Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.KuGou

PUP.KuGou

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.KuGou
Signature status: Self Signed

Known Samples

MD5: 74230d1164ea45457b2dd0ccdd1abe28
SHA1: 8dbe846069a5b819a712a303d47601bf9e41f0b7
File Size: 2.94 MB, 2936016 bytes
MD5: a571272d130615e37a0547ff8a744388
SHA1: 80d475ac592dc0536b29bd1a7028429067e79a0a
File Size: 2.90 MB, 2899504 bytes
MD5: 9855a3076e2df2b34368b5d5152b55a3
SHA1: 9850d03d8db9bd8b8ed8735f8ac2a0db98c3e25e
File Size: 779.72 KB, 779720 bytes
MD5: 8295154973b8bcf47ff73f29d15662c5
SHA1: f89f68636746896f3bb1c75f912f0e46f8b4989b
SHA256: FCDFBE65EDA193B8DC796386025F1ACEB515AF2783859DC76CB05452FDE142E7
File Size: 2.97 MB, 2969136 bytes
MD5: fc3cfc24107732e52f133864b2081321
SHA1: 8601b00fb40b418b37bd03e044f60817abb46f5d
SHA256: 31EB7BDE18A1C2E541F08027366D60A782CCF587F391825E45B82FFEE4690F03
File Size: 230.48 KB, 230480 bytes
Show More
MD5: 505784b11d5ea856c344de694abe093a
SHA1: 1e0d34b8edc06413c425dbdcc4ba388997efbcea
SHA256: 9E8618BC9F3D8BD5767FA944D6F7811F3334F0ACEC4A7E26BF9270D399AA3CC7
File Size: 6.02 MB, 6021312 bytes
MD5: 034ef392ceedcd5479cda665240eb1c9
SHA1: 0c8917ab0ed78b3f7ebaa4551b6e46cf9ab73a12
SHA256: 027BA6C31ADF2352E2300223F3423544A80362F24AFDEB52B0A24176767AC307
File Size: 2.90 MB, 2901120 bytes
MD5: 0d00ee1ba2a28f21c09ca396feb8a31c
SHA1: 4ebb0e84e77fa1624aa294cb9acf2c7fbecc6212
SHA256: 9D19B4E8077BE6BDFB8E10D789E9B97A347177D8D503A850817DA369EF23C899
File Size: 731.28 KB, 731280 bytes
MD5: 23d6e10ce15d369c2c1a5107cc4053a5
SHA1: d2b0cf1a1946017b894514c003dea53231eac6e0
SHA256: E2D2B5AF489F88590C41CAB58BC3A47478632D8F2AA2A395B7B444DFB5308FFD
File Size: 2.90 MB, 2901120 bytes
MD5: 17feeddaee5e4762dca7b08831ea3535
SHA1: b2a24ed4695e228014476fbea873e7cf4f89df3a
SHA256: D75B3D0A6891CAE31F42F7CDCAC495D6FE06F7B37AF94BB1BCFB399A866083E9
File Size: 833.42 KB, 833424 bytes
MD5: f59d0acc9beaf7fa5a8214c497b7817b
SHA1: e217197ad0e9f9c31f6a2d4a3e29f480731c13c4
SHA256: F1A6784B98448680D6E19980DB63FCDD907F55A41AB4A815D1B21AE0371C3302
File Size: 1.12 MB, 1116000 bytes
MD5: 3c964636ecc3c605944cac85f5aa1137
SHA1: 1ffeca3fdd093ec1e059b4f411088ef41bf8c68e
SHA256: E0EE8EA8362702DB4478CF8C4A822303F28FF3EA1E2328D25AB708C2DDB7D5A6
File Size: 2.90 MB, 2901120 bytes
MD5: 2ee0cbfd331f47d84e9579411c7a93f8
SHA1: 8b9d76f563f9d5ebf0a573d291f525cd1d4f1f6e
SHA256: 53690E6EDE06311610FD7E702C7A0CDDB8C7B8E9310ACBDBAA92069DC8746ECF
File Size: 2.90 MB, 2901136 bytes
MD5: c11290f64b04aecef8a550003a49e1ed
SHA1: f860e10151f32c0b1b8ddeada500b4581d0dc118
SHA256: 02284B079212ECCDEAB2156D2485408F21C5B2E8CBF27BBA68F5E2782C5D8015
File Size: 2.94 MB, 2937624 bytes
MD5: 5ff44fe2f58f9a2c1e1fa1ea35d68e52
SHA1: dc2cede8ab6666d6b5ff6929f6e7f5d57942a260
SHA256: AFD1BB5C2DF7F1A5C4DBF56510B0E0291BFEFFEAB63240D6B5AC6679622F0D68
File Size: 6.02 MB, 6021280 bytes
MD5: 2984a45ac44d80fe97b8edfd78bf4e1f
SHA1: 3d099cab1343b086f1387189a04d460cb9a612c3
SHA256: CAD889D1B0BE69D72073F7DDD4374D1978EDE628900B3EE55F6DB7E4849EF2E7
File Size: 818.44 KB, 818440 bytes
MD5: 89b8efc611ad3a6f8ab1eddf86ffedf1
SHA1: 784e942cac9433ea6311823cb39da88f0721c0fa
SHA256: 4D49BCFA75057A086A965F599AF58F6552AD28DE1229B3025D3FDAFDF3BB073F
File Size: 858.06 KB, 858056 bytes
MD5: fe444b4aead8fa95b040aea3d6c20fc4
SHA1: f5ba6728e3359d6ddf862c9cadb9745e81aaa788
SHA256: A949E57B9F3D2FA7D2A5CDDEA36DB8BF9FA9B0A97BCB5B61CE8C0334381167F9
File Size: 76.31 KB, 76312 bytes
MD5: 5e5807ad2f401f9c4ccbc4d9cbf62535
SHA1: f1e797df61668101da1e90b004127774dcaf2eef
SHA256: A7323B223DEFB338B3E6D2494B332E9D4EDD95312B8F903D822E950008A2B36F
File Size: 2.90 MB, 2900968 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File has exports table
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • 酷狗音乐
File Description
  • active_desktop_launcher
  • active_desktop_render
  • 酷狗音乐 Uninstall
  • 酷狗音乐安装包
File Version
  • 20.1.01.27691
  • 20.0.95.27645
  • 20.0.90.27617
  • 20.0.81.27563
  • 20.0.70.27511
  • 20.0.70.27507
  • 20.0.61.27432
  • 20.0.52.27318
  • 20.0.52.27315
  • 20.0.31.27099
Show More
  • 20.0.31.27095
  • 11.0.82.26580
  • 10.2.50.25708
  • 7.6.65.16632
  • 1.0.0.50
  • 1.0.0.43
Internal Name
  • active_desktop_launcher.exe
  • active_desktop_render.dll
Legal Copyright
  • Copyright(C) 2004-2014 KuGou-Inc.All Rights Reserved
  • Copyright 2023 KuGou-Inc.All Rights Reserved
  • 酷狗音乐
Original Filename
  • active_desktop_launcher.exe
  • active_desktop_render.dll
Product Name
  • 11.0.82.26573->11.0.82.26580
  • 20.0.31.27094->20.0.31.27095
  • 20.0.31.27094->20.0.31.27099
  • 20.0.52.27315->20.0.52.27318
  • 20.0.70.27507->20.0.70.27511
  • KuGou
  • 酷狗音乐
Product Version
  • 1.0.0.50
  • 1.0.0.43

Digital Signatures

Signer Root Status
GuangZhou KuGou Computer Technology Co.,Ltd. DigiCert SHA2 Assured ID Code Signing CA Self Signed
Guangzhou Kugou Technology Co., Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Guangzhou Kugou Technology Co., Ltd. DigiCert Trusted Root G4 Root Not Trusted
GuangZhou KuGou Computer Technology Co.,Ltd. Symantec Class 3 SHA256 Code Signing CA Self Signed
Guangzhou KuGou Computer Technology Co., Ltd. VeriSign Class 3 Code Signing 2010 CA Self Signed

File Traits

  • 2+ executable sections
  • Installer Manifest
  • Installer Version
  • Nullsoft Installer
  • SusSec
  • x86

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\000a7733_rar\f89f68636746896f3bb1c75f912f0e46f8b4989b_0002969136 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\000a7733_rar\f89f68636746896f3bb1c75f912f0e46f8b4989b_0002969136 Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\000a786b_rar\un.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\000a786b_rar\un.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\nsbbe45.tmp\border.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\close.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\isx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\kgskin.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nsbbe45.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\openurl.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\progressbar.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\radio0.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\radio1.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\song.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\unbg1.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\unbg2.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\unbg3.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\uncancel.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\uninstall.skn Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\unnext.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\unok.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca748.tmp\apply.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca748.tmp\kugou.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca748.tmp\kugou.dll.patch Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca748.tmp\tp2p.dll.patch Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca748.tmp\util.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\border.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\close.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\isx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\kgskin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\openurl.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\progressbar.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\radio0.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\radio1.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\song.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\unbg1.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\unbg2.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\unbg3.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\uncancel.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\uninstall.skn Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\unnext.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda9b9.tmp\unok.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\border.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\close.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\isx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\kgskin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\openurl.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\progressbar.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\radio0.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\radio1.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\song.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\unbg1.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\unbg2.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\unbg3.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\uncancel.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\uninstall.skn Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\unnext.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg78ac.tmp\unok.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha767.tmp\apply.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha767.tmp\kgplayer.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha767.tmp\kgplayer.dll.patch Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha767.tmp\kugou.dll.patch Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha767.tmp\util.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\border.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\close.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\isx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\kgskin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\openurl.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\progressbar.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\radio0.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\radio1.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\song.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\unbg1.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\unbg2.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\unbg3.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\uncancel.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\uninstall.skn Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\unnext.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk4aa2.tmp\unok.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbcfd.tmp\apply.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbcfd.tmp\dsp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbcfd.tmp\dsp.dll.patch Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbcfd.tmp\kugou.dll.patch Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbcfd.tmp\util.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\border.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\close.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\isx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\kgskin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\openurl.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\progressbar.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\radio0.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\radio1.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\song.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\unbg1.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\unbg2.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\unbg3.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\uncancel.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\uninstall.skn Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\unnext.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn53bf.tmp\unok.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\border.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\close.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\isx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\kgskin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\openurl.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\progressbar.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\radio0.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\radio1.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\song.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\unbg1.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\unbg2.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\unbg3.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\uncancel.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\uninstall.skn Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\unnext.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp5861.tmp\unok.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\close.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\isx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\nsui.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\progressbar.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\shadow.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\unbg1.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\unbg2.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\uncancel.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\unload.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\unnext.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\unok.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\unradiobtn.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\up.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3e5e.tmp\upradiobtn.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\border.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\close.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\isx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\kgskin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\openurl.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\progressbar.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\radio0.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\radio1.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\song.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\svg.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\unbg1.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\unbg2.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\unbg3.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\uncancel.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\uninstall.skn Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\unnext.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssb942.tmp\unok.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\border.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\close.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\isx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\kgskin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\openurl.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\progressbar.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\radio0.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\radio1.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\song.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\unbg1.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\unbg2.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\unbg3.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\uncancel.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\uninstall.skn Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\unnext.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssc042.tmp\unok.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst54c9.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nst54c9.tmp\apply.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst54c9.tmp\apply.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nst54c9.tmp\kugou.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst54c9.tmp\kugou.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nst54c9.tmp\kugou.dll.patch Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst54c9.tmp\kugou.dll.patch Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nst54c9.tmp\util.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst54c9.tmp\util.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsv622f.tmp\border.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv622f.tmp\close.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv622f.tmp\isx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv622f.tmp\kgskin.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv622f.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv622f.tmp\openurl.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv622f.tmp\progressbar.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv622f.tmp\radio0.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv622f.tmp\radio1.png Generic Write,Read Attributes

62 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Rvbyfodh\AppData\Local\Temp\~nsu1.tmp RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Rvbyfodh\AppData\Local\Temp\~nsu1.tmp\??\C:\Users\Rvbyfodh\AppData\Local\Temp\~nsu1.tmp\Un.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Ihgftzpd\AppData\Local\Temp\~nsu1.tmp RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Ihgftzpd\AppData\Local\Temp\~nsu1.tmp\??\C:\Users\Ihgftzpd\AppData\Local\Temp\~nsu1.tmp\Un.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Kykabbqj\AppData\Local\Temp\nst54C9.tmp\apply.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Kykabbqj\AppData\Local\Temp\nst54C9.tmp\apply.exe\??\C:\Users\Kykabbqj\AppData\Local\Temp\nst54C9.tmp\kugou.dll.p RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317 ˆ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 ċ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://althawry.org/images/xs.jpghttp://www.careerdesk.org/im RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 ᅕ쒧 RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Ptogdlqd\AppData\Local\Temp\~nsu1.tmp RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Ptogdlqd\AppData\Local\Temp\~nsu1.tmp\??\C:\Users\Ptogdlqd\AppData\Local\Temp\~nsu1.tmp\Un.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Bipwajdu\AppData\Local\Temp\~nsu.tmp\Au_.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Bipwajdu\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Bipwajdu\AppData\Local\Temp\~nsu.tmp RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Kilbuwid\AppData\Local\Temp\~nsu1.tmp RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Kilbuwid\AppData\Local\Temp\~nsu1.tmp\??\C:\Users\Kilbuwid\AppData\Local\Temp\~nsu1.tmp\Un.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Ergseyrh\AppData\Local\Temp\~nsu.tmp\Au_.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Ergseyrh\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Ergseyrh\AppData\Local\Temp\~nsu.tmp RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9\??\C:\Windows\SystemTemp\b1a39cca-eadf-4949-a384-a0ef6a3b3fd2.tmp\ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 対擎瓂ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 쭂曦瓂ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 팀㋩琼ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 毧㓪琼ǜ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ϻꙠǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ﯓ錥ꍦǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ഢ锝ꍦǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ZwMapViewOfSection
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo
  • win32u.dll!NtGdiGetTextFaceW
  • win32u.dll!NtGdiGetTextMetricsW
  • win32u.dll!NtGdiGetWidthTable
  • win32u.dll!NtGdiHfontCreate
  • win32u.dll!NtGdiIntersectClipRect
  • win32u.dll!NtGdiQueryFontAssocInfo
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetLayout

61 additional items are not displayed above.

Shell Command Execution

"C:\Users\Rvbyfodh\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=c:\users\user\downloads\
"C:\Users\Ihgftzpd\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=c:\users\user\downloads\
"C:\Users\Kykabbqj\AppData\Local\Temp\nst54C9.tmp\apply.exe" "\20.0.31.27094\kugou.dll" "C:\Users\Kykabbqj\AppData\Local\Temp\nst54C9.tmp\kugou.dll.patch" "C:\Users\Kykabbqj\AppData\Local\Temp\nst54C9.tmp\kugou.dll"
"C:\Users\Ptogdlqd\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=c:\users\user\downloads\
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8601b00fb40b418b37bd03e044f60817abb46f5d_0000230480.,LiQMAxHB
Show More
"C:\Users\Bipwajdu\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\
"C:\Users\Kilbuwid\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=c:\users\user\downloads\
"C:\Users\Ergseyrh\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\
"C:\Users\Arcdklcb\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=c:\users\user\downloads\
"C:\Users\Dvztbtwy\AppData\Local\Temp\nslBCFD.tmp\apply.exe" "\20.0.31.27094\dsp.dll" "C:\Users\Dvztbtwy\AppData\Local\Temp\nslBCFD.tmp\dsp.dll.patch" "C:\Users\Dvztbtwy\AppData\Local\Temp\nslBCFD.tmp\dsp.dll"
"C:\Users\Dvztbtwy\AppData\Local\Temp\nslBCFD.tmp\apply.exe" "\20.0.31.27094\kugou.dll" "C:\Users\Dvztbtwy\AppData\Local\Temp\nslBCFD.tmp\kugou.dll.patch" "C:\Users\Dvztbtwy\AppData\Local\Temp\nslBCFD.tmp\kugou.dll"
"C:\Users\Tjetszxl\AppData\Local\Temp\nshA767.tmp\apply.exe" "\11.0.82.26573\kgplayer.dll" "C:\Users\Tjetszxl\AppData\Local\Temp\nshA767.tmp\kgplayer.dll.patch" "C:\Users\Tjetszxl\AppData\Local\Temp\nshA767.tmp\kgplayer.dll"
"C:\Users\Tjetszxl\AppData\Local\Temp\nshA767.tmp\apply.exe" "\11.0.82.26573\kugou.dll" "C:\Users\Tjetszxl\AppData\Local\Temp\nshA767.tmp\kugou.dll.patch" "C:\Users\Tjetszxl\AppData\Local\Temp\nshA767.tmp\kugou.dll"
"C:\Users\Upiygysp\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=c:\users\user\downloads\
"C:\Users\Aohtsdaq\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=c:\users\user\downloads\
"C:\Users\Fzpbznpn\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=c:\users\user\downloads\
"C:\Users\Tmbziytf\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\
"C:\Users\Iobrwygb\AppData\Local\Temp\nsvBD89.tmp\apply.exe" "\20.0.70.27507\kugou.dll" "C:\Users\Iobrwygb\AppData\Local\Temp\nsvBD89.tmp\kugou.dll.patch" "C:\Users\Iobrwygb\AppData\Local\Temp\nsvBD89.tmp\kugou.dll"
"C:\Users\Hkiveebi\AppData\Local\Temp\nscA748.tmp\apply.exe" "\20.0.52.27315\kugou.dll" "C:\Users\Hkiveebi\AppData\Local\Temp\nscA748.tmp\kugou.dll.patch" "C:\Users\Hkiveebi\AppData\Local\Temp\nscA748.tmp\kugou.dll"
"C:\Users\Hkiveebi\AppData\Local\Temp\nscA748.tmp\apply.exe" "\20.0.52.27315\tp2p.dll" "C:\Users\Hkiveebi\AppData\Local\Temp\nscA748.tmp\tp2p.dll.patch" "C:\Users\Hkiveebi\AppData\Local\Temp\nscA748.tmp\tp2p.dll"
"C:\Users\Prqtferp\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=c:\users\user\downloads\

Related Posts

Trending

Most Viewed

Loading...