Multi-License Discount Quote

Change Region

English
Threat Database Ransomware Cryptorium Ransomware

Cryptorium Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Popularity Rank: 8,409
Threat Level: 20 % (Normal)
Infected Computers: 210
First Seen: December 16, 2016
Last Seen: October 3, 2025
OS(es) Affected: Windows

The Cryptorium Ransomware was reported by gamers who were looking to get their hands on a cracked version of FIFA 2017 by EA Sports. The Cryptorium Ransomware may be distributed to Windows users as cracks for digital games and 'free copies' of shareware. Security analysts reveal that the Cryptorium Ransomware is a standard encryption Trojan that does nothing fancy. The developers of stick to tried-and-true practices introduced by threats like the CTB-Locker and Locky. The Cryptorium Ransomware does not wait for the user to restart the computer and builds a list of targeted files as soon it is installed. The Cryptorium Ransomware Trojan can run from the Temp directory, feature a misappropriated digital certificate and use limited system resources to avoid raising any alarms.

The content of data containers is encrypted using the AES-256 cipher. Observation revealed that the Cryptorium Ransomware does not append a new file extension, which is common for threats like the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware. Enciphered files are represented by a white icon in the Windows Explorer and users may receive alerts that data on the system is corrupted. The Cryptorium Ransomware is not in the top 10 encryption Trojans, but its encryption can not be broken with brute force attacks and researchers hope to find vulnerabilities in its code and provide a free decryptor to compromised users. The Cryptorium Ransomware can lock objects on the local drives and removable media connected to your computer at the time the encryption process was underway. If the Cryptorium Ransomware is not impeded in its work users will notice a ransom notification on their desktops that looks like a program window titled Cryptorium. The notification looks very similar to the one used by the VaultCrypt Ransomware and provides the following message:

'OH NO, YOU HAD BAD LUCK TODAY. ALL YOUR FILES ARE ENCRYPTED! BUT! I HAVE NOT DELI. i tO THEM YET! PURCHASE A "GBO KEY" TO DECRYPT YOUR FILES. IF NOT ALL ENCRYPTED FILES WILL BE PERMANENTLY DELEi tO WITHIN 32H AND THEN THERE IS NO WAY TO RECOVER THEM! BE QUICK OR NO FILES!
ALL SERVERS ARE DOWN AT THE MOMENT! YOU WILL HAVE TO FIND IT OUT! OH AND THE GBO KEYS ARE ALL GENERATED RANDOMLY! >:]
[text box]
DECRYPT WITH CODE'

As stated above, there is no free decryption software available to users affected by the Cryptorium Ransomware. You need to be prepared accordingly to face threats like the Cryptorium Ransomware and the 'Love.server@mail.ru' Ransomware, which change their codes on a daily basis. A good backup manager set to asynchronous backup and services like Google Drive can be helpful in securing your data. You should not keep your system unprotected against contemporary threats and might want to install a trustworthy anti-malware shield that would allow you to block incommoding attacks. AV vendors are known to detect versions of the Cryptorium Ransomware as:

  • Generic PUA PL (PUA)
  • HEUR/QVM03.0.0000.Malware.Gen
  • MSIL/Hoax.FakeFilecoder.Cryptorium.A
  • Ransom_CRYPTORIUM.A
  • Trojan.Generic.D3B7085
  • W32.Troj.Ransom.Filecoder!c

Analysis Report

General information

Family Name: Adware.Dealply.FDA
Signature status: No Signature

Known Samples

MD5: 8b304dacf2cfe837cd575476c982effb
SHA1: ba48803adb1e1cd4816c7532c156d04ae3be8247
SHA256: B7B43967C4AB303353BB0AA082061D9AD245ABCE036D49ED41280A863690D5B7
File Size: 685.06 KB, 685056 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Setup ©
File Description Setup
File Version 2.21.4.2362
Internal Name Setup
Original Filename uninstall.exe
Product Name Setup©
Product Version 2.21.4.2362

File Traits

  • Installer Manifest
  • Installer Version
  • x86

Block Information

Total Blocks: 2,903
Potentially Malicious Blocks: 299
Whitelisted Blocks: 2,416
Unknown Blocks: 188

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 x 0 x x x x x 0 0 0 0 x x x x 0 0 0 0 x 0 0 x 0 0 x x ? 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 ? x x x x x x x 0 x 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 x 0 x 0 0 x x x 0 0 ? x 0 x 0 x x 0 0 0 x x ? 0 x 0 0 0 0 0 0 0 x x 0 0 0 ? x 0 0 x 0 0 x x x x 0 ? 0 0 x 0 x 0 x x ? 0 x x 0 x 0 x 0 0 0 x x 0 0 x x x 0 0 x 0 x x ? 0 0 0 ? ? x x x 0 x 0 x x x 0 0 x 0 ? 0 0 0 ? 0 ? ? 0 x ? x 0 0 x x 0 ? 0 0 x x ? ? 0 ? x x x x ? 0 0 x x x x x x x 0 x x x x x x x x ? 0 0 0 0 0 ? ? 0 0 0 x 0 x 0 x x 0 x 0 x 0 x x 0 0 x 0 0 0 0 x x 0 x x 0 x x 0 x 0 0 x 0 x x 0 0 0 x x x 0 x 0 x ? 0 0 0 0 x x 0 0 x x 0 0 0 0 0 x 0 0 x x 0 0 0 0 x 0 0 0 x 0 0 x x x x 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 x 0 x 0 0 0 ? 0 x 0 x x x x x x x x x x ? 0 x x x 0 x 0 0 x x x x x x ? 0 x 0 ? 0 0 0 x x x x x x x x x 0 0 0 0 0 x 0 x 0 x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 x x x x 0 0 0 0 ? x ? x x 0 0 ? ? x x ? x 0 x x 0 ? 0 ? x x ? ? x x 0 x x ? x x ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? x ? x 0 x x x ? x 0 x 0 ? ? ? 0 x ? x ? x 0 ? x ? ? ? ? ? 0 ? ? 0 ? 0 x x x x 0 x ? ? ? x ? ? ? ? x x ? ? x 0 x ? 0 ? ? 0 ? 0 x x x ? 0 x ? 0 x x x x x 0 x x ? 0 0 x ? x x x x x x ? ? x ? 0 x x x x x ? ? ? x ? ? ? ? 0 x x ? 0 x x ? ? 0 ? ? ? ? ? ? ? ? ? ? x x x ? ? x ? x x 0 x x x ? x x x x ? x x ? x x ? ? ? 0 0 0 x 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x x ? 0 0 0 0 x 0 x x 0 0 x ? 0 0 x x x x 0 ? x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 x x x 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x ? ? 0 ? 0 ? ? ? ? ? 0 x ? ? ? 0 0 x 0 x ? ? 0 0 ? ? 0 0 0 0 x x ? x ? x ? ? x 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\00093627.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\36328uninstall.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
Process Manipulation Evasion
  • NtUnmapViewOfSection
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo
  • win32u.dll!NtGdiGetTextFaceW
  • win32u.dll!NtGdiGetTextMetricsW
  • win32u.dll!NtGdiGetWidthTable
  • win32u.dll!NtGdiHfontCreate
  • win32u.dll!NtGdiIntersectClipRect
  • win32u.dll!NtGdiQueryFontAssocInfo
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtGdiSetLayout
  • win32u.dll!NtGdiStretchDIBitsInternal
  • win32u.dll!NtUserBeginPaint

60 additional items are not displayed above.

Shell Command Execution

(NULL) C:\Users\Tqooojhp\AppData\Local\Temp\36328U~1.EXE /uninstall:c:\users\user\DOWNLO~1\BA4880~1
(NULL) C:\WINDOWS\system32\cmd.exe /d /c TIMEOUT 3 & cmd /d /c cmd /d /c cmd /d /c cmd /d /c cmd /d /c del "C:\Users\Tqooojhp\AppData\Local\Temp\Sqlite3.dll"
(NULL) C:\WINDOWS\system32\cmd.exe /d /c TIMEOUT 3 & cmd /d /c cmd /d /c cmd /d /c cmd /d /c cmd /d /c del "C:\Users\Tqooojhp\AppData\Local\Temp\36328U~1.EXE"
C:\WINDOWS\system32\timeout.exe TIMEOUT 3
C:\WINDOWS\system32\timeout.exe TIMEOUT 3
Show More
WriteConsole: Waiting for 3
WriteConsole: seconds, press
WriteConsole: Waiting for 3
WriteConsole: seconds, press
WriteConsole: 0832
WriteConsole: 0832
WriteConsole: 0831
WriteConsole: 0831
WriteConsole: 0830
WriteConsole:
WriteConsole: 0830
WriteConsole:
C:\WINDOWS\system32\cmd.exe cmd /d /c cmd /d /c cmd /d /c cmd /d /c cmd /d /c del "C:\Users\Tqooojhp\AppData\Local\Temp\Sqlite3.dll"
C:\WINDOWS\system32\cmd.exe cmd /d /c cmd /d /c cmd /d /c cmd /d /c cmd /d /c del "C:\Users\Tqooojhp\AppData\Local\Temp\36328U~1.EXE"
C:\WINDOWS\system32\cmd.exe cmd /d /c cmd /d /c cmd /d /c cmd /d /c del "C:\Users\Tqooojhp\AppData\Local\Temp\Sqlite3.dll"
C:\WINDOWS\system32\cmd.exe cmd /d /c cmd /d /c cmd /d /c cmd /d /c del "C:\Users\Tqooojhp\AppData\Local\Temp\36328U~1.EXE"
C:\WINDOWS\system32\cmd.exe cmd /d /c cmd /d /c cmd /d /c del "C:\Users\Tqooojhp\AppData\Local\Temp\Sqlite3.dll"
C:\WINDOWS\system32\cmd.exe cmd /d /c cmd /d /c cmd /d /c del "C:\Users\Tqooojhp\AppData\Local\Temp\36328U~1.EXE"
C:\WINDOWS\system32\cmd.exe cmd /d /c cmd /d /c del "C:\Users\Tqooojhp\AppData\Local\Temp\Sqlite3.dll"
C:\WINDOWS\system32\cmd.exe cmd /d /c cmd /d /c del "C:\Users\Tqooojhp\AppData\Local\Temp\36328U~1.EXE"

Trending

Most Viewed

Loading...