Virus.Parite

By GoldSparrow in Viruses

Translate To:

Threat Scorecard

Popularity Rank:	1,418
Threat Level:	80 % (High)
Infected Computers:	2,646

First Seen:	July 23, 2012
Last Seen:	February 5, 2026
OS(es) Affected:	Windows

This is a virus designed to propagate via open network shares. After an infected file is launched on the victim machine the virus scans the hard drive and infects all .exe files it comes across. Moreover, the virus may infect your computer with additional spyware or adware.

Table of Contents

SpyHunter Detects & Remove Virus.Parite

File System Details

Virus.Parite may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	prote.exe	5674b5f094187736ec446993d7503c27	0
Name: prote.exe MD5: 5674b5f094187736ec446993d7503c27 Size: 346.65 KB (346657 bytes) Detections: 0 Type: Executable File Path: dir Group: Malware file Last Updated: September 9, 2017

Analysis Report

General information

Family Name:	Virus.Parite
Signature status:	No Signature

Known Samples

MD5: 0c6f28a369135c5aaf19a488a95a072e

SHA1: 0e52984c5b6e682664ee26e7407e24bc005f3df7

File Size: 3.09 MB, 3088384 bytes

MD5: 77500f6687d1821c6875f5103f63bb06

SHA1: d9817b637d47cbea7e78afcd0dafe7a773190f97

File Size: 4.79 MB, 4788224 bytes

MD5: 64f72944a3e6607f9d02c63142893a08

SHA1: 906206323ce9d4d427fbaa58691b170d1e514bca

File Size: 228.86 KB, 228864 bytes

MD5: ec527262d74795950116d10e4338c934

SHA1: ad7c4e2026c641d173f2797d378e2f277b6417c6

File Size: 43.52 KB, 43520 bytes

MD5: e98a50d6a201b709966d4e6f0df0634e

SHA1: 3c04322a30646fef45668051dce46a9542cd3890

File Size: 381.95 KB, 381952 bytes

MD5: 62db3276b2635377a23cfcafd8fdf615

SHA1: 64d3b89ba793ab810d5d25bf629e7e29db40df9b

File Size: 604.16 KB, 604160 bytes

MD5: 7f48b44c945c1367523a88b6965e87b9

SHA1: 10e691b1eca6c73d7e9bdaa104aa4331eddaee8e

File Size: 360.45 KB, 360448 bytes

MD5: 31d7b880992b0825ccfb7fc2a92e8752

SHA1: 45c1b48a702b12fa1f763aa794efff885b7f1d9b

File Size: 32.77 KB, 32769 bytes

MD5: 7a25b2a3dbd674511c64d3fcc90967b7

SHA1: 53f8f7d8a0d1d2e5d4e5397514e3fb0d57945340

SHA256: 951CF0975C1C0685670B19D25B8B58E25237D37266C29F2FCABB2C610FB94E9B

File Size: 259.54 KB, 259544 bytes

MD5: b2d5836aedd78c8c890a39aca9f4801e

SHA1: 3c527c46fefef2711bea6df2a236ec967e2dc7ca

SHA256: 65F42CF4A2B197B129AE414C9C648EC06DCCF89A3CDDDED829F291E09FA151B2

File Size: 1.88 MB, 1882076 bytes

MD5: 442be48d8dcf0922dc1c8ee25ab175b3

SHA1: 3be2a3f8d2f60b4fd079cc4297484efdecef3549

SHA256: 914F19EEB478A41AF00BEA8D2CA7B65B677DCDC9B4E036EDA4BFC79E34FE95A9

File Size: 358.40 KB, 358400 bytes

MD5: 035c9cba5e0d339c6def38176e37c12c

SHA1: 00dbb78efe007930047e4448416d282159ea475d

SHA256: 1CC46433EAFDFAA59A73C1E95021C89F22762420E2E52EC0EFBFBFE7F085E267

File Size: 967.68 KB, 967680 bytes

MD5: a1735c3eedafcbf070ea673b19f46dfc

SHA1: 08f1d653bdae7567c717097a304effefffbd45fe

SHA256: 5C922D07F76D7B727A5F3FD41BF76593A3F751507EE8B5DD499DFFD066611E9A

File Size: 5.18 MB, 5184512 bytes

MD5: f9268e85064a8f2eb7785a252bdfafe2

SHA1: e22012588ffd29e13f014670de28eafdb36a07d6

SHA256: 2EFE3DFEDC5E578E71E1695973ED942D875F6850E981F2D18D89C1EE8D9C2924

File Size: 640.00 KB, 640000 bytes

MD5: 673d68a2b263924749a67a45ae619902

SHA1: 1dfc5342b056188d08d3c5fe92a35db8d5c3783d

SHA256: 7077709C2AF91C909B1F47CE1004596C7D7626F7C773B5F5DDB0F95963F6083B

File Size: 692.22 KB, 692224 bytes

MD5: 94f4a6e4484291da63cc6a97c95c7273

SHA1: de10e01bf0da07bf401876bb1b19f4264d345dd2

SHA256: 602A36C776AC09C3ADAA0101E11ED0AE3A61C097A8AAC02B13F37DDF50DA84FE

File Size: 586.18 KB, 586183 bytes

MD5: fae5a752bf2c9f9ebf12a6641aab97d8

SHA1: 68bb8c9889f458fa04349392eea2bc347696d98b

SHA256: 6C862DAF80DA5E4FA0B599A6FA2A82D6BB36FA3929367D979D918C6CCD29957C

File Size: 401.92 KB, 401920 bytes

MD5: d1d084d0fdfa0c8367d029cae1d7e8a7

SHA1: 70be5206aac7240cbfce540c9d46f96e3e5d67c5

SHA256: A2331FFBA32BE96306329CBA226F7E4A638DD9C8D80F95A9E2DF799D9A03A383

File Size: 193.54 KB, 193536 bytes

MD5: 757f240a1e5b800b0edfc474773a0984

SHA1: ed503ae216874fb2f24dcd77d4d9478f22d00705

SHA256: 4BB98B042D50313F2A8FF35C375ACA69015EEF9220E75B843DADB82F8AF9A523

File Size: 2.54 MB, 2544640 bytes

MD5: 3b964cae77f0b41e3aa40d706ee181ae

SHA1: f849dd9064d970164b8c7fe85f6937a98cbdbcbc

SHA256: CE3D17807AD864900F99F9D04AB7696A9FDBE75B37E8DE14D402133125269BE6

File Size: 1.29 MB, 1286144 bytes

MD5: 88ed1b030ee238a33a5ea4eb51a1da9b

SHA1: 88769f09f8488e5c3c92c69d5fa05b47692468ae

SHA256: 95AF0A440C0AE36B965F758BEDCA20D52D1BF49F0594C6A4A2F0C04346FECFB4

File Size: 1.40 MB, 1395712 bytes

MD5: 1c4e955ea32d265c92db1fcfb373d753

SHA1: 491d6a31793b1946a5948a96af66dbdee1aa1d52

SHA256: D7D247DE3CBBD43F8F38918997B4B5F5523D132588904559A00FF67F9840D6F6

File Size: 2.98 MB, 2981888 bytes

MD5: be5f308f88f4b97f99e1a1991d15694e

SHA1: 3204bca61e85a265ab2b674a15e2faab36854075

SHA256: 359C6CD4066501D887589EA7F914A9553ACDAEE9F64F7AE3AC01C5E52D3A7CEA

File Size: 364.54 KB, 364544 bytes

MD5: 15d0f23f66d7327534802ce322c27995

SHA1: 7967994df5fb19b35bea16393dec42062d9c10be

SHA256: FA7E0EFF7E89865B702F0E006AB05BED94B4EE14F27B0B6C94DDA2A19E615B8C

File Size: 794.11 KB, 794112 bytes

MD5: 0e872dbd5d184262b8d46ff7c02d412b

SHA1: 653fe490dc6fdb0980258bfae877e4e51f3a091e

SHA256: 960879508A552A4F9B5813B47F92909DD8C46169EA60411667D48D0454998A84

File Size: 2.12 MB, 2117632 bytes

MD5: b502f288ef1a8aa248347e771bb9675f

SHA1: e214fefe64af345db5b65652eaa9dbb769887c3e

SHA256: 0A183BDD477CB34113935AC937CBC78A234C9EBFB82EADC2C0C00D80151F479C

File Size: 229.38 KB, 229376 bytes

MD5: f4ca9d55c667c3780e7d436c122245a3

SHA1: 08332ec70db63b9aa9f8830908045292cb1f3315

SHA256: 21B4AC874AFF8A22FE1F491DD9A074FFF0623F5819A39077FB8E95328155E282

File Size: 36.86 KB, 36864 bytes

MD5: 0136ac646afbf164894d371766ed12b4

SHA1: 64982b653b2726289aea4203b4e2a5e8c520bf73

SHA256: B21C0BB42244334977D5F4C85EF14416946A1532CDED858E630A51B035BBE5DC

File Size: 225.28 KB, 225280 bytes

MD5: 9d719e60aa69b2050f6c2478930981ff

SHA1: 7ac9e5c80ada2ab33909cfe4ffc0dfcbfe83afd8

SHA256: DA54E86F6886EC2D1042C97DE4E4E506EA179570F56606D1DDDA4D39FE8B14B1

File Size: 1.07 MB, 1070552 bytes

MD5: dd6e8207545acd9751d0d493000a7621

SHA1: 49081dad4f5cf9a7612d6560290f152b8b9d6e2a

SHA256: 35C5CAE24BEEA35B7B02891FF91B3C7008A565558C27BC4155FC57F4B4B2B5D0

File Size: 73.22 KB, 73216 bytes

MD5: ad5d22878af2ff62349672b908a726bd

SHA1: 4ba240a287a85ef81e600b13a42657fc451e1646

SHA256: F6D4E82348A7D7DDCC2D40156315E06192968E701835BB6BB21CA2B8DAC86D0F

File Size: 66.56 KB, 66560 bytes

MD5: 165007c3d726b69792f1dad2b80c8a33

SHA1: 4eceba6816c426673a02d4ee421344ce8d421dc3

SHA256: F0873C199A58BD4B96C9EC7EF46CC6CE4B600EC62E1C4FB265B02C11B8191A39

File Size: 1.04 MB, 1036289 bytes

MD5: 3a186bddfd0e60bfab10f44c4555d122

SHA1: aadd88a1960488fe85128ddbe7de8acb98bcbdec

SHA256: 5B14C292C38A02398414EA7C1BF5A3A8A3598F15EF945D7BAC5498BCEC03ADAF

File Size: 867.84 KB, 867840 bytes

MD5: 002051ff7aca5f08625296261b5fe727

SHA1: e585fd86e7033237f7d2e65fe6c09fc689f7caf5

SHA256: 4743182CFB9BC7BCEAE10B8BFBBDB3CEDFE41B1593104D537558F02D999E3675

File Size: 53.25 KB, 53248 bytes

MD5: 4cda17588c929ae98ebc00c9f73b8073

SHA1: 41b08a5250b5a02a1c78a1ae3543de1605183c56

SHA256: 70BD25ECD70CEECE886A159E276ABA91E243CD94D71C428248CADAD356817593

File Size: 8.54 MB, 8539137 bytes

MD5: 494f66fcb74e5ee25f72e3684d0d1892

SHA1: 449a8be24dbd426d456598d4a6b1473bdc8e4ace

SHA256: 5B1E7549A097DCD3EA150D6A69966AE8FF1A47D75AC192740A1224C94E02767F

File Size: 45.06 KB, 45056 bytes

MD5: c15956989e7275fed20f6c1684d31602

SHA1: 84db5bc9e03fbc7dd0c1f6e1f08deda4193d8eb6

SHA256: 2B3FFF851D9557298F4BB8AEB60700F5E565811E7A5A4FFD38CEB1898FC0BE32

File Size: 21.64 KB, 21640 bytes

MD5: 5c6a68b4808aacb28e8f3cec4bda9390

SHA1: 3fb48e8853cd3a0cd5d8bc2f7856a1162998e9b4

SHA256: 99A04B6EAF423349700632B623A216424E43E2950A9380A74B5EAE2432C0848F

File Size: 72.70 KB, 72704 bytes

MD5: 65a2e8d4b80f9b5eef0d7ed9cb5a1fb7

SHA1: f52a4e6008d45ffbae494473cd2d68658cea2abd

SHA256: 6F1B6AB4930A40CE2A74B4EB764F760F07AEFA515833971CD6DACB0A0DD81847

File Size: 31.74 KB, 31744 bytes

MD5: 6d41f7fc27337df315d510d303573eba

SHA1: bc2760d8aad27758d8db9a1d8461f7ce68a140ea

SHA256: D1D316BF4A1068E9A9AAB4241BC9F27DAF4E6687CE8DE4DC0396D5F5B8A6FA78

File Size: 233.47 KB, 233472 bytes

MD5: 72a380b575fb4efc8817c4823880c25a

SHA1: cff3a85517c286c51e8d45db777b04c34d1591d1

SHA256: 3B566CAFD0D5B8A17672EA16EA0ABECE90B31D719BAD36755D1B315B44EA51C3

File Size: 3.68 MB, 3682304 bytes

MD5: d524210023b74979b1ce11f3191e6cf4

SHA1: 5dcb01fa699e46ef24d5db1d55f1acb5edfd7583

SHA256: 42E0E95192245280DE343AC53533C0213169083BE711D8AF20B0296AB29860D7

File Size: 1.06 MB, 1060864 bytes

MD5: ec6c07f7c6ddeb5176021e4e4b8aa40c

SHA1: 6f935ef8b1fb5aca08daca998a4a30fdae697525

SHA256: 7361A5D34F3B37901B1D704652C52D286DCAAF224C575CEE05627D87A527F8A6

File Size: 867.33 KB, 867328 bytes

MD5: 33edb36b5f0bc73edb726cae7650c51d

SHA1: 02862faa91a281a69b71fc9ea656b79ab11fbe3e

SHA256: C405D2FBA1B36DE64F1859A73E47AC2D2404B16F2EE27478E93F6BB9069BE501

File Size: 7.83 MB, 7832064 bytes

MD5: 2065bfc057228dd64e65ea88697b3423

SHA1: 2fee743f010ed7d07ac5266abd73648a534e38af

SHA256: DCBED7E2D52A62D01B5A4567B52F4EA9963201E4AE7C5F47512EA94500357EC2

File Size: 3.06 MB, 3064832 bytes

MD5: 987f18cd330d989b86740d88648ba64a

SHA1: 9059a6663db715734141df696cdd982e59c22793

SHA256: 641F7F29FB8E2DD60E261995A2B16D60ACADABF1A1F8F1C94461DCAF38404696

File Size: 1.15 MB, 1146880 bytes

MD5: 5680c2e07f98cb6a4213aef8d71638cb

SHA1: feef6b95883aa5da375f05d28a2e977cceff6ed4

SHA256: D0E19373C0839D31C1DE8AFF1402F6CE1C798E68E7CEA721BF1D96215269B872

File Size: 539.14 KB, 539136 bytes

MD5: 346450f2615c496c0acbceb39b603c9c

SHA1: 8806a78250f6e9519f6bb5e2ff0e148be9d793c9

SHA256: 9B82AFAB7B254445D5D6E5A64C15B72C60A52568A9059443DA2AADBF91747FD2

File Size: 28.67 KB, 28672 bytes

MD5: c0a0fdb08c16a50536f695da206b999a

SHA1: 76131e0de86d310f8208b075c1acc78ab3a33768

SHA256: 0E03784B1E436F178A8BD28D8F699F2D0641C059BF2089DC0BEA7B3709373113

File Size: 512.51 KB, 512512 bytes

MD5: 41138cd813219d22adcaae1a356bd795

SHA1: 3d319deadbac98981a496094f886934c069e7945

SHA256: 4D34C9477012C1C9ED5F1AF72F98B6CB0AF80146180B4565A9E69D237CE8BA55

File Size: 351.74 KB, 351744 bytes

MD5: 0c76b76b63882c3d10cb1efa4500b5b4

SHA1: 696ae96c8c347ad62141b77152f624d13fe368b8

SHA256: 987617C4856F575C2DEB1EF5C54E799D41B99396057997C021119DB5C2EE8835

File Size: 104.45 KB, 104448 bytes

MD5: 1aad2f81f00663ab6fcaaac98d39a681

SHA1: 8f9458e73039f84d9c06e8fa5d72c6f0e8675bdd

SHA256: 57D750DB5923DCC31EA9F843543F19D16C20F2B59FFCD5E7702EE8469439017E

File Size: 987.14 KB, 987136 bytes

MD5: a3e291d8615ac940b323054ef7135707

SHA1: 9e9a9dca4ffff5206f8f546278b6f269a3ad6785

SHA256: D8BD9F96BE36731986EA4E9BE4458ACC5BBCD1E4DD99223C3D475F5BB1867002

File Size: 1.60 MB, 1597895 bytes

MD5: 8f863ed337550ae72d5f21292b6d31b1

SHA1: 134157bc5df38854a144b148b66b463f05172c12

SHA256: 1704B5691F2AC907777544F3FC4406253E8ACBE32BBA84C56BF1CADD52F637C6

File Size: 496.13 KB, 496128 bytes

MD5: b157a4d4d0ea10b62e458d1ff433a87a

SHA1: 9d3e5eab3cef8061c9e8b896a40f8e9220608811

SHA256: D978F669F64C14C3708F05B2638EF264D8CE57219236D15D851F490ADCF72113

File Size: 219.65 KB, 219648 bytes

MD5: 1756c74afd1aeb496f3a21a8619e6b9b

SHA1: 91fac80f57f469ec41a34678bd9c86b675a9bf6e

SHA256: 0D3142D74E9512877DD84E25CC6E7B3CDBFD18643B60BB0E06A273E2BE60AC2E

File Size: 13.31 KB, 13312 bytes

MD5: c9ba122d7465d4659c285e437982da1d

SHA1: a556f826ba558a66cf2664596b166609bb6b9e10

SHA256: 793E3552563AABCFB85C5CFF88E95CC79B804B0EF1E9FB7E464DE4450158356E

File Size: 536.06 KB, 536064 bytes

MD5: 6a5b4de24900e70abd9f15f90e617cc5

SHA1: a82bb307d2f581a2379c3c3e19c4b6a190e73435

SHA256: 34C22BAAC049FF04F2571008E4E9827E05C89AA947358D1DF7DE83EDEF917BB8

File Size: 986.07 KB, 986070 bytes

MD5: ae6651d580b17a53902234c5fe4dfe3a

SHA1: e5c8899691037e8ac1049252da122625b6e94297

SHA256: AF59A0146A4328367A67431FB1A690CB887125B079E311B87786C320A5FD5300

File Size: 17.92 KB, 17920 bytes

MD5: 29081f1115f810023df599047112ac5f

SHA1: 56a42b3a797f35e7e3359bb9cc44ca8fc35825f6

SHA256: C0BA3B1ABD15B82A2EB23B9928330712D77687269C2F752ACF0B0926EE2AF2E6

File Size: 28.67 KB, 28672 bytes

MD5: c0ea3f04aeffee117b91fbc9b3e2d063

SHA1: 961f9c2023ae2f493f6a9e669c6f20fe48e2cfc7

SHA256: CB98C3CF2AF72DAB4DDC4F2FC53F4F39A53C485047D901A9BB2E260986DB8F7A

File Size: 618.50 KB, 618496 bytes

MD5: dd2de8ee84af68c89e503bbb2957ee19

SHA1: 03119eb9d6cdd25eff323fae31ec22c50fe1a6d0

SHA256: 34A9E7A16F56157D007C49F51954FB4EAB07B7151FDFAF98581B88EA6A3A40C4

File Size: 41.98 KB, 41984 bytes

MD5: 830c9d93bbd78fdc80d06b014b75446e

SHA1: 161ff44d2a00606e1d562397feb54f69b204170c

SHA256: 22218E9517597D828BB243F9E5D0BEC35A655280912672D3417DF7DCBE095FED

File Size: 124.42 KB, 124416 bytes

MD5: a0e9c275f1f685f70fa3cd9b20606de1

SHA1: bf70242c6193c1f655f550e0fa3f5ec972c5a0d0

SHA256: 76CE64559A6078BF69250285F49E98F2F42B80DDE4B7923C611CE80D47233640

File Size: 33.79 KB, 33792 bytes

MD5: 644bfcf0d5d16fc9cbbc6b013ca182c4

SHA1: 5bce8c50fad183b4540273497dd184f5b7ac46dd

SHA256: 512F361E1C2A18F456684FC3CAF17B0AE15AF0A84E01704E78F07E5FB5E4B4E5

File Size: 544.77 KB, 544768 bytes

MD5: feaee59360a66944611bd9f241193ace

SHA1: 7b210cfde5a3be2681a14e4e155ea7b6ebe6eb80

SHA256: BF078B4842EF37BEBCC72334BCA3A87E947C136AF52FA6E5E69ED30FFD817833

File Size: 6.00 MB, 5997056 bytes

MD5: 59db7a145aed9ff663078c8a69ad1925

SHA1: 08e43a603eab8fdeb442c2243f0c29dd60ab5a4e

SHA256: 45C2E4CDBEE73F33124C1F7A87C2FA265D0FF267776794A096290B16D6C64722

File Size: 761.86 KB, 761856 bytes

MD5: 510e9b083909b2a41c317e498cd1d24b

SHA1: 88cf168f9e5746f7e60cfdd54b691ace20e9823f

SHA256: E0A90781C49A53855EC02F3D15A9B9C2D000F7C70855B667F8442CB60B681382

File Size: 61.44 KB, 61440 bytes

MD5: a629c524471517a7b8a36d710836e5e8

SHA1: 41b1d4206e5c60ecab337a060f8480edd841d62b

SHA256: 5330E8F19C0A7E9F4B755E2B48E341D28E5C1C89B5EF3DB1CE1BBD4B39F6DCC1

File Size: 36.86 KB, 36864 bytes

MD5: 56f5b84215921ad2a6ad13ef9b15467a

SHA1: 7011e755446adf95978657a0abb242af93942811

SHA256: C054865B1B58AE7681E3FB897F2B6975B76326296A27036F88113BCC736B7FE1

File Size: 475.14 KB, 475136 bytes

MD5: d89e22fc1b34f094bc8f21b565fada89

SHA1: bd1ef2c005e0279c3a750daa85a98b9fa4a2e3ad

SHA256: 94C4EF0319306E36D1F9C60A4A775162124651988A0D087F5E8434A3BE37E27F

File Size: 101.89 KB, 101888 bytes

MD5: 7f51a654d7e5874e661808c61e0b26e5

SHA1: b211a30c84be182f9acd408818eb9135e377d9bf

SHA256: 75FC1DF52360338E29ED07E94B5E7DA2409B05614D031F575F40B2C1E9097128

File Size: 464.90 KB, 464896 bytes

MD5: 96717295302605bdf656946e7112de4e

SHA1: 66c91e7444a31f9e9db0487d89cc02fe965bef71

SHA256: 920C8D0F4642957D066D43112AF1F015A78D1D69F899A136868CBF666DF9A122

File Size: 1.04 MB, 1043968 bytes

MD5: aea6d3a73d11310e4b2ef7f3c8d1cf1c

SHA1: 5199c13fd6d0c237d7f3c9768a712e15ea51358d

SHA256: B32A6366E001E1BF88A4D991A1A7BD6CEE95A81C62818330C2C954A8D0B9ED94

File Size: 2.70 MB, 2699264 bytes

MD5: e05e70e608eb0c6aafabbcbdf1a06dcc

SHA1: c1ef842534e6e7ad1062fd69c4fdb7748bb3a1e5

SHA256: 7F3077E035B7FFCE5DB7F991628EDB25F988E09620267DEE3184FED670E376C1

File Size: 32.77 KB, 32768 bytes

MD5: 12ba1f477e8c8e16c40f5bdaac0d19bf

SHA1: 98b2a96b14ac69d43bae1b2df47aaa79bbb5e2dd

SHA256: D3FD417BCD77DCE6EF8AA42C490EAA4A17DAD6F5EE4D56D0356487387DBE62FB

File Size: 347.14 KB, 347136 bytes

MD5: c6db110c626cb9b25ec26d9e5e0134b7

SHA1: a55d6061bf85a09f50c6c765ea40e44e75843c39

SHA256: 686678D00D03AEA7DF69E93E31DF62D900BF6C11FC7C6903676634F78D9D4D35

File Size: 4.39 MB, 4390912 bytes

MD5: 61fd99d4229beebd25cf70d1244daf08

SHA1: f3580c6702dd3232faba81b0e4fdf9055fc62a35

SHA256: 5CA4D16E16D7FD801BE2D7B51410ACCD70D62B1A878FB3770DE0A95405DCFB08

File Size: 110.59 KB, 110592 bytes

MD5: 8c8e9419db3a97578ed471e7f1ef57bd

SHA1: 9348f4b1d790f38e33ab27a473d58e0210c8f5de

SHA256: E248F5B2DD9045FAB7EAF05D783C37AA2D27FEBD966311466370D26BF3987FB1

File Size: 925.64 KB, 925639 bytes

MD5: 9609c0b890bc446036f026ce1c5f157e

SHA1: e90089628bf9087f03259ee30c2e084991b4b04f

SHA256: CA11B4EA2048315BD9D10E5F9B9F23D145B6CDE3B1E9C38D3BDE55A4FD1E1169

File Size: 252.94 KB, 252936 bytes

MD5: 6574308311b00e74dfaf6d006db51524

SHA1: bd066f6cb56a865f9748f9ed807e863cbdb1338d

SHA256: 789CCF03D01E6EA67FE066903618A288C2CF6E6AF6E7C96A9E5382DAD903BA61

File Size: 249.86 KB, 249856 bytes

MD5: 8432c2ee2991934fab90b3227ef95210

SHA1: ca16f8cf04d527b5682cf657dce71cb5636ac389

SHA256: 384814E0235300F4749CDC4722BE5EBCE7233CAF5A395459C59E2CFFF3A30392

File Size: 826.85 KB, 826852 bytes

MD5: 16082c60e4dd710886a46c16cd78d6c0

SHA1: 762686b7a865ae333900259619b9030b76c60e63

SHA256: 1B01601759DDAD553E457DF46EB6DD86F0D36BB5E45BE3D807596F8C2D1912C0

File Size: 6.90 MB, 6900736 bytes

MD5: b9ca28cfa73ccdff36bb89fc255b4e7d

SHA1: 38ec050334dbd34212a1c1c45639e45e7986ed44

SHA256: B15248F22BC48CF25F957DF07FFB330345855F0BDDFE70DA79FA25BDABA840C5

File Size: 49.15 KB, 49152 bytes

MD5: 69ef77e5b3cff098cdc051b4dab99121

SHA1: 360cc8f7498d8591d71ddebc7962455b7b658bb6

SHA256: 624AB53DF436EF1B1F1100D9A08BDD049581D0EBF9C970ACFAD39AB099A2EBAE

File Size: 24.06 KB, 24064 bytes

MD5: ffda85b998c79ac8830867c0c05ec8a9

SHA1: a35847f9200c1168000036dbbaac767f6b00cf84

SHA256: 9C7C29CAAD6CBD612CBA9CE7840DDB6E879FB42BE6ADD7246CDE5CA038FB40A4

File Size: 4.81 MB, 4812800 bytes

MD5: b547e1dee6188afdab553bd0a110ba28

SHA1: e11e9421477eeef57509062e0b810d4f8fa918db

SHA256: 2B215BDFC38BEAB91EB000531D2FBA28EA25B9941D3B1CE7FA418429422229ED

File Size: 291.33 KB, 291329 bytes

MD5: b979e112ab314d77e9ece104ed127035

SHA1: 8c66f2e4f0ebd9a55acfd3e989409cf4063e9211

SHA256: 65861CF1ACA93D5605C8C48BAEB32125AE4ABF28F0F02DF86B36AA57FAA7D3E1

File Size: 2.23 MB, 2232320 bytes

MD5: 6079dc83679bbf08cc3352ba61abdb06

SHA1: a7a5ebc2a39222585a619cd7a169be8d9ab82614

SHA256: 250F2083713A2B6FA4C10C580C509F75203D9CDEECE6F396F64FE1E6670B7B9B

File Size: 5.28 MB, 5280220 bytes

MD5: 2d660a430c8d3c20d95d32eeba532000

SHA1: bd5576bee6c429aa8e951d4887c5deb23312a1ba

SHA256: 17395AF8461F10B2D47CEB2196C39E48845D3E13ACE624CCA6B7E84B9070D8A9

File Size: 794.11 KB, 794112 bytes

MD5: dbd999f3f975c3de62a9980b41e601f6

SHA1: 6c901670d40287ade773789038fd41a15a1dd929

SHA256: 4710F4B2C9531022E38BF547C5D04162ABD2F6EFC02D0FC43027C61BB1A1ECC3

File Size: 102.40 KB, 102400 bytes

MD5: 81438e846f6868ca9449cd7355c30348

SHA1: 99f9b0edfcb4890a2c2414a1bcff79f29e1091d6

SHA256: A754D79D862805ECC057831D5189B807E59EAAA1E23A891409201FD05A3D95AB

File Size: 86.02 KB, 86016 bytes

MD5: 325578e1bc630b302edda2112ba28800

SHA1: 4bc07506513747d433093fbaca23effb4950749b

SHA256: F2C506CA5608004278CB72C12E0274FBCB3BF998CCF9D5BE085D81F4BEC9A627

File Size: 710.66 KB, 710656 bytes

MD5: de1d96462a7bb1a83ad2c68248e37a89

SHA1: 3d8d8160ee186ba9f01b3d6453b3c97eb61c6e11

SHA256: 3CEC179D3319AFAAC0C6540DF31481D27B1DA05F19AFE4825E4134FCAF761522

File Size: 290.82 KB, 290816 bytes

MD5: 6d40630cb44f7f68a5214500ac4c7783

SHA1: dec377d74e26436618219a9ce6ddd1e955a46a65

SHA256: 8EC3A647BE0F34FAB72CB65A658A095AE5B5A717DC79BF4EE5BCF70D3BB7D06B

File Size: 5.47 MB, 5474304 bytes

MD5: c7563a6102db0bb44c6fedf602e52e68

SHA1: 87a8d249b58a9cc9d571fe7c745004bd1f9c27ab

SHA256: 29342A7FD44D42050D18CAAA227B86C7BB0F5245DCFE97866A2E37FCB205EA97

File Size: 435.71 KB, 435712 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is 32-bit executable

File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

112 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Comments	Check http://home.c2i.net/sveinar/diskstate/ for updates. Created with Setup Factory 8.0 Inno Setup home page: http://www.innosetup.com June 18, 1998 Medal of Honor Allied Assault(tm) by Electronic Arts, Inc. and 2015 Pro Evolution Soccer 6 Settings This installation was built with Inno Setup: http://www.innosetup.com This installation was built with InstallAware: http://www.installaware.com Visit http://personal.inet.fi/business/toniarts
Company Name	<no manufacturer> Acucorp Inc Adaptec Adaptec Inc. Application Professionals Baidu, Inc. Bilans-JR Sp. z o.o. companyname DOSPRN Electronic Arts, Inc. Show More Electronic Arts Inc. Filizola FirmaTec Gary Henderson Jordan Russell KONAMI LIGHTNING UK! LizardTech, Inc. Macromedia, Inc. Mattel Interactive McAfee Inc. Micro Application Microsoft Microsoft Corporation Phenomedia AG PT TASPEN(PERSERO) Réseau-Photo SA Sebastien Carlier & Christoph Gießelink Sharman Networks Ltd Steven Blackburn Sveinar Rasmussen (sveinar@rasmussen.org) Sysinternals - www.sysinternals.com TGA Sistemas ToniArts Valve Westwood Studios WINDOOR SISTEMAS LTDA Windows (R) 2000 DDK provider Корпорация Майкрософт
File Description	Age of Empires II Expansion Aplikasi SIMGaji Application Autorun Application Reseau-photo FormatDisk ASPICHK.EXE v2.0 ASPI for Win95/WinNT Installer Atualizador de sistemas Tecinco Baidu Antivirus Tray Application CDKey Chessmaster Movie Player Show More DialKill MFC Application Disk space reporting program DOSPRN Setup Driver Package Installer DVD Decrypter - The Ultimate DVD Ripper! EasyCleaner executable Edytor TWW Excel Utilities Installation Executavel do TGA Backup Execute processes remotely Faktura iBiznes Flash Player 5.0 r30 Folder Lock® (full version) Setup Half-Life Launcher HK-Software IBExpert Developer Studio Setup HP38/39/40/48/49 Emulator Illesztőprogram-csomag telepítője Informix Client-SDK Advertised Install Transform Generator Inno Setup Uninstaller Instalador de pacote de controladores Instalador de Pacote de Driver Instalador de paquetes de controladores Instalator pakietu sterowników Instalační program balíčku s ovladačem Installatieprogramma voor stuurprogrammapakketten Installationsprogram för drivrutinspaket Installationsprogram til Driverpakke Kazaa Media Desktop Installer Launch MFC Application Leitura de Balanças / Delphi 5 License Activator Main executable for Red Alert 2 Main executable for Yuri's Revenge Medal of Honor Allied Assault Medal of Honor Allied Assault(tm) Microsoft GIF Animator Application Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 Microsoft VM network config sample Non-Commercial Version Ohjainpakettien asennusohjelma Pająk Power Tab Editor 1.7 Installation Pro Evolution Soccer 6 Settings Programme d'installation du package de pilotes ReFX Beast VSTi v1.0 Setup Application Setup Launcher Unicode ShellExecutes the command line Snes9XW Standalone anti-virus scanner for certain viruses. Sürücü Paketi Yükleyicisi Treiberpaket-Installationsprogramm Visual Basic Setup Toolkit Uninstaller Whoami - queries user information Win32 Cabinet Self-Extractor Win32 Cabinet Self-Extractor Εγκατάσταση πακέτου προγραμμάτων οδήγησης Установщик пакетов драйверов ‎‎Driver Package Installer
File Version	Version 0.9.0 Alpha 51.4.0.0 14.30.30704.0 8.1.1006.0 7, 01, 100, 1248 6.00.8169 5.50.4134.600 5.1.2600.2180 built by: WinDDK 5.1.0.4 5.00.3805 Show More 5.00.2128.1 5,0,30,0 4.40.483 4,4,4,75466 3.5.1.0 3.03 3.0 2.6.0. 2.1 2.0.6.380 2.0.5.67 2, 0, 0, 1 2, 0, 0, 0 1.95 1.9.9.6 1.2 1.08 1.05 1.02 (014) 1.00.000 1.00 1.0.34.6 1.0.0.164 1.0.0.101 1.0.0.1 1.0.0.0 1.0.0 1.0 1, 30, 0, 0 1, 14, 0, 95 1, 2, 1, 280 1, 2, 1, 2 1, 1, 8, 0 1, 1, 1, 1 1, 0, 0, 1 00.07.22.0627
Internal Build Number	94573
Internal Name	Activator AGE2_X1 ASPI32 ASPICHK.EXE Autorun.exe BackupTGA Baidu Antivirus biledit CDKey.exe ChessmasterMoviePlayer Show More DialKill DiskState DPInst DVD Decrypter EasyCleaner Emu48 Flash FormatDisk GIFAnimator Half-Life Launcher iBiznes ISPNickel Launch miniautorun MOHAA MSJavx86.exe PsExec settings.exe setup Setup Snes9X snetcfg.exe Spider ST6UNST.EXE stub32i.exe suf80_launch Sun TransformGenerator Wextract Wextract WhoAmI.exe Win
Legal Copyright	(C) 2001 Phenomedia AG (c)2002 Electronic Arts, Inc. All rights reserved. (C)Microsoft Corporation. All rights reserved. (C) Microsoft Corporation. All rights reserved. (С) Корпорация Майкрософт. Все права защищены. 2000 <no manufacturer> Acucorp Inc All rights reserved Application Professionals Show More Copyright (C) 1990-2003 Copyright (c) 1996-2003 Copyright (c) 1998 Copyright (C) 1998-2000 Jordan Russell Copyright (C) 2000 Informix Software Inc. Copyright (C) 2001 Copyright (C) 2001 Réseau-Photo SA Copyright (C) 2001-2009 Mark Russinovich Copyright (C) 2002 Micro Application Copyright (C) 2003 Copyright (C) 2006 Konami Digital Entertainment Co., Ltd. Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved. Copyright (C) 2013 Baidu, Inc. All rights reserved. Copyright (C) Microsoft Corp. 1981-1999 Copyright (C) Microsoft Corp. 1981-2000 Copyright (C) Microsoft Corp. 1996-2000 Copyright (c) Microsoft Corporation. All rights reserved. Copyright © 1987-1998 Microsoft Corp. Copyright © 1989-1999 Adaptec, Inc. Copyright © 1996 Microsoft Corporation. All rights reserved. Copyright © 1996-2000 Macromedia, Inc. Copyright © 1998-2000 Microsoft Corp. Copyright © 1999 Westwood Studios Copyright © 2000 Copyright © 2001 Westwood Studios Copyright © 2002 Copyright © 2002 Electronic Arts, Inc. and 2015 All Rights Reserved in the USA and Other Countries Copyright© 2004 Copyright © Mattel Interactive, 2000 Copyright © Microsoft Corp. 1995 Copyright © Microsoft Corp. 2000 Copyright © S.Blackburn 1997 FirmaTec Microsoft Setup Engine Copyright © 2004-2008 Indigo Rose Corporation Totally freeware! © 2005 Networks Associates Technology, Inc. © Microsoft Corporation. Alle rechten voorbehouden. © Microsoft Corporation. Alle Rechte vorbehalten. © Microsoft Corporation. Alle rettigheder forbeholdes. © Microsoft Corporation. All rights reserved. © Microsoft Corporation. Kaikki oikeudet pidätetään. © Microsoft Corporation. Med enerett. © Microsoft Corporation. Med ensamrätt. © Microsoft Corporation. Minden jog fenntartva. © Microsoft Corporation. Reservados todos los derechos. © Microsoft Corporation. Todos os direitos reservados. © Microsoft Corporation. Tous droits réservés. © Microsoft Corporation. Tutti i diritti riservati. © Microsoft Corporation. Tüm hakları saklıdır. © Microsoft Corporation. Všechna práva vyhrazena. © Microsoft Corporation. Wszelkie prawa zastrzeżone. © Microsoft Corporation. Με επιφύλαξη κάθε νόμιμου δικαιώματος.
Legal Trademarks	Acucorp Inc Chessmaster is a registered trademark of Mattel Interactive Command & Conquer is a trademark of Westwood Studios Flash LIGHTNING UK! Medal of Honor Allied Assault(tm) by Electronic Arts, Inc. and 2015 Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation. Setup Factory is a trademark of Indigo Rose Corporation. TirmaTec Trademark of ToniArts
Original Filename	Activator.exe AGE2_X1.EXE ASPI32.EXE ASPICHK.EXE Autorun.exe Autorun.EXE biledit.exe CDKey.exe CMMovie.exe DialKill.EXE Show More DiskState.exe DPInst.exe DPInst.exe.mui DVDDecrypter.exe EasyClea.exe Emu48.exe FormatDisk.exe GIFAnimator.exe hl.exe Launch.EXE mohaa.exe MSJavx86.exe psexec.c setting.exe Setup.exe Setup.exe Snes9XW.exe snetcfg.exe Spider.exe ST6UNST.DLL stinger.exe stub32i.exe suf80_launch.exe Sun.exe SwFlsh32.exe TransformGenerator.EXE VC_redist.x86.exe WEXTRACT.EXE WEXTRACT.EXE WHOAMI.EXE Win.exe
Product Name	Activator Adaptec's ASPI Layer Age of Empires II Expansion Application Autorun Application FormatDisk ASPICHK.EXE Baidu Antivirus BilEdit CDKey Command & Conquer : Red Alert 2 Show More Command & Conquer : Yuri's Revenge DialKill Application DiskState DjVu Solo 3.1 Driver Package Installer (DPInst) DVD Decrypter EasyCleaner Emu48 Flash 5.0 Half-Life Launcher Illesztőprogram-csomag telepítője (DPInst) Informix Client-SDK Advertised Install Transform Generator Instalador de pacote de controladores (DPInst) Instalador de Pacote de Driver (DPInst) Instalador de paquetes de controladores (DPInst) Instalator pakietu sterowników (DPInst) Instalační program balíčku s ovladačem (DPInst) Installatieprogramma voor stuurprogrammapakketten (DPInst) Installationsprogram för drivrutinspaket (DPInst) Installationsprogram til Driverpakke (DPInst) Internet GES ohne Java 2003 Kazaa Media Desktop 2.5 Launch Application Layout Editor McAfee Stinger Medal of Honor Allied Assault Medal of Honor Allied Assault(tm) by Electronic Arts, Inc. and 2015 Microsoft(R) Windows (R) 2000 Operating System Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 Microsoft VM Microsoft® GIF Animator Microsoft® Visual Basic for Windows Microsoft® Windows(TM) Internet Tools Ohjainpakettien asennusohjelma (DPInst) Pro Evolution Soccer 6 Programme d'installation du package de pilotes (DPInst) Setup Factory 8.0 Runtime Snes9X SNES Emulator Spider Surfive Sysinternals PsExec Sürücü Paketi Yükleyicisi (DPInst) Treiberpaket-Installationsprogramm (DPInst) UT61C/D Interface Program Ver 3.03 Win Windows (R) 2000 DDK driver Εγκατάσταση πακέτου προγραμμάτων οδήγησης (DPInst) Установщик пакетов драйверов (DPInst)
Product Version	14.30.30704.0 8.1.1006.0 7, 01 6.00.8169 5.50.4134.600 5.1.2600.2180 5.00.3805 5.00.2128.1 5,0,30,0 4.60 (1021) Show More 4.40.483 4,4,4,75466 3.5.1.0 3.03 3.0 2.6.0 2.1 2.0.6 2, 0, 0, 1 2, 0, 0, 0 1.95 1.2 1.08 1.05 1.00.000 1.00 1.0.34.6 1.0.0.101 1.0.0.1 1.0.0.0 1, 30, 0, 0 1, 14, 0, 95 1, 2, 1, 280 1, 2, 1, 2 1, 1, 8, 0 1, 1, 1, 1 1, 0, 0, 1 0, 9, 0, 0
Special Build	Final Build #95 Service Pack 18, Christoph Gießelink

Digital Signatures

Signer	Root	Status
Hangzhou Chuangju Technology Co.,LTD	Certification Authority of WoSign	Root Not Trusted
LizardTech, Inc.	LizardTech, Inc.	Hash Mismatch
Microsoft Corporation	Microsoft Code Signing PCA 2011	Hash Mismatch
Microsoft Corporation	Microsoft Corporation	Hash Mismatch
Microsoft Corporation	Microsoft Root Authority	Hash Mismatch

Mydrivers Information Technology Co., Ltd (ZhengZhou)	VeriSign Class 3 Code Signing 2009 CA	Hash Mismatch
Baidu Online Network Technology (Beijing)Co., Ltd	VeriSign Class 3 Code Signing 2010 CA	Hash Mismatch

File Traits

$Id: UPX
.adata
.aspack
.UPX
2+ executable sections
7-zip (In Overlay)
7-zip Installer
ASPack v2.11d
ASPack v2.12
big overlay

CAB SFX
HighEntropy
imgui
Inno
InnoSetup Installer
Installer Manifest
Installer Version
InstallShield Installer
No Version Info
ntdll
packed
RAR (In Overlay)
SUF
themida
themida section variant
upx
UPX!
VirtualQueryEx
WinZip SFX
Wise
Wix
WixToolset Installer
WriteProcessMemory
x86

Block Information

Total Blocks:	903
Potentially Malicious Blocks:	1
Whitelisted Blocks:	836
Unknown Blocks:	66

Visual Map

? ? 0 ? 0 0 0 0 0 0 ? ? ? 0 0 ? ? 0 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? x ? 0 0 0 0 0 0 0 ? ? ? ? 0 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.DGFB
Agent.HJFB
Agent.IFSB
Agent.PIFB
Agent.XXA

BHO.FS
BTNGdoor.A
BadJoke.ScreenRoses.A
Banker.TK
Downloader.Agent.SC
Downloader.I
Dropper.Fignotok.D
Emotet.GFA
Injector.DFF
Injector.DGB
Injector.FGSA
Injector.FHE
Injector.GSD
Injector.KF
Injector.KI
Injector.KZK
Kagee.A
KeyLogger.B
Keygen.HF
KillMBR.XE
Kryptik.DGW
Kryptik.NRR
Kryptik.VCKBG
Lamer.CHB
Lotok.T
Luder.C
MSIL.Brute.LS
NetBus.A
Parite.F
QHost.XG
Ramnit.AP
Rozena.H
ScriptExpert.A
Surldoe.A
TrickBot.LH
Trojan.Downloader.Gen.FO
Unruy.FA
Upatre.VHC
Zegost.GAB
Zegost.GB

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\common files\installshield\engine\6\intel 32\ikernel.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\common files\wise installation wizard\wisfb0addc466584d468a4fa0debf7497df_1_0_0.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\3d8d8160ee186ba9f01b3d6453b3c97eb61c6e11_0000290816.log	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\_ins5566._mp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_ir_sf_temp_0\irimg1.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\irimg1.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\irimg2.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\irimg2.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\irsetup.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\irsetup.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\irsetup.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_is3f7.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_isfc71.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_isfcc0.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_isfdcc.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_istmp1.dir\_ins0432.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_istmp1.dir\_ins5576._mp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\2cb0db.dll	Synchronize,Write Data
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\_isres.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\_isres.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\bp_logo.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\bp_logo.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\corecomp.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\corecomp.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\ctl3d32.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\ctl3d32.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\e199e.dll	Synchronize,Write Data
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\isuninst.728	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\isuninst.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\isuninst.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\isuninst.exe	Synchronize,Write Data
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\license.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\license.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\value.shl	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_istmp1.dir\_istmp0.dir\value.shl	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_istmp1.dir\_wutl951.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_istmp1.dir\zdatai51.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_msi5166._is	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\aia5218.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\ext1318.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\ext4b9c.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\exta8ce.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\hnn854a.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\iec4e99.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\ieu4ea9.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-b48bb.tmp\is-4jl9l.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2487b318	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2487b318\a1b09c99	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2487b318\a1b09c99\update-aplikasi-simgaji.url	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2487b318\a1b09c99\update-aplikasi-simgaji.url	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2b0636f1	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2b0636f1\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2b0636f1\1cc6edd2\kabupaten_maluku.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2b0636f1\1cc6edd2\kabupaten_maluku.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2d039f66	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2d039f66\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2d039f66\1cc6edd2\kabupaten_maluku_tengah.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2d039f66\1cc6edd2\kabupaten_maluku_tengah.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2f9467b9	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2f9467b9\549c18a9	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2f9467b9\549c18a9\libmysql_d.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\2f9467b9\549c18a9\libmysql_d.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\30378202	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\30378202\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\30378202\1cc6edd2\kabupaten_seram_bagian_timur.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\30378202\1cc6edd2\kabupaten_seram_bagian_timur.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\407f7069	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\407f7069\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\407f7069\1cc6edd2\kabupaten_buru1.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\407f7069\1cc6edd2\kabupaten_buru1.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\435f3ad3	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\435f3ad3\a1b09c99	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\435f3ad3\a1b09c99\vfp9r.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\435f3ad3\a1b09c99\vfp9r.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\4943fb4d	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\4943fb4d\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\4943fb4d\1cc6edd2\kabupaten_maluku_barat_daya.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\4943fb4d\1cc6edd2\kabupaten_maluku_barat_daya.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\52d80a7a	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\52d80a7a\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\52d80a7a\1cc6edd2\provinsi_maluku.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\52d80a7a\1cc6edd2\provinsi_maluku.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\55e9728e	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\55e9728e\a1b09c99	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\55e9728e\a1b09c99\msvcr71.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\55e9728e\a1b09c99\msvcr71.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\58208856	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\58208856\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\58208856\1cc6edd2\kabupaten_buru_selatan.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\58208856\1cc6edd2\kabupaten_buru_selatan.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\5951c47b	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\5951c47b\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\5951c47b\1cc6edd2\kabupaten_buru.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\5951c47b\1cc6edd2\kabupaten_buru.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\5b67f613	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\5b67f613\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\5b67f613\1cc6edd2\kabupaten_utara.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\5b67f613\1cc6edd2\kabupaten_utara.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\6336e291	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\6336e291\a1b09c99	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\6336e291\a1b09c99\system.drawing.h	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\6336e291\a1b09c99\system.drawing.h	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\64d65a17	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\64d65a17\a1b09c99	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\64d65a17\a1b09c99\dbgaji.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\64d65a17\a1b09c99\dbgaji.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\6d5093dd	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\6d5093dd\a1b09c99	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\6d5093dd\a1b09c99\config.fpw	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\6d5093dd\a1b09c99\config.fpw	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\76548182	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\76548182\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\76548182\1cc6edd2\kota_ambon1.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\76548182\1cc6edd2\kota_ambon1.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\87380aed	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\87380aed\a1b09c99	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\87380aed\a1b09c99\systemdb.ocx	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\87380aed\a1b09c99\systemdb.ocx	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\96fdab7	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\96fdab7\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\96fdab7\1cc6edd2\unins.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\96fdab7\1cc6edd2\unins.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\9aaa00fd	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\9aaa00fd\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\9aaa00fd\1cc6edd2\kabupaten_seram_bagian_barat.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\9aaa00fd\1cc6edd2\kabupaten_seram_bagian_barat.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\c_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\c_\program files	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\c_\program files\mysql	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\c_\program files\mysql\connector odbc 5.1	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\c_\program files\mysql\connector odbc 5.1\myodbc5.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\c_\program files\mysql\connector odbc 5.1\myodbc5.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\c_\program files\mysql\connector odbc 5.1\myodbc5s.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\c_\program files\mysql\connector odbc 5.1\myodbc5s.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\d2d8112e	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\d2d8112e\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\d2d8112e\1cc6edd2\kabupaten_aru.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\d2d8112e\1cc6edd2\kabupaten_aru.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\d5324956	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\d5324956\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\d5324956\1cc6edd2\kota_tual.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\d5324956\1cc6edd2\kota_tual.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\e537f371	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\e537f371\a1b09c99	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\e537f371\a1b09c99\vfp9renu.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\e537f371\a1b09c99\vfp9renu.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\eac7aa71	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\eac7aa71\a1b09c99	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\eac7aa71\a1b09c99\system.app	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\eac7aa71\a1b09c99\system.app	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\eb434209	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\eb434209\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\eb434209\1cc6edd2\kabupaten_maluku_tenggara_barat.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\eb434209\1cc6edd2\kabupaten_maluku_tenggara_barat.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\ee9cb834	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\ee9cb834\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\ee9cb834\1cc6edd2\kota_ambon.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\ee9cb834\1cc6edd2\kota_ambon.jpg	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\f8c1bb14	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\f8c1bb14\1cc6edd2	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\f8c1bb14\1cc6edd2\a0063908.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\dbgaji\f8c1bb14\1cc6edd2\a0063908.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\instal-simgaji-client.msi	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\instal-simgaji-client.msi	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\mmsi.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\mmsi.dll\mmsiexec.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\mmsi.dll\mmsiexec.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\{a00acc65-f82b-4b35-89cf-1bce17159a51}	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\data\{a00acc65-f82b-4b35-89cf-1bce17159a51}	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\instal-simgaji-client.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\instal-simgaji-client.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\instal-simgaji-client.msi	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\instal-simgaji-client.msi	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\instal-simgaji-client.res	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\instal-simgaji-client.res	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\mia.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\miaa301.tmp\mia.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msi5f47.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msi5f85.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdbd88.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\pft1423~tmp\_inst32i.ex_	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\pft1423~tmp\_inst32i.ex_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\pft1423~tmp\_isdel.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\pft1423~tmp\_isdel.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\pft1423~tmp\_setup.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\pft1423~tmp\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\pft1423~tmp\_sys1.cab	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\pft1423~tmp\_sys1.cab	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\pft1423~tmp\_sys1.hdr	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\pft1423~tmp\_sys1.hdr	Synchronize,Write Attributes

101 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	08f1d653bdae7567c717097a304effefffbd45fe_0005184512	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	꾛ㄸ	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\user\downloads\08f1d653bdae7567c717097a304effefffbd45fe_0005184512	DWM8And16BitMitigation	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name	de10e01bf0da07bf401876bb1b19f4264d345dd2_0000586183	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.imaadpcm::fdwsupport		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.imaadpcm::cformattags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.imaadpcm::aformattagcache		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.imaadpcm::cfiltertags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msadpcm::fdwsupport		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msadpcm::cformattags		RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msadpcm::aformattagcache	2	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msadpcm::cfiltertags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msg711::fdwsupport		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msg711::cformattags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msg711::aformattagcache		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msg711::cfiltertags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msgsm610::fdwsupport		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msgsm610::cformattags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msgsm610::aformattagcache	1	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.msgsm610::cfiltertags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.l3acm::fdwsupport		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.l3acm::cformattags		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.l3acm::aformattagcache	U	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\audiocompressionmanager\drivercache\msacm.l3acm::cfiltertags		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	5dcb01fa699e46ef24d5db1d55f1acb5edfd7583_0001060864	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	⳯㢔	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	놐ᘹꇳᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::version	Ԁ	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::name	5DCB01FA699E46EF24D5DB1D55F1ACB5EDFD7583_0001060864	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::id	5DCB01FA699E46EF24D5DB1D55F1ACB5EDFD7583_000106086438942CEF00103000	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	쮉蓰㘺ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	696ae96c8c347ad62141b77152f624d13fe368b8_0000104448	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	ぃ㙼	RegNtPreCreateKey
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\layers::c:\users\user\downloads\696ae96c8c347ad62141b77152f624d13fe368b8_0000104448	DWM8And16BitMitigation	RegNtPreCreateKey
HKLM\software\classes\shockwaveflash.shockwaveflash\shell\open\command::	c:\users\user\downloads\8f9458e73039f84d9c06e8fa5d72c6f0e8675bdd_0000987136 %1	RegNtPreCreateKey
HKLM\software\classes\shockwaveflash.shockwaveflash\defaulticon::	c:\users\user\downloads\8f9458e73039f84d9c06e8fa5d72c6f0e8675bdd_0000987136,1	RegNtPreCreateKey
HKLM\software\classes\.swf::	ShockwaveFlash.ShockwaveFlash	RegNtPreCreateKey
HKLM\software\classes\.spl::	ShockwaveFlash.ShockwaveFlash	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedpidlmrulegacy::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots	ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::1	Z1橃扶祦硫B 뻯.Cjvbfykx	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::0	\1坛㰨佄啃䕍ㅾD 뻯啫嬯嬄窵.ᥬ샒documents	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::nodeslot	Ù	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bags\217\shell::sniffedfoldertype	Documents	RegNtPreCreateKey
HKLM\software\classes\shockwaveflash.shockwaveflash\shell\open\command::	c:\users\user\downloads\7011e755446adf95978657a0abb242af93942811_0000475136 %1	RegNtPreCreateKey
HKLM\software\classes\shockwaveflash.shockwaveflash\defaulticon::	c:\users\user\downloads\7011e755446adf95978657a0abb242af93942811_0000475136,1	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name	99f9b0edfcb4890a2c2414a1bcff79f29e1091d6_0000086016	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id	욒㶛	RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetUserObjectInformation
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess ShellExecuteEx WinExec
Network Winsock2	WSAStartup
Other Suspicious	SetWindowsHookEx
Keyboard Access	GetAsyncKeyState GetKeyState

Shell Command Execution


							"C:\Users\Pyjtkfcx\AppData\Local\Temp\is-B48BB.tmp\is-4JL9L.tmp" /SL4 $10254 "c:\users\user\downloads\0e52984c5b6e682664ee26e7407e24bc005f3df7_0003088384.exe" 2792017 51712


							(NULL) MSIEXEC /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WISFB0ADDC466584D468A4FA0DEBF7497DF_1_0_0.MSI" WISE_SETUP_EXE_PATH="c:\users\user\downloads\88769f09f8488e5c3c92c69d5fa05b47692468ae_0001395712"


							open C:\Users\Uewlnhbr\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe __IRAOFF:653858 "__IRAFN:c:\users\user\downloads\491d6a31793b1946a5948a96af66dbdee1aa1d52_0002981888" "__IRCT:1" "__IRTSS:0" "__IRSID:S-1-5-21-3119368278-1123331430-659265220-1001"


							"C:\Users\Ffdtbkzq\AppData\Local\Temp\pft4CD6~tmp\Disk1\Setup.exe"


							"C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe" -RegServer


									update.exe /PACK


									"C:\Users\Zwrnwppk\AppData\Local\Temp\pft1423~tmp\Setup.exe" /SMS


									C:\Users\Zwrnwppk\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP


									C:\Users\Zwrnwppk\AppData\Local\Temp\pft1423~tmp\_ISDEL.EXE


									BH2.EWS intro


									c:\users\user\downloads\161ff44d2a00606e1d562397feb54f69b204170c_0000124416  -deleter


									.\Instal-SIMGaji-Client.exe  /m="c:\users\user\DOWNLO~1\762686~1" /k=""


									"C:\Users\Iivrccah\AppData\Local\Temp\pftAA46~tmp\Setup.exe" /SMS


									C:\Users\Iivrccah\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MP


									C:\Users\Iivrccah\AppData\Local\Temp\pftAA46~tmp\_ISDEL.EXE

Virus.Parite

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Virus.Parite

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed