Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.EN

Trojan.Agent.EN

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 11,928
Threat Level: 80 % (High)
Infected Computers: 27
First Seen: April 28, 2023
Last Seen: February 25, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Agent.EN
Signature status: No Signature

Known Samples

MD5: 1554755ba608ff7392b289f501380f8b
SHA1: 253506db60e5a07d1485da7e715d8be2b11feca5
SHA256: 67E526AA3C419710B2C7768C4E47836CEEDCBC6D28DDD29B7444C541B023D2EA
File Size: 6.58 MB, 6583296 bytes
MD5: 426b753a5274edf4daa1fddecca7195a
SHA1: f48e31c086bee4872ffa70b5c237ad328eee714a
SHA256: EABB0B53CC7C2AE63E07DAF2DDF38B8B418ECECE1122899D65D842B8788EA6B1
File Size: 6.59 MB, 6593024 bytes
MD5: 9837f2c5e1962409d2ead1b2ccdae485
SHA1: ab11247d591c1db7fb9529edfa9807b188dc88b1
SHA256: 9886CB692B5E757534FDE25C97578DB4C6C86AD5A40287DFCA90EDF1B4E5F2C4
File Size: 7.19 MB, 7188480 bytes
MD5: 76eaef7bc90d3946a936c4e972e3e349
SHA1: 5f2410985ee0fb362a01184a3d2cc7b2a20f88e5
SHA256: 4E89072E8156C68C7E386C3B26DE2E31668D64D5107C4E3C162BC72FC9DF95EA
File Size: 1.31 MB, 1309184 bytes
MD5: b5142803f63e09f779ad5205420300f1
SHA1: 2041334ad7290ead68a37fe739958c484a060273
SHA256: 85B79C538B43BFB863A052BB940DECF364006577F878CAF010A4727500C345B7
File Size: 3.16 MB, 3155456 bytes
Show More
MD5: 1de59c3d51ccd8f494f127adfb2b6323
SHA1: 97511bcfcd40f59c660368fdd877cbfd5132c5ca
SHA256: E94E6A5C4B1560C43E6296EF1B7D4ABF7F41F751F4283624E307948A6FEBC623
File Size: 1.87 MB, 1866752 bytes
MD5: 7458d662b137896af329a5fbb8a9d9de
SHA1: cc2a5e82b3a8a5086de8d51a7f4dde4e624a8eb1
SHA256: E2F367EAF1848E727897BA7367DCCBB33AE29CE46BE00965F929843A31029AA7
File Size: 7.29 MB, 7293440 bytes
MD5: 8b60edd394e7266aaf93e0fb91ca0fab
SHA1: e27dd243170128d5d9246133e8d0cf78b15cd163
SHA256: 117D2153F01539C10195F719FDE4D663ED19A617B90FF5F962CA95243D0E2126
File Size: 7.28 MB, 7278592 bytes
MD5: 0d67d5996e711319673cc412fa40737b
SHA1: fc9a551174a8b1f9b8d5517156189cd2998c00b9
SHA256: 797BC0F090163C2FBFDD79126E73DF61429BE8B3946D91F3629D8E94D312AF71
File Size: 7.30 MB, 7299072 bytes
MD5: 00789b951d761a5900273372304a3866
SHA1: 666481efe50e2cbb83e5702df4f93852381a25b1
SHA256: 3DC41660D08D209F7A91F27A1E051C5ECCD0DCE2335EE1AA541D7FBDD8F752DE
File Size: 3.19 MB, 3190272 bytes
MD5: a15794aef482d8a04d34258d94345eae
SHA1: 815a011e4ee74bffaaf13442f73ec6831759c8c1
SHA256: FF9749C8A53A2D63C801E4B1B0CCA5AA026181A9C4AED9F0DF3A0B24DA458C43
File Size: 2.40 MB, 2403840 bytes
MD5: 9acfe2681c57e4246cfcbc45b92aa125
SHA1: 9c9881858a0b01e434deaa4cbea9e3f401fd688b
SHA256: 662EC2E4D11CCC2C1992D97B5BDAADB77637DB7D8CFF37159D9DB941076F5887
File Size: 3.45 MB, 3449344 bytes
MD5: d1364cbb35b46a91288bb6092f5bf47a
SHA1: 2d0fbd037bac8a7388b808e6d435c09257010d1a
SHA256: B248DF1228C722B75209556C38CDB9B73FA4CE2C2508257E5201982F43F8C03A
File Size: 7.06 MB, 7057920 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Ashita - https://www.ashitaxi.com/
File Description Ashita Core Hook
File Version 4.2.0.3
Internal Name Ashita.dll
Legal Copyright Copyright (c) 2023 Ashita Development Team
Original Filename Ashita.dll
Product Name Ashita Core Hook
Product Version 4.2.0.3

File Traits

  • dll
  • fptable
  • HighEntropy
  • imgui
  • No Version Info
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 25,505
Potentially Malicious Blocks: 1,259
Whitelisted Blocks: 19,130
Unknown Blocks: 5,116

Visual Map

? ? ? ? x ? ? ? 0 x x x x ? ? ? ? 1 ? ? x ? ? x ? ? ? ? ? 0 ? ? 0 1 ? x ? ? ? x ? ? x ? ? ? 0 ? ? ? ? ? 1 ? ? x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 ? 0 ? ? ? 0 ? ? 0 0 0 0 ? ? ? ? ? ? 0 0 ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? ? 0 ? 0 0 ? ? ? ? ? ? ? ? x ? 0 0 0 0 0 ? 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 x 0 0 0 0 x 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 ? ? 0 ? ? ? 0 0 0 0 0 0 ? ? ? ? 0 0 0 ? 0 ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 1 0 0 ? 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? 0 0 0 ? 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 ? ? 0 0 ? 0 ? 0 0 ? 0 ? 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 1 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 ? ? 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? x ? 0 0 ? ? ? ? x 0 0 ? ? x 0 ? 0 0 ? ? ? ? ? ? ? ? 0 0 ? ? 0 0 ? ? 0 ? 0 0 0 ? x 0 0 0 0 0 0 0 x 0 0 0 0 ? ? 1 0 0 0 0 ? ? ? ? ? ? 0 ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 ? ? 0 0 0 0 0 ? x x 0 ? x x 0 0 0 0 0 0 0 0 0 0 0 ? x ? x 0 x ? x ? 0 0 0 0 ? 0 ? 0 ? 0 ? 0 0 1 0 0 0 0 0 0 x 0 0 ? 0 ? ? 0 0 0 x 0 0 ? 0 ? ? 0 0 0 1 ? 0 ? 0 0 0 x 0 0 x x 0 0 0 0 0 ? ? ? ? ? ? ? ? ? x 0 0 0 ? ? ? ? ? 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 ? ? 0 ? ? 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 ? ? 0 0 0 0 x ? ? x 0 0 x x 0 0 0 x 0 0 0 x x x x x x 0 0 x x 0 x x 0 0 x x x 0 0 0 x x x 0 0 0 0 0 0 0 0 0 x x x x x 0 0 x 0 x x x 0 x x x x x 0 x x x x 0 x x 0 x x x 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? 0 0 0 1 1 0 0 0 0 ? x 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 ? x 0 ? x 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? 0 0 0 0 0 0 ? ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 ? 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 1 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 1 0 1 ? 1 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 1 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? ? 0 x ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.ZFBJ
  • Agent.ZFKD
  • CsgoInjector.FB
  • Downloader.Agent.BTF
  • Gamehack.GACI
Show More
  • Gamehack.GAII

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name rundll32.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 띈㹜嘙ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 作㻖嘙ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ≶㽋嘙ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 堤㿂嘙ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⮻䀷嘙ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
Show More
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges
Process Manipulation Evasion
  • NtUnmapViewOfSection
User Data Access
  • GetUserObjectInformation
Process Terminate
  • TerminateProcess
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
Network Winhttp
  • WinHttpOpen

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\253506db60e5a07d1485da7e715d8be2b11feca5_0006583296.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f48e31c086bee4872ffa70b5c237ad328eee714a_0006593024.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ab11247d591c1db7fb9529edfa9807b188dc88b1_0007188480.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2041334ad7290ead68a37fe739958c484a060273_0003155456.,LiQMAxHB
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c mkdir "C:\Users\Vhaazbeb\AppData\Roaming\muntedfinger"
Show More
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c mkdir "C:\Users\Vhaazbeb\AppData\Roaming\muntedfinger\CanOfWormholes"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c mkdir "C:\Users\Vhaazbeb\AppData\Roaming\muntedfinger\CanOfWormholes\saves"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c mkdir "C:\Users\Vhaazbeb\AppData\Roaming\muntedfinger\CanOfWormholes\saves\1"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c mkdir "C:\Users\Vhaazbeb\AppData\Roaming\muntedfinger\CanOfWormholes\custom"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cc2a5e82b3a8a5086de8d51a7f4dde4e624a8eb1_0007293440.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e27dd243170128d5d9246133e8d0cf78b15cd163_0007278592.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fc9a551174a8b1f9b8d5517156189cd2998c00b9_0007299072.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\815a011e4ee74bffaaf13442f73ec6831759c8c1_0002403840.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9c9881858a0b01e434deaa4cbea9e3f401fd688b_0003449344.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2d0fbd037bac8a7388b808e6d435c09257010d1a_0007057920.,LiQMAxHB

Related Posts

Trending

Most Viewed

Loading...