDA14D056D57266AB6B5A3869F97C68AF3FE261C9D21E2CB6E083A26133

File Size: 2.07 MB, 2071455 bytes

MD5: 6ea6d4cb84eeb5cee1e2b8c35982d173

SHA1: 7dcbabf2f95472e3c369e998d823e248b69f4191

SHA256: C6A1DD6657850B7DA8BDC6E5F43CCB43AB5B951F64C30CC5CA1DBA8D9ECA8A06

File Size: 7.79 MB, 7787015 bytes

MD5: 3956461b4836131e6753ddb4edbf2cc2

SHA1: ac50eee20070ef4ac65dc31924442693354d96b2

SHA256: 1D38AF77A9639E759671802547F2AF6B6B1D028DA4CFE1F2C08A00D301FDC203

File Size: 2.31 MB, 2314751 bytes

MD5: 13f6f175892e56db9af0d079d02e729d

SHA1: 51b14d894383f94c7b6d460d0aaa360e60978e11

SHA256: 9D4E385C48B2FF62BD53FEAD374D458E6A56571C3E7C8477A3D88F6C973F20EA

File Size: 2.15 MB, 2149839 bytes

MD5: a091fcafdb8b0d0c14108f02a46bb6be

SHA1: 615742541a5e9483cb29d4f3d0e86d6660e5e2d5

SHA256: E840EA707BFF1B51C467AFF752332A23E7F701A15ACA31F0BAA352F8D98DAC28

File Size: 7.37 MB, 7366111 bytes

MD5: bf2a4410e8df4aa34328c33ebec8195e

SHA1: 0571fc57f9573c9346da50e4a7630fc242933310

SHA256: 7C3785BB084E5F5330E06354A6593129497CA6669350C9942C6B0DBB5B44813A

File Size: 830.49 KB, 830487 bytes

MD5: 12b4e46ceed5084bcbbfef47e249cfa5

SHA1: c63f14fce44dc8b4567542bf1f4edca0e900d8a3

SHA256: 5F099CE602D4BCDE6312BD2D9DEE304923879BA617D4045D444D0F9FB55A6869

File Size: 892.35 KB, 892351 bytes

MD5: a1b79a0445eda25774bef3e7d6770bc8

SHA1: 11d0188d929b12489d14939583af9c118d32aa7b

SHA256: FE73B29B6E66AD88137F3C1141A13398C9EF23E5731BF9F05587BCA2225329EC

File Size: 413.14 KB, 413143 bytes

64 additional samples are not displayed above.

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is 32-bit executable

File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

302 additional icons are not displayed above.

Windows PE Version Information

Name	Value
A P I Version	0.291
Applies To	Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows 2003
Build Date	2004/12/06
Build Time	5:20:25 AM - 06/09/2016
Build Date	2015-11-14 12:42 Mon Apr 01 2002 00:03:05 Wed Jun 29 2016 00:19:38
Build I D	20250421121347
Build Version	24.69111 9.0.0.30
Coder	By BlueLife
Comments	Acronis TIB Mounter Monitor Allows Adobe Photoshop CS6 to be run from a removable drive. For additional details, visit http://portableappz.blogspot.com Create backups of selected files/folders/partitions/complete hard disk to hard disk, network drive, CD/DVD or FTP. Created with InstallForge 1.4.4 Driver Booster FastStone Capture 11.1 http://www.acronis.com/ http://www.autoitscript.com/autoit3/ http://www.internetdownloadmanager.com http://www.mypublicwifi.com Show More https://www.internetdownloadmanager.com/ Internet Download Manager agent for click monitoring in IE-based browsers March 5, 2009 October 11, 1999 Part of the Xceed Zip Compression Library, this ActiveX control must be licensed by Xceed Software to developers that wish to use it in their own applications. Product website: https://www.foldermarker.com This product created by The Firebird Project - All Copyright (c) retained by the individual contributors - original code Copyright (c) 2000 Inprise Corporation and predecessors. Tool for elevating applications on the command line Use IDM forever without cracking Windows Update Blocker Wsid module v1.0 www.lua.org
Company Name	ABBYY Acronis International GmbH Adobe Inc Adobe Inc. Adobe Systems Inc. Adobe Systems Incorporated Advanced Micro Devices, Inc. AnyDesk Software GmbH Apple Inc. ArcticLine Software Show More AutoIt Team AVAST Software Avira Operations GmbH Azzouzi Software BeamNG GmbH BitTorrent Inc. BitTorrent Limited CANON INC. DEVGURU Co., LTD. Disc Soft Limited Easybits EdrawSoft EnigmaSoft Limited Epic Games, Inc FastStone Corporation Flexera Software LLC Foxit Software Inc. Gen Digital Inc. Google, inc Google LLC H.D.S. Hungary Hewlett-Packard HP Inc. http://libusb-win32.sourceforge.net Igor Pavlov Insecure.Com LLC. Intel Corporation Internet Download Manager, Tonec FZE IObit J2TeaM Johannes Passing Lua.org Malwarebytes McAfee, LLC Mediatek Inc. Microsoft Corporation Mozilla Mozilla Foundation NCH Software Nero AG Nitro Software, Inc. Nokia Corporation and/or its subsidiary(-ies) Nuance Communications, Inc. NVIDIA Corporation Opera Software Oracle Corporation PDFConverter.com PopCap Games, Inc. PortableAppZ.blogspot.com Public domain Qihoo 360 Technology Co. Ltd. RealNetworks, Inc. Reason Software Company Inc. Red Hat Roblox Corporation Seiko Epson Corporation SEIKO EPSON CORPORATION Sony Corporation Sysinternals - www.sysinternals.com THALES Thales Group The Firebird Project The Qt Company Ltd. Tonec Inc. UNISOC Valve Corporation Vimicro WIBU-SYSTEMS AG wondershare www.coodesker.com www.sordum.org Xceed Software Inc (450) 442-2626 support@xceed.com www.xceed.com Zhuhai Kingsoft Office Software Co.,Ltd
Company Short Name	Google Microsoft
Dist Code	PN01
Edition	1
File Description	7z Setup SFX 360 Total Security ABBYY Zlib component acrobat_compat Acronis TIB Mounter Monitor Acronis True Image 2016 Monitor AcroTray Adobe Acrobat SpeedLauncher Adobe Bootstrapper for Single Installation Adobe Color Engine Show More Adobe Photoshop CS6 Portable Adobe Reader and Acrobat Manager Adobe Updater Startup Utility AdwCleaner aeocenter AMD USB 3.0 Device Detector Android ADB API AnyDesk Apple Software Update AutoIt v3 Script Avast MicroInstaller Installer Avira Security Base Core Bonjour Namespace Provider C++ Application Development Framework C++ application development framework. Canon IJ Scan Utility SETEVENT Catalyst® Control Center Launcher CCleaner Browser CodeMeter Runtime Server Component Host Service Coodesker Creative Cloud Update Service Cygwin POSIX Emulation DLL DeskFX Audio Effect Processor Direct3D HLSL Compiler for Redistribution DirectX 9.0 Web setup Driver Booster EasyAntiCheat Service Elevate Embedded SQL database engine EnigmaSoft Installer Epson Printer Connection Checker EPSON Scan Setup Execute processes remotely FastStone Capture 11.1 Setup Firebird SQL Server Firefox Folder Marker Free - folder labeling tool Foxit Reader Update Service game engine Google Chrome Installer Google Crash Handler Google Update Google Updater (x86) Google Update Setup Hard Disk Sentinel Helper library hpbcfgre DLL hpwuSchd Application IDM module IEToEdge BHO Intel(R) Management Engine Provider Dynamic Link Library Internet Download Manager (IDM) Internet Download Manager agent for click monitoring in IE-based browsers Java Update Scheduler krt libusb-win32 - DLL License Manager Localization Resource Manager Lua Language Run Time Machine Debug Manager Mediatek CoInstaller Dynamic Link Library MFCDLL Shared Library - Retail Version Microsoft Edge Update Microsoft Office 2010 component Microsoft OneDrive Microsoft SharePoint Workspace Extensions Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 Microsoft Windows Diagnostics Tracking Microsoft® C Runtime Library MSS CS Connectivity Service MyPublicWifi Service Nero BackItUp nsNiuniuSkin NSIS UI Engine NVIDIA Backend NVIDIA Message Bus NVIDIA Update Backend Office Setup Engine Opera Browser Assistant Opera GX Browser Assistant Power off recovery for Magic Desktop Print Dispatcher RealPlayer with RealTimes Roblox Runtime Library Setup Suite Launcher Unicode Software Installer SQM Client 19 additional items are not displayed above.
File Version	WI-V1.5.0.4306 Version 5.10a of 2013-Nov-15 (Build 1224) 2013.02.13.00 143.0.7482.0 143.0.3650.96 142.0.7416.0 141.0.7376.0 140.0.7273.0 122.0.5643.17 115.23.0 Show More 97.0.4692.99 80, 1, 1, 0 73.0.3856.382 29.1.1.143489 25.2.1.119314 25.0.0.0 21.220.1024.0005 21.0.289 20.0.12.0 19,0,0,6571 18.1.9.106 18.05 16.0.4266.1001 14.16.27033.0 built by: vcwrkspc 14.0.6019.1000 14.0.4756.1000 13.58.0.1180 12.3.0.2291 12.0.40664.0 12,2,0,23196 12,2,0,23155 11.7.0.1035 11.1.0.0 11.0.61030.0 11.0.23.22" 11.0.0.379" 10.4.0.5 10.00.40219.325 10.0.26100.3323 (WinBuild.160101.0800) 10.0.22621.2428 (WinBuild.160101.0800) 10.0.17134.12 (WinBuild.160101.0800) 10.0.14393.33 (rs1_release_sec.160727-1952) 10.0.10586.0 (th2_release.151029-1700) 9\,0\,0\,30 9.27.1734.0 9.19.949.1104 9.6.5 9.6.4 9.6.2 9.6.1 9.6.0 9.5.11 9.5.9 9.5.7 9.5.1 9.2.0.124 9.0.7 9.0.1.104 9.0.0.16 9,0,0,1034 8.4.1.0 8.3.0.550 7.05+ 7.00.9466 6.7.0.278 6.6.0.24 6.5.14508.0 6.3.9600.16384 (winblue_rtm.130821-1623) 6.2.9200.16384 (win8_rtm.120725-1247) 6.00.9815 6.00.8105 6, 42, 56, 2 6, 42, 55, 2 6, 42, 52, 2 6, 42, 49, 1 6, 37, 8, 1 6,6,0,12 6,0,1,2810 6, 0, 0, 0 6,0,0,0 5.50.0.0 5.15.2.0 5.0.5 5, 7, 0, 139 5, 1, 4, 0 4.57 4.19.38.134 4.9.1.0 4.7.4.0 4.3.0.04300 4.2.3.100 4.0.0.1 4,0,135,0 3.11.5.510 3.6.0.47224 3.6.0.47196 3.6.0.47178 3.5.0.0 3.1 3.0.5419.0 68 additional items are not displayed above.
Full Version	2.8.471.9 2.8.461.11 2.8.451.10 2.8.441.7 2.8.381.9 2.8.51.16
I S Internal Description	Setup Suite Launcher Unicode
I S Internal Version	21.0.289
Installation Type	Full
Installer Engine	update.exe
Installer Version	6.1.22.0
Internal Build Number	140383
Internal Name	7zS.sfx 360Tray AbbyyZlib ACE acrobat_compat AcroTray AdbWinApi.dll AdobeARM.exe Adobe Photoshop CS6 Portable Adobe Update Service Show More AdwCleaner aeocenter AutoIt3.exe avira.exe BCSSync BeamNG.drive CCleaner Browser Client Application CLIStart CodeMeter COMCTL cygwin1.dll d3dcompiler_47.dll D3DX9D.dll datastate DBGHELP.DLL DeskFX diagtrack.dll DriverBooster DriverSetup.exe DXWebSetup EasyAntiCheat.exe Edraw BaseCore Elevate Engine.dll EPPCCMON.EXE Firebird Folder Marker Google Update Google Updater (x86) Google Update Setup GrooveEX hasplms.exe HDSentinel helper.exe hpbcfgre hpwuSchd idmnmcl IDM Trial Reset.exe IEMonitor ie_to_edge_bho_dll Installer.exe Internet Download Manager ISB Utility Java Update Scheduler kbaseconfigcenter krt LcMgr libusb0.dll lua5.1.dll McCHSvc mdm.exe mdnsNSP.dll MEProv MessageBus MFC100U.DLL Microsoft Edge Update microstub MSVBVM60.DLL MyPublicWifi Service Nero BackItUp nsNiuniuSkin nusb3mon.dll NVIDIA Backend NVIDIA Update Backend Opera Opera GX osetup.dll Packet.dll PrnDisp PsExec RaCoInst.dll rpsystray SETEVENT.exe setup Setup.exe SetupSuite SFXCAB.EXE SoftwareUpdateFiles.dll sqlite3 sqmapi SSBkgdUpdate steam tib_mounter_monitor ti_monitor TJprojMain tvsuShim ucrtbase.dll uninst.exe UNISOC_Drivers 9 additional items are not displayed above.
K B Article Number	884016
Language Id	en sr-Cyrl-RS
Last Change	99b242b6f6d67bc621cd36a08f1aaa88d4151e60-refs/branch-heads/7376@{#1} 37414c5bb9d01777a88623acd52b8cf16b73bba6-refs/branch-heads/7416@{#1} 2908080f0d4620442c4a3e095b1ad317713ba135-refs/branch-heads/7482@{#1} cdbcba33653a1d72092fb0be472085f03b5f149d-refs/branch-heads/7273@{#1} d55fe85d014134f7b4677688f46db9d610ddcfd5 d740da257583289dbebd2eb37e8668928fac5ead-refs/branch-heads/4692@{#1461}
Legal Copyright	(c) 2006-2011, 2015-2018 Apple Inc. All rights reserved. (C) 2011-2012 Advanced Micro Devices, Inc. (C) 2013 NVIDIA Corporation. All rights reserved. (C) 2015 NVIDIA Corporation. All rights reserved. (C) 2016 idmresettrial All rights reserved. (C) 2016 NVIDIA Corporation. All rights reserved. (C) 2017-2025 Gen Digital Inc. (c) 2021 Thales Group. All Rights Reserved. (c) 2023 THALES. All rights reserved. (C) 2025 AnyDesk Software GmbH Show More (C) BeamNG GmbH. All rights reserved. (C) Qihoo 360 Technology Co. Ltd., All rights reserved. (C) Seiko Epson Corporation 2020. All rights reserved. (C) Seiko Epson Corporation 2021-2023. All rights reserved. (C) Seiko Epson Corporation 2021. All rights reserved. 2002-2009 S. Meyer; 2010 T. Robinson All Copyright (c) retained by individual contributors - original code Copyright (c) 2000 Inprise Corporation Bernat Copyright (c) 1999-2007 Igor Pavlov Copyright (C) 2001 - 2015 HPDC LP Copyright (C) 2001-2022 Mark Russinovich Copyright (c) 2003-2008 Nero AG and its licensors Copyright (C) 2003-2011 Apple Inc. Copyright (C) 2005-2022 Nitro Software, Inc. ALL RIGHTS RESERVED Copyright (C) 2006 The Android Open Source Project Copyright (C) 2007 Copyright (C) 2009 Copyright (C) 2009 PopCap Games, Inc. Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies). Copyright (c) 2014 Flexera Software LLC. All Rights Reserved. Copyright(c) 2014, Mediatek Inc. All rights reserved. Copyright (C) 2016 Copyright (C) 2020 Copyright (c) 2020 AVAST Software Copyright (C) 2020 The Qt Company Ltd. Copyright (C) 2021 Valve Corporation Copyright (c) 2022, Insecure.Com LLC. All rights reserved. Copyright (C) 2025 Copyright (C) 2025 by FastStone Corporation Copyright (C) Acronis International GmbH, 2002-2015. Copyright (C) DEVGURU 2002-2013 (www.devguru.co.kr) Copyright (C) Hewlett-Packard 2007 Copyright (c) Microsoft Corporation. All rights reserved. Copyright (c) Microsoft Corporation. All rights reserved. Copyright(c) RealNetworks, Inc. 1995-2017, All rights reserved. (http://www.real.com) Copyright (C) Seiko Epson Corporation 2003 Copyright 1984-2009 Adobe Systems Incorporated and its licensors. All rights reserved. Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010 Sony Corporation Copyright 2016-2024. EnigmaSoft Limited. All rights reserved. Copyright 2016-2025. EnigmaSoft Limited. All rights reserved. Copyright 2018 Google LLC Copyright 2019, Adobe Inc. All rights reserved. Copyright 2022 Google LLC. All rights reserved. Copyright 2024 Malwarebytes Copyright 2025 Google LLC. All rights reserved. Copyright c 2007 Copyright CANON INC. 2012-2020 Copyright Microsoft Corporation Copyright Microsoft Corporation. All rights reserved. Copyright Opera Software 2021 Copyright Opera Software 2025 Copyright Reason Software Company Inc. Copyright © 1987-1997 Microsoft Corp. Copyright © 1987-2000 Microsoft Corp. Copyright © 1994-2015 Lua.org, PUC-Rio. Copyright © 1996-2013 Xceed Software Inc. Copyright © 2000 - 2017 PDFConverter.com Copyright © 2002-2013 by WIBU-SYSTEMS AG Copyright © 2003-2007 Nuance Communications, Inc. Copyright© 2005-2018 IObit Copyright © 2006-2025 ArcticLine Software Copyright © 2008 Adobe Systems Incorporated. All rights reserved. Copyright © 2009-2017, Intel Corporation. All rights reserved. Copyright © 2015 Copyright © 2016-2019 www.sordum.org All Rights Reserved. Copyright © 2019-2020 Foxit Software Inc. All Rights Reserved. Copyright © 2020 Roblox Corporation. All rights reserved. Copyright © 2022 McAfee, LLC Copyright © 2023 Copyright © 2023 Adobe Inc. All rights reserved. Copyright © 2025 Copyright © 2025 Avira Operations GmbH and its Licensors Copyright©2025 Kingsoft Corporation. All rights reserved. Copyright © Acronis International GmbH, 2002-2015. Copyright © Adobe Systems Inc. 1992-2012 Copyright © Azzouzi Software Copyright © H.D.S. Hungary Copyright © Microsoft Corp. 1994-2007 Copyright © Red Hat, Inc. 1996-2015 Copyright Â© Epic Games, Inc EdrawSoft.com, All rights reserved. Greensoft Limited License: MPL 2 Mozilla NCH Software Public domain Tonec FZE, Copyright © 1999 - 2020 Tonec FZE, Copyright © 1999 - 2025 Tonec Inc., Copyright © 1999 - 2025 wondershare (C) Copyright 2023 15 additional items are not displayed above.
Legal Trademarks	ABBYY, the ABBYY logo are either registered trademarks or trademarks of ABBYY Software Ltd. Acronis International GmbH. All rights reserved. Copyright © H.D.S. Hungary Folder Marker Internet Download Manager IObit Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Mozilla PortableAppZ is a Trademark of Bernat Sentinel(r) is a registered trademark of THALES. Show More Sentinel(r) is a registered trademark of Thales Group. WIBU®, CodeMeter® and SmartShelter® are registered trademarks of WIBU-SYSTEMS AG
Legal Trademarks1	All Rights Reserved All rights reserved Microsoft® is a registered trademark of Microsoft Corporation.
Legal Trademarks2	All Rights Reserved Edraw Max Windows® is a registered trademark of Microsoft Corporation.
M O S E Version	BETA
Official Build	1
Ole Self Register	1
Original Filename	7zS.sfx.exe 360Tray.exe AbbyyZlib.dll ACE.dll acrobat_compat AcroSpeedLaunch.exe AcroTray.exe AdbWinApi.dll AdobeARM.exe Adobe Update Service.exe Show More AdwCleaner.exe aeocenter.dll AutoIt3.exe avira.exe backend.exe baseCore.dll BCSSync.exe BeamNG.drive CCleanerBrowserUpdate.exe CLIStart.exe CodeMeter.exe COMCTL32.OCX cygwin1.dll d3dcompiler_47.dll D3DX9D.dll DBGHELP.DLL DeskFX.exe diagtrack.dll DriverBooster.exe DriverSetup.exe dxwebsetup.exe EasyAntiCheat.exe Elevate.exe Engine.dll EPPCCMON.EXE FolderMarker.exe GoogleUpdate.exe GoogleUpdateSetup.exe goopdate.dll GrooveEX.dll hasplms.exe HDSentinel.exe helper.exe hpbcfgre.DLL hpwuSchd.exe IDMan.exe idmnmcl.dll IDM Trial Reset.exe IEMonitor.EXE ie_to_edge_bho.dll Installer.exe InstallShield SetupSuite.exe jusched.exe kbaseconfigcenter.dll krt.dll LcMgr.dll libusb0.dll lua5.1.dll maintenanceservice.exe McCHSvc.exe mdm.exe mdnsNSP.dll MEProv.dll MessageBus.dll MFC100U.DLL microstub.exe msedgeupdate.dll NB.dll nsNiuniuSkin.dll nusb3mon.dll NvBackend.exe OneDrive.exe osetup.dll Packet.dll PDFConverterElite.PrnDisp.exe PhotoshopCS6Portable.exe psexec.c PublicWiFiService.exe Qt5Core.dll QtXmlPatterns4.dll RaCoInst.dll Roblox.exe rpsystray.exe SETEVENT.exe setup.exe Setup.exe SFXCAB.EXE SoftwareUpdateFiles.dll sqlite3.dll sqmapi.dll SSBkgdUpdate.exe steam.exe tib_mounter_monitor.exe ti_monitor.exe TJprojMain.exe tvsuShim.exe ucrtbase.dll uninst.exe UNISOC_Drivers.exe UpdateInstaller.exe 12 additional items are not displayed above.
Package Type	update
Private Build	Build by Tecgraf/PUC-Rio for LuaBinaries
Proc. Architecture	x86
Product Name	7-Zip 360 Total Security ACE Acronis TIB Mounter Acronis True Image 2016 AcroTray - Adobe Acrobat Distiller helper application. Adobe Acrobat Adobe Photoshop CS6 Portable Adobe Reader and Acrobat Manager Adobe Updater Startup Utility Show More Adobe Update Service AdwCleaner AMD USB 3.0 Device Detector Android SDK AnyDesk Apple Software Update AutoIt v3 Script Avast MicroInstaller Avira Security BeamNG.drive Bonjour Bootstrapper Small Canon IJ Scan Utility SETEVENT Catalyst® Control Center CCleaner Browser CodeMeter COMCTL Coodesker Cygwin DAEMON Tools Lite DeskFX Driver Booster EasyAntiCheat Edraw Max Elevate Application Epson Printer Connection Checker EPSON Scan FastStone Capture Firebird SQL Server Firefox Folder Marker Free Google Chrome Installer Google Update Google Updater (x86) Hard Disk Sentinel hpbcfgre Dynamic Link Library hpwuSchd Application IDM Trial Reset IEMonitor Application IEToEdge BHO Installer InstallShield Intel(R) Management Engine Provider Dynamic Link Library Internet Download Manager (IDM) Internet Download Manager Module ISB Utility Java Platform SE Auto Updater LcMgr libusb-win32 - DLL Licensing Lua - The Programming Language McAfee Security Scanner + Mediatek CoInstaller Dynamic Link Library Microsoft Edge Update Microsoft Office 2010 Microsoft Office 2016 Microsoft OneDrive Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 Microsoft® DirectX for Windows® Microsoft® Visual Studio .NET Microsoft® Visual Studio® 10 Microsoft® Visual Studio® 2017 Microsoft® Windows® Operating System MSI 3.1 MSS CS MyPublicWifi Service Nero BackItUp Nitro Pro Npcap nsNiuniuSkin NSIS UI Engine NVIDIA Backend NVIDIA Message Bus NVIDIA Update Opera Browser Assistant Opera GX Browser Assistant PDF Converter Elite Project1 Qt4 Qt5 RealTimes Roblox Bootstrapper Sentinel LDK Spreadtrum Driver Setup SQLite SSBkgdUpdate Steam Sysinternals PsExec tvsuShim Application Unchecky 13 additional items are not displayed above.
Product Short Name	Chrome Installer GoogleUpdater
Product Version	Version 5.10a of 2013-Nov-15 (Build 1224) gcomp_dev 27581620 2013.02.13.00 143.0.7482.0 143.0.3650.96 142.0.7416.0 141.0.7376.0 140.0.7273.0 122.0.5643.17 115.23.0 Show More 97.0.4692.99 80, 1, 1, 0 73.0.3856.382 25.0 21.220.1024.0005 21.0 20.0.12.0 19,0,0,6571 18.1.9.106 18.05 16.0.4266.1001 14.16.27033.0 14.0.6019.1000 14.0.4756.1000 13.58.0.1180 12.3.0.2291 12.0.40664.0 12,2,0,23196 12,2,0,23155 11.7.0.1035 11.1 11.0.61030.0 11.0.23.22" 11.0.0.379" 10.4.0.5 10.00.40219.325 10.0.26100.3323 10.0.22621.2428 10.0.17134.12 10.0.14393.33 10.0.10586.0 9.27.1734.0 9.19.949.1104 9.6 9.5 9.2.0.124 9.0.0.30 (BuildVersion: 1.0; BuildDate: BUILDDATETIME) 9.0 9,0,0,1034 9 8.4 8.3 8.2 7.05+ 7.00.9466 6.7.0.278 6.6.0.24 6.5.14508.0 6.3.9600.16384 6.2.9200.16384 6.00.9815 6.00.8105 6, 42, 56, 2 6, 42, 55, 2 6, 42, 52, 2 6, 42, 49, 1 6, 37, 8, 1 6,6,0,12 6,0,1,2810 6, 0, 0, 0 6,0,0,0 5.15.2.0 5.0.5 5, 7, 0, 139 5, 1, 4, 0 5 4.57 4.19.38.134 4.9.1.0 4.3.0.04300 4.2.3.100 4.0.0.1 4,0,0,0 3.11.5.510 3.6.0.47224 3.6.0.47196 3.6.0.47178 3.5.0.0 3.1 3.0.5419.0 3.0.919.5476 3.0.891.5380 3.0 3, 3, 14, 5 3,0,0,10 2.8.471.9 2.8.461.11 2.8.451.10 2.8.441.7 2.8.381.9 57 additional items are not displayed above.
Program I D	com.foldermarker.FolderMarker
Registry Key	Cygwin
Self- Extractor Version	SFXCAB v6.1.6.0
Shared Memory Version	5
Source Control I D	9866231
Special Build	4.2.3.100 b/build/2c205c5c-e050-0ffd-f7d0-63786687edbc Firebird 1.5 stable34 stable uthelper
Support Link	"http://go.microsoft.com/fwlink/?LinkId=33342"
Upstream Version	1.3.99.0
Website	https://junookyo.blogspot.com/
Wibu Lang Version	5.00
产品名	hpbcfgre 动态链接库
合法版权	版权所有 (C) 2001

Digital Signatures

Signer	Root	Status
iCareAll Co., Limited	AAA Certificate Services	Hash Mismatch
Intel(R) Embedded Subsystems and IP Blocks Group	AddTrust External CA Root	Hash Mismatch
0833266 B.C. LTD	COMODO RSA Certification Authority	Hash Mismatch
Indigo Rose Software Design Corporation	COMODO RSA Code Signing CA	Hash Mismatch
Beijing Coodesker Technology Co., Ltd.	Certum Extended Validation Code Signing 2021 CA	Hash Mismatch

Google LLC	DigiCert Assured ID Code Signing CA-1	Hash Mismatch
Tencent Technology(Shenzhen) Company Limited	DigiCert Assured ID Code Signing CA-1	Hash Mismatch
Tonec Inc.	DigiCert Assured ID Code Signing CA-1	Hash Mismatch
Easybits AS	DigiCert Assured ID Root CA	Hash Mismatch
Adobe Inc.	DigiCert EV Code Signing CA (SHA2)	Hash Mismatch
Adobe Systems, Incorporated	DigiCert EV Code Signing CA (SHA2)	Hash Mismatch
FOXIT SOFTWARE INC.	DigiCert EV Code Signing CA (SHA2)	Hash Mismatch
Malwarebytes Inc	DigiCert EV Code Signing CA (SHA2)	Hash Mismatch
Opera Software AS	DigiCert EV Code Signing CA (SHA2)	Hash Mismatch
Thales DIS CPL USA, Inc.	DigiCert EV Code Signing CA (SHA2)	Hash Mismatch
Insecure.Com LLC	DigiCert High Assurance EV Root CA	Hash Mismatch
Avast Software s.r.o.	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Google LLC	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
HP Inc.	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Nitro Software, Inc.	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Psiphon Inc.	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Tencent Technology(Shenzhen) Company Limited	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Tonec Inc.	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Adobe Inc.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
AnyDesk Software GmbH	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Avira Operations GmbH	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
CHENGDU YIWO Tech Development Co., Ltd.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
FastStone Corporation	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Google LLC	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Lenovo	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
NCH Software, Inc.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Opera Norway AS	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Oracle America, Inc.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
PIRIFORM SOFTWARE LIMITED	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Roblox Corporation	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
SEIKO EPSON CORPORATION	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Tonec Inc.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Waves Inc	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Wondershare Technology Group Co.,Ltd	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Zhuhai Kingsoft Office Software Co., Ltd.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
AnyDesk Software GmbH	DigiCert Trusted Root G4	Hash Mismatch
BeamNG GmbH	DigiCert Trusted Root G4	Hash Mismatch
BitTorrent Inc	DigiCert Trusted Root G4	Hash Mismatch
EnigmaSoft Limited	DigiCert Trusted Root G4	Hash Mismatch
EnigmaSoft Limited	DigiCert Trusted Root G4	Hash Mismatch
Google LLC	DigiCert Trusted Root G4	Hash Mismatch
Lenovo	DigiCert Trusted Root G4	Hash Mismatch
Mozilla Corporation	DigiCert Trusted Root G4	Hash Mismatch
SEIKO EPSON CORPORATION	DigiCert Trusted Root G4	Hash Mismatch
Thales DIS CPL USA, Inc.	DigiCert Trusted Root G4	Hash Mismatch
Valve Corp.	DigiCert Trusted Root G4	Hash Mismatch
Wondershare Technology Group Co.,Ltd	DigiCert Trusted Root G4	Hash Mismatch
Zhuhai Kingsoft Office Software Co., Ltd.	DigiCert Trusted Root G4	Hash Mismatch
AVB Disc Soft, SIA	Entrust Code Signing Root Certification Authority - CSBR1	Hash Mismatch
FLEXTECH INC.	GlobalSign	Hash Mismatch
IObit Co., Ltd.	GlobalSign	Hash Mismatch
ZOHO Corporation Private Limited	GlobalSign	Hash Mismatch
PC HELPSOFT LABS INC.	GlobalSign Code Signing Root R45	Hash Mismatch
Shenzhen Aidapu Network Technology Co.,Ltd.	GlobalSign Code Signing Root R45	Hash Mismatch
Noriyuki Miyazaki	GlobalSign CodeSigning CA - G2	Hash Mismatch
Noriyuki Miyazaki	GlobalSign CodeSigning CA - SHA256 - G2	Hash Mismatch
AutoIt Consulting Ltd	GlobalSign CodeSigning CA - SHA256 - G3	Hash Mismatch
Khalil Azzouzi	GlobalSign CodeSigning CA - SHA256 - G3	Hash Mismatch
Acronis International GmbH	GlobalSign Extended Validation CodeSigning CA - SHA256 - G3	Hash Mismatch
McAfee, LLC	GlobalSign GCC R45 EV CodeSigning CA 2020	Hash Mismatch
EasyAntiCheat Oy	GlobalSign Root CA	Hash Mismatch
Honor Device Co., Ltd.	GlobalSign Root CA	Hash Mismatch
Travis Lee Robinson	GlobalSign Root CA	Hash Mismatch
Microsoft Corporation	Microsoft Code Signing PCA	Hash Mismatch
Microsoft Corporation	Microsoft Code Signing PCA 2010	Hash Mismatch
Microsoft Corporation	Microsoft Code Signing PCA 2011	Hash Mismatch
Malwarebytes Inc	Microsoft Identity Verification Root Certificate Authority 2020	Hash Mismatch
Microsoft Corporation	Microsoft Root Authority	Hash Mismatch
Microsoft Corporation	Microsoft Windows Code Signing PCA 2024	Hash Mismatch
Microsoft Windows	Microsoft Windows Production PCA 2011	Hash Mismatch
Microsoft Windows Hardware Compatibility Publisher	Microsoft Windows Third Party Component CA 2012	Hash Mismatch
AOMEI International Network Limited	Sectigo Public Code Signing Root R46	Hash Mismatch
Alexey Nicolaychuk	Sectigo Public Code Signing Root R46	Hash Mismatch
ArcticLine Software	Sectigo Public Code Signing Root R46	Hash Mismatch
Sordum Software	Sordum Software	Hash Mismatch
EDRAW LIMITED	StartCom Certification Authority	Hash Mismatch
Adobe Systems Incorporated	Symantec Class 3 Extended Validation Code Signing CA - G2	Hash Mismatch
Acronis International GmbH	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch
Apple Inc.	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch
Beijing Qihu Technology Co., Ltd.	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch
Canon Inc.	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch
Huawei Technologies Co., Ltd.	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch
Oracle America, Inc.	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch
Reason Software Company Inc.	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch
SEIKO EPSON CORPORATION	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch
SecureTeam Software Ltd.	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch
Xceed Software Inc.	Thawte Code Signing CA - G2	Hash Mismatch
IObit CO., LTD	USERTrust RSA Certification Authority	Hash Mismatch
Malwarebytes Inc.	USERTrust RSA Certification Authority	Hash Mismatch
McAfee, LLC	USERTrust RSA Certification Authority	Hash Mismatch
Janos Mathe	UTN-USERFirst-Object	Hash Mismatch
ABBYY SOLUTIONS LIMITED	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Adobe Systems, Incorporated	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
ElcomSoft Co.Ltd.	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Nero AG	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch

18 additional signatures are not displayed above.

File Traits

00 section
2+ executable sections
7-zip (In Overlay)
7-zip Installer
Badsig autoit
Badsig nsis
big overlay
CAB (In Overlay)
CryptUnprotectData
dll

fptable
golang
HighEntropy
Installer Manifest
Installer Version
nosig nsis
No Version Info
ntdll
Nullsoft Installer
packed
SusSec
upx
UPX!
vb6
VirtualQueryEx
WinZip SFX
Wix
WixToolset Installer
WriteProcessMemory
x86
ZIP (In Overlay)

Block Information

Total Blocks:	4,430
Potentially Malicious Blocks:	23
Whitelisted Blocks:	1,855
Unknown Blocks:	2,552

Visual Map

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 x 0 0 x ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? 0 0 ? 0 ? ? ? ? 1 0 ? 0 ? 0 1 1 1 0 1 0 ? 1 0 ? ? 0 0 1 0 ? 0 0 1 1 ? 0 0 ? ? ? 1 0 0 0 ? 1 0 ? 0 ? 0 ? 1 ? 1 ? ? ? 0 ? ? ? ? ? ? ? 0 ? 0 ? ? ? 0 0 0 0 ? ? ? 0 1 ? 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 ? 0 0 0 ? ? ? 0 0 0 ? 0 ? ? 1 0 0 1 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? 1 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 ? 0 ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? 1 ? 0 ? ? 0 0 0 0 0 0 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 1 0 0 ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 ? ? ? ? 0 0 ? 0 x 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 ? ? ? ? ? ? 0 ? 0 ? 0 0 ? 0 0 0 ? ? ? ? 0 0 0 ? ? 0 0 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 ? 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? 0 ? ? ? 0 0 0 ? 0 0 ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? 0 0 0 0 0 0 ? 0 0 0 ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 x ? 0 ? 0 ? 0 ? ? 0 0 ? 0 ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 ? 0 0 ? 0 0 0 ? ? ? ? ? ? 0 0 ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? 0 0 0 0 ? ? ? ? ? ? 0 0 ? ? ? ? 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 ? 0 ? ? ? 0 0 ? ? ? 0 0 ? ? ? ? ? 0 0 ? ? ? ? ? 0 0 ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 0 ? ? ? 0 ? 1 ? ? 0 0 0 0 ? ? ? ? 0 ? 0 0 ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? 0 ? ? 0 ? 0 0 0 ? ? ? ? 0 0 0 0 0 ? ? ? ? ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? 0 ? 0 ? 1 1 1 0 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 2 ? ? 0 ? 0 ? 0 0 0 0 ? ? 0 0 0 ? 0 0 ? 0 ? 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? 0 ? 0 0 ? 0 0 ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? 0 ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? 0 0 ? 0 0 ? ? 0 ? ? ? ? ? 0 ? 0 ? 0 ? ? ? 1 0 ? ? ? ? 0 ? 0 0 0 0 ? ? ? ? 0 ? ? 0 0 0 0 ? ? ? 0 ? 1 ? ? ? 0 ? 0 0 0 ? 0 0 0 0 ? 0 0 0 0 ? ? 0 ? ? 0 ? 1 0 ? ? 0 0 ? 0 0 ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? 1 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? 0 ? 0 ? ? 0 ? ? 0 0 0 ? ? 0 0 ? ? 0 ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 1 0 ? ? 0 0 ? ? ? ? 0 ? ? ? 0 0 ? ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? 0 0 1 0 ? 0 ? ? ? ? ? ? ? 0 x x 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? ? ? 0 ? ? ? ? ? 0 0 ? ? ? ? 0 0 x ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? 0 ? 0 ? 0 ? ? ? ? ? x x 0 0 x x x ? 0 0 0 ? x ? 0 ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 ? 0 0 ? 0 0 ? ? 0 ? ? 0 ? ? 0 0 ? 0 0 0 0 ? ? ? ? ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? 0 ? ? ? 0 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? 0 0 0 0 0 ? ? ? ? 0 0 ? ? 0 ? ? ? ? 0 ? 0 0 ? ? ? x ? ? ? 0 0 ? ? ? 1 ? ? ? ? ? ? 0 ? ? ? 0 0 0 ? 1 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? 0 ? ? 0 0 0 0 0 0 ? 0 ? ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 ? ? ? 0 ? 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 ? ? 0 0 ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? 0 ? ? ? 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 0 0 0 ? 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? x ? ? ? ? ? ? 0 0 0 0 0 0 0 ? ? 0 0 ? 0 ? 0 x x 0 0 ? ? ? ? 0 ? ? ? ? ? 0 ? 0 0 0 0 0 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? 0 ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 1 ? 0 ? ? ? ? ? 0 ? ? ? ? ? 0 0 0 ? 0 ? 0 ? ? ? ? ? ? ? 0 ? 0 0 ? ? ? 0 0 0 ? ?

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.AG
Agent.GV
Ahead.B
Autoit
Bitcoinminer.BDA

Bitcoinminer.BDB
Bitcoinminer.DJE
CardTool.A
Chuyun.A
DarkGate.B
Delf.Q
Expiro.IE
Expiro.MB
Farfli.AL
Floxif.D
Floxif.E
Fragtor.AB
Incognito.A
Injector.ISA
Johnnie.E
Kryptik.REA
Kryptik.REC
Kryptik.XTA
LittleCrypt.A
Loader.DE
Lumma.XC
Marte.Z
Mint.B
Penguish.H
Philadelphia.A
Philadelphia.B
Redline.FAD
Rozena.FGB
Rugmi.GI
Rugmi.PG
Rugmi.T
ShellcodeRunner.FN
Sheloader.A
Stealer.BPE
Tinba.T
Trojan.Kryptik.Gen.BXM
Vidar.F
Webalta.A
XWorm.X

Files Modified

File	Attributes
\device\harddisk0\dr0	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\adprinterpipe	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\common files\adobe	Synchronize,Write Attributes
c:\program files (x86)\common files\adobe\slcache	Synchronize,Write Attributes

c:\program files (x86)\common files\adobe\slcache\ughvdg9zag9wluntni1xaw4tr017fh1btew=.slc	Generic Write,Read Attributes
c:\program files (x86)\common files\adobe\slcache\ughvdg9zag9wluntni1xaw4tr017fh1btew=.slc	Synchronize,Write Attributes
c:\program files (x86)\common files\adobe\slcache\ughvdg9zag9wluntni1xaw4tr017fh1lbl9vuw==.slc	Generic Write,Read Attributes
c:\program files (x86)\common files\adobe\slcache\ughvdg9zag9wluntni1xaw4tr017fh1lbl9vuw==.slc	Synchronize,Write Attributes
c:\program files (x86)\common files\adobe\slcache\ughvdg9zag9wluntni1xaw4tr017fh1mawnmb2m=.slc	Generic Write,Read Attributes
c:\program files (x86)\common files\adobe\slcache\ughvdg9zag9wluntni1xaw4tr017fh1mawnmb2m=.slc	Synchronize,Write Attributes
c:\program files (x86)\common files\adobe\slcache\x19zbgnfzmvhdhvyzxnfxw==.slc	Generic Write,Read Attributes
c:\program files (x86)\common files\adobe\slcache\x19zbgnfzmvhdhvyzxnfxw==.slc	Synchronize,Write Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\googlecrashhandler.exe	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\googlecrashhandler64.exe	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\googleupdate.exe	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\googleupdatebroker.exe	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\googleupdatecomregistershell64.exe	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\googleupdatecore.exe	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\googleupdateondemand.exe	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\googleupdatesetup.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdate.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_am.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_ar.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_bg.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_bn.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_ca.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_cs.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_da.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_de.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_el.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_en-gb.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_en.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_es-419.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_es.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_et.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_fa.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_fi.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_fil.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_fr.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_gu.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_hi.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_hr.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_hu.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_id.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_is.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_it.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_iw.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_ja.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_kn.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_ko.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_lt.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_lv.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_ml.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_mr.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_ms.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_nl.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_no.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_pl.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_pt-br.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_pt-pt.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_ro.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_ru.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_sk.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_sl.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_sr.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_sv.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_sw.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_ta.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_te.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_th.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_tr.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_uk.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_ur.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_vi.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_zh-cn.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\goopdateres_zh-tw.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\psmachine.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\psmachine_64.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\psuser.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gumbc9b.tmp\psuser_64.dll	Generic Write,Read Attributes
c:\program files (x86)\google\temp\gutbc9c.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\microsoft\edgeupdate\1.3.195.65\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.195.65\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.195.65\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.195.65\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.211.7\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.211.7\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.211.7\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.211.7\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.213.7\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.213.7\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.213.7\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.213.7\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files (x86)\windows defender\mpoav.dll	Synchronize,Write Attributes
c:\program files (x86)\windows defender\mpoav.dll.dat	Synchronize,Write Data
c:\program files (x86)\windows defender\mpoav.dll.tmp	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000	Generic Write,Read Attributes
c:\program files\nsnbe46.tmp	Synchronize,Write Attributes
c:\program files\nsnbe46.tmp\nsnbe47.tmp	Synchronize,Write Attributes
c:\program files\nssbe15.tmp	Synchronize,Write Attributes
c:\program files\nssbe15.tmp\nssbe16.tmp	Synchronize,Write Attributes
c:\programdata\acronis\tibmountermonitorlogs\tibmountermonitor-20250924-105825-208.0.log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\adobe	Synchronize,Write Attributes
c:\programdata\cm-lock	Generic Write,Read Attributes,Delete
c:\sandbox_live\injected-win32.dll	Synchronize,Write Attributes
c:\sandbox_live\injected-win32.dll	Synchronize,Write Data
c:\sandbox_live\injected-win32.dll.dat	Synchronize,Write Data
c:\sandbox_live\injected-win32.dll.tmp	Generic Write,Read Attributes
c:\sandbox_live\shsandbox32.exe	Synchronize,Write Attributes
c:\sandbox_live\shsandbox32.exe	Synchronize,Write Data
c:\sandbox_live\shsandbox32.exe.dat	Synchronize,Write Data
c:\sandbox_live\shsandbox32.exe.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\adobe	Synchronize,Write Attributes
c:\users\user\appdata\local\adobe\aamupdater\1.0\aamul.log	Generic Write,Read Attributes
c:\users\user\appdata\local\adobe\aamupdater\1.0\adobeupdaterprefs.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\internet explorer\msimgsiz.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_256.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.blf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\7zs8c5a3232\postsigningdata	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs8c5a3232\setup-stub.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs8c5a3232\setup-stub.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_deskfx_rl_nfydbdcu	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\a1d26e2\21a16b4134c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\235215b0fd0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\28c1e0ce7c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\29771c9c6c0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\2b321660f3c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\2b4a1a10eb4.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\2f972188204c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\309922889ac.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\31762200111c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\4d68154cb8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\53731bf0161c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\5a7416781624.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\5c7716b41668.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\5dfee8013f0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\5e7b171016c8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\60201a081798.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\6121b0812f0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\62e922f41a34.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\63ca113c12dc.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\6496ea81414.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\650316081494.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\661b212c144c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\670f808798.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\67b213a01f0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\68bc126c162c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\6c3f22581b84.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\6d5923684b0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\6dec123c132c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\719e21401b10.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\77e89101d8c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\854d207b8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\a7841a9c1878.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\a84fdf8874.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\a8fb1d786e8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\ac3711e01c20.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\b8f418947b4.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\ba1b1b7c15c8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\bd751318160c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\bd87e601a04.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\c3925781fd8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\c99d1b641828.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\e0d1eec15c0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\e258100c1bfc.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\e47ad6c64c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\e8241894cc8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\f4d580c1d50.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autbb37.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autbb47.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autbb58.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autbb69.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autbb89.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autf5b1.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\emulator.6496.fre.rd_sdk_stable_v2r9.210914-0539-x6400000.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hdqik.sys	Generic Write,Read Attributes

1068 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls	C:\PROGRA~1\COMMON~1\System\symsrv.dll	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey

HKLM\software\wow6432node\anydesk::id		RegNtPreCreateKey
HKLM\software\wow6432node\adobe\pdf admin settings\enu::standard	Standard	RegNtPreCreateKey
HKLM\software\wow6432node\adobe\pdf admin settings\enu::smallest file size	Smallest File Size	RegNtPreCreateKey
HKLM\software\wow6432node\adobe\pdf admin settings\enu::high quality print	High Quality Print	RegNtPreCreateKey
HKLM\software\wow6432node\adobe\pdf admin settings\enu::press quality	Press Quality	RegNtPreCreateKey
HKLM\software\wow6432node\adobe\pdf admin settings\enu::pdfx1a 2001	PDF/X-1a:2001	RegNtPreCreateKey
HKLM\software\wow6432node\adobe\pdf admin settings\enu::pdfx1a 2001 jpn	PDF/X-1a:2001 (Japan)	RegNtPreCreateKey
HKLM\software\wow6432node\adobe\pdf admin settings\enu::pdfx1a 2003	PDF/X-1a:2003	RegNtPreCreateKey
HKLM\software\wow6432node\adobe\pdf admin settings\enu::pdfx1a 2003 jpn	PDF/X-1a:2003 (Japan)	RegNtPreCreateKey
HKLM\software\wow6432node\adobe\pdf admin settings\enu::pdfx3 2002	PDF/X-3:2002	RegNtPreCreateKey
HKLM\software\wow6432node\adobe\pdf admin settings\enu::pdfx3 2002 jpn	PDF/X-3:2002 (Japan)	RegNtPreCreateKey
HKLM\software\wow6432node\adobe\pdf admin settings\enu::pdfx3 2003	PDF/X-3:2003	RegNtPreCreateKey
HKLM\software\wow6432node\adobe\pdf admin settings\enu::pdfx3 2003 jpn	PDF/X-3:2003 (Japan)	RegNtPreCreateKey
HKLM\software\wow6432node\adobe\pdf admin settings\enu::pdfa1b 2005 cmyk	PDF/A-1b:2005 (CMYK)	RegNtPreCreateKey
HKLM\software\wow6432node\adobe\pdf admin settings\enu::pdfa1b 2005 rgb	PDF/A-1b:2005 (RGB)	RegNtPreCreateKey
HKLM\software\wow6432node\anydesk::id		RegNtPreCreateKey
HKLM\software\wow6432node\anydesk::id		RegNtPreCreateKey
HKCU\software\installshield\suiteinstallers\{0901d738-37fa-4a02-a78c-693bf7e28e87}::infopath	C:\Users\Dyyfkwsi\AppData\Local\Temp\{F0ABB6C1-100B-4DDF-9C85-80D25C5636AF}\_is8A3	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::1	Z1汒捳數祬B 뻯.Rlscxely	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::0	\1坛㰨佄啃䕍ㅾD 뻯啫嬯夸匹.ަ샒documents	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots	ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::nodeslot		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bags\132\shell::sniffedfoldertype	Documents	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini		RegNtPreCreateKey
HKLM\software\wow6432node\anydesk::id		RegNtPreCreateKey
HKLM\software\wow6432node\cygwin\installations::556572eb6f191e06	\??\c:\users\user	RegNtPreCreateKey
HKLM\software\classes\ssbkgdupdate.application::	SSBkgdUpdate.Application	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{1a4dcd97-41ca-4c9f-bf26-2e1db7024c84}::	SSBkgdUpdate.Application	RegNtPreCreateKey
HKLM\software\classes\ssbkgdupdate.application\clsid::	{1A4DCD97-41CA-4C9F-BF26-2E1DB7024C84}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{1a4dcd97-41ca-4c9f-bf26-2e1db7024c84}\progid::	SSBkgdUpdate.Application	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{1a4dcd97-41ca-4c9f-bf26-2e1db7024c84}\inprochandler32::	ole32.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{1a4dcd97-41ca-4c9f-bf26-2e1db7024c84}\localserver32::	c:\users\user\DOWNLO~1\9C263F~1	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\iexplore::name	Internet Explorer	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\iexplore::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\msedge::name	Microsoft Edge	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\msedge::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\firefox::name	Mozilla Firefox	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\firefox::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\chrome::name	Google Chrome	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\chrome::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\opera::name	Opera	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\opera::int		RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\safari::name	Apple Safari	RegNtPreCreateKey
HKCU\software\downloadmanager\idmbi\safari::int		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\wow6432node\anydesk::id		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75	沋䠱O噀ñÁ鱹9뽹ɞ傄ëߙĤÉ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75	沌䠱O噀ñÁ鱹9뽹ɞ傄ëɼߙĤÉ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75	沍䠱O噀ñÁ鱹9뽹ɞ傄ëɼ鶝ߙĤÉ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75	沎 ⬉ʾ䠱O噀ñÁ鱹9뽹ɞ傄ëɼ鶝ߙĤÉ	RegNtPreCreateKey
HKLM\software\wow6432node\anydesk::id		RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlon	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2off	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7b	RegNtPreCreateKey
HKCU\software\nch software\deskfx\registration::name		RegNtPreCreateKey
HKCU\software\nch software\deskfx\registration::rd	dd7	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgre	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgreRS5e	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgreRS5eUFLf	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgreRS5eUFLfMCIt	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgreRS5eUFLfMCItFEpl	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgreRS5eUFLfMCItFEplNIbd	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgreRS5eUFLfMCItFEplNIbdVwzm	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgreRS5eUFLfMCItFEplNIbdVwzmZP4w	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgreRS5eUFLfMCItFEplNIbdVwzmZP4wDESKFXSuitetabon	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgreRS5eUFLfMCItFEplNIbdVwzmZP4wDESKFXSuitetabonTsdi	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgreRS5eUFLfMCItFEplNIbdVwzmZP4wDESKFXSuitetabonTsdiUEup	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgreRS5eUFLfMCItFEplNIbdVwzmZP4wDESKFXSuitetabonTsdiUEupKYMv	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgreRS5eUFLfMCItFEplNIbdVwzmZP4wDESKFXSuitetabonTsdiUEupKYMvACKs	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgreRS5eUFLfMCItFEplNIbdVwzmZP4wDESKFXSuitetabonTsdiUEupKYMvACKsUEjt	RegNtPreCreateKey
HKCU\software\nch software\deskfx\settings::gpu0	1414 8C 0 0 0 Microsoft Basic Render Driver	RegNtPreCreateKey
HKCU\software\nch software\deskfx\settings::gpu1	1414 8C 0 0 0 Microsoft Basic Render Driver	RegNtPreCreateKey
HKCU\software\nch software\deskfx\settings::gpu_adaptercount	2	RegNtPreCreateKey
HKCU\software\nch software\deskfx\settings::gpu_default	-2	RegNtPreCreateKey
HKCU\software\nch software\deskfx\software::svar	LLIBControlonDESKFXSplashv2offZt7bGgreRS5eUFLfMCItFEplNIbdVwzmZP4wDESKFXSuitetabonTsdiUEupKYMvACKsUEjtLLIBViewsoundeffectresetof	RegNtPreCreateKey
HKCU\software\nch software\deskfx\stats::programexecutions	1	RegNtPreCreateKey
HKCU\software\nch software\deskfx\settings::versioncheckaftercrash	1	RegNtPreCreateKey
HKCU\software\nch software\deskfx\registration::bo	1	RegNtPreCreateKey
HKCU\software\nch software\deskfx\registration::uc	0.0000000000000000	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\wow6432node\anydesk::id		RegNtPreCreateKey
HKLM\software\wow6432node\anydesk::id		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::exepath	c:\users\user\downloads	RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::waitforserviceaftersystemstart	x	RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::systemstartthreshold	Ĭ	RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::cleanuptimeout	x	RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::udpwaitingtime	Ϩ	RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::udpcachingtime		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::apicommunicationmode		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::isnetworkserver		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::iscmwanserver		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::networkaccessfsb		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::logging		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::loglicensetracking		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::networkport	坎	RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::cmwanport	坏	RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::proxyport		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::networktimeout	d	RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::maxmessagelen	Ѐ	RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::bindaddress	0.0.0.0	RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::useumsda		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::cmactdisabled		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::cminstanceuid		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::startdaemon		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::logcleanuptimeout	Ő	RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::actiontimeintervall		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::timeservertimeout		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::logpath	c:\users\user\downloads	RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::loglicensetrackingpath	c:\users\user\downloads\..\LicenseTracking	RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::proxypasswordsecure	/eYHVCGsSuQ=	RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::certifiedtimeautomaticupdate		RegNtPreCreateKey
HKLM\software\wibu-systems\codemeter\server\currentversion::certifiedtimemaxdifference	㪀	RegNtPreCreateKey
HKLM\software\mozilla\firefox\taskbarids::c:\program files\mozilla firefox		RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo	vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.3570"hypervisor="Hypervisor detected (Micros	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	곃濁椑ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\rfc1156agent\currentversion\parameters::trappolltimemillisecs	㪘	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	녗Β獳ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\easeus\downloadinstall::guid	29F7ABDB-B899-47da-BB6D-551F919D2BE2	RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\firewallcontrolpanel.dll,-12122	Windows Defender Firewall	RegNtPreCreateKey
HKLM\software\wow6432node\anydesk::id		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\appcompatflags\compatibility assistant::executablestoexclude	c:\users\user\downloads\fe4d2196a71adea7f2d49a4bf4f68c0356b36341_0000413447	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::wextract_cleanup0	rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Wsybjupm\AppData\Local\Temp\IXP000.TMP\"	RegNtPreCreateKey
HKLM\software\classes\.psd-backupbyphotoshopcs6portable\persistenthandler::	{098f2470-bae0-11cd-b579-08002b30bfeb}	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\debug::debugfilesizelimit		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\debug\sti_ci.dll::debugflags		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\debug\wiaservc.dll::debugflags		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\connected::guid	{A28BBADE-64B6-11D2-A231-00C04FA31809}	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\connected::launchapplications	*	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\disconnected::guid	{143E4E83-6497-11D2-A231-00C04FA31809}	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\disconnected::launchapplications	*	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\emailimage::guid	{C686DCEE-54F2-419E-9A27-2FC7F2E98F9E}	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\emailimage\{d13e3f25-1688-45a0-9743-759eb35cdf9a}::desc	@wiaacmgr.exe,-102	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\emailimage\{d13e3f25-1688-45a0-9743-759eb35cdf9a}::icon	wiaacmgr.exe,-2	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\emailimage\{d13e3f25-1688-45a0-9743-759eb35cdf9a}::name	@wiaacmgr.exe,-101	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\faximage::guid	{C00EB793-8C6E-11D2-977A-0000F87A926F}	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\faximage\{d13e3f25-1688-45a0-9743-759eb35cdf9a}::desc	@wiaacmgr.exe,-102	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\faximage\{d13e3f25-1688-45a0-9743-759eb35cdf9a}::icon	wiaacmgr.exe,-2	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\faximage\{d13e3f25-1688-45a0-9743-759eb35cdf9a}::name	@wiaacmgr.exe,-101	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\printimage::guid	{B441F425-8C6E-11D2-977A-0000F87A926F}	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\printimage\{d13e3f25-1688-45a0-9743-759eb35cdf9a}::desc	@wiaacmgr.exe,-102	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\printimage\{d13e3f25-1688-45a0-9743-759eb35cdf9a}::icon	wiaacmgr.exe,-2	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\printimage\{d13e3f25-1688-45a0-9743-759eb35cdf9a}::name	@wiaacmgr.exe,-101	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\scanbutton::guid	{A6C5A715-8C6E-11D2-977A-0000F87A926F}	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\scanbutton::launchapplications	*	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\scanbutton\{d13e3f25-1688-45a0-9743-759eb35cdf9a}::desc	@wiaacmgr.exe,-102	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\scanbutton\{d13e3f25-1688-45a0-9743-759eb35cdf9a}::icon	wiaacmgr.exe,-2	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\scanbutton\{d13e3f25-1688-45a0-9743-759eb35cdf9a}::name	@wiaacmgr.exe,-101	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\scanbutton\{eabbd70d-a25f-4e90-96a4-7105fd3b53b1}::cmdline	wfs.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\scanbutton\{eabbd70d-a25f-4e90-96a4-7105fd3b53b1}::desc	@WFSR.DLL,-25106	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\scanbutton\{eabbd70d-a25f-4e90-96a4-7105fd3b53b1}::icon	wfs.exe,-128	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\scanbutton\{eabbd70d-a25f-4e90-96a4-7105fd3b53b1}::name	@WFSR.DLL,-25105	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\stiproxyevent::guid	{d711f81f-1f0d-422d-8641-927d1b93e5e5}	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\events\stiproxyevent::launchapplications	*	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\logging\sticli::	Still Image Client Application	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\logging\sticli::level	4	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\logging\stimon::	Still Image Monitoring Process	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\logging\stimon::level	4	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\serversettings::shutdownifunuseddelay		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace::defaultenableobjecttracking		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace::defaultmaxtracearraysize		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace::defaulttraceflags	Ї	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace::defaulttracelevel		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace::defaulttracemask		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace::heapoptions		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace::maxfilesize	Ā	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace\sti.dll::enableobjecttracking		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace\sti.dll::heapoptions		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace\sti.dll::maxtracearraysize		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace\sti.dll::traceflags	Ї	RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace\sti.dll::tracelevel		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace\sti.dll::tracemask		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace\sti_ci.dll::enableobjecttracking		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace\sti_ci.dll::heapoptions		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace\sti_ci.dll::maxtracearraysize		RegNtPreCreateKey
HKLM\system\controlset001\control\stillimage-backupbyphotoshopcs6portable\trace\sti_ci.dll::traceflags	Ї	RegNtPreCreateKey

29 additional registry modifications are not displayed above.

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess
Anti Debug	IsDebuggerPresent NtQuerySystemInformation OutputDebugString
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserObjectInformation
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant Show More ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtUserGetKeyboardLayout win32u.dll!NtUserGetThreadState
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Service Control	OpenSCManager OpenService StartServiceCtrlDispatcher
Network Info Queried	GetAdaptersAddresses GetAdaptersInfo GetIpAddrTable
Network Winsock2	WSAStartup WSAttemptAutodialName
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Network Winsock	freeaddrinfo getaddrinfo gethostbyaddr
Cert Store Read	CertOpenStore
Cert Store Write	CertAddCertificateContextToStore
Network Winhttp	WinHttpOpen
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetOpenUrl InternetQueryOption InternetReadFile InternetSetOption
Process Terminate	TerminateProcess
Keyboard Access	GetAsyncKeyState

Shell Command Execution


							.\H2OFFT-W.exe -sfx7z "c:\users\user\downloads"


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\eeef52e2d4c7385f73f3fb1125d294115f631245_0003545135.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5123aa412f89e2388b1eb683a5ad7b63c7b99b46_0003825799.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3687dfe0127951dd34efb6bc06a8879b45c5ced5_0009332181.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6252c572d67c3bf34bcb61329c1fa9cd2dad291a_0001760951.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5169919972461799d3f6de41f3aa242e23adf2d5_0003736271.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1098fb151c3010727c25e03397c3f43004536ff7_0004298583.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\606805c80867d270dfcf82bdff4858ecaec85396_0000137935.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\993bffbbf4f596040fc037b39f7c7fc94f873b7b_0000991623.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c5d83de3a457ff8857bc10c71562b622b9506a92_0009911407.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\68c26af8bb0c22c9a5cef18faa4e1d3dc62e1e7e_0000488047.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0f03ee81aa9d36e6c9ab0e0a2390a0dbd67ae79f_0004953023.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ac12cc84e6c661f24a052f244e2995aa45c5cd4c_0001928199.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\085dd2352862246769fcca034f56e911a6fba36c_0000199983.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5fbe3950a44feb7f39278454ae7601eb401c8d9b_0000166863.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8071cf2b9f410382860259ecf9447326d473ef9a_0000686727.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\31bd47a525daeb97633abc69c5d184915b87e729_0001197871.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d214f8cd012589e2eb90b427620f37fb33f67903_0000145959.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0ae533348ac2522054ba9d59fe23bfe46568e58a_0001238767.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e6df846bc8ad83047ba0f16665616a23b0b5fc04_0004501271.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5ecd8d23ea49978159026bb70fb6c8f72bfe3f99_0000118695.,LiQMAxHB


									"C:\Program Files (x86)\Google\Temp\GUMBC9B.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DF464750-EAD2-F7EB-0446-9CAC3C11E204}&lang=fr&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=defaultbrowser"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f64cf6d382cc6e08c41c97cdc3a0b21c242f1c9d_0001116335.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4f40da08f4193cb605221cdb421f2dea8309e486_0000734143.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fe1045b047d7b1fcbb1d995766a5161de859328b_0003566750.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\39d0b9a4377616b6dd2bbeac66f856603e44b28b_0000199983.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\19206261a6fda5b400a121722736c544c426acd6_0000313471.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\73d4514ff46eac0d8190045771fa1c2c57981647_0004298583.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\556b01a7e4a08c2b6ccbe5113ff33cf30ab0f35e_0000186415.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\95ec05cb9bab8cfeced58a3abf5e2c1f2e2af88f_0004339703.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c9deeb563e3fa80848f698c19f93d48aab27e24b_0000590975.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\37ce01e164fabbf9c77c1bc52699e4b6437bab17_0001870815.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3bdd4d375f569d686b79447035c5dc30a0f8b4c6_0002322943.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5ed7ff702ba8ca7814018740a4939bc42bb1dfef_0000370631.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b69bc01a5a0e74659e2445e1a2391c7d3a664c01_0000434710.,LiQMAxHB


									"c:\users\user\downloads\4b263053eb9a2386d06cc8323fd9947b3f7705dd_0004235639" -exe DebugCrashReport


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0d986a5d583dcf45191fe041c917afd8c3b14aef_0005757319.,LiQMAxHB


									.\setup-stub.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d1aa8291eb5d00c2c9bb825592ff4fd53964c980_0001870815.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d4d9f5e8e5138f847219ad1b0738e6d9b3ce1c50_0000328327.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\10114df1863098f89c686e801ca48bb2cafcabb4_0000649226.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\35706c15187ab0ca4fa62fd4aadeab0ff0127855_0000159159.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8d4422ea821216b9246c0e0d7432b9b053f495ce_0000253335.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b7aae8143c8ffb1893250a768ea4a2684e0c49ba_0002401319.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\dbb4f8964ce6774a570fe210813019e40cc4d565_0002628551.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\77c0eaf53950a7607082a2c3254478b3435c17a5_0003797959.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bcce4d5241e2d28f27d655dbfcd924082313ee6e_0002630063.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1b76c238ab2562ed9cb84461faf5de4eec457209_0000972039.,LiQMAxHB


									c:\users\user\downloads\aliyun\InfoForSetup.exe  /Uid "29F7ABDB-B899-47da-BB6D-551F919D2BE2"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7fc3129b47e9a0c04328a1a0569dd2097b98ab18_0002071455.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ac50eee20070ef4ac65dc31924442693354d96b2_0002314751.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c63f14fce44dc8b4567542bf1f4edca0e900d8a3_0000892351.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\11d0188d929b12489d14939583af9c118d32aa7b_0000413143.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\98cd68896603c7f645f61ac480779e44925f787a_0001204311.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\00bdfabbea936259c9664961414551a114c19edd_0000145863.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0ae0c337414deb1bdbdb383a10d59e701a6a3e0b_0000479311.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7723793d0724fea05f1711f5e84627289441cd56_0008461255.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\da0419ec1ff5cc4b7bee5d95f4f31c8233bd5a64_0008469447.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7f5c055378b8bf513690e027511009ce38e377d3_0001870815.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7669fa834ad0954798fad346ae07cdae6323ca8b_0001001255.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5907a650a4d8d1cdcba7aedc502da997f454e3a3_0000723871.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4be0b9f69ac6991db75f97dcfe2b77b8f70055f4_0000180679.,LiQMAxHB


									c:\users\user\downloads\devsetup64.exe  /install /debug


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\493cbad3ee8a013121b39f17ff080d8e7caa2735_0000541127.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c68429672ac065291b58112fcef36c683ee84dc1_0000185367.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ddcb9e9bd1306e10bac0e037faf31af952bcadbf_0000479311.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\42135e25358327c8b31ce7c1515f26383b0b7f21_0000131407.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3537f9e5c1ad37aea92ff20faefc67e1dbd8678b_0000712223.,LiQMAxHB


									C:\Users\Wsybjupm\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\52f948dd74bc9c82500d227107caec6cd9a943c6_0001327551.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9e9824bcad1149a142c75945b87f356a4a946fea_0002314127.,LiQMAxHB


									"c:\users\user\downloads\App\PhotoshopCS6\Photoshop.exe"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f39d3d741af3871c6b0de1848862bd98afceef87_0000205255.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7c4e70d93e4712cc0955e6742f6bd0d7daa3ecc3_0000544279.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ab618909f18fa1e4ec837fcd7d54f482a656f654_0000479311.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b4a8e695b01245f5a2b54e2218ae04021082e10e_0005034503.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\13d86222cc939bab6cfb4dae747177d1ea527f40_0000301360.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\27c4cb09286766455c17971613c87404ff6596a5_0000186415.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\06988506008e33432b60e765d5503ed16e672418_0000174943.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e5151a03fdc2a8efe5688d89a21333f6a5d3995b_0001464775.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f6d1ffb71c8c090906364dd377550c36356e7676_0008469447.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a04426eeeb4630a33a0fd85ba359dea5377c284f_0001084055.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\984db706dc9ddf73bf6eb4b682b6059cd04bad19_0005034503.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\201f5095fac00f4fc666c67504d0df1b065d750d_0003103167.,LiQMAxHB

Virus.Obfuscator.AAO

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Virus.Obfuscator.AAO

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed