UDS：DangerousObject.Multi.Generic

通过Sumo3000在恶意软件

翻译为：

威胁评分卡

Popularity Rank:	28
威胁级别：	70 % (高的)
受感染的计算机：	3,787,605

初见：	June 26, 2013
最后一次露面：	November 25, 2025
受影响的操作系统：	Windows

UDS：DangerousObject.Multi.Generic是一种恶意软件威胁，通常在损坏的PC上的多个位置同时发现该威胁。报告次数最多的位置UDS：DangerousObject.Multi.Generic自身位于“文档和设置”，通常是C驱动器的组件。 UDS：DangerousObject.Multi.Generic很难通过许多安全应用程序从受影响的计算机中查找和卸载。 UDS：DangerousObject.Multi.Generic的检测仅可用于添加到排除项，忽略，浏览包含该项的位置或可能产生威胁描述。 PC用户要么被带到空文件夹，要么无法访问该对象。

别名

15 个安全供应商将此文件标记为恶意文件。

Antivirus Vendor	检测
Ikarus	JS.Downloader.BSO
Comodo	UnclassifiedMalware
Kaspersky	Trojan.Script.Suspic.gen
GData	Script.Trojan.Agent.FZPT9I
ClamAV	Win.Worm.Agent-4608
Avast	JS:Downloader-BSP [Trj]
Symantec	VBS.Downloader.Trojan
Fortinet	MSIL/Agent.QOJ!tr
AhnLab-V3	Trojan/Win32.Agent
McAfee-GW-Edition	BehavesLike.Win32.SpyGate.nm
Sophos	Mal/Generic-S
Avast	Win32:Dropper-gen [Drp]
Symantec	Trojan.Gen.2
K7AntiVirus	Trojan ( 004c9e0e1 )
McAfee	Artemis!29BE907DE7BA

SpyHunter 检测并删除 UDS：DangerousObject.Multi.Generic

文件系统详情

UDS：DangerousObject.Multi.Generic 可能会创建以下文件：

展开全部 | 全部收缩

#	文件名	MD5	检测检测数： SpyHunter 报告的在受感染计算机上检测到的特定威胁的确认和疑似案例数量。
1.	0UL6KGCP3JW6U70KT3HJ.exe	c0addb549ade9e125bd2e4218ef66b69	94
名称： 0UL6KGCP3JW6U70KT3HJ.exe MD5： c0addb549ade9e125bd2e4218ef66b69 尺寸： 11.47 MB (11479648 字节) 检测： 94 类型： Executable File 小路： C:\Users\<username>\AppData\Local\Temp 团体：恶意软件文件最近更新时间： July 7, 2025
2.	b8dc74d9e926b07b4af2d68d4f700ee6554dc92f302f03e7367dff53315106f4	f76a6556cddc2eae4628baa647d38061	5
名称： b8dc74d9e926b07b4af2d68d4f700ee6554dc92f302f03e7367dff53315106f4 MD5： f76a6556cddc2eae4628baa647d38061 尺寸： 2.12 MB (2125824 字节) 检测： 5 小路： %SYSTEMDRIVE%\Users\<username>\Downloads\16489928518\b8dc74d9e926b07b4af2d68d4f700ee6554dc92f302f03e7367dff53315106f4 团体：恶意软件文件最近更新时间： October 24, 2025
3.	av.exe	903b2f07578e461f2119be6ad274382d	4
名称： av.exe MD5： 903b2f07578e461f2119be6ad274382d 尺寸： 315.9 KB (315904 字节) 检测： 4 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 6, 2024
4.	run.exe	1b8ceba270bcec714babe5a0862ef028	4
名称： run.exe MD5： 1b8ceba270bcec714babe5a0862ef028 尺寸： 40.96 KB (40960 字节) 检测： 4 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
5.	autodeploydownloader.exe	013eba2540c1a6e185c1cb73ca9b1479	3
名称： autodeploydownloader.exe MD5： 013eba2540c1a6e185c1cb73ca9b1479 尺寸： 444.39 KB (444399 字节) 检测： 3 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 5, 2024
6.	myxsaqlu.exe	fda7582057ac8815534e19d31146c2b6	3
名称： myxsaqlu.exe MD5： fda7582057ac8815534e19d31146c2b6 尺寸： 1.66 MB (1660560 字节) 检测： 3 类型： Executable File 小路： C:\Users\<username>\AppData\Local\Temp\myxsaqlu.exe 团体：恶意软件文件最近更新时间： March 2, 2024
7.	932C.exe	91c9d076ba5c2ab4868c1d1627616936	3
名称： 932C.exe MD5： 91c9d076ba5c2ab4868c1d1627616936 尺寸： 2.31 MB (2314240 字节) 检测： 3 类型： Executable File 小路： C:\Users\<username>\AppData\Local\Microsoft\932C.exe 团体：恶意软件文件最近更新时间： February 29, 2024
8.	pcmfid2030win2kxp.exe	1bbe3afd7b228a31753ba7bcedad5d77	3
名称： pcmfid2030win2kxp.exe MD5： 1bbe3afd7b228a31753ba7bcedad5d77 尺寸： 75.95 KB (75950 字节) 检测： 3 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 14, 2024
9.	webcomponents.exe	39edc0d2e7eb2a04ea678ab19b21999a	3
名称： webcomponents.exe MD5： 39edc0d2e7eb2a04ea678ab19b21999a 尺寸： 2.35 MB (2359992 字节) 检测： 3 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 14, 2024
10.	red dead redemption 2 crack + navod.exe	829c1212cdda366a823bf99dd12a96dc	2
名称： red dead redemption 2 crack + navod.exe MD5： 829c1212cdda366a823bf99dd12a96dc 尺寸： 3.14 MB (3147776 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
11.	photoshop_set-up.exe	4d4a3a5f1a3542da3e8d826574f7ff6b	2
名称： photoshop_set-up.exe MD5： 4d4a3a5f1a3542da3e8d826574f7ff6b 尺寸： 271.87 KB (271872 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
12.	b4169f759a57700792a627372c4f699d.pdf	8afda4dfe23175a6dedac8d05fa16290	2
名称： b4169f759a57700792a627372c4f699d.pdf MD5： 8afda4dfe23175a6dedac8d05fa16290 尺寸： 6.07 MB (6070272 字节) 检测： 2 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
13.	securitycheck.exe	2ab12f81eaa26364e736ccd8c37207f0	2
名称： securitycheck.exe MD5： 2ab12f81eaa26364e736ccd8c37207f0 尺寸： 1.37 MB (1377360 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 5, 2024
14.	desktop.exe	f6d7c2c0267684aa10facd84315ebe9a	2
名称： desktop.exe MD5： f6d7c2c0267684aa10facd84315ebe9a 尺寸： 8.93 MB (8933804 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
15.	protectionpaladin.exe	bdd85920307233788f161789b7d1cba2	2
名称： protectionpaladin.exe MD5： bdd85920307233788f161789b7d1cba2 尺寸： 1.03 MB (1031680 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
16.	utf-8''ser.exe; filename=ser.exe	8ab064e069a639d707e38ec5d7e85c21	2
名称： utf-8''ser.exe; filename=ser.exe MD5： 8ab064e069a639d707e38ec5d7e85c21 尺寸： 1.4 MB (1400832 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
17.	setup_win_32bit_1.139.exe	3d85be7cc2f2e96cd586d66a625669b9	2
名称： setup_win_32bit_1.139.exe MD5： 3d85be7cc2f2e96cd586d66a625669b9 尺寸： 1.61 MB (1615752 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
18.	utf-8''a.exe; filename=a.exe	05e6b3ce2da9b80da4191e2ceaccd822	2
名称： utf-8''a.exe; filename=a.exe MD5： 05e6b3ce2da9b80da4191e2ceaccd822 尺寸： 174.59 KB (174592 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
19.	diplomnaya_rabota.exe	68dac0f4bb0e6e3333641a22b24c423b	2
名称： diplomnaya_rabota.exe MD5： 68dac0f4bb0e6e3333641a22b24c423b 尺寸： 1.68 MB (1682432 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
20.	utf-8''business%20sender%20multi%20web%20whatsapp%20%2b%20warmer%20by%20tiger%20vikram%20%20-%20reseller%20license.exe	63d1a1bd194f92d4c495e997f020129e	2
名称： utf-8''business%20sender%20multi%20web%20whatsapp%20%2b%20warmer%20by%20tiger%20vikram%20%20-%20reseller%20license.exe MD5： 63d1a1bd194f92d4c495e997f020129e 尺寸： 2.92 MB (2929664 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
21.	conhost.exe	3b4d04d340c5e9380e7b4b93fbe213e5	2
名称： conhost.exe MD5： 3b4d04d340c5e9380e7b4b93fbe213e5 尺寸： 82.43 KB (82432 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
22.	1.exe	3ae39f0bbdf786e7616d65c3a9b82a05	2
名称： 1.exe MD5： 3ae39f0bbdf786e7616d65c3a9b82a05 尺寸： 50.68 KB (50688 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
23.	4admins.exe	cb0a8bcb42c4f36e251c4ba71f89c5fa	2
名称： 4admins.exe MD5： cb0a8bcb42c4f36e251c4ba71f89c5fa 尺寸： 2.53 MB (2534400 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
24.	pcmainu-1878.exe	45db692874be54ae84efd117649a7efc	2
名称： pcmainu-1878.exe MD5： 45db692874be54ae84efd117649a7efc 尺寸： 1.72 MB (1725487 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
25.	update.exe	0c9e8523a87bd6cda6f6fffaa6ae6dd2	2
名称： update.exe MD5： 0c9e8523a87bd6cda6f6fffaa6ae6dd2 尺寸： 75.77 KB (75776 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
26.	utf-8''back.exe; filename=back.exe	2f6bca09290879b07957d4d0246b2750	2
名称： utf-8''back.exe; filename=back.exe MD5： 2f6bca09290879b07957d4d0246b2750 尺寸： 385.02 KB (385024 字节) 检测： 2 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
27.	the-mop-2016.9.3.0-win.exe	7db0680dd0bb8ccc1f32add9cc73dc3d	1
名称： the-mop-2016.9.3.0-win.exe MD5： 7db0680dd0bb8ccc1f32add9cc73dc3d 尺寸： 4.86 MB (4862907 字节) 检测： 1 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
28.	cs.exe	a136aa371eb80d61a757fa41be426770	1
名称： cs.exe MD5： a136aa371eb80d61a757fa41be426770 尺寸： 289.28 KB (289280 字节) 检测： 1 类型： Executable File 小路： c:\Users\<username>\downloads 团体：恶意软件文件最近更新时间： February 8, 2024
29.	c:\Users\\downloads\zoomdirectupdate.exe	9de4d7258d4e32a1b63d5c95bbebbbb9	1
名称： c:\Users\<username>\downloads\zoomdirectupdate.exe MD5： 9de4d7258d4e32a1b63d5c95bbebbbb9 尺寸： 1.96 MB (1961215 字节) 检测： 1 类型： Executable File 小路： c:\Users\<username>\downloads\zoomdirectupdate.exe 团体：恶意软件文件最近更新时间： February 8, 2024

更多文件

注册表详情

UDS：DangerousObject.Multi.Generic 可能会创建以下注册表项或注册表项：

File name without path

1233213123213[1].exe

activate-with-pass___3456.exe

adobe[1].exe

AdobeUpdaterV131.exe

AdobeUpdaterV202.exe

amadka[1].exe

amadka[2].exe

Cthulhu.vbs

DiscordCrash.exe

edgems131.exe

fiile__pass__1234_active.exe

fiile__pass___1234.exe

file-password___2345.exe

file__setup__3456.exe

ladas[1].exe

linda5.exe

linda5[1].exe

main-setup.exe

main__file.exe

mixpub2.exe

MPGPH131.exe

new_installer_1234.exe

new_setup_1234.exe

open___setup__p@ss__3456.exe

open___setup__with__3456.exe

open___with___setup__1234.exe

Open__File___Setup.exe

open__full__setup-1234.exe

Open__SETUP.exe

Open__Setup_1234.exe

open__setup__1234.exe

open__setup__3456.exe

open__with_Pass__1234.exe

open_main_file.exe

open_setup_1234.exe

Open_setup_pass_1234.exe

password is ___1234_setup.exe

pigalicapi.exe

RageMP131.exe

rc66.dat

RetailerRise[1].exe

rhgtdfs.exe

Routes Installation.exe

seed.sfx.exe

setup_10.2_mix3.exe

setup___pass__1234.exe

setup___pass___1234.exe

toolspub1[1].exe

ts66.dat

tuc4[1].exe

tuc6[1].exe

use__pass__1234_activate.exe

wfplwfs.exe

Regexp file mask

%allusersprofile%\directxplayer\directxreplacer.exe

%allusersprofile%\slidetoshutdown64.exe

%allusersprofile%\windows host\windows host.exe

%appdata%\[RANDOM CHARACTERS].ps1

%appdata%\erfd.exe

%appdata%\fgds.exe

%appdata%\fredwd.exe

%appdata%\hbtgvrf.exe

%appdata%\iamazon.exe

%appdata%\windata\windows programs.exe

%programfiles%\gedit\[NUMBERS].exe

%temp%\haleng.exe

%temp%\hypno launcher.exe

%userprofile%\pictures$\[RANDOM CHARACTERS].exe

%windir%\fonts\del.ps1

%windir%\fonts\sasd.bat

%windir%\tasks\crss.exe

HKEY..\..\..\..{RegistryKeys}

getfiles.wiki

Software\360 Dev\ProZipper

Software\DreamTrips

Software\Macrosol

SOFTWARE\Marg

Software\Microsoft\Windows\CurrentVersion\Run\ServiceDLL

Software\ProZipper

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

{361B0837-A53B-4F5E-8541-D66D7D66DDA6}_is1

{7CFDF263-212A-4B81-8D97-2DB021B5BB2A}_is1

分析报告

一般信息

Family Name:	DangerousObject.Generic
Signature status:	No Signature

Known Samples

MD5: 39bb66cdece1b4bac924beebab24543b

SHA1: 85235b56534a924706bd5cfbd434309c3e201522

文件大小: 3.09 MB, 3085789 bytes

MD5: c12d93daac86935ddfb9bd927b11ae4c

SHA1: d993eb4e4c9cdded3e0da8199cf251b1cd47826e

文件大小: 4.18 MB, 4175487 bytes

MD5: 30092c611928bbc9d5b2e38cf697fc64

SHA1: 9bc0ecbc016cf112af76102331133654cf6effde

文件大小: 527.29 KB, 527295 bytes

MD5: dcfff0032dc745711bd1244b6cca9ae5

SHA1: 3c3a77d11d735bb60fcc3351cdee5d02a72728ed

文件大小: 4.31 MB, 4306985 bytes

MD5: 0c5bbac93945abcb8da4e8186e9a1514

SHA1: 8c342a67bbcf6ff5e142bcc15e54fd72050da88f

文件大小: 2.83 MB, 2828456 bytes

MD5: 2d0d22d45fcdaade8a5117928b6d3ebd

SHA1: 173be7c350cd0f90e2dd4feece8ec9138fa1f4d2

文件大小: 4.06 MB, 4058040 bytes

MD5: 6c292e16738ded3419ccf291dc3a5132

SHA1: a9d290ade35fdca75195812e5f3e62fc61b12a4e

文件大小: 4.31 MB, 4312539 bytes

MD5: 059ef7433bff7cd3bec850d7c0b1d22a

SHA1: 478ba8188ea931fbe099e8e5e1eeaaa5349fd063

文件大小: 7.59 MB, 7593500 bytes

MD5: 4fbf5dfe628777c99b186a025d91884c

SHA1: d41558c432b298b60049ef85a7dccf02c00fad93

文件大小: 3.88 MB, 3876982 bytes

MD5: b79ffa3faa9eed4bbee35186b3d0459d

SHA1: 8357238b601df8939bbbe077674a1fbe34d5be5d

文件大小: 4.49 MB, 4494075 bytes

MD5: 585607954dbd44e1fa2b0f53dac55c5d

SHA1: 3ae071e2e791661cf161c5cfc3f58fe2a0b89ba6

文件大小: 130.78 KB, 130775 bytes

MD5: a2cd8596e9954ea61f72461be2c67a26

SHA1: 880a0b53336edbe8c2bef7fd235eb8095d0274d4

文件大小: 7.54 MB, 7535902 bytes

MD5: 8b69daf389eae842474563294a936797

SHA1: 8488f2921a8117371bbfea105bb4d269338fb3c8

文件大小: 3.61 MB, 3612523 bytes

MD5: e1e4fc7dbb4c8f4ecf11d995bd710d37

SHA1: 4dedc3a2ca3ced76854cd844679f54a004955fd0

文件大小: 451.57 KB, 451572 bytes

MD5: 40ea7095ab597dc7207b06fe2745d043

SHA1: bb95c156190ffb9fd68b28a2723eb288e25e4b87

文件大小: 437.15 KB, 437147 bytes

MD5: f0e59d9733bf03a0839e144b756543ef

SHA1: 1948c9b310b60f5c5fbe80d805ca7f269f9173c4

文件大小: 6.59 MB, 6592389 bytes

MD5: 8bc161a0600c3e13e60f730106edd3bd

SHA1: 043eace87f0943675f93129dbe5f99cf19981ed1

文件大小: 494.53 KB, 494533 bytes

MD5: 4e01a71e9d968a8f7297ab0786d59821

SHA1: 3cd25c16c543d160dd59b98b4dd24771d5d36513

文件大小: 468.48 KB, 468480 bytes

MD5: ad73f094b5c6e74a259a5251bb13694d

SHA1: 5bec96f91746cd2891f5621678c8e3be77216da2

文件大小: 2.82 MB, 2823168 bytes

MD5: 6f4ede44f07dc3c158e3a02743d079e7

SHA1: da5074a7899daea57b5fcf34daaaa4888e2e2930

文件大小: 5.05 MB, 5047653 bytes

MD5: 33f587933432b94be127446b636231eb

SHA1: 56c921520364a184a5f9107a9a468252f6af01b6

文件大小: 523.24 KB, 523238 bytes

MD5: 7c8d5d755828ae998d0a1480442234ca

SHA1: 77ace3b36cac70e29686adad14911b468107a9b8

文件大小: 2.22 MB, 2222901 bytes

MD5: 217f5ab2beb3feff4fe3642eb162fcec

SHA1: cf71d7ea84842591ece6c24532378d39c73573f7

文件大小: 1.73 MB, 1732096 bytes

MD5: 2164826774217a7f4e35763953f32fdd

SHA1: 7b5e72ce6ceb3432fc63aa3ea24efd1450717055

文件大小: 7.87 MB, 7866570 bytes

MD5: eef91a63195c7b86516d60a5b2f07838

SHA1: a5f6f02c30f4b5502a0879c29a37bee0a38efdb2

文件大小: 4.11 MB, 4107663 bytes

MD5: b19e8837b6b7b133ad8d496c6049fbb4

SHA1: 9db909dfaa48bc4ac59915825543c122d299b201

文件大小: 1.05 MB, 1052672 bytes

MD5: 6624afa9edbfceb7ef18207e6ffe306d

SHA1: 60f0884f6a2533f23d0ccfe0a5fbdad1efb05525

文件大小: 3.10 MB, 3095453 bytes

MD5: c42219c402b1013ab227743e25b12377

SHA1: 32e58a41c43355c0876cc565ec9772ebb8fb98ca

文件大小: 1.25 MB, 1247232 bytes

MD5: 372b5eb9bcd5eebba3b803174f891898

SHA1: acd8b9e23552e041ea180d23eb8ce39f2c1296d1

文件大小: 5.08 MB, 5076481 bytes

MD5: f2d40df00fda3eaf73138dc60177a27b

SHA1: a0eaa993ad8540d710d5d98aa08a97203acf9f30

文件大小: 2.67 MB, 2674176 bytes

MD5: 7163f6d96ae2b1c83330bdb4b2a7f50e

SHA1: 598bd36ee0651f76d2f1ad2a26b4b661b9f278f9

文件大小: 7.34 MB, 7338513 bytes

MD5: 56657262b0ce29fdad44f87bc3d06259

SHA1: 25768458bdc711b967e42c106da6f3c61cda561a

文件大小: 7.48 MB, 7476007 bytes

MD5: 356fbf594484d26f1dbf257d05b76c0d

SHA1: 42b5c99995a082abe01eb5ca31465ef62c6289c9

文件大小: 4.36 MB, 4355459 bytes

MD5: deee0809abf05e18500c6a990d0b2acb

SHA1: 095e27be92aed590019f02cfc8906d25d1ee7afb

文件大小: 461.60 KB, 461598 bytes

MD5: 76bc3d6e6cdbf3c8cc37e118654f6683

SHA1: 8d6440b0755e8ee8d66bf17fd66b842782d38ddb

文件大小: 2.45 MB, 2447872 bytes

MD5: e90c0da581fb9f7d713747a44774e3ce

SHA1: cf9a73de423c69739521b80c7d4464a7f9e9680b

文件大小: 5.18 MB, 5178905 bytes

MD5: 675613da238f0197ff97823978e9e206

SHA1: 962174574da88433f40bbd1089c0aae164011ff5

文件大小: 3.40 MB, 3400244 bytes

MD5: 31ade6efa057cc4f6434a872afdbcce7

SHA1: 8d14bfa9aae542defef6e6506ff3bdddf09cd10a

文件大小: 4.96 MB, 4964583 bytes

MD5: a8872cb5c5de87aff86b06fa82667a04

SHA1: 1f55f1fe3ef194ea4db14aad2cec81f03c4f69bf

文件大小: 2.23 MB, 2225629 bytes

MD5: f337a323fe16d783ab2c82435aad120c

SHA1: d250bfd436581ce88c5626e72a83410d277931d6

文件大小: 7.28 MB, 7281058 bytes

MD5: a568bbee82163d29b72d6236f650d6ae

SHA1: 0a2cfd8a3aca46781504dfb409b1a1a6f9b9d33a

文件大小: 482.23 KB, 482227 bytes

MD5: 02b7c983c6f45741180780469f43d777

SHA1: f9174a7768727baeb03a4277f172d3df795e5543

文件大小: 4.18 MB, 4176094 bytes

MD5: 10b91310569261e40a5b9ea60609b5db

SHA1: 1c935c53d560ebd8d6cb9df980fddf61e6a52fe4

文件大小: 1.93 MB, 1925777 bytes

MD5: e434ab8576192ac86d1b535b3fb8edbf

SHA1: 87cc180d39263973e960b8d22942ed52f03a7243

文件大小: 2.04 MB, 2043464 bytes

MD5: 11dde12908f6f9dd5a1a547f6f7386b1

SHA1: 9a39d3e987ab6b46bcd29e76802a2b1f42b530c2

文件大小: 2.22 MB, 2222901 bytes

MD5: 4232b91b183fa63670f65915cfd9b61c

SHA1: 1aaf827723646220d248e8ea3af8061a9eb6247a

文件大小: 4.56 MB, 4562171 bytes

MD5: 4d00204c805a047237431defbb66eac2

SHA1: 0348a3e6aa4c353aedbfb32280c24113edb142e0

文件大小: 3.79 MB, 3790293 bytes

MD5: 035b2727fb815b94e16f2d30933a56bb

SHA1: d1bcdea99a315bae6d232651eec632fbb497f859

文件大小: 8.14 MB, 8136704 bytes

MD5: de1c202e9919f49f5bc3bcca25ff0c2e

SHA1: 4a3d44f2828404a444a2b6c0b93f5113fbdb4451

文件大小: 7.90 MB, 7902469 bytes

MD5: 3d26ed829c1fbdfd14e1d4effa3f2cc3

SHA1: d68b06b225a319ba5dbb44158c6aacb86af37215

文件大小: 4.89 MB, 4890900 bytes

MD5: 17990ef1abc0757bb352c04c96faa596

SHA1: db7722ef289a00ae865ddf0a82b4c5779a3869ea

文件大小: 7.10 MB, 7101535 bytes

MD5: 70a0ef7c7676f2319ed981dd7831c98c

SHA1: 565471aa1d933f8d58dc111e5942c519522af10a

文件大小: 1.53 MB, 1532023 bytes

MD5: c47d58ff6704eecadde811a302efc21c

SHA1: 7c500e6bf6cd2ebf4cb823e73703bedd8a43a1d4

文件大小: 5.50 MB, 5502976 bytes

MD5: 6f1ea56cd75823cc601ac44b49e88b54

SHA1: dee87b5c3b3f5776600eeb07f64af18620cef7c6

文件大小: 1.36 MB, 1363968 bytes

MD5: de75bc5f0be264639be93827c88566a0

SHA1: 421ccf7cd085296a2bb2a6cdbffd7932937bcf34

文件大小: 7.17 MB, 7165620 bytes

MD5: 61d017a10fce5ed81c8c5ae4928751ed

SHA1: 58c068969572f00b1b4d7e09181f36667aed187a

文件大小: 4.51 MB, 4513548 bytes

MD5: 6c026eccf6451a39c02266bd9d54ec88

SHA1: 1d3fcf141615a9f5c7cfa30f625e6964dce9e33b

文件大小: 490.86 KB, 490862 bytes

MD5: 78da26965e3e25a845b4a125fb494c62

SHA1: ae0c95b4939d348a6ca9aa8695a2206666e0eadb

文件大小: 2.23 MB, 2226392 bytes

MD5: 951a48d9ccc3f6ef2d48aedfdc991c20

SHA1: d55443fbe80fb0afa431a1db8ab64f99c59d84d5

文件大小: 126.83 KB, 126827 bytes

MD5: 6fb06e290c7799b1951fe598dfe90f33

SHA1: b34f39a2717d93389df9076660dbd051614c948f

文件大小: 4.11 MB, 4105266 bytes

MD5: 80df8a8438fdea50d54782089fde1ad2

SHA1: ee81d26d279120de82510a4d41449de91b2bab81

文件大小: 7.27 MB, 7272046 bytes

MD5: 4df89460e2fbb0c9484d859cbd615301

SHA1: d06520d948612aa14b27ca84a45350e9b99e786c

文件大小: 7.19 MB, 7192019 bytes

MD5: 322f1b3e0de0b5953f26d65e093b2407

SHA1: 114167f2a01de3daab351ef0d3be44cc0cece7fd

文件大小: 8.86 MB, 8863744 bytes

MD5: a3ed5ced6dcb2365d140d5335e7c234b

SHA1: 66540183766e91d6d7761ab53cbaec98654f13f6

文件大小: 1.26 MB, 1258869 bytes

MD5: 10f3e7825efb70f098a39045a39f39d2

SHA1: 62caf6f23ae29d9b68859a3f2374293da74f096c

文件大小: 3.41 MB, 3411019 bytes

MD5: 95ca1920e233a128e96925a536edecbe

SHA1: 9992439f411d5bb217c5246a6b20e890c21ad391

文件大小: 557.25 KB, 557255 bytes

MD5: e04234af01b4bd34fcd9ce2b3f0891b6

SHA1: 59b435abda7761f08efc2c0c3e7c5fb695b4c6e6

文件大小: 4.20 MB, 4200389 bytes

MD5: db86037549360e9f0e4ed4e867f00586

SHA1: 0e3096f3d07c2f51dcbc6aed607f8e56c8305f98

文件大小: 9.88 MB, 9882856 bytes

MD5: 2a4d1ab880b708a3edf01e82e2e5837d

SHA1: 4f6ebd85cd6b10c79bd5cebed876872daf807e8b

文件大小: 524.43 KB, 524428 bytes

MD5: 5562df3e4e196502332370bd15f11b85

SHA1: 08fd67e5014fb147f86cd2aef1a4402846ff1260

文件大小: 2.23 MB, 2225629 bytes

MD5: 749d59581ff9d5f4096b7582b5283dae

SHA1: 8ddc36619efaccddb8eef1f9c87b810af5a06734

文件大小: 4.95 MB, 4954921 bytes

MD5: aa2438c6b27fcaedad12bb71f7bc4207

SHA1: aa16edb957987b7d22d3339c106ba99be6023b26

文件大小: 1.32 MB, 1324993 bytes

MD5: ac36d478899fc8a5ff5fae696d84604b

SHA1: e7a765d8921d03081260e2720aa8ade3459c4a68

文件大小: 3.09 MB, 3094141 bytes

MD5: 033ed2d6c7e392f75b92ab13f58542d1

SHA1: e3f1b3e66368515ac72ca02786c2487e0f68d110

文件大小: 495.14 KB, 495141 bytes

MD5: 70ad7dc0bc75421f6cae3a8d011c69f0

SHA1: ba1a688b200d14c7015874778d31b65e1460dc21

文件大小: 3.64 MB, 3642054 bytes

MD5: fdc4e449c94e5f153ecb3369e1536117

SHA1: 5ae82c94d3c31f7641676701f57f6c985f2ce1ab

文件大小: 3.09 MB, 3088237 bytes

MD5: 205f2364220f287c4ebcb4708146bb11

SHA1: c381a2bfe9a23aa42ff3ac0618501ddf4ad323d5

文件大小: 7.14 MB, 7143404 bytes

MD5: 5ac8ea9ad6bfd5d016c01f6706d57f08

SHA1: e848f31c058f16468f5a029fcad082819b5d3360

文件大小: 5.56 MB, 5560340 bytes

MD5: 38a5a542fcb67c9ffe2f7e9d3e188dae

SHA1: 114301a3f627fbee905941866c4faa24c9f3e149

文件大小: 9.03 MB, 9034752 bytes

MD5: fa58904ed9d4eac24ea8198addfb4aa0

SHA1: 35ff309c6c89992bc8c877457072789330325cc7

文件大小: 5.29 MB, 5285518 bytes

MD5: 4c737bed0fcd1836a5b6bfc033b3c03b

SHA1: d22035014cc535cc189f0f066efc263caf1fe5a7

文件大小: 14.85 KB, 14848 bytes

MD5: fbc8772f7de22c39d566ac879e9745fe

SHA1: fc71d4f0db0332489fcc264a47c1dbfec2cf4d23

文件大小: 1.98 MB, 1980928 bytes

MD5: 321af91014a50c0cbf937fe1da692ffa

SHA1: 12e7fd07a7e09ae3c51d852a5cdc74e0da33bedb

文件大小: 6.94 MB, 6942208 bytes

MD5: 60700731255519eb952ba84f46fdf26a

SHA1: cb0236273a7eae0bacd162382962b9df5a625165

文件大小: 8.33 MB, 8326735 bytes

MD5: 4a2730ce7bc4e41e89ed307fbb6913ca

SHA1: ed0016b208308b54da5cba423056c80e7c8d9826

文件大小: 8.46 MB, 8456192 bytes

MD5: 33ea72f4cec1a8e447b32a6c175e5712

SHA1: 01122ecd46af42eb75f5c34ebe9d115862ca4af8

文件大小: 149.50 KB, 149504 bytes

MD5: 3cf00aaaaef27eb2ae32a236ad5b6237

SHA1: a92fe278995edf3c338c89a79d99f20c2ce2a2b7

文件大小: 6.09 MB, 6094848 bytes

MD5: 7acd21b62a69d0d8fb30f0c4953de7cc

SHA1: 1598708868502bc4fc8d79ed96e067ba1af6b1c2

文件大小: 3.87 MB, 3869817 bytes

MD5: 1deb5b13b68a2d3bbaeead2afb35b85f

SHA1: 8f3d5381f40d4d9c6ba0faabd4658290ad53b450

文件大小: 3.31 MB, 3314783 bytes

MD5: 670aac76e06b7c320230ddeac843286b

SHA1: 79f602ed425cc40422ef0ed119339aa255969c8e

文件大小: 4.39 MB, 4393801 bytes

MD5: 937101b5d3e4a4ac5f177d66e93dd981

SHA1: f4b482e7229eb6c7014f858259c73defe5e42501

文件大小: 4.73 MB, 4732272 bytes

MD5: 48265a1171a12ddabd22909cdbab3fed

SHA1: 8a9dac7b446eae8b7c4db710633fa0990d108d91

文件大小: 1.50 MB, 1497960 bytes

MD5: b618421b64a1db235f619b67cb7fe5fb

SHA1: b3fe4f8b359d745f66d0af6d07e15fdb2b71661b

文件大小: 3.98 MB, 3977819 bytes

MD5: 69ff6da6e5f0b77baec8dcb7b2c7b5b1

SHA1: 7b91bcd8e277584a36d796ec00fb1b72de17f895

文件大小: 3.14 MB, 3138400 bytes

MD5: e8aac77cb911d16f9c5349b93213f1e2

SHA1: 2dbe67282c5b308eb8db63ac4f7f3047c16f31b6

文件大小: 1.06 MB, 1060864 bytes

MD5: b88a22633117b5af6d6df5d83528d4e9

SHA1: 20977ee1374eca5039d0d404ca9b1f1eecbb9137

文件大小: 2.40 MB, 2402816 bytes

MD5: 9a9f0d5174a1b0ab91f4a19f3ac60d6a

SHA1: 66fa4b9f0d0dfb8076617bcc8c2f444bfafe6c2c

文件大小: 3.15 MB, 3151666 bytes

MD5: a8792e9c50ba54a939e4a6047a7d22da

SHA1: c46400c8ba53957e25b6648cc981ff15f09b3abd

文件大小: 8.79 MB, 8792462 bytes

MD5: 4d1f15512bcdbdf031cc2f50cc0582de

SHA1: 14cd24798c91dead533af28de18411a8129edc8a

文件大小: 4.30 MB, 4297216 bytes

MD5: 65a919b3d949ee72bddf8c29d13cdccc

SHA1: 9b512b928566e9cd676e8c70f1375310f5e0004a

文件大小: 7.08 MB, 7075922 bytes

MD5: 501f8f539b7bf0b12320230de03f4ce2

SHA1: 6dd53555a58447cd3c68f2d0be7f063fd184d679

文件大小: 7.21 MB, 7212374 bytes

MD5: 1a951d8cb3f6effc621061788120ff59

SHA1: 4f800e29d9f95007a9a62fc1c5e5b4dc1935d2e7

文件大小: 8.70 MB, 8702714 bytes

MD5: 7c0b4daf241642103cd8160b5e5c2608

SHA1: 5500064bc2a6bc1f7094d8f3f685846f822c069d

文件大小: 468.65 KB, 468646 bytes

MD5: 2a21403d762c26fd6064055e60b74b86

SHA1: db457e5ee7d90e11aacaaf78d8f8284356bab3ed

文件大小: 977.08 KB, 977081 bytes

MD5: 7e7b8e94590f6de1b25904f4b6e3a069

SHA1: 316032d1c82fadd15e64b12c87627bdaee97d744

文件大小: 3.57 MB, 3568773 bytes

MD5: 9395ea91161bbab31947af69c69dd990

SHA1: a750ade5270bad59f7dde2a8b958658a78e6f0e1

SHA256: 57960227E6B7B437E741DA3C556950F9137647D18F181BFDDF9024FD889DD5F4

文件大小: 7.16 MB, 7157970 bytes

MD5: 673d0b2c8e80338282932562cc90e72e

SHA1: 1e00886fbd1112ce819e6cdd54d51ffe8d39922a

SHA256: C4629F46163187653B1CAC05F8E7FE4A0C3C99A1A9489CCB18524F9DF6BC99E7

文件大小: 613.68 KB, 613682 bytes

MD5: e6a4434a41acab6e3b1e9b0d550bfb0a

SHA1: 8106bd204be6b49ce34086196e3d7bdcb1acce06

SHA256: A666F643DFD3A2D041B966AA02F801FB676286606DA6F06EDB4482D422C3E795

文件大小: 1.86 MB, 1862610 bytes

MD5: cef4d829285fa9f0f8a8e1f3976ceaed

SHA1: 48b07dfd715ee7fa0c0d7ad635b726906736e27d

SHA256: 13EBB721198F052F267A95676A9587982CCCA5C7194AB3338BC1E3494D687C1D

文件大小: 3.48 MB, 3479508 bytes

MD5: 12e487dd60b1eaa1641e5ea986f70371

SHA1: c98d305a01adfbae184f9fb307f3beec858390af

SHA256: BE7C909913A1C2EF4DDEEFA1B065B62A181E5D1696AF5FC8DBC42FD734201720

文件大小: 2.46 MB, 2464768 bytes

MD5: ff9c6f07944cba0e7228c41e18e16d63

SHA1: 3b4f98c93ecbfe25503a49e5c238ebbdffbc7256

SHA256: 74D0C949AD1466958936792E2A952BF6FD5284D55AB1CC5C066722A813290EBB

文件大小: 7.24 MB, 7238153 bytes

MD5: 34120046629b6e30af9130df6dd52d2e

SHA1: e89a99a899c2714e3b679242e5f85d8af4793fc6

SHA256: 6D1223AC6CE962702D399C0ECE87462EB233E24D86010F4E50455C00215BF27C

文件大小: 5.94 MB, 5943517 bytes

MD5: 41c421c506669a95ed3b9c57c09ce433

SHA1: 70a542035e398347641a482264c6d8778e115714

SHA256: 7CBF5E46B0C3D3A60BE17970D098EF358D2EAABA64C5A4E47C36FC1E1DF67B3B

文件大小: 6.28 MB, 6279696 bytes

MD5: b97345fe3e0a7761570ae64008d8d929

SHA1: 4c992dc12ed08ef4fb374bcba28973ac3f2a712e

SHA256: D1AACB79BC55A83F79EC6BF8094506F282D5527A128D186E4F4C1BC7CE135EC5

文件大小: 7.72 MB, 7719214 bytes

MD5: 71d41ca0439b393f8854001d9fccdd80

SHA1: e7c0dac55a9ae519e7c7d34f1a60f01741469898

SHA256: EC627B8E7CF3A92ABC2F6E6B78F94B5382994A9E2648E2FD029ADEB16AA8B326

文件大小: 7.89 MB, 7885699 bytes

MD5: 7b62b1e2968d963230698955066d0a8e

SHA1: 66855cf96efc2039b86aa36c36543ba7899eb239

SHA256: 3CDCA75089231BF7ACBF2E45AC0DA65F6326B33CB5D86411C8C5DF4878287748

文件大小: 4.76 MB, 4764416 bytes

MD5: d9e80b62d1232029b6f2bf6187d6b670

SHA1: 832c639ec65bc40a7a10a5690193bebb42a7adee

SHA256: 7CEB53E589F2458BB2DDBEE6D4DEAB06097B8758DCFAD11F41B76E01C0238267

文件大小: 510.36 KB, 510363 bytes

MD5: fec8d7b0f68dd3ed6065153829302da7

SHA1: 9f885b0b432268fedb63180fedbff8145b2a05fc

SHA256: 55CE09DE2FC986D143EB12C95D813AB083596213612317149032EF9A1AE4E947

文件大小: 8.07 MB, 8074216 bytes

MD5: d5ad6dadc00f463d4f38311604c13020

SHA1: 3fa055cef96f36ab2a7d39532707d8aed7743a1d

SHA256: 61E279F4BAABEDA01BD4A49E370F9BC849B380A0CE2D4F600DD95429BE03EE4A

文件大小: 3.68 MB, 3684562 bytes

MD5: e0e04498283de72a70435d5bfe2a5f55

SHA1: d552ac9ae85c9d7cd6af61fb083c3e54daa64e7c

SHA256: 03322B22E6EBF2644B75566D238C19E2A7B21C2A9E2C5BCDCD3AC74DFBEE092C

文件大小: 390.68 KB, 390680 bytes

MD5: 96c5adfae12894b9978b887877fad4c5

SHA1: 883af4d84d2a14f2c9b6f265e9e14704d610c455

SHA256: AF6F686657A6C78B5E1F1CD14900AE53B74696B9BFD97D1B3B7D123A219FBBC4

文件大小: 1.64 MB, 1640351 bytes

MD5: fdbbd54cab287114e1bc0d194a4c0d9d

SHA1: 9e902ba98fe008050e10220c1fd4616f4c06b08d

SHA256: FBE89475450A5BA6315DFC8C354A06E14B92E22294782BA4AF05560992E0F16E

文件大小: 3.58 MB, 3576007 bytes

MD5: 8c60dd816f7b39f0ddfd1707c22a9304

SHA1: d08afd401387acff6174d9e4e43cf34ea06e8a26

SHA256: 7C1AEE3DE7D869FEDDFF91F0ED735FD8F8C855ADAFF193A15797F3736C8EB687

文件大小: 310.24 KB, 310240 bytes

MD5: cc8e7d7ac9880bcdf1ad23c103d6a722

SHA1: d3cbe9769d5edbe61abb265301699ebffff1116d

SHA256: 1781D77159C3F117E97EDC1BAA090D34DDB3986AA3F4F257D6902177F07806F8

文件大小: 8.88 MB, 8884736 bytes

MD5: 6e8d2159ac721a18326eb85826330d23

SHA1: e8b8a3d5f3a26bfdc0b395adb106322161a5a966

SHA256: 9B96A2612A39BCA6F86974133AF37BA654A9BAD097ED57455643AABC9EFABBD4

文件大小: 3.46 MB, 3462998 bytes

MD5: cd881d67966582febe60422cf8f6289f

SHA1: 50bf20ea584f393921c7068faed98c5b40251378

SHA256: C727E6E5A12CB1544720FAD3ABF21B60980C873175B91866E11A42BDAADCDBAE

文件大小: 4.45 MB, 4453630 bytes

MD5: 2bbaf9ae8c73afe237e50f924c480bed

SHA1: 5728b9c8a57f8538b3ae6e7d3a5bffd5462ce8a0

SHA256: 57D596B29D6FC2C917503116419917C74D504BE7733B31AC4637B6792E8ABF72

文件大小: 3.10 MB, 3098653 bytes

MD5: 99b4b3a1847ebe524d4b28179b45c674

SHA1: 931dedeaca90ab273bdf103aab9f1b943d4e83c4

SHA256: 375ADD48C91787315B3DE22E7081DCB35C8D964235D3B902844165EC415BB595

文件大小: 4.81 MB, 4810056 bytes

MD5: 629a36d902a04273eb43ecf35fd4fc5d

SHA1: 0aa37e5a26818dcbbce318cfcf74ff38785e7691

SHA256: B575D8F293A836DA6BE4DAB7D354F73C011E730C8BC0730DC3D4A2B0517BE516

文件大小: 4.63 MB, 4633007 bytes

MD5: 6b0bc7ac9271315bd5497dd42b44eb9a

SHA1: 9413a1aa7574bd281fb2c6291f8d812ad0499506

SHA256: 1C4E66DD3F51EAB5C1CF5F1E1BA24039DA6208D5B153283EEEE92096E776681F

文件大小: 2.81 MB, 2811045 bytes

MD5: 1f197dbac1524d45e9fcd5688925b5ce

SHA1: 63a73c58a25c5cfca78dc0f883f40f8aaa2cff77

SHA256: 8456535F45BFC71A17929A070263257BD91CF3694B6202316A795889774773C8

文件大小: 67.91 KB, 67909 bytes

MD5: 959a4984f88f0c71acbf71e86ecefb9a

SHA1: a5c7ca81741d47525f034ed756ee7462acb6debb

SHA256: 98D7A75B3B5F541C4CFB11DA0DFAC8FAFF74AE3468C8E87D3A3072CA6CA17880

文件大小: 3.54 MB, 3542685 bytes

MD5: 7f4e6eec3f0ed804a66b1976da5bad24

SHA1: eb1154090857e459abbd2b64a7bb88356bb41146

SHA256: 888A546D81D5A41A8F3E3526CD08355EB08F26E34D3132BABFCDFD2A68A67730

文件大小: 5.23 MB, 5231975 bytes

MD5: 756481247968abd3195f4d8bc7070a8e

SHA1: 9d898cb0299affd24ed14477f5201ed5162eeb69

SHA256: 8813E520BEB688B1540578F93973120EBE71B98E86E933466F12771C00DA12DF

文件大小: 2.45 MB, 2447872 bytes

MD5: bc14117a8ed2f6d72b86f40d682544ba

SHA1: 047aab0ec141d4a8d8814c80e31e9b99106ca0da

SHA256: B80114DB37215DC33A49CE7E21A6BAAF96DD60BA5BF3D80B97E12FA82A4561F6

文件大小: 7.20 MB, 7203379 bytes

MD5: 6d72982c567b6951b6117acaf8c67cca

SHA1: fe8c4146120d87b3dc16f085a48ae88d1580baf3

SHA256: 7EA33F5CE09B20C3A30CB89BCBE57D385B6190AA0463C2D87F619FCC3D892808

文件大小: 6.86 MB, 6864590 bytes

MD5: 81be73dcd352a00b336bc6b05cfdae60

SHA1: 181d4c14e4cec3a7ce79cf5a896cc2962778f427

SHA256: 4F8E57FF904792CB899E4A168E1E0CAE69F7C6EB2AB49C4C291B5473A86B4D44

文件大小: 3.66 MB, 3661210 bytes

MD5: a7721d08e4939bbc28f4dbc0a03eed3b

SHA1: efbb9ec634b956a383f0031554c805cb4b32710d

SHA256: 8487F6EDD8294D1055E7C568DFCF3BCF7E05404CBD4F6BE44E28A1D5C1AED960

文件大小: 2.45 MB, 2447872 bytes

MD5: 44627c2bb7dd3f24a27da1f75a754b01

SHA1: 80e21de335fb77fe5e478589afdf61d773131736

SHA256: D874AAB0916EE1AEA6EF15D2F2DC941AEEF755DA67B0ADBE9D74D2274752EF0E

文件大小: 5.29 MB, 5289744 bytes

MD5: 77812c81d90d544b9a3923edd0eb49d8

SHA1: dd856965fc4959c51341d81b94198d17dee7be7e

SHA256: 3CB868FECD372D8E8576260DC7F2A260651C678C449F942D569D6EE52D0FD170

文件大小: 7.47 MB, 7467637 bytes

MD5: 77d3d39aaca10981883267435c41ed11

SHA1: fe78b63465142c8800faf299950a3103ed8a5397

SHA256: 354BB31660091CC513A159B9493E2E4428AB07AF0BADDB2EC04C1993A28D48C2

文件大小: 472.42 KB, 472416 bytes

MD5: d090052019751c65269f0e6ff75204f2

SHA1: 795ec0e06b348289044a915f97b3f20b1a7ab091

SHA256: E91D7ECC61134C76BCFE2738D81924E8EDE42A4DDA75D77F93DAE05F79D8E392

文件大小: 1.73 MB, 1734144 bytes

MD5: 570d57e6bd9f9c0019e32d887a2bc006

SHA1: 66b8d5fdc03f74b6afce8ba6c557e91b0105aae7

SHA256: 00BF97A0C81B19689E2C7239DA69083C86767D460FCEAFCE93076BF90912B73D

文件大小: 7.36 MB, 7363249 bytes

MD5: e05b3791e9d416974e4aa7275a05e4fb

SHA1: 7443774e7e84f461fa75e8dc67d9eb78f3294934

SHA256: 19F7DABBA0395AB890A3F6EFF80553B61404AD209B000C2972037B16C30689C1

文件大小: 3.74 MB, 3743722 bytes

MD5: 738798b7b863958cb38d7375330c8faa

SHA1: 5441dadd198b9b47aff758afa180055a6b6101d3

SHA256: 1CCBC25C61EBE20E6D5EF6B4FA79820D2AD947BCD18C39EA55D1191F2090D42E

文件大小: 2.22 MB, 2222878 bytes

MD5: df10202539240189f2f35fc7c1637ae1

SHA1: b6aa3e73894f5ac9afdd77305d3ab25ed6c68b29

SHA256: 747B2AF198AF3DFBE25EF7852AE676FC8FDA61CAB9E09AF114002D0D5856B5EC

文件大小: 3.56 MB, 3564374 bytes

MD5: e509a4a297b6f4dd52b1ae4d608a01b6

SHA1: ecd6a05526ca9c00d0076d8fe3679ffa157142ce

SHA256: 7BA3C6A5E054F6AEA6DD3696C65242355B9F10ADA292FE3799F54F25CB54EDB1

文件大小: 2.06 MB, 2055168 bytes

MD5: 076c4892a57dbe1dc3e04bd828dd2207

SHA1: df1160b820a34a603124377d2dad808b0b2dabd3

SHA256: B8B63C4BA5504FDEBDCD1A79AF053F854BAD9E6CC46739001DFDFAB3FADA185E

文件大小: 402.49 KB, 402490 bytes

MD5: c64994ecfe2a69e523ffe5acd72afdb9

SHA1: 39b5fcd881d0a9d52f0782be418ef92d7fc71f00

SHA256: 57AD06765A07116EFB435B5A8934AE8C9766BC642BA39CF12483D744E85EA453

文件大小: 7.10 MB, 7098257 bytes

MD5: fc1cbe4b183e43bd39fa3f9b6f4292ce

SHA1: 66022d348e7ec8f83e760567f36f502293489432

SHA256: 040448F3631EF9595D542D2C837155E44D93A253D694659ECCA5EA8936824119

文件大小: 3.10 MB, 3098733 bytes

MD5: de49d35200a7934e347cbadbabad0b47

SHA1: ed6d21a2b809290e8a5975024b7b701ee91abb1d

SHA256: 0F97EF8F6163B0C39AB5A5581B8D5667949E093D1BCFF555BB799CC9E2DDAC80

文件大小: 7.45 MB, 7450015 bytes

MD5: 45844b0c41d35e130d25705d95538f60

SHA1: 40f0da31ae4411eec2c65ddcb8499426322b7c20

SHA256: 7F462B6EC3FF8C76722521F58BD2A87CA04CA3B07D877503050F69F8BC42C8E7

文件大小: 7.89 MB, 7885699 bytes

MD5: 20fc1c8114735bfea355131d75cea7f0

SHA1: da6028fe71ebe182a08b6157932e615ae55b0498

SHA256: 6A1E0BC86B6C0ACB17E8D33502C98B2CA4064C0AABBAEAFE2636F7F191D84A45

文件大小: 5.42 MB, 5417472 bytes

MD5: 2267b1c096c18744b3750254db5d92e3

SHA1: c91d94f33ea9a449771c8b79631cfe378db4e356

SHA256: 7576FFC3349D7C88CF7CAFF636515D3A79274225515A41A57130988D916A4EE7

文件大小: 5.43 MB, 5433635 bytes

MD5: 7e0091686f97337c546a6f0103d1e16d

SHA1: 377040bdacf72e45645b43825ab4a4f13be8ea2e

SHA256: 5F13907D53BBF7E7405A06AB9998FF6585891A5F22EBC6C716794E83A6B0A7FC

文件大小: 8.23 MB, 8228864 bytes

MD5: b5657a088ea44deb6a19ad4dc1fe00c6

SHA1: 281a03c8b79554059191343b3f32618a67cfc37f

SHA256: 7A1C36FA418587BA34C828ABF39FE41E1F48BDD54CE4019FA3BA1D0538F85E05

文件大小: 8.99 MB, 8987648 bytes

MD5: 51c8860ccc7431d141e8420944273660

SHA1: 599b069c81a502aaeab14f72d97a6388293f986d

SHA256: BFEB475451BDC4863623F98D18AEBCCE9ACDD08E14D59A5EA57237F338A87ECE

文件大小: 1.46 MB, 1455990 bytes

MD5: 968959d4adcde6b00d4a66031126539b

SHA1: 9a85237642bc0af607f6072e1746aca2161748ed

SHA256: A9AECE9D9C709E1D937BA18FF61F7D17938043EE6CDFDAD3A58E390796380F2C

文件大小: 8.21 MB, 8207552 bytes

MD5: c2163217c01e1e0ea7bd58cf9c85600b

SHA1: 392caca3ed59ed5f3007cde725dfc6eab7be1979

SHA256: 8CC1BB26DC9BC76C8E6BFD0A2EF542854528726E66F76C44DD09A18D8B00019D

文件大小: 7.35 MB, 7346047 bytes

MD5: 9458032ca529c58f29a1d626246361eb

SHA1: 64d286856c7cf03f9130adbd84c8c59d7a602573

SHA256: 9D72390E2E05726FA7B839E4F4B6E6246BDA27E029F3B4D6C7C88A3C0A0DE3E9

文件大小: 3.63 MB, 3633751 bytes

MD5: 5f7d291896c82cc57b99101c17f53f32

SHA1: 3864cebab4006d2b932b2940ce2007330e1dc8f0

SHA256: 21932AB86F2B8163CFADE13775EDC274C14E8D693915E9C3CF0B738B085E4786

文件大小: 6.08 MB, 6082048 bytes

MD5: 06164429bdc6da4b191008e1d4b8d3c8

SHA1: 2c4cf2a2a6676e9ce3ef3d3d588f369b57e4fb8c

SHA256: 39B93A0D07AF9D78F8819B98ECCE0C7BA3282131ACBBA081C3CCE88B1D1DCB7D

文件大小: 9.29 MB, 9288192 bytes

MD5: 99796dd65db64198d1eea10683f6af2b

SHA1: a7e405294f142a8a36ba7ef0b5d81ca3bf5b3505

SHA256: 02376F2973D2D5FC84C5C601A5F23D8850BDA2692E996630875C17B54E5F8640

文件大小: 7.86 MB, 7863662 bytes

MD5: cedae208bd96d094ba1148b3a82b9801

SHA1: 8c744e4aebf9fd95aa9e57ae4221f64e91a42d9e

SHA256: 9D6B565170509FB8E2C2C7A4E04AD023244BD2E5F8377A9FE1A87862EE59D585

文件大小: 390.57 KB, 390568 bytes

MD5: 0e3a8f8bf474bc8f9cfc3d85a3d194cc

SHA1: 505b01df6d7280b2877b57edb74dc91451c3396c

SHA256: C9FB6BB33969559CE098362CF9940518CB92084DDCDD3C25990EFA3A71D9F202

文件大小: 476.01 KB, 476014 bytes

MD5: 341632222e0938edfd38135f14b22b16

SHA1: 2f784fcb01d0ddc3a4d6c055468e586c93535f7f

SHA256: D4D307F8FBBD25A27326A3E9C990DCB7B5635F774E6DD41C294A987C02404464

文件大小: 164.33 KB, 164328 bytes

MD5: deab5b2940fc362c6436fee6e9086b34

SHA1: 7ae99f8d7d06bfcc8fb48a337343cf3dbef59acd

SHA256: F43EC19D42D28F9BBAD3AF3907E9EE6170A8D9A34FC86AC35F762AC437B53F1D

文件大小: 3.72 MB, 3717851 bytes

MD5: 07b7a525f5cb1c81ff02f86d1456c71b

SHA1: 48954ea3e570500929765569b7c32b16fe7d339b

SHA256: 6FAB8E82B7E113672D96F95076F56D17FC211C385944E7B9002B9FF215621707

文件大小: 795.14 KB, 795136 bytes

MD5: 06238cff8882fe50dcd005da31cd7158

SHA1: 345f6e0652de589bb38657b3c35aba2134a6eaab

SHA256: 3D2B6C32C0CF67346796C6CE27465BACAA3AE7A6F37803A794969CFBA40F2E20

文件大小: 785.34 KB, 785339 bytes

MD5: 430db6f444970894df2c90b070c0e336

SHA1: b9dd12ef37cd5b195243880a940fc4e0595012c5

SHA256: D8B34E525B9A924D7E56C14DA9F52F426CC5C29FF7B0201670DB331795428A21

文件大小: 7.25 MB, 7253648 bytes

MD5: 08d919cfe29fc358886f25fc6bc1a478

SHA1: 022ea57944a1ed83263f45dc43fdc3c22b9e8d87

SHA256: AA45BF5E0496A437295849FCACEFDE44C68151CC47B332592DBA6AD7799B18B6

文件大小: 483.51 KB, 483508 bytes

MD5: d730a8adc941849db9a00e7b713895a7

SHA1: 1c11d1c4a191d9d4f9cb226d0752480139237fa0

SHA256: 1DB9251BF1DA60C0CDBD86F3A7AECA96A2B6C6EB16E0587BC68B233F4F4CA6F3

文件大小: 7.94 MB, 7943984 bytes

MD5: 6870b0d8f3a5aff3d38691134eb95565

SHA1: edb21cba84b0af708a66a8e1d387b298d54f3f4f

SHA256: 1BB66B8DAB8E5377AF87337B2E03A7624ED1B98BB485A349B0318BBFB3F95762

文件大小: 2.93 MB, 2929179 bytes

MD5: cadb79674cbe4b9cca4e311aec79db09

SHA1: 8d585e1f8e192415029fc3ce3fa79c4f41b078f0

SHA256: B184EC003C053B3EDB1D36F3913486ACFE51A44E2B88003C75F6D6D3F9E79492

文件大小: 1.11 MB, 1105920 bytes

MD5: f90dbe2570d430e553781b6d26b2aa2a

SHA1: 073d3b1edaabadd063cc6101b0be3163ff3fe964

SHA256: B7891E22EFB0CE4855D8A5E6FC5F0011F6D6D654DCEDEF704BF69B29EACA8B47

文件大小: 178.69 KB, 178688 bytes

MD5: 304b9ac6805ebe0767c4749fe6f2ea6a

SHA1: 06a6c111c3718f91d07a7b2ee69e93c6c0ccb3d4

SHA256: 79CD8186C3ABD8A83890CDA9839F6B09B5129C7B0D2E989212A1230613AD2253

文件大小: 40.45 KB, 40448 bytes

MD5: 128ec86b0cae6f70826dc79e157fea39

SHA1: 66749af3eed2f514d1a0f2e4ea90186de7e58ae3

SHA256: C4A21CDD604FA20B8130017548F77548A7E2C9F9072ABD8155B3589DC4174927

文件大小: 186.37 KB, 186368 bytes

MD5: 110a65a2ebc9cff9238dbabda3bca438

SHA1: fec7501901c49648c966c284f894ee52cc735d9a

SHA256: F28A6338605772547D584D3722C031A1D74DEEDEBA6242710D9E9D71BB4BA14E

文件大小: 80.38 KB, 80384 bytes

MD5: b684365bc0548fa7d72fb3d9102b138c

SHA1: 54c9a5be6b1eaccddb10b4ed75d39017388032df

SHA256: 57F180ACF1822BEE049DC470FCC08F8C4F8AC57CE3C22FE038B5E5F05BBE1ABC

文件大小: 3.83 MB, 3832975 bytes

MD5: c6a08bb285ad689179764c4112c301f6

SHA1: 03ef42583e3cf939a21d8890070cb83552e403a6

SHA256: 578FDA36205E5E16FFC0ABF08DA248DE1CFB99A93BFF781B9835C0CFAA3575B2

文件大小: 7.33 MB, 7332425 bytes

MD5: 74f90d5eea8eca82cb23459e4600847b

SHA1: 36a3db7669c15f229a3b4e55f6aa3ce848050678

SHA256: 06AC06595B66C1778AF3DF2C9EF775E5030B657FD9B7C053730028708DE9F4A8

文件大小: 1.84 MB, 1835008 bytes

MD5: 599e593cf68b55cfc0a34955575cc710

SHA1: 3eb95415d57746bbde7449a82832bbbadb670202

SHA256: 872389451AE1EFC9C8EDB406064A33E962D0693D059CB445787AD105E5653129

文件大小: 1.56 MB, 1558528 bytes

MD5: abd2e0451fff74cf5120cc29c5600a30

SHA1: a3721f2c95c5c8d689ef63ec7095f3cc580fc84d

SHA256: 28C78D3E8CF121EC14E2282916765FAADC1C5EDB02143C935B1BCE6BDAB6A5B7

文件大小: 472.83 KB, 472827 bytes

MD5: 051a51cf8cc7181f3c0fdfec05794ced

SHA1: 3a315aa995c0aac4fb8f540d595859e800183225

SHA256: BD81EAAFACF5958793192C1F92B59097EC6CEA9F7B44C254E2E446139F73FF48

文件大小: 325.06 KB, 325056 bytes

MD5: 47343bdd416d61185dbfc471ad4fc559

SHA1: 0941ed214fb8d85005a7cbdd52045734907b80db

SHA256: A15B3D39C2B1CAD92DC451CF85CAD6FA562B797D05EB70FCB33E3BE803B11F68

文件大小: 7.95 MB, 7945433 bytes

MD5: 21d1ff464254550807e2d7107e010498

SHA1: 23b75ed5f06334972f854d0083328ab7e323d681

SHA256: 65EE70E11167972180756E6DF667C9823A0274D86337E79E95C3F62EC29885CA

文件大小: 3.65 MB, 3646852 bytes

MD5: 390e9b73e6c062541ecabab6865af3bd

SHA1: 8296a5c31ecd1f876d8afd1ccc802689128b153e

SHA256: 44BE3BC568CC10B965529A1B33E28B7F300884217C008C14D446FA78EAD70A66

文件大小: 9.82 MB, 9818097 bytes

MD5: e1a0587d30acf446562e2bfbde5df169

SHA1: 8e3686f54a39480c7ed8b487b93e3322917f1f95

SHA256: C2E887691445C02F607CF81D65AF36572B309529861E5D9AD1BDEFB541D18710

文件大小: 2.68 MB, 2677248 bytes

MD5: 5037dedb87fb9677031baf772e90a217

SHA1: b99a8702c83c207c66ea6538b9440c11d4909730

SHA256: CF5D66A80ED8E94ECF4D0554417435BE65E76E430CB61B3395773D208AE56798

文件大小: 169.63 KB, 169632 bytes

MD5: 2f366d5ab29ea54f8da94819cab6e121

SHA1: e06978ef4b8a3896891d4d423d797f1c609e2b3f

SHA256: E883526C718E4B1462D5BCC33621555621BD00C5EF21C688754E50F83D023BB2

文件大小: 2.68 MB, 2677760 bytes

MD5: 1cf9775210bc2f88e7914134e86b7fec

SHA1: 649d7467a2ff8d1d1c3f5e7ab5d2f84463a39675

SHA256: 394DA89752DFB199E7547BE5989BBD796517D87E8EC78F2A97E4BC5D89F38CA4

文件大小: 3.53 MB, 3533954 bytes

MD5: a0f595c00c02b7d70c580224311642b9

SHA1: c149ac2babfc61544d79703521750034c279e79b

SHA256: 08925165CEEDA08FF54B54DDB9996E998E1088781DDE5DB1FACB711CC44F52AB

文件大小: 3.43 MB, 3433057 bytes

MD5: 5687882ffc3cc1224d8ad7c1bc3f92cb

SHA1: dc00c38fdbe0f9e71e8e21b0206b8f965a0c6ffa

SHA256: EE5CB13F37E1EC4B4A0A7B98946C0E7473F8F1F97801F1DE34434125DA1B08B8

文件大小: 4.54 MB, 4540617 bytes

MD5: 06f666395e41fb2b2c2fefcdda5882f3

SHA1: 53092dacc571068a57dda4e2ed9d1e7379617135

SHA256: 7208E1C1D73ADC0C87D4A422068F382D443396AB266833B31E610696F61EB194

文件大小: 3.82 MB, 3815005 bytes

MD5: ff1887d95886f7165735a1b220634456

SHA1: 652d9da28d67e2b7c199803cd74c52c1fdd25c67

SHA256: E9EA6E463FA44658F69EEC0AD98713AB8AC2714EA707A506C43D01942062E55D

文件大小: 9.39 MB, 9387656 bytes

MD5: 30134902004e24e6516ae838cfa66a47

SHA1: b158f9881d1974474ae7c428c3a9416b4150ca4e

SHA256: 7DF0C6A24B580DA0FA94C697C15F645A9487A7B7F08B36882A4B23236EB3D7CD

文件大小: 549.89 KB, 549888 bytes

MD5: 0b708fdc8655dce8a20f696126e84cb3

SHA1: f16f05c77b3e39052c10e9bec0e3f4ca65582c7b

SHA256: DF908A0005BC9A7A0B9B97E2ACFB31BE59C3360C6539F42DD2A52383021E7DCA

文件大小: 3.56 MB, 3561126 bytes

MD5: fa349b64a5fcc42a2debe751a6d9f2fb

SHA1: 9189bfc5a1a3a1949f603f48fc92c07f85934922

SHA256: 1CC3E9DA68C1E7AF1ECF494BF2E130BF6D1B6025391ADCB4F352286F99F945A8

文件大小: 460.29 KB, 460293 bytes

MD5: 00df387f6bcc2c6ff754f20abe127ea9

SHA1: 93a726f011905997d14c97ee4410b9bde07bd157

SHA256: 0484E9AE6C830BFAEC1247DEF49BDC237F1F2884BA2699F9F0586F76FB332628

文件大小: 8.93 MB, 8927888 bytes

MD5: de2dc60e1c07b9b722d890f4d9b4e842

SHA1: f44fbc538d3229650d7ed2231fefcefdcc455e27

SHA256: 97A9DC422F23E8CDADF3A098D515759A67BB7DA1AC6C2A9EDB8B035FCD71E952

文件大小: 4.72 MB, 4719699 bytes

299 additional samples are not displayed above.

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application

File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

602 additional icons are not displayed above.

Windows PE Version Information

姓名	价值
Assembly Version	10.0.27840.1000 7.0.0.2 7.0.0.1 5.4.2.0 3.6.0.0 3.5.0.0 2.4.0.33783 1.99.0.0 1.92.2.8615 1.86.2.7676 Show More 1.54.9114.11026 1.14.7086.17467 1.7.2.0 1.5.0.0 1.3.3.7 1.3.0.0 1.0.0.2 1.0.0.0 0.0.0.0
Build Date	2019/12/09
Builder	ahileeeeeess 00:08:54 02/05/2025 ahileeeeeess 00:19:10 02/07/2025 ahileeeeeess 00:42:09 19/05/2025 ahileeeeeess 06:39:12 19/07/2025 ahileeeeeess 13:24:34 22/06/2025 ahileeeeeess 13:41:14 10/07/2025 ahileeeeeess 14:01:46 10/07/2025 ahileeeeeess 15:19:06 07/08/2025 ahileeeeeess 15:55:30 15/04/2025 ahileeeeeess 17:17:19 08/07/2025 Show More ahileeeeeess 18:20:56 06/11/2025 ahileeeeeess 21:11:20 09/09/2025 ahileeeeeess 21:57:39 14/08/2025 ahileeeeeess 23:49:39 22/10/2025 Almany 12:54:42 19/06/2024
Comments	${Name} 1.1 30mySFfu辅助 A:1000$L:1031 A font management tool for CS:GO Application based on SMath Viewer Desktop. Automotive Diagnostics Software barograph smokable Blake3 Hasher Bringing mods from the scene to the masses! Chase (Sem Nome) Show More Compiled 2023Q4 Copyright of this software held by the publisher of this package. DashPanelServer is NOT official software of Codemasters™, Image Space Incorporated™, iRacing™, Simbin™, Slightly Mad Studios™ or Kunos Simulazioni™. The names pCars, Project Cars, Assetto Corsa, AC, iRacing, rFactor, rFactor 2, Game Stock car, RaceRoom Racing Experience, GTR2, Race07, RaceRoom The Game 2, and GTR Evolution are used for identification purposes only. All trademarks and registered trademarks are the property of their respective owners. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Freeware Game.con hacker-editor designed for beginners in order to help them learn duke 3d con programming easier. Gaming platform REST API service hIvhhxJHe8USPKoKfxMVjn8Pw IDM Repack Silent by ptk911 Immersive sound experience enhancement software L2兰色游 Licensed under the terms of the GNU General Public License MADARA Product Installer QuickShare Teletest Wavescan V2.4 Contact Eddyfi via www.teletestndt.com for further information This installation was built with Inno Setup. This installation was built with Inno Setup: http://www.innosetup.com This installation was built with InstallAware: http://www.installaware.com Version 3.67.1 WinASAR 文件管理工具 www.seacos.com Программа для накрутки поведенческих факторов сайта по принципу автоматизированного взаимного обмена посещениями из поиска Яндекс и Google с другими пользователями системы. 整合By→小鱼儿yr 龙头选手
Company Name	. 8to32.com Abelssoft Akaikt Software Alexey M. Blinov Andrey Ivashov (SMath) ArchiVid0201.org.ua AudioSync Dynamics Inc Buhl Data Service GmbH CBmeil Recovery Software Show More ChemTable Software CoolPDF Software, Inc. Cracking the code 4 fun! deacidifies infinitively succeeded DefendGate Inc. Devastator's production Digerati Editorial DIGITAL imaging s.a.s. - Nichelino - Torino - Italy DNA Pagamentos Dotch Dovetail Games Eddyfi UK Ltd. Essential Data Tools EZB Systems, Inc. FileZilla Project FineShare Inc. GameModding.com Game repack Generic Internet HANCOM SECURE Inc. hGems, Inc. Hocus Pocus Software Ltda Hong Kong Ke Mo software Co., Limited https://www.xyboot.com/ iMobie Inc. Infinitysoft Integem JFX Jlp Sistemas KaOs Krew Kaspersky KeyJ KOG Koprin Koszalin Letterhead Fonts Macromedia, Inc. MalwareBytes maximmax42 Microsoft Microsoft, Inc. Microsoft Corporation Miranda IM nbjfrog.com nbtfrog.com New Live Software, Inc. NitonLA Softwares NO LIMIT TECHNOLOGY (CYPRUS) LTD Ntreev Soft Co., Ltd. O&O Software GmbH ODINSOFT Pitter135 Software PlayTech Interactive P R C ptk911@2020 Puran Software Puran Software Pyrofrog Studios QuickShare Recovery TBD, Inc. ReefHence BambooHence SoftSetupLab RenOLink Roaming seacos SilverGaming Ltd Sonokinetic BV spynote.us SyCleaner.com, Inc. Synaptics Teamport Inc. The curl library, https://curl.se/ TourBox Tech Inc. UltFone Vestk Toolbox, Inc. Vidello Vubni Wargaming.net WebZen www.wuleba.com Xero Yadiu Ymir Entertainment ЗАО НВП Болид
Created	7z SFX Constructor v4.5.0.0 (http://usbtor.ru/viewtopic.php?t=798) 7z SFX Constructor v4.6.0.0 (http://usbtor.ru/viewtopic.php?t=798)
File Description	. 1 Setup 30mySFfu辅助 80 Setup Age of Origins All Media Fixer Setup Alternate File Browser Setup AnySign For PC AnyTrans AppTrans Show More Archive Convert Setup Archive Extract Setup Archive Password Recovery Setup ArchiVid.org.ua Asistenti i Instalimit të Windows Asistent inštalácie Windowsu Assistentd'instal·laciódelWindows ATA SMART Diagnostics Setup Auto Font Installer Avast Patch Setup AVI Codec Setup Backup Assistance Setup Backup Driver Setup Backup Master Setup BeFactor belka-dominika_zacieniowane.exe Blake3 Hasher BLE to MQTT Bridge BP Media Player Setup Browser Backup Setup Cabinet Self-Extractor Catwalk Countdown CBmeil Setup CDS Viewer Setup Chase (Sem Nome) CheckDrive 2025 Check Flash Tool Setup chop MFC Application CI Catalog Professional Setup Cleaner Spare Setup Clone App Parameters Setup CNC12 PLC Diagnostic Screen CombiDiskCleaner Setup Combiner Free Setup Concert Player Free Setup CreateStudio3 Crystal Bench Marks Setup CSGO Font Manager CSV Splitter Setup CTPA Dedupe Demo Setup CuidicheStàladhWindows CúntóirSuiteálaWindows DashPanelServer DataBase Recovery Setup Data Recovery Setup DBF Scan Setup Decryptor Disc Catalog Extension Setup Disk Analyzer Box Setup Disk Benchmark Tool Setup Disk Check Viever Setup Disk Director Table Setup Disk Partition Expert Setup Disk Scanner Console Setup Disk Scanner Setup Disk Wipe QT Library Setup Disk Wiper Plugin Setup Disk Write Copy Setup DJ Virtual Studio Setup DLL requisitos Setup DNA Pagamentos cliente TEF LITE Setup Download da Internet DownloaderApp DPRoller Setup Drive Backup Workstation Setup Drive Copy Plugin Setup Driver Browser Pro Setup DroidKit Easy CD Ripper Easy Recovery Free Tool Setup ebridge MFC Application Faktura-XP MSCOMCTL 2.2 + TLB Update Setup FAN_CONTRLO Fast Clean Tool Setup Fast Defrag Setup FHIsoftFR Recovery Setup FHSsoftFR FRec213 Setup File Navigator Setup FileProtection File Recovery Catalog Setup File Recovery Extension Setup File Recovery Manager Setup File Repair Module Setup File Repair QT Lib Setup File Search Box Setup FileZilla FTP Client FineCam Fine Reader Setup Flash Card Copy Setup Flash Reset Setup 188 additional items are not displayed above.
File Version	6000.1.16.6799091 2022.3.58.15564654 2021.3.40.7326391 2021.3.31.3410402 51.1052.0.0 25.01.00.8902 24.08.02.8277 21.20.8.505 16.0.28315.86 built by: D16.0 11.00.26100.1 (WinBuild.160101.0800) Show More 10.0.27840.1000 10.0.4.111 10.0.0.0 9.80.0.0 9.7.6.3860 9.0Gr432 8.8.5.1 8.8.4.3 7.79.1-DEV 7.0.0.2 7.0.0.1 6.36.5.2 6.8.19.3 6.0.242 5.37 5.9.3.0 5.7.3.0 5.4.2.1893 5.00 4.0.1.0 4.0 4, 0, 76, 0 3.67.1.0 3.6.0.0 3.5.1.1 3.5.0.0 3.1.0.0 3.1.0 3.00 2.5.4.55 2.4.0.33783 2.2.6.0 2.1.1.2 2.0.18 2,13,2366,320 1.99.0.0 1.92.2.8615 1.86.2.7676 1.54.9114.11026 1.20.2.1249 1.19.0.0 1.14.7086.17467 1.10 1.7.5.2, build 720, 11.01.2024 1.7.1.0 1.5.0.0 1.4.19041.5003 1.4.19041.2183 1.3.3.7 1.3.2.5 1.3.0 1.2.35 1.2.1.0 1.2.0.0 1.1.903.38 1.1.5.0 1.1.2.0 1.1.0.0 1.01 1.00.1591 1.00 1.0.40999.1 1.0.350 1.0.4.8 1.0.1.31 1.0.1.2 1.0.1.1 1.0.1.0 1.0.0.64 1.0.0.27 1.0.0.4 1.0.0.2 1.0.0.1 1.0.0.0 1.0.0.0 1.0.0 1.0 1, 0, 0, 1591 1, 0, 0, 4 1, 0, 0, 1 1 0.10.74.0 0.7.0 alpha build #36 0.4.45 0.1.1.5 0.0.0.0 0, 97, 2, 0 ${PRODUCT_VERSION}
Internal Name	${Name} . Age.of.Origins.exe AnySign4PC AnyTrans-Setup Baixaki.exe befactor.exe belka-dominika_zacieniowane.exe.tmp Blake3 Hasher.exe brain Show More bt_new CABSFX Catwalk Countdown chop CNC12PLCDiagnosticScreen.exe DashPanelServer.exe Decryptor.exe DH.exe DownloaderApp.exe ebridge eZKX.exe FAN_TOOL_V1.0.exe FileProtection.exe FileZilla 3 FONA Art. Plus Font Manager.exe GCHE11 grandchase.exe History Of Metin2 Inspector Gadget JazzHallow.exe Krata Mateusz.exe.tmp Launcher Launcher.exe LaunchRes libcurl MADARA.exe main Main.exe Metin2Client miranda32 MonkeModManager.exe MPlayer Nyan_decX paladins.exe Pangya Season 4 payload.exe PDFStub Pegasus Photon X Player Projector protchm Puran Shutdown Timer.exe Puran Utilities.exe Qeka.exe RAGEBYTE-TROUBLESHOOTING.exe ReefHence BambooHence RenOLink.exe Rodos SaladBootstrapper.exe Sango Setup setup.exe SmartMoto Stub.exe Systemss.exe TestScheduleGeneration.dll TJprojMain update.exe VideoDriver.exe VQP.exe Wextract Win WinASAR.exe WindowsInstallationAssistant.exe Windows Security Health Host Xero XWormClient.exe yama_kaldir.exe YC.exe
Legal Copyright	(C) 1987-2024 Hocus Pocus Software Ltda. (C) 2005 Martin J. Fiedler (c) 2005-2023 Unity Technologies. All rights reserved. (c) 2005-2024 Unity Technologies. All rights reserved. (c) 2005-2025 Unity Technologies. All rights reserved. (c) EZB Systems, Inc. (C) Malwarebytes. All rights reserved. (c) Puran Software. All rights reserved. (С) ЗАО НВП Болид 2016г 30mySFfu辅助 Show More Administrator All rights reserved Autoriõigus © Microsoft Corporation. Kõik õigused on reserveeritud. Autorska prava © Microsoft Corporation. Sva prava pridržana. Autorska prava © Microsoft Corporation. Sva prava zadržana. Autortiesības © Microsoft Corporation. Visas tiesības paturētas. Bản quyền © Microsoft Corporation. Bảo lưu mọi quyền. CoolPDF Software, Inc. Copyright (C) 1998 Copyright (C) 1999-2000 Y.Shirakawa Copyright (C) 2004 Copyright (C) 2006-2024 Copyright (C) 2010 Copyright (C) 2011 Copyright (C) 2012 Copyright (C) 2021 Copyright (C) 2023 Copyright (C) FineShare Inc. All rights reserved COPYRIGHT(C) HANCOM SECURE Inc. ALL RIGHTS RESERVED. Copyright (C) HFM2 Copyright (C) iMobie Inc. All rights reserved Copyright (c) Smart-Clip team,2004-2006 Copyright (C) TourBox Tech Inc. Copyright 2022 Copyright 2024 Copyright 2025 Copyright by Abelssoft Copyright c 1998 Copyright dotSetup.io Open Source Project Copyright ReefHence BambooHence SoftSetupProgram 1991-2003 Copyright © 1985-2002 Macromedia, Inc. Copyright © 1999 by Guillaume Di Giusto. All Rights Reserved. Copyright © 2000-2007 Miranda IM Project. This software is released under the terms of the GNU General Public License. Copyright © 2000-2017 Miranda IM Project. This software is licensed under the terms of the GNU General Public License. Copyright © 2001 Copyright © 2007-2021 UltFone Co.,Ltd. Copyright © 2009-2025 Wargaming.net copyright © 2016-2022 Copyright © 2017 Copyright © 2018 Eddyfi UK Ltd. Copyright © 2018-2025 maximmax42 Copyright © 2019 Copyright © 2019 Copyright © 2020 Copyright © 2021 Copyright © 2022 Copyright © 2023 Vidello Copyright © 2024 Copyright © 2024 Teamport Inc. Copyright © 2025 Copyright © 2025 Copyright © AudioSync Dynamics Inc 2016 All rights reserved. Copyright © ChemTable Software Copyright © FStudio 2024 Copyright © Masquerade 2022 Copyright © Microsoft 2022 Copyright © Microsoft Corporation. Alle rechten voorbehouden. Copyright © Microsoft Corporation. Alle Rechte vorbehalten. Copyright © Microsoft Corporation. Alle rettigheder forbeholdes. Copyright © Microsoft Corporation. All Rechter virbehalen. Copyright © Microsoft Corporation. All rights reserved. Copyright © Microsoft Corporation. Eskubide guztiak erreserbatuta. Copyright © Microsoft Corporation. Kaikki oikeudet pidätetään. Copyright © Microsoft Corporation. Med enerett. Copyright © Microsoft Corporation. Med ensamrätt. Copyright © Microsoft Corporation. Minden jog fenntartva. Copyright © Microsoft Corporation. Nakareserba ang lahat ng karapatan. Copyright © Microsoft Corporation. Sva prava zadržana. Copyright © Microsoft Corporation. Todos los derechos reservados. Copyright © Microsoft Corporation. Todos os direitos reservados. Copyright © Microsoft Corporation. Tots els drets reservats. Copyright © Microsoft Corporation. Tous droits réservés. Copyright © Microsoft Corporation. Tutti i diritti sono riservati. Copyright © Microsoft Corporation. Vse pravice pridržane. Copyright © Microsoft Corporation. Všechna práva vyhrazena. Copyright © Microsoft Corporation. Všetky práva vyhradené. Copyright © Microsoft Corporation. Wszelkie prawa zastrzeżone. Copyright © Microsoft Corporation. Сите права се задржани. Copyright © Microsoft Corporation. सर्वाधिकार सुरक्षित. Copyright © Microsoft Corporation. ಎಲ್ಲಾ ಹಕ್ಕುಗಳನ್ನು ಕಾಯ್ದಿರಿಸಲಾಗಿದೆ. Copyright © Microsoft Corporation. ყველა უფლება დაცულია. Copyright © Microsoft Corporation। ਸਾਰੇ ਹੱਕ ਰਾਖਵੇਂ ਹਨ। Copyright © Microsoft Corporation สงวนลิขสิทธิ์ Copyright © PlayTech Interactive 2025 Copyright © P R C 2023 Copyright © SMath 2019 Copyright © SMath 2024 Copyright © Microsoft Corporation. Todos os dereitos reservados. Copyright Â© Microsoft Corporation. Llapan derechonkuna waqaychasqa. Copyright ⓒ 2002 57 additional items are not displayed above.
Legal Trademarks	BeFactor Director® is a registered trademark and Shockwave(tm) is a trademark of Macromedia, Inc. FineShare Inc. All rights reserved GuysHence JuvenileHence SoftSetup iMobie Inc. All rights reserved KaOs Krew 2022 NO LIMIT TECHNOLOGY (CYPRUS) LTD PDF2EXE QuickShare Registered trademarks and service marks are the property of their respective owners Show More This product is licensed under GNU v3.0 TourBox Tech Inc.
License	https://curl.se/docs/copyright.html
Original Filename	Age.of.Origins.exe AnySign4PC.exe AnyTrans-Setup Baixaki.exe befactor.exe belka-dominika_zacieniowane.exe.tmp Blake3 Hasher.exe brain.exe bt_new.exe CABSFX Show More Catwalk Countdown chop.EXE CNC12PLCDiagnosticScreen.exe CS2.exe DashPanelServer.exe Decryptor.exe download.exe DownloaderApp.exe download_sem_lm.exe ebridge.EXE eZKX.exe FAN_TOOL_V1.0.exe FileProtection.exe filezilla.exe FONA Art. Plus.EXE Font Manager.exe GCHE11.exe grandchase.exe HFM2.exe hIvhhxJHe8USP ig.exe JazzHallow.exe Krata Mateusz.exe.tmp Launcher.exe LaunchRes.rc libcurl.dll MADARA.exe main.exe Main.exe Metin2Client.exe miranda32.exe MonkeModManager.exe MPlayer.dpr nldapp.exe Nyan_decX.exe P100.EXE paladins.exe Pangya.exe payload.exe PDFStub.exe Player.exe Projector.exe protchm.exe Puran Shutdown Timer.exe Puran Utilities.exe Qeka.exe RAGEBYTE-TROUBLESHOOTING.exe RenOLink.exe Rodos.exe SackHence.exe SaladBootstrapper.exe Sango.exe setup.exe Setup.exe SmartMoto.exe Stub.exe suf_launch.exe Systemss.exe TestScheduleGeneration.dll TJprojMain.exe update.exe VQP.exe WEXTRACT.EXE .MUI Win.exe WinASAR.exe WindowsInstallationAssistant.exe Windows Security Health Host WinNTSetup_x64.exe Xero.exe XWormClient.exe yama_kaldir.exe YC.exe
Product Name	. 1 30mySFfu辅助 2021-11-11 12:47:06 Age of Origins Alternate File Browser AnySign4PC AnyTrans AppTrans Archive Convert Show More Archive Extract Archive Password Recovery ArchiVid Around Asistent de instalare Windows Asistente para la instalación de Windows Asistent inštalácie Windowsu Assistant d’installation de Windows Assistente de Instalação do Windows Assistente per l'installazione di Windows Assistente de Instalação do Windows Asystent instalacji systemu Windows ATA SMART Diagnostics Avast Patch AVI Codec Backup Assistance Backup Driver Backup Master BeFactor Blake3 Hasher BLE Bridge BP Media Player Brain Train to Go! Browser Backup CABSFX Catwalk Countdown CDS Viewer Chase (Sem Nome) CheckDrive Check Flash Tool chop Application Cleaner Spare Clone App Parameters CNC12 PLC Diagnostic Screen CombiDiskCleaner Combiner Free Concert Player Free CreateStudio3 Crystal Bench Marks CSGO Font Manager CSV Splitter CTPA Dedupe Demo CustomRP DashPanelServer DataBase Recovery DBF Scan Decryptor DH Director MX Disc Catalog Extension Disk Analyzer Box Disk Benchmark Tool Disk Check Viever Disk Director Table Disk Partition Expert Disk Scanner Disk Scanner Console Disk Wipe QT Library Disk Wiper Plugin Disk Write Copy DJ Virtual Studio DLL requisitos DNA Pagamentos cliente TEF LITE DownloaderApp DPRoller Drive Backup Workstation Drive Copy Plugin Driver Browser Pro DroidKit Easy CD Ripper Easy Recovery Free Tool ebridge Application Faktura-XP MSCOMCTL 2.2 + TLB Update FAN_CONTRLO Fast Clean Tool Fast Defrag FHIsoftFR Recovery FHSsoftFR FRec213 File Navigator FileProtection File Recovery Catalog File Recovery Extension File Recovery Manager File Repair Module File Repair QT Lib File Search Box FileZilla FineCam Fine Reader Flash Card Copy 183 additional items are not displayed above.
Product Version	6000.1.16f1 (67bef3276ff1) 2022.3.58f1 (ed7f6eacb62e) 2021.3.40f1 (6fcab7dbbbc1) 2021.3.31f1 (3409e2af086f) 25.01.00.8902 24.3.8975.0 24.08.02.8277 21.20.8.505 16.0.28315.86 11.00.26100.1 Show More 10.4.17 10.0D 10.0.27840.1000 9.80 9.7.6.3860 9.0G 8.8.5.1 8.8.4.3 7.79.1-DEV 7.0.0.2 7.0.0.1 6.36.5.2 6.8 6.0.242 5.37 5.4.2.1893 5.2 5.1 5.00 4.1.2.3 4.0.1.0 4, 0, 76, 0 3.67.1.0 3.6.0.0 3.5.0.0 3.1.0.0 3.1.0 3.00 3.0 3,7,4487,555 2.9367.7.5247 2.5.4.55 2.4.0.33783 2.2.0.4 2.1.1.2 2.0.18 2.0 2, 0, 0, 3 1.99.0.0 1.92.2.8615 1.86.2.7676 1.54.9114.11026 1.20.2 1.18.6 1.14.7086.17467 1.10 1.7.5.2, build 720, 11.01.2024 1.7.1.0 1.5.0.0 1.5 1.5 1.4.19041.5003 1.4.19041.2183 1.3.3.7 1.3.2.5 1.3.0 1.2.35 1.2.1.4 1.2.1.0 1.2.0.0 1.1.2.0 1.1.0.0 1.1 1.1 1.01 1.00.1591 1.00 1.0.350 1.0.4.8 1.0.1.31 1.0.1.2 1.0.1.1 1.0.1.0 1.0.0.64 1.0.0.27 1.0.0.2 1.0.0.1 1.0.0.0 1.0.0.0 1.0.0 1.0 1.0 1, 0, 0, 1591 1, 0, 0, 1 1 0.10.74.0 0.7.0 alpha build #36 0.4.45 0.0.0.0 ${PRODUCT_VERSION}
Web	http://www.gdgsoft.com
Website	https://nolimitdronez.com; https://flysafe-unlock.com

Digital Signatures

Signer	Root	Status
1C-Buhgalteriya	1C-Buhgalteriya	Hash Mismatch
AUTO-M3 Kft.	AUTO-M3 Kft.	Self Signed
iMobie Inc.	COMODO RSA Extended Validation Code Signing CA	Self Signed
Open Source Developer, Midia Technologies	Certum CA	Root Not Trusted
Crimson-Pond	Crimson-Pond	Self Signed

Hancom Secure Inc.	DigiCert EV Code Signing CA (SHA2)	Hash Mismatch
Doctor Web Ltd.	DigiCert SHA2 Assured ID Code Signing CA	Hash Mismatch
Spotify AB	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Tenorshare Co., Ltd.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
FineShare Co., Ltd.	DigiCert Trusted Root G4	Root Not Trusted
Notepad++	DigiCert Trusted Root G4	Hash Mismatch
Tenorshare Co., Ltd.	DigiCert Trusted Root G4	Root Not Trusted
Free	Free	Self Signed
IP Blinov Alexey Mikhailovich	GlobalSign	Root Not Trusted
iMobie Inc.	GlobalSign GCC R45 EV CodeSigning CA 2020	Self Signed
HONG KONG KE MO SOFTWARE CO., LIMITED	HONG KONG KE MO SOFTWARE CO., LIMITED	Self Signed
MADARA	MADARA	Self Signed
No Zebra Network SA	SSL.com Code Signing Enterprise Intermediate CA RSA R1	Hash Mismatch
NO ZEBRA NETWORK SA	SSL.com Root Certification Authority RSA	Hash Mismatch
NCSOFT Corporation	Sectigo Public Code Signing Root R46	Hash Mismatch
NO LIMIT TECHNOLOGY (CYPRUS) LTD	Sectigo Public Code Signing Root R46	Root Not Trusted
Teamport Inc.	Sectigo Public Code Signing Root R46	Root Not Trusted
ShadowWhisperer	ShadowWhisperer	Self Signed
Vidello Limited	Vidello Limited	Self Signed
Zilla Company	Zilla Company	Self Signed
qeFKxTXoIAGpcYrJB5QDFm2ctYr97cEkTx0X3WQicz3UJWAqtlbiWZZKRKoK	qeFKxTXoIAGpcYrJB5QDFm2ctYr97cEkTx0X3WQicz3UJWAqtlbiWZZKRKoK	Self Signed
BOLID ZAO NVP	thawte Primary Root CA	Root Not Trusted

File Traits

.adata
.NET
.UPX
.vmp0
00 section
2+ executable sections
7-zip (In Overlay)
7-zip Installer
7zSFX
adata with ImpREC

Autoit
Badsig nsis
big overlay
CAB SFX
Confuser
CreateThread
CryptUnprotectData
dll
fptable
GetConsoleWindow
HighEntropy
imgui
Inno
InnoSetup Installer
Installer Manifest
Installer Version
MZ (In Overlay)
NewLateBinding
nosig nsis
No Version Info
ntdll
Nullsoft Installer
packed
Py-installer
RAR (In Overlay)
RARinO
RijndaelManaged
Run
SUF
SusSec
themida
themida section variant
upx
UPX!
vb6
VirtualAllocExNuma
VirtualQueryEx
vmp with ShellExecuteA, no signature
vmp with VirtualProtect, no signature
Wextract
WinRAR SFX
WinZip SFX
WRARSFX
WriteProcessMemory
x64
x86
ZIP (In Overlay)
ZIPinO
zlib (In Overlay)
zlib overlay
ZwQueryInformationProcess

Block Information

Similar Families

AdGazelle.A
AdjProg.A
Agent.AITA
Agent.AIZA
Agent.DSFA

Agent.DSFB
Agent.DSFC
Agent.FDJ
Agent.FRE
Agent.GDFK
Agent.IOG
Agent.KTDA
Agent.LA
Agent.TJR
Agent.XDE
Agent.ZFX
Autoit
Autorun.X
Babar.AE
BadJoke.FH
BadJoke.XA
Banker.E
Banker.FD
Banker.TH
Bestafera.A
BitWall.A
BypassUAC.FB
Chapak.HBX
ClipBanker.J
CobaltStrike.GI
CobaltStrike.GIA
CobaltStrike.SW
Delf.DA
Delf.Q
DialupPass.A
Dinwod.E
DotSetupIo.A
Downloader.AA
Downloader.Agent.BXE
Downloader.Agent.TJ
Downloader.FSB
Dropper.Delf.CD
FSG.Gen
Farfli.DC
GameHack.SD
Gamehack.GDCD
Gamehack.SGA
HWIDChanger.B
Injector.DFF
Injector.GDSA
Injector.GSD
Injector.KZP
Injector.OD
Injector.XN
Kryptik.JSB
Kryptik.REC
Kryptik.VCKBF
MSIL.Agent.NBA
MSIL.ClipBanker.APE
MSIL.DiscordStealer.PI
MSIL.DllInject.KBB
MSIL.DllInject.KBC
MSIL.Dnoper.E
MSIL.Dropper.JFA
MSIL.Gametool.HA
MSIL.Krypt.XX
MSILZilla.TC
Magania.L
Mobogenie
PC Accelerator.H
Philadelphia.A
Philadelphia.B
Rozena.H
SearchSuite.C
ShellCode.AN
Shellcode.AWF
ShellcodeRunner.DK
Tasker.E
Tasker.EA
Tedy.K
Tongbuxing.A
ValleyRAT.A
Xtreme.B
Zusy.CA

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pshost.134031941067220042.1664.defaultappdomain.powershell	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\common files\swf studio\filesys.dll	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\bass.dll	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\bass_aac.dll	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\bass_ac3.dll	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\bass_ape.dll	Synchronize,Write Data

c:\program files (x86)\ctpa dedupe demo\bass_mpc.dll	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\bass_tta.dll	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\bassalac.dll	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\bassflac.dll	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\bassmix.dll	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\basswma.dll	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\basswv.dll	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\ctpadedupe.exe	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\help.chm	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\is-34nl8.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-3eran.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-3kurc.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-3pkeh.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-5uecf.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-6o347.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-94mid.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-9ctrd.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-a55tt.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-dj4gp.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-fp31h.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-h9v76.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-hsdfm.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-ijkgv.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-ilh50.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-k3572.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-ktvri.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-m7jna.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-mb7et.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-n93bt.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-o02eo.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-okuqq.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-panmj.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-pkeul.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-ru93n.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-tips9.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\is-vdn1q.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\mediainfo.dll	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\mediainfo64.dll	Synchronize,Write Data
c:\program files (x86)\ctpa dedupe demo\unins000.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ctpa dedupe demo\unins000.exe	Synchronize,Write Data
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000	Generic Write,Read Attributes
c:\soft\slowchess blitz wv2.1\kpk.sbb	Generic Write,Read Attributes
c:\soft\slowchess blitz wv2.1\kpk.sbb	Synchronize,Write Attributes
c:\soft\slowchess blitz wv2.1\kpkp.sbb	Generic Write,Read Attributes
c:\soft\slowchess blitz wv2.1\kpkp.sbb	Synchronize,Write Attributes
c:\soft\slowchess blitz wv2.1\kpkq.sbb	Generic Write,Read Attributes
c:\soft\slowchess blitz wv2.1\kpkq.sbb	Synchronize,Write Attributes
c:\soft\slowchess blitz wv2.1\kpkr.sbb	Generic Write,Read Attributes
c:\soft\slowchess blitz wv2.1\kpkr.sbb	Synchronize,Write Attributes
c:\soft\slowchess blitz wv2.1\kppk.sbb	Generic Write,Read Attributes
c:\soft\slowchess blitz wv2.1\kppk.sbb	Synchronize,Write Attributes
c:\soft\slowchess blitz wv2.1\kppkp.sbb	Generic Write,Read Attributes
c:\soft\slowchess blitz wv2.1\kppkp.sbb	Synchronize,Write Attributes
c:\soft\slowchess blitz wv2.1\pawnrace.sbb	Generic Write,Read Attributes
c:\soft\slowchess blitz wv2.1\pawnrace.sbb	Synchronize,Write Attributes
c:\soft\slowchess blitz wv2.1\slowchess blitz wv2.1.bmp	Generic Write,Read Attributes
c:\soft\slowchess blitz wv2.1\slowchess blitz wv2.1.bmp	Synchronize,Write Attributes
c:\soft\slowchess blitz wv2.1\testbook.scb	Generic Write,Read Attributes
c:\soft\slowchess blitz wv2.1\testbook.scb	Synchronize,Write Attributes
c:\users\user\.obs32\{49e7ef38-ad051c46-8787447a-8a692b52}.9747050377070265929	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\alexey_m._blinov\b99a8702c83c207c66ea6538b_url_d2ldzlmvbuijr5oabb3drrrkfkgp5xax\7.0.0.1\o0lvtwin.newcfg	Generic Write,Read Attributes
c:\users\user\appdata\local\alexey_m._blinov\b99a8702c83c207c66ea6538b_url_d2ldzlmvbuijr5oabb3drrrkfkgp5xax\7.0.0.1\o0lvtwin.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\alexey_m._blinov\b99a8702c83c207c66ea6538b_url_d2ldzlmvbuijr5oabb3drrrkfkgp5xax\7.0.0.1\user.config	Synchronize,Write Data
c:\users\user\appdata\local\database recovery 1.0.5.29\dbrecovery29.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\database recovery 1.0.5.29\dbrecovery29.exe	Synchronize,Write Data
c:\users\user\appdata\local\database recovery 1.0.5.29\icuin51.dll	Synchronize,Write Data
c:\users\user\appdata\local\database recovery 1.0.5.29\icuuc51.dll	Synchronize,Write Data
c:\users\user\appdata\local\database recovery 1.0.5.29\is-ej74u.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\database recovery 1.0.5.29\is-l9duv.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\database recovery 1.0.5.29\is-m39qb.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\database recovery 1.0.5.29\is-m6676.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\database recovery 1.0.5.29\is-nsae2.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\database recovery 1.0.5.29\is-p4843.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\database recovery 1.0.5.29\is-peknf.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\database recovery 1.0.5.29\is-rlc4j.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\database recovery 1.0.5.29\is-uip1n.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\database recovery 1.0.5.29\is-v2cfe.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\database recovery 1.0.5.29\libegl.dll	Synchronize,Write Data
c:\users\user\appdata\local\database recovery 1.0.5.29\libglesv2.dll	Synchronize,Write Data
c:\users\user\appdata\local\database recovery 1.0.5.29\msvcp100.dll	Synchronize,Write Data
c:\users\user\appdata\local\database recovery 1.0.5.29\msvcr100.dll	Synchronize,Write Data
c:\users\user\appdata\local\database recovery 1.0.5.29\qt5concurrent.dll	Synchronize,Write Data
c:\users\user\appdata\local\database recovery 1.0.5.29\qt5printsupport.dll	Synchronize,Write Data
c:\users\user\appdata\local\database recovery 1.0.5.29\sqlite3.dll	Synchronize,Write Data
c:\users\user\appdata\local\database recovery 1.0.5.29\uninstall\is-6onkt.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\database recovery 1.0.5.29\uninstall\unins000.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\database recovery 1.0.5.29\uninstall\unins000.exe	Synchronize,Write Data
c:\users\user\appdata\local\dbf scan 1.6.5.786\dbfscan.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\dbf scan 1.6.5.786\dbfscan.exe	Synchronize,Write Data
c:\users\user\appdata\local\dbf scan 1.6.5.786\icuin51.dll	Synchronize,Write Data
c:\users\user\appdata\local\dbf scan 1.6.5.786\icuuc51.dll	Synchronize,Write Data
c:\users\user\appdata\local\dbf scan 1.6.5.786\is-0776u.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\dbf scan 1.6.5.786\is-1culo.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\dbf scan 1.6.5.786\is-3sarv.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\dbf scan 1.6.5.786\is-40okr.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\dbf scan 1.6.5.786\is-6nial.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\dbf scan 1.6.5.786\is-8ff2g.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\dbf scan 1.6.5.786\is-c6le6.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\dbf scan 1.6.5.786\is-jl6od.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\dbf scan 1.6.5.786\is-mf765.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\dbf scan 1.6.5.786\is-oteu9.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\dbf scan 1.6.5.786\is-t6s61.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\dbf scan 1.6.5.786\is-tkl3r.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\dbf scan 1.6.5.786\libegl.dll	Synchronize,Write Data
c:\users\user\appdata\local\dbf scan 1.6.5.786\libglesv2.dll	Synchronize,Write Data
c:\users\user\appdata\local\dbf scan 1.6.5.786\msvcp100.dll	Synchronize,Write Data
c:\users\user\appdata\local\dbf scan 1.6.5.786\msvcr100.dll	Synchronize,Write Data
c:\users\user\appdata\local\dbf scan 1.6.5.786\qt5concurrent.dll	Synchronize,Write Data
c:\users\user\appdata\local\dbf scan 1.6.5.786\qt5core.dll	Synchronize,Write Data
c:\users\user\appdata\local\dbf scan 1.6.5.786\qt5gui.dll	Synchronize,Write Data
c:\users\user\appdata\local\dbf scan 1.6.5.786\qt5printsupport.dll	Synchronize,Write Data
c:\users\user\appdata\local\dbf scan 1.6.5.786\sqlite3.dll	Synchronize,Write Data
c:\users\user\appdata\local\dbf scan 1.6.5.786\uninstall\is-n3opv.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\dbf scan 1.6.5.786\uninstall\unins000.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\dbf scan 1.6.5.786\uninstall\unins000.exe	Synchronize,Write Data
c:\users\user\appdata\local\folder time update 5.0.1.72\foldertimeupdate.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\folder time update 5.0.1.72\foldertimeupdate.exe	Synchronize,Write Data
c:\users\user\appdata\local\folder time update 5.0.1.72\icuin51.dll	Synchronize,Write Data
c:\users\user\appdata\local\folder time update 5.0.1.72\icuuc51.dll	Synchronize,Write Data
c:\users\user\appdata\local\folder time update 5.0.1.72\is-18e8q.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\folder time update 5.0.1.72\is-1gm93.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\folder time update 5.0.1.72\is-2446j.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\folder time update 5.0.1.72\is-348g4.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\folder time update 5.0.1.72\is-cjksu.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\folder time update 5.0.1.72\is-d6sli.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\folder time update 5.0.1.72\is-fe1hu.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\folder time update 5.0.1.72\is-hcfa6.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\folder time update 5.0.1.72\is-n74b6.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\folder time update 5.0.1.72\is-nkpn5.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\folder time update 5.0.1.72\libegl.dll	Synchronize,Write Data
c:\users\user\appdata\local\folder time update 5.0.1.72\libglesv2.dll	Synchronize,Write Data
c:\users\user\appdata\local\folder time update 5.0.1.72\msvcp100.dll	Synchronize,Write Data
c:\users\user\appdata\local\folder time update 5.0.1.72\msvcr100.dll	Synchronize,Write Data
c:\users\user\appdata\local\folder time update 5.0.1.72\qt5concurrent.dll	Synchronize,Write Data
c:\users\user\appdata\local\folder time update 5.0.1.72\qt5printsupport.dll	Synchronize,Write Data
c:\users\user\appdata\local\folder time update 5.0.1.72\sqlite3.dll	Synchronize,Write Data
c:\users\user\appdata\local\folder time update 5.0.1.72\uninstall\is-i3p3m.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\folder time update 5.0.1.72\uninstall\unins000.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\folder time update 5.0.1.72\uninstall\unins000.exe	Synchronize,Write Data
c:\users\user\appdata\local\multi file organizer 5.1\icuin51.dll	Synchronize,Write Data
c:\users\user\appdata\local\multi file organizer 5.1\icuuc51.dll	Synchronize,Write Data
c:\users\user\appdata\local\multi file organizer 5.1\is-2j6i6.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\multi file organizer 5.1\is-30697.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\multi file organizer 5.1\is-3mqag.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\multi file organizer 5.1\is-75d5c.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\multi file organizer 5.1\is-9bpi8.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\multi file organizer 5.1\is-ev4gd.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\multi file organizer 5.1\is-k2alt.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\multi file organizer 5.1\is-q1gm9.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\multi file organizer 5.1\is-qbub8.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\multi file organizer 5.1\is-ums8e.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\multi file organizer 5.1\libegl.dll	Synchronize,Write Data
c:\users\user\appdata\local\multi file organizer 5.1\libglesv2.dll	Synchronize,Write Data
c:\users\user\appdata\local\multi file organizer 5.1\msvcp100.dll	Synchronize,Write Data
c:\users\user\appdata\local\multi file organizer 5.1\msvcr100.dll	Synchronize,Write Data
c:\users\user\appdata\local\multi file organizer 5.1\multifileorganizer51.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\multi file organizer 5.1\multifileorganizer51.exe	Synchronize,Write Data
c:\users\user\appdata\local\multi file organizer 5.1\qt5concurrent.dll	Synchronize,Write Data
c:\users\user\appdata\local\multi file organizer 5.1\qt5printsupport.dll	Synchronize,Write Data
c:\users\user\appdata\local\multi file organizer 5.1\sqlite3.dll	Synchronize,Write Data
c:\users\user\appdata\local\multi file organizer 5.1\uninstall\is-nn8cd.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\multi file organizer 5.1\uninstall\unins000.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\multi file organizer 5.1\uninstall\unins000.exe	Synchronize,Write Data
c:\users\user\appdata\local\pyrofrog_studios\59069b77f6b6424e10c9d04e1_url_t5nvbmlgab3avrgp1pkxpcz3fimeltsh\3.5.0.0\t0tructg.newcfg	Generic Write,Read Attributes
c:\users\user\appdata\local\pyrofrog_studios\59069b77f6b6424e10c9d04e1_url_t5nvbmlgab3avrgp1pkxpcz3fimeltsh\3.5.0.0\t0tructg.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\pyrofrog_studios\59069b77f6b6424e10c9d04e1_url_t5nvbmlgab3avrgp1pkxpcz3fimeltsh\3.5.0.0\user.config	Synchronize,Write Data
c:\users\user\appdata\local\pyrofrog_studios\59069b77f6b6424e10c9d04e1_url_t5nvbmlgab3avrgp1pkxpcz3fimeltsh\3.5.0.0\user.config.bak	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\020613_f.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\0904dfe8-0369-4a91-bdfe-c0c94e622d50.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\174546.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\1745f3.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\1746af.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\17479b.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\180713_f.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1ntef9\block.sdf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\1ntef9\ccbd90fff078f5baea8996c3bd83165aa0e15b95_0000341630.ico	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\1ntef9\filesys.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1ntef9\filesys.dll$	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\1ntef9\inflate.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\1ntef9\launch.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1ntef9\launch.exe$	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\1ntef9\register.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1ntef9\register.exe$	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\1ntef9\start.swf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\1ntef9\start.swf	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1ntef9\start.swf$	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\3herosoft setup log.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\__psscriptpolicytest_1y42txtk.gsd.psm1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_3i5wacu1.uyr.psm1	Generic Write,Read Attributes

9762 additional files are not displayed above.

Registry Modifications

Key::Value	数据	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	<상Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cfwicwxr\AppData\Local\Temp\~nsuA.tmp\Un_A.exe	RegNtPreCreateKey

HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cfwicwxr\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Cfwicwxr\AppData\Local\Temp\~nsuA.tmp	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	빼俀Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cfwicwxr\AppData\Local\Temp\nsk7A3C.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	蕟Ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	脂ﰁǛ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKU\.DEFAULT\software\microsoft\windows\currentversion\themes\personalize::appsuselighttheme		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㮯㩎Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	髕㩐Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::qnihir.exe	C:\Users\Jojoblbs\AppData\Local\Temp\GEIHIMNOYLP\QNIHIR.exe	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	å⴬Ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	ȁx龡^紘Ç獖}좟Ê	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75	兿ĸ鈉øꌉĶꄍ阎Ľ鬎ʂԏÞ䈑Âø밓Ɣ똕ĥ츕ë䈛x䤝Ē猟ɢ䀣ʲ갤Ç숤ʨ春ʐ븥ė椧ĒꄨěสĹ뜪Ģ윪Þ㴬䠱Oⰵɝ혺ɲ츻Ĵ噀ñ끀Ī덂®䡆¶賂¦홌ʅ቎ĤÁꝒª穔R띔Ü录Ī፡Ĥ陣w걣ʛづŔ퍥h坧ʡ㹭ŃŁ詰ʜ䁱£㱲湲Jꍵ~ꭵĊ뱶ġ᝹ʁ鱹9	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\folder time update_is1::inno setup: setup version	5.5.1 (a)	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\folder time update_is1::inno setup: app path	C:\Users\Slwmnhjx\AppData\Local\Folder Time Update 5.0.1.72	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\folder time update_is1::installlocation	C:\Users\Slwmnhjx\AppData\Local\Folder Time Update 5.0.1.72\	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\folder time update_is1::inno setup: icon group	(Default)	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\folder time update_is1::inno setup: user	Slwmnhjx	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\folder time update_is1::inno setup: language	English	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\folder time update_is1::displayname	Folder Time Update 5.0.1.72	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\folder time update_is1::uninstallstring	"C:\Users\Slwmnhjx\AppData\Local\Folder Time Update 5.0.1.72\uninstall\unins000.exe"	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\folder time update_is1::quietuninstallstring	"C:\Users\Slwmnhjx\AppData\Local\Folder Time Update 5.0.1.72\uninstall\unins000.exe" /SILENT	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\folder time update_is1::nomodify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\folder time update_is1::norepair		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\folder time update_is1::installdate	%	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\folder time update_is1::estimatedsize	⡈	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	沪돴Ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㥬ᓁǛ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Apcmynlf\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Apcmynlf\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Apcmynlf\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	艉ᱷ羅Ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	⑞璉Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	⑞璉Ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ꍯ豥兀Ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\database recovery_is1::inno setup: setup version	5.5.7 (a)	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\database recovery_is1::inno setup: app path	C:\Users\Kxcxxypb\AppData\Local\DataBase Recovery 1.0.5.29	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\database recovery_is1::installlocation	C:\Users\Kxcxxypb\AppData\Local\DataBase Recovery 1.0.5.29\	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\database recovery_is1::inno setup: icon group	(Default)	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\database recovery_is1::inno setup: user	Kxcxxypb	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\database recovery_is1::inno setup: language	English	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\database recovery_is1::displayname	DataBase Recovery 1.0.5.29	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\database recovery_is1::uninstallstring	"C:\Users\Kxcxxypb\AppData\Local\DataBase Recovery 1.0.5.29\uninstall\unins000.exe"	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\database recovery_is1::quietuninstallstring	"C:\Users\Kxcxxypb\AppData\Local\DataBase Recovery 1.0.5.29\uninstall\unins000.exe" /SILENT	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\database recovery_is1::nomodify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\database recovery_is1::norepair		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\database recovery_is1::installdate	%!	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\database recovery_is1::estimatedsize	⸺	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes	(NULL)	RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKCU\software\macromedia\shockwave 8\uicontrol\sw3dbaddriverlist1::	2ksavage/ix!^5.12.01.7012$79x=stbnvidiatnt16mb!=4.10.01.9131$o2k=diamondstealthiiis530!=5.12.01.8007-8.30.24$72k=m!=5.00.2180.	RegNtPreCreateKey
HKCU\software\macromedia\shockwave 8\uicontrol\sw3dbaddriverlist2::	9xg200!^4.11.01.2519$o9x*g200!=4.12.01.2730$o9x=glintr3.!^4.12.01.2107-0829R$omc=.display_rage128!1.0.1f14/opengl1.1.2$59x=mag	RegNtPreCreateKey
HKCU\software\oray\sunlogin\sunloginclient::9.1.0.53088_isfisrstrunseted	1	RegNtPreCreateKey
HKCU\software\oray\sunlogin\sunloginclient::9.1.0.53088_isrunseted	1	RegNtPreCreateKey
HKCU\software\headlight\getrighttogo\customizedapps::		RegNtPreCreateKey
HKCU\software\headlight\getrighttogo\sharedconfig::busypause		RegNtPreCreateKey
HKCU\software\headlight\getrighttogo\sharedconfig::filecache		RegNtPreCreateKey
HKCU\software\headlight\getrighttogo\sharedconfig::filecachekb	d	RegNtPreCreateKey
HKCU\software\headlight\getrighttogo\sharedconfig::rollback		RegNtPreCreateKey
HKCU\software\headlight\getrighttogo\sharedconfig::dotgetright		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Ctubcqkc\AppData\Local\Temp\~nsuA.tmp\Un_A.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Ctubcqkc\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Ctubcqkc\AppData\Local\Temp\~nsuA.tmp	RegNtPreCreateKey
HKCU\.jcspro::		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Ctubcqkc\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Ctubcqkc\AppData\Local\Temp\~nsuA.tmp\??\C:\Users\Ct	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	뜃஄ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꌕ㡱຅ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\local settings\muicache\17\52c64b7e::@c:\windows\system32\wshext.dll,-4511	Open &with Command Prompt	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applicationassociationtoasts::vbsfile_.vbs		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.friendlyappname	Microsoft ® Windows Based Script Host	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.applicationcompany	Microsoft Corporation	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䲛འǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	䲛འǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\winrar sfx::c%%users%iteusyifc:\users\user\appdata\roaminglocalc:\users\user\appdata\local\temp	C:\Users\Iteusyif\AppData\Local\Temp\	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ᙬᗔǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	䯞ᗔǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	뿫ᗔǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㐷ᗔǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ॵᗔǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	樄ᗔǜ	RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\8094640eb5a7a1ca119c1fddd59f810263a7fbd1::blob		RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4efc31460c619ecae59c1bce2c008036d94c84b8::blob		RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4efc31460c619ecae59c1bce2c008036d94c84b8::blob		RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\8094640eb5a7a1ca119c1fddd59f810263a7fbd1::blob		RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\d69b561148f01c77c54578c10926df5b856976ad::blob		RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\d69b561148f01c77c54578c10926df5b856976ad::blob		RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\8094640eb5a7a1ca119c1fddd59f810263a7fbd1::blob		RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\8094640eb5a7a1ca119c1fddd59f810263a7fbd1::blob		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	雊뮿ᛲǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::consentpromptbehavioradmin		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::promptonsecuredesktop		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	獃谷ᦲǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	忽☚ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	滩럦♟ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75	墪ĸ⬉ʾ鈉øꌉĶꄍ阎Ľ鬎ʂ먎ÍԏÞ阐䈑Âø밓Ɣ똕ĥ츕ë䈛x䤝Ē猟ɢ䀣ʲ茣ǧ찣ŏ갤Ç숤ʨ春ʐ븥ė椧ĒꄨěสĹ뜪Ģ윪Þ㴬倰ĥ䠱Oⰵɝ혺ɲ츻Ĵ噀ñ끀Ī덂®䡆¶賂¦홌ʅ቎ĤÁ齒ŊꝒª穔R띔Ü录Ī乖ʗ瑜ť፡Ĥ陣w걣ʛづŔ퍥h坧ʡ㹭ŃŁ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\multi file organizer_is1::inno setup: setup version	5.5.8 (a)	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\multi file organizer_is1::inno setup: app path	C:\Users\Zjscmgzf\AppData\Local\Multi File Organizer 5.1	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\multi file organizer_is1::installlocation	C:\Users\Zjscmgzf\AppData\Local\Multi File Organizer 5.1\	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\multi file organizer_is1::inno setup: icon group	(Default)	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\multi file organizer_is1::inno setup: user	Zjscmgzf	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\multi file organizer_is1::inno setup: language	English	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\multi file organizer_is1::displayname	Multi File Organizer 5.1	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\multi file organizer_is1::uninstallstring	"C:\Users\Zjscmgzf\AppData\Local\Multi File Organizer 5.1\uninstall\unins000.exe"	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\multi file organizer_is1::quietuninstallstring	"C:\Users\Zjscmgzf\AppData\Local\Multi File Organizer 5.1\uninstall\unins000.exe" /SILENT	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\multi file organizer_is1::nomodify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\multi file organizer_is1::norepair		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\multi file organizer_is1::installdate	%	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\multi file organizer_is1::estimatedsize	≂	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	὚䝓⠔ǜ	RegNtPreCreateKey
HKLM\software\classes\typelib\{b526a8a5-e1b5-49bd-8ca6-d1c00e0c5b06}\1.0::	FileSys Plugin	RegNtPreCreateKey
HKLM\software\classes\typelib\{b526a8a5-e1b5-49bd-8ca6-d1c00e0c5b06}\1.0\flags::	0	RegNtPreCreateKey
HKLM\software\classes\typelib\{b526a8a5-e1b5-49bd-8ca6-d1c00e0c5b06}\1.0\0\win32::	C:\Program Files (x86)\Common Files\SWF Studio\FileSys.dll	RegNtPreCreateKey
HKLM\software\classes\typelib\{b526a8a5-e1b5-49bd-8ca6-d1c00e0c5b06}\1.0\helpdir::	C:\Program Files (x86)\Common Files\SWF Studio	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{fd72dc67-8b79-46cd-837d-00bff9185136}::	_CPlugin	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{fd72dc67-8b79-46cd-837d-00bff9185136}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{fd72dc67-8b79-46cd-837d-00bff9185136}\typelib::	{B526A8A5-E1B5-49BD-8CA6-D1C00E0C5B06}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{fd72dc67-8b79-46cd-837d-00bff9185136}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{fd72dc67-8b79-46cd-837d-00bff9185136}::	_CPlugin	RegNtPreCreateKey
HKLM\software\classes\interface\{fd72dc67-8b79-46cd-837d-00bff9185136}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{fd72dc67-8b79-46cd-837d-00bff9185136}\typelib::	{B526A8A5-E1B5-49BD-8CA6-D1C00E0C5B06}	RegNtPreCreateKey
HKLM\software\classes\interface\{fd72dc67-8b79-46cd-837d-00bff9185136}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{89dbd92a-4845-4d51-b413-cc685de0e499}::	FileSys.CPlugin	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{89dbd92a-4845-4d51-b413-cc685de0e499}\progid::	FileSys.CPlugin	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{89dbd92a-4845-4d51-b413-cc685de0e499}\inprocserver32::	C:\Program Files (x86)\Common Files\SWF Studio\FileSys.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{89dbd92a-4845-4d51-b413-cc685de0e499}\typelib::	{B526A8A5-E1B5-49BD-8CA6-D1C00E0C5B06}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{89dbd92a-4845-4d51-b413-cc685de0e499}\version::	1.0	RegNtPreCreateKey
HKLM\software\classes\filesys.cplugin::	FileSys.CPlugin	RegNtPreCreateKey
HKLM\software\classes\filesys.cplugin\clsid::	{89DBD92A-4845-4D51-B413-CC685DE0E499}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{fd72dc67-8b79-46cd-837d-00bff9185136}::	CPlugin	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{fd72dc67-8b79-46cd-837d-00bff9185136}\proxystubclsid::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	슠肜隦ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\bef4d8793f083486c0d8aa7898346ee2f7f500a8_0001502334538a75fa0016ec7e::name	BEF4D8793F083486C0D8AA7898346EE2F7F500A8_0001502334	RegNtPreCreateKey
HKCU\software\microsoft\directinput\bef4d8793f083486c0d8aa7898346ee2f7f500a8_0001502334538a75fa0016ec7e::usesmapper		RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::name	BEF4D8793F083486C0D8AA7898346EE2F7F500A8_0001502334	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::id	BEF4D8793F083486C0D8AA7898346EE2F7F500A8_0001502334538A75FA0016EC7E	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::version	ࠀ	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	䝖⫭ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75	哣Ǭ䠱O噀ñ቎ĤÁŁ剰Ǣ鱹9傄ë횎ǜ릣ʝ閾ʴ淃⟋ʪ柏ũߙĤᰂŁ鍂ꩠŖÉ窵ň忶Ǥ対þ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75	哤Ǭ䠱O噀ñ቎ĤÁŁ剰Ǣ鱹9傄ë횎ǜ鶝릣ʝ閾ʴ淃⟋ʪ柏ũߙĤᰂŁ鍂ꩠŖÉ窵ň忶Ǥ対þ	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\runonce::wextract_cleanup0	rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Hfhluogf\AppData\Local\Temp\IXP000.TMP\"	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	境ᮐⵗǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify		RegNtPreCreateKey

205 additional registry modifications are not displayed above.

Windows API Usage

Category	API
Process Shell Execute	CreateProcess ShellExecute ShellExecuteEx WinExec WriteConsole
Syscall Use	ntdll.dll!NtAcceptConnectPort ntdll.dll!NtAccessCheck ntdll.dll!NtAccessCheckByType ntdll.dll!NtAddAtomEx ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAllocateLocallyUniqueId ntdll.dll!NtAlpcAcceptConnectPort ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx Show More ntdll.dll!NtAlpcCreatePort ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeletePortSection ntdll.dll!NtAlpcDeleteSectionView ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcDisconnectPort ntdll.dll!NtAlpcImpersonateClientOfPort ntdll.dll!NtAlpcOpenSenderThread ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelIoFileEx ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtCompleteConnectPort ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMailslotFile ntdll.dll!NtCreateMutant ntdll.dll!NtCreateNamedPipeFile ntdll.dll!NtCreatePort ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateUserProcess ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtGetContextThread ntdll.dll!NtImpersonateAnonymousToken ntdll.dll!NtLoadKeyEx ntdll.dll!NtLockFile ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtNotifyChangeMultipleKeys ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFile ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken 248 additional items are not displayed above.
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent NtQuerySystemInformation OutputDebugString
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserNameEx GetUserObjectInformation
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory VirtualAllocEx
Process Terminate	TerminateProcess
Keyboard Access	GetAsyncKeyState GetKeyState
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Network Winsock2	WSAConnect WSASend WSASocket WSAStartup WSAttemptAutodialName
Network Winsock	accept bind closesocket connect freeaddrinfo getaddrinfo getpeername getsockname recv send Show More sendto setsockopt socket
Network Winhttp	WinHttpConnect WinHttpOpen WinHttpOpenRequest WinHttpReceiveResponse WinHttpSendRequest
Network Info Queried	GetAdaptersAddresses GetNetworkParams
Service Control	OpenSCManager OpenService
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetReadFile

Shell Command Execution


							(NULL) main.bat /S


							WriteConsole:


							WriteConsole: C:\Users\Vhzmmaz


							WriteConsole: e296a0


							WriteConsole:  &


									WriteConsole: cls


									WriteConsole:


									WriteConsole: 27e296a027206973206e6f7420726563


									C:\WINDOWS\system32\mode.com mode  65,10


									C:\Users\Vhzmmazo\AppData\Local\Temp\main\7z.exe 7z.exe  e file.zip -p294583091523215221751987930779 -oextracted


									C:\Users\Vhzmmazo\AppData\Local\Temp\main\7z.exe 7z.exe  e extracted/file_10.zip -oextracted


									C:\Users\Vhzmmazo\AppData\Local\Temp\main\7z.exe 7z.exe  e extracted/file_9.zip -oextracted


									C:\Users\Vhzmmazo\AppData\Local\Temp\main\7z.exe 7z.exe  e extracted/file_8.zip -oextracted


									C:\Users\Vhzmmazo\AppData\Local\Temp\main\7z.exe 7z.exe  e extracted/file_7.zip -oextracted


									C:\Users\Vhzmmazo\AppData\Local\Temp\main\7z.exe 7z.exe  e extracted/file_6.zip -oextracted


									C:\Users\Vhzmmazo\AppData\Local\Temp\main\7z.exe 7z.exe  e extracted/file_5.zip -oextracted


									C:\Users\Vhzmmazo\AppData\Local\Temp\main\7z.exe 7z.exe  e extracted/file_4.zip -oextracted


									C:\Users\Vhzmmazo\AppData\Local\Temp\main\7z.exe 7z.exe  e extracted/file_3.zip -oextracted


									C:\Users\Vhzmmazo\AppData\Local\Temp\main\7z.exe 7z.exe  e extracted/file_2.zip -oextracted


									C:\Users\Vhzmmazo\AppData\Local\Temp\main\7z.exe 7z.exe  e extracted/file_1.zip -oextracted


									WriteConsole: The system canno


									C:\WINDOWS\system32\attrib.exe attrib  +H "svchost.exe"


									WriteConsole: File not found -


									C:\WINDOWS\system32\svchost.exe "svchost.exe"


									WriteConsole: Launched 'svchos


									WriteConsole: Press any key to


									"C:\Users\Nytdhxau\AppData\Local\Temp\is-D1R8C.tmp\d993eb4e4c9cdded3e0da8199cf251b1cd47826e_0004175487.tmp" /SL5="$30276,3928446,54272,c:\users\user\downloads\d993eb4e4c9cdded3e0da8199cf251b1cd47826e_0004175487.exe"


									"C:\Users\Vrctfzos\AppData\Local\Temp\is-3DFEK.tmp\3c3a77d11d735bb60fcc3351cdee5d02a72728ed_0004306985.tmp" /SL5="$20246,4059919,54272,c:\users\user\downloads\3c3a77d11d735bb60fcc3351cdee5d02a72728ed_0004306985.exe"


									"C:\Users\Qxztmgql\AppData\Local\Temp\is-44M91.tmp\173be7c350cd0f90e2dd4feece8ec9138fa1f4d2_0004058040.tmp" /SL5="$60060,3809845,54272,c:\users\user\downloads\173be7c350cd0f90e2dd4feece8ec9138fa1f4d2_0004058040.exe"


									"C:\Users\Vabchxuf\AppData\Local\Temp\is-1C1JS.tmp\a9d290ade35fdca75195812e5f3e62fc61b12a4e_0004312539.tmp" /SL5="$E0056,4064350,54272,c:\users\user\downloads\a9d290ade35fdca75195812e5f3e62fc61b12a4e_0004312539.exe"


									"C:\Users\Lkyprjml\AppData\Local\Temp\is-NJA4B.tmp\478ba8188ea931fbe099e8e5e1eeaaa5349fd063_0007593500.tmp" /SL5="$20222,7338868,68608,c:\users\user\downloads\478ba8188ea931fbe099e8e5e1eeaaa5349fd063_0007593500.exe"


									"C:\Users\Zntbqyrl\AppData\Local\Temp\is-2LMNU.tmp\d41558c432b298b60049ef85a7dccf02c00fad93_0003876982.tmp" /SL5="$30114,3628779,54272,c:\users\user\downloads\d41558c432b298b60049ef85a7dccf02c00fad93_0003876982.exe"


									"C:\Users\Udrzxjbf\AppData\Local\Temp\is-041ON.tmp\8357238b601df8939bbbe077674a1fbe34d5be5d_0004494075.tmp" /SL5="$10240,4247030,54272,c:\users\user\downloads\8357238b601df8939bbbe077674a1fbe34d5be5d_0004494075.exe"


									"C:\Users\Cfwicwxr\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"  _?=c:\users\user\downloads\


									taskkill /IM "TourBox Console.exe" /F


									"C:\Users\Narcdlcc\AppData\Local\Temp\is-FTQGK.tmp\8488f2921a8117371bbfea105bb4d269338fb3c8_0003612523.tmp" /SL5="$10240,3365523,54272,c:\users\user\downloads\8488f2921a8117371bbfea105bb4d269338fb3c8_0003612523.exe"


									(NULL) C:\Users\Eipohvrt\AppData\Local\Temp\RarSFX0\1-Install.bat


									WriteConsole: C:\Users\Eipohvr


									WriteConsole: powercfg


									WriteConsole:  /setactive 8c5e


									C:\WINDOWS\system32\powercfg.exe powercfg  /setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c


									WriteConsole: Access is denied


									WriteConsole: start


									WriteConsole:  nvidiaProfileIn


									C:\Users\Eipohvrt\AppData\Local\Temp\RarSFX0\nvidiaProfileInspector.exe nvidiaProfileInspector.exe  speed.nip


									"C:\Users\Okuhqfod\AppData\Local\Temp\is-V653V.tmp\is-SGMHR.tmp" /SL4 $B003E "c:\users\user\downloads\1948c9b310b60f5c5fbe80d805ca7f269f9173c4_0006592389.exe" 6234276 403968


									"C:\Users\Itstnnrm\AppData\Local\Temp\is-ML14K.tmp\da5074a7899daea57b5fcf34daaaa4888e2e2930_0005047653.tmp" /SL5="$4021C,4799436,54272,c:\users\user\downloads\da5074a7899daea57b5fcf34daaaa4888e2e2930_0005047653.exe"


									(NULL) C:\Users\Kjxwittk\AppData\Local\Temp\Wialwz4.bat


									WriteConsole: C:\Users\Kjxwitt


									WriteConsole: cd


									WriteConsole:  /d "C:\Users\Kj


									WriteConsole: nircmd


									WriteConsole:  win min process


									C:\Users\Kjxwittk\appdata\local\temp\work\nircmd.exe nircmd  win min process "cmd.exe"


									WriteConsole: chcp


									WriteConsole:  65001


									WriteConsole: 1>


									WriteConsole: nul


									C:\WINDOWS\system32\chcp.com chcp  65001


									WriteConsole: Color


									WriteConsole:  0f


									WriteConsole: set


									WriteConsole:  "Arch="


									WriteConsole:  "ArgNsudo="


									WriteConsole:  "MainFolder1="


									WriteConsole:  "MainFolder2="


									WriteConsole:  "ProcList="


									WriteConsole:  "NumberWin="


									WriteConsole: SetLocal


									WriteConsole:  EnableDelayedEx


									WriteConsole:  "Arch=x64"


									WriteConsole: (


									WriteConsole: If


									WriteConsole: "x86" == "x86"


									WriteConsole: if


									WriteConsole: not


									WriteConsole: defined PROCESSO


									WriteConsole:  Arch=x86


									WriteConsole: )


									WriteConsole: reg


									WriteConsole:  query "HKU\S-1-


									WriteConsole: 2>


									WriteConsole: &1


									WriteConsole:  ||


									WriteConsole:  elevate "C:\Use


									WriteConsole:  &&


									WriteConsole: exit


									C:\WINDOWS\system32\reg.exe reg  query "HKU\S-1-5-19"


									WriteConsole: defined WT_SESSI


									WriteConsole:  add "HKCU\Conso


									WriteConsole:


									WriteConsole:  add "HKU\S-1-5-


									C:\WINDOWS\system32\reg.exe reg  add "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t reg_dword /d 0 /f


									WriteConsole: /I


									WriteConsole: "Kjxwittk" NEQ "


									WriteConsole: NSudoLG


									WriteConsole:  -U:T -P:E -UseC


									C:\Users\Kjxwittk\appdata\local\temp\work\nsudolg.exe NSudoLG  -U:T -P:E -UseCurrentConsole "C:\Users\Kjxwittk\AppData\Local\Temp\Wialwz4.bat" any_word


									"C:\Users\Aqoemsqf\AppData\Local\Temp\is-32PO5.tmp\7b5e72ce6ceb3432fc63aa3ea24efd1450717055_0007866570.tmp" /SL5="$1023E,7599386,54272,c:\users\user\downloads\7b5e72ce6ceb3432fc63aa3ea24efd1450717055_0007866570.exe"


									"C:\Users\Okhzzfib\AppData\Local\Temp\is-KOKN4.tmp\a5f6f02c30f4b5502a0879c29a37bee0a38efdb2_0004107663.tmp" /SL5="$30040,3856957,56832,c:\users\user\downloads\a5f6f02c30f4b5502a0879c29a37bee0a38efdb2_0004107663.exe"


									C:\Users\Jojoblbs\AppData\Local\Temp\EGOINOHMNGE\MFZRTD.exe


									C:\Users\Jojoblbs\AppData\Local\Temp\GEIHIMNOYLP\QNIHIR.exe 5624


									"C:\Users\Ujdtdgjo\AppData\Local\Temp\is-04N14.tmp\acd8b9e23552e041ea180d23eb8ce39f2c1296d1_0005076481.tmp" /SL5="$20216,4829398,54272,c:\users\user\downloads\acd8b9e23552e041ea180d23eb8ce39f2c1296d1_0005076481.exe"


									"C:\Users\Kfehsaqk\AppData\Local\Temp\is-7P7OD.tmp\598bd36ee0651f76d2f1ad2a26b4b661b9f278f9_0007338513.tmp" /SL5="$3006A,7076765,54272,c:\users\user\downloads\598bd36ee0651f76d2f1ad2a26b4b661b9f278f9_0007338513.exe"


									open C:\Users\Gbwholbb\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe __IRAOFF:1740146 "__IRAFN:c:\users\user\downloads\25768458bdc711b967e42c106da6f3c61cda561a_0007476007.exe" "__IRCT:0" "__IRTSS:0" "__IRSID:S-1-5-21-3119368278-1123331430-659265220-1001"


									"C:\Users\Erqlqhet\AppData\Local\Temp\is-SCVCO.tmp\42b5c99995a082abe01eb5ca31465ef62c6289c9_0004355459.tmp" /SL5="$2020A,4108435,54272,c:\users\user\downloads\42b5c99995a082abe01eb5ca31465ef62c6289c9_0004355459.exe"


									"C:\Users\Scbopfxf\AppData\Local\Temp\is-JNIUA.tmp\cf9a73de423c69739521b80c7d4464a7f9e9680b_0005178905.tmp" /SL5="$801EA,4931888,54272,c:\users\user\downloads\cf9a73de423c69739521b80c7d4464a7f9e9680b_0005178905.exe"


									"C:\Users\Cecibbcq\AppData\Local\Temp\is-4R6MV.tmp\962174574da88433f40bbd1089c0aae164011ff5_0003400244.tmp" /SL5="$1022C,3152073,54272,c:\users\user\downloads\962174574da88433f40bbd1089c0aae164011ff5_0003400244.exe"


									"C:\Users\Zxqrhtcp\AppData\Local\Temp\is-S835D.tmp\8d14bfa9aae542defef6e6506ff3bdddf09cd10a_0004964583.tmp" /SL5="$1022E,4717534,54272,c:\users\user\downloads\8d14bfa9aae542defef6e6506ff3bdddf09cd10a_0004964583.exe"


									(NULL) C:\Users\Azrdhuil\AppData\Local\Temp\sgqriSL.bat


									WriteConsole: C:\Users\Azrdhui


									WriteConsole:  /d "C:\Users\Az


									C:\Users\Azrdhuil\appdata\local\temp\work\nircmd.exe nircmd  win min process "cmd.exe"


									WriteConsole: "Azrdhuil" NEQ "


									C:\Users\Azrdhuil\appdata\local\temp\work\nsudolg.exe NSudoLG  -U:T -P:E -UseCurrentConsole "C:\Users\Azrdhuil\AppData\Local\Temp\sgqriSL.bat" any_word


									"C:\Users\Gbmgtcyz\AppData\Local\Temp\is-P6JNL.tmp\d250bfd436581ce88c5626e72a83410d277931d6_0007281058.tmp" /SL5="$80060,7019294,54272,c:\users\user\downloads\d250bfd436581ce88c5626e72a83410d277931d6_0007281058.exe"


									"C:\Users\Slwmnhjx\AppData\Local\Temp\is-NUG8E.tmp\f9174a7768727baeb03a4277f172d3df795e5543_0004176094.tmp" /SL5="$4027C,3928990,54272,c:\users\user\downloads\f9174a7768727baeb03a4277f172d3df795e5543_0004176094.exe"


									"C:\Users\Slwmnhjx\AppData\Local\Folder Time Update 5.0.1.72\foldertimeupdate.exe" -i


									"C:\Users\Erjtdyfo\AppData\Local\Temp\is-HSRG0.tmp\87cc180d39263973e960b8d22942ed52f03a7243_0002043464.tmp" /SL5="$20230,1797162,73216,c:\users\user\downloads\87cc180d39263973e960b8d22942ed52f03a7243_0002043464.exe"


									(NULL) C:\Users\Fpkgndma\AppData\Local\Temp\TtPmKu9.bat


									WriteConsole: C:\Users\Fpkgndm


									WriteConsole:  /d "C:\Users\Fp


									C:\Users\Fpkgndma\appdata\local\temp\work\nircmd.exe nircmd  win min process "cmd.exe"


									WriteConsole: "Fpkgndma" NEQ "


									C:\Users\Fpkgndma\appdata\local\temp\work\nsudolg.exe NSudoLG  -U:T -P:E -UseCurrentConsole "C:\Users\Fpkgndma\AppData\Local\Temp\TtPmKu9.bat" any_word


									"C:\Users\Cjmuzlfz\AppData\Local\Temp\is-G4OP4.tmp\1aaf827723646220d248e8ea3af8061a9eb6247a_0004562171.tmp" /SL5="$2005C,4315105,54272,c:\users\user\downloads\1aaf827723646220d248e8ea3af8061a9eb6247a_0004562171.exe"


									"C:\Users\Xcwodikm\AppData\Local\Temp\is-E6J7M.tmp\0348a3e6aa4c353aedbfb32280c24113edb142e0_0003790293.tmp" /SL5="$30030,3539577,56832,c:\users\user\downloads\0348a3e6aa4c353aedbfb32280c24113edb142e0_0003790293.exe"


									"C:\Users\Ksueedbb\AppData\Local\Temp\is-PP62N.tmp\4a3d44f2828404a444a2b6c0b93f5113fbdb4451_0007902469.tmp" /SL5="$10244,7063796,832512,c:\users\user\downloads\4a3d44f2828404a444a2b6c0b93f5113fbdb4451_0007902469.exe"


									"C:\Users\Opiczqhs\AppData\Local\Temp\is-26C4H.tmp\d68b06b225a319ba5dbb44158c6aacb86af37215_0004890900.tmp" /SL5="$20244,4643848,54272,c:\users\user\downloads\d68b06b225a319ba5dbb44158c6aacb86af37215_0004890900.exe"


									"C:\Users\Fjqawzsv\AppData\Local\Temp\is-Q96VA.tmp\db7722ef289a00ae865ddf0a82b4c5779a3869ea_0007101535.tmp" /SL5="$4005E,6839762,54272,c:\users\user\downloads\db7722ef289a00ae865ddf0a82b4c5779a3869ea_0007101535.exe"


									"C:\Users\Cwaquvmm\AppData\Local\Temp\is-UVIPG.tmp\421ccf7cd085296a2bb2a6cdbffd7932937bcf34_0007165620.tmp" /SL5="$300B6,6903882,54272,c:\users\user\downloads\421ccf7cd085296a2bb2a6cdbffd7932937bcf34_0007165620.exe"


									"C:\Users\Kggexarb\AppData\Local\Temp\is-U77KV.tmp\58c068969572f00b1b4d7e09181f36667aed187a_0004513548.tmp" /SL5="$50044,4265366,54272,c:\users\user\downloads\58c068969572f00b1b4d7e09181f36667aed187a_0004513548.exe"


									(NULL) C:\Users\Enqgotaj\AppData\Local\Temp\oecR8Qg.bat


									WriteConsole: C:\Users\Enqgota


									WriteConsole:  /d "C:\Users\En


									C:\Users\Enqgotaj\appdata\local\temp\work\nircmd.exe nircmd  win min process "cmd.exe"


									WriteConsole: "Enqgotaj" NEQ "


									C:\Users\Enqgotaj\appdata\local\temp\work\nsudolg.exe NSudoLG  -U:T -P:E -UseCurrentConsole "C:\Users\Enqgotaj\AppData\Local\Temp\oecR8Qg.bat" any_word


									"C:\Users\Apcmynlf\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Zlocmpnu\AppData\Local\Temp\is-G9S8Q.tmp\b34f39a2717d93389df9076660dbd051614c948f_0004105266.tmp" /SL5="$2026C,3858220,54272,c:\users\user\downloads\b34f39a2717d93389df9076660dbd051614c948f_0004105266.exe"


									"C:\Users\Kmgegvoh\AppData\Local\Temp\is-NGTHF.tmp\ee81d26d279120de82510a4d41449de91b2bab81_0007272046.tmp" /SL5="$20260,7011222,54272,c:\users\user\downloads\ee81d26d279120de82510a4d41449de91b2bab81_0007272046.exe"


									"C:\Users\Kwzzyszt\AppData\Local\Temp\is-DE27J.tmp\d06520d948612aa14b27ca84a45350e9b99e786c_0007192019.tmp" /SL5="$6005A,6930308,54272,c:\users\user\downloads\d06520d948612aa14b27ca84a45350e9b99e786c_0007192019.exe"


									c:\users\user\downloads\114167f2a01de3daab351ef0d3be44cc0cece7fd_0008863744.exe c:\users\user\downloads\114167f2a01de3daab351ef0d3be44cc0cece7fd_0008863744.exe


									"C:\Users\Nkuzsdmx\AppData\Local\Temp\is-MJ5LR.tmp\59b435abda7761f08efc2c0c3e7c5fb695b4c6e6_0004200389.tmp" /SL5="$4017A,3949670,56832,c:\users\user\downloads\59b435abda7761f08efc2c0c3e7c5fb695b4c6e6_0004200389.exe"


									(NULL) C:\Users\Pizimkam\AppData\Local\Temp\PHgCG2S.bat


									WriteConsole: C:\Users\Pizimka


									WriteConsole:  /d "C:\Users\Pi


									C:\Users\Pizimkam\appdata\local\temp\work\nircmd.exe nircmd  win min process "cmd.exe"


									WriteConsole: "Pizimkam" NEQ "


									C:\Users\Pizimkam\appdata\local\temp\work\nsudolg.exe NSudoLG  -U:T -P:E -UseCurrentConsole "C:\Users\Pizimkam\AppData\Local\Temp\PHgCG2S.bat" any_word

1657 additional execution are not displayed above.

UDS：DangerousObject.Multi.Generic

威胁评分卡

EnigmaSoft 威胁记分卡

别名

SpyHunter 检测并删除 UDS：DangerousObject.Multi.Generic

文件系统详情

注册表详情

目录

分析报告

一般信息

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

提交评论

趋势

最受关注