Status
Worm.Autorun
Identity
8c44532840e3e9e2fc10a36e9577f650
Source
GridinSoft ThreatInfo
MD5
8c44532840e3e9e2fc10a36e9577f650
Latest seen
2021-06-13 20:33:35 (4 years ago)
First seen
2017-09-15 21:10:28 (8 years ago)
Size
128 KB
Analyst brief
What this report says
GridinSoft Anti-Malware detects #windx11.exe as Worm.Autorun. The sample was last observed on 2021-06-13 20:33:35 (4 years ago).
This page combines the detection verdict with file identity, publisher metadata, alternate names, observed paths, geography, OS signals, and PE details so the report reads as a triage record rather than a standalone download page.
GridinSoft Anti-Malware detection
Detected by GridinSoft before you download
The current ThreatInfo record shows this exact file hash detected as Worm.Autorun. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.
- Detection name
- Worm.Autorun
- Recommended action
- Scan and remove
- Last analysis
- 2021-06-13 20:33:35 (4 years ago)
- File hash
- 8c44532840e3e9e2fc10a36e9577f650
Download Anti-Malware
Why it matters
Why GridinSoft flags this file
Detection
GridinSoft identifies the sample as Worm.Autorun.
Timeline
First seen 2017-09-15 21:10:28 (8 years ago); latest analysis 2021-06-13 20:33:35 (4 years ago).
Aliases
This hash has appeared under multiple file names, which can happen with repackaging, bundling, or deliberate renaming.
Observed locations
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Compare the MD5 above with the file found on the device.
- Check whether the file appears in the observed locations or under one of the alternate names.
- Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present.
#windx11.exe is a Windows file recorded in the ThreatInfo database.
The current detection status is Worm.Autorun, based on the latest analysis from 2021-06-13 20:33:35 (4 years ago).
If #windx11.exe appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Worm.Autorun.
File Details
| MD5: |
8c44532840e3e9e2fc10a36e9577f650 |
| Size: |
128 KB |
| First Published: |
2017-09-15 21:10:28 (8 years ago) |
| Latest Published: |
2021-06-13 20:33:35 (4 years ago) |
| Status: |
Worm.Autorun (on last analysis) |
|
| Analysis Date: |
2021-06-13 20:33:35 (4 years ago) |
The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.
| %sysdrive%\cad cam programları\solid 2015 |
| %sysdrive%\cad cam programları\solid 2015\swwi\lang |
| %sysdrive%\cad cam programları\solidcam2015_sp2_ssq\win64\localizations |
| %sysdrive%\cad cam programları\solidcam2015_sp2_ssq\aladin key |
| %sysdrive%\camera\camera\sygic |
| %sysdrive%\camera\camera\sygic\maps |
| %sysdrive%\cad cam programları\solidcam2015_sp2_ssq\win32\localizations |
| %sysdrive%\cad cam programları\solidcam2015_sp2_ssq |
| %sysdrive%\cad cam programları\solidcam2015_sp2_ssq\win32\_solidsquad_ |
| %sysdrive%\camera\camera\sygic\maps\rupi |
ThreatInfo has observed #windx11.exe in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
1-P@amp;ID.exe
3-Ceyranbatan UF Instruments.exe
2-Signal List.exe
_SolidSQUAD_crack.exe
turkish.exe
Toolbox.exe
French.exe
Portuguese.exe
HASP4_driver_setup.exe
Spanish.exe
Android.exe
tur.ta.2014.09.exe
ChineseSimplified.exe
Hungarian.exe
Maps.exe
German.exe
Win64.exe
Italian.exe
Japanese.exe
USB_Emul_Win32.exe
Danish.exe
Polish.exe
ita.exe
Win32.exe
fra.exe
_SolidSQUAD_.exe
tur.exe
Korean.exe
wcl.exe
Crack.exe
USB-Emul_Win64.exe
Hebrew.exe
prt.exe
SW2016_SP1.0_Full-SSQ.exe
Czech.exe
grc.exe
nld.exe
SolidCAM2015_SP2_SSQ.exe
Dutch.exe
cze.exe
esp.exe
Russian.exe
aut.exe
ChineseTraditional.exe
2015 cadcam Crack.exe
irl.exe
deu.exe
solidcam2015.exe
gbr.exe
Video.exe
management.exe
rabia.exe
thumbs.exe
hud.exe
Images.exe
ARALIK.exe
MEM ZARF.exe
kaynak.exe
56109164-cc2c-4722-90d8-ed989eef7248.exe
resimler.exe
TTS Spanish.exe
40447cd0-5a8a-4ecf-8d26-372dae207721.exe
TTS Arabic.exe
TTS Czech.exe
atmaca38.exe
zarf.exe
TTS Portuguese.exe
turkish_woman.exe
resimlerrrrrrrr.exe
RUNTIME.exe
audio.exe
.picasaoriginals.exe
client.exe
TTS Thai.exe
ress.exe
db.exe
Misc.exe
315964a9-f4e8-4b0f-bc2a-37de31d6bd33.exe
ime.exe
whatsnew.exe
ee9ba343-7e81-4584-8f44-ebffaee7a271.exe
5ba0ec65-fa98-490b-afad-824728bcf2ae.exe
100IMAGE.exe
7ef50822-bded-496f-b473-57df795bbbe9.exe
resim1.exe
5ead4e31-cd49-4ce5-ae79-f72a1b26af65.exe
64047fb7-1b04-467b-81bb-a7f3625e6553.exe
langs_anui.exe
DATA2.exe
Java.exe
resim.exe
Pho.exe
SETUP.exe
Res.exe
CD1.exe
PERSONEL.exe
protokol.exe
bca8e3b9-6a0e-46e5-9ffc-12ad03f521b9.exe
100DSCIM.exe
fonts.exe
c043d6e9-b43e-436c-bcd8-3b843f5239d2.exe
8c752eb1-edb8-42c1-b5b2-80a5d34f8202.exe
TTS Danish.exe
68718f71-53cb-40ad-ad6d-46849b82183a.exe
TTS Swedish.exe
TTS American English.exe
Contents.exe
03b4ec43-736f-485f-a6cc-f16ed9377f01.exe
4db154de-afa8-48bb-9239-9e6c69f52b98.exe
eula.exe
downloads.exe
Linux.exe
engine.exe
TTS Greek.exe
ff134634-b2ca-4d70-950b-8db1bab8931b.exe
_Sureler_mp3.exe
Personelin_aylikla_odullendirilmesi_hakkinda_yonerge.exe
TTS Portugues de Brasil.exe
ana.exe
namaz.exe
park resimler saliha.exe
saliha.exe
TTS Chinese.exe
jre.exe
deploy.exe
5c8eb821-bb68-44de-9a5f-8c6f6a420956.exe
staj.exe
Namaz programi ve sureleri.exe
TTS Slovak.exe
55badb7e-1930-433c-986f-e05b73b7f042.exe
TTS Korean.exe
ce2dde0a-a8fb-4682-8c32-b6b2d886759c.exe
resimmmmmmmmmmmm.exe
cmm.exe
ALBUM_1.exe
resi.exe
lib.exe
yeni resim.exe
ext.exe
TTS Dutch Belgian.exe
e5cab789-b400-48e8-b11f-67de6af00546.exe
b0b74e60-6d38-45ca-b280-2ee636509856.exe
TTS Chinese Taiwan.exe
TTS German.exe
100.exe
97ee24a5-e83f-4db9-8098-03db239a83e7.exe
Resources.exe
CDI.exe
furkan.exe
travelbook.exe
Diyanet SurelerDualar v1.0 mecnun_bey.exe
TTS Turkish.exe
rupi.exe
TTS Chinese Hong Kong.exe
MPEGAV.exe
TTS British English.exe
48140b5e-4432-4ef5-9b86-d5cf52aa6db9.exe
525e3092-8af8-458d-9341-ad21816fa6cd.exe
EK_7A.exe
m_r_it_5.exe
saliha res tel.exe
TTS Polish.exe
2249845a-c0f2-4b7e-8ec5-f942e455078b.exe
e3d675e5-c70e-4270-81d0-c510d1c1ec8c.exe
im.exe
postprocess.exe
opengl.exe
TTS Dutch.exe
DATA1.exe
window server.exe
TTS French.exe
TTS Australian English.exe
kuran.exe
kezban.exe
Data0.exe
3120b252-4e05-4a9a-bc86-3e5ba22dc60d.exe
MacOSX.exe
TTS Hindi.exe
Windows.exe
cursors.exe
i386.exe
dafa20db-dc21-4b1c-90ab-8661fc09aa88.exe
2.exe
TTS Canadian French.exe
mac server.exe
TTS Finnish.exe
VCD.exe
common.exe
Photos.exe
8b5965fa-565d-4eb9-94d3-9a048de9de57.exe
Media.exe
d7207224-d27e-489f-8e3b-2b85868d62d5.exe
skin.exe
1.exe
sounds.exe
127e5d81-d9c7-4b1e-bdaf-b5101c5a9b12.exe
G__R__NT.exe
Photosss.exe
TTS Mexican Spanish.exe
b2d4b605-55dd-4a0e-8f90-c592e8fd634a.exe
security.exe
TTS Russian.exe
d3d.exe
compatibility.exe
TTS Italian.exe
TTS American Spanish.exe
avatars.exe
textures.exe
9a6b0f62-12a3-4780-892e-29195dfe1fda.exe
TTS Romanian.exe
purchases.exe
TTS Indonesian.exe
TTS Galician.exe
9f5cc8fb-f824-4b8d-b9b4-694f0a2f639d.exe
dosyalar.exe
21a80533-9da2-40da-aa61-ea4333a8970e.exe
_Sureler_Meal_mp3.exe
TTS Catalan.exe
icons.exe
bin.exe
kimlik fotokopisi.exe
TTS Hungarian.exe
brands.exe
TTS Japanese.exe
CD2.exe
TTS Norwegian.exe
2d829110-4a3b-450a-8ab0-d2b4d4bf0bcd.exe
a4dp017.exe
swf site.exe
import.exe
a4dp016.exe
psd.exe
a4dp029.exe
a4dp021.exe
a4dp018.exe
a4dp022.exe
a4dp031.exe
a4dp034.exe
a4dp024.exe
A4Desk_6.0_hayaletferdi.exe
a4dp030.exe
a4dp028.exe
a4dp025.exe
css.exe
a4dp032.exe
a4dp026.exe
a4dp033.exe
a4dp019.exe
a4dp027.exe
a4dp020.exe
a4dp023.exe
html.exe
imagebrowser.exe
jpeg.exe
A4Desk_Tuerk_e_Yama.exe
My Website.exe
slideshow.exe
portuguese-brazilian.exe
chinese-simplified.exe
art.exe
support.exe
chinese.exe
MusaLLaT.exe
#Win.exe
#windx11.exe
This hash has been seen with multiple file names. Alternate names can appear when software is updated, copied between folders, packed by an installer, or deliberately renamed to avoid recognition. Compare the exact MD5 above before assuming two names refer to the same file.
Geographic signal
Observed country distribution
ThreatInfo has seen #windx11.exe across 2 countries. Use this signal to compare local evidence with where the sample is most often reported.
Top country
Turkey
Share
99.4%
The strongest geographic signal for this file is Turkey with 99.4% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
The most common operating system signal for #windx11.exe is Windows 10 with 95.3% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
#windx11.exe is identified as pe for 32-bit systems.
The subsystem is Windows GUI.
PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.
Format
pe
Architecture
32-bit
Subsystem
Windows GUI
Entry point
0x00076580
Image base
0x00400000
Sections
3
Raw data
130560
Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.
UPX0
0 bytes · 0.0% of section data
Packer marker
Uncommon name
MD5
00000000000000000000000000000000
UPX1
49664 bytes · 38.0% of section data
Packer marker
Uncommon name
MD5
7c3d25e873264d3b796666707dd18970
.rsrc
80896 bytes · 62.0% of section data
MD5
ce2bb564f71ddc551f709778c872f44f
PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.
Report conclusion
GridinSoft detects this file as Worm.Autorun
This report identifies #windx11.exe by MD5 8c44532840e3e9e2fc10a36e9577f650. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.
Recommended next steps
- Compare the local file MD5 with 8c44532840e3e9e2fc10a36e9577f650.
- Check the file path, publisher, and signature against the details in this report.
- Run a GridinSoft scan and remove the object if the same hash is found.
