Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Farfli.KB

Trojan.Farfli.KB

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 2,281
Threat Level: 80 % (High)
Infected Computers: 539
First Seen: June 17, 2021
Last Seen: April 15, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Farfli.KB
Signature status: No Signature

Known Samples

MD5: d93549d43335c8f7d2faacd4e4195f71
SHA1: 16c6c08b60a1462df30d56634dcbbc0f4d1129fd
SHA256: 16EC3C2BA9B20D5C5CC1FB33ADAE2737A264D228B25E0FC4FFAC05644F7E60E5
File Size: 2.90 MB, 2903040 bytes
MD5: 9c8544e86669d28dda0a9f5a179685ed
SHA1: f085edcf75a012008bd9ebca479fca6064097835
SHA256: 1392D2D77EEE9DD61A5A193293AA26A71FC8F5E7E21F28F37CACD23A84E91E7B
File Size: 3.27 MB, 3270848 bytes
MD5: 677d7de6a4917233a49d6b9d5f9571bc
SHA1: ac90a705903cd195ed8e10c7249cff2dcaa26271
SHA256: 80733E33A2E9770CBAE46AB20081FB371A54C95E09D448070053D657CB76187D
File Size: 3.27 MB, 3271392 bytes
MD5: 6c258ede51ca851d7474b13d72c3b5a9
SHA1: 13218c48fa4d6a7a5d6f6aa889ca7e8202c580b2
SHA256: D18233940E7F17A19FAD4FC9E3A655FDE25562E88AA55616AE6C0458E05E9463
File Size: 2.93 MB, 2929152 bytes
MD5: 52d9a7790512ed38ef69b498c8b75999
SHA1: 57f269d8caba2da1c7f5e94ae861cda0ee639de5
SHA256: FFC78DE86BB8A7197E8452B6CEB7BFDB3661529D15AB9985971ABEB078A36F51
File Size: 931.84 KB, 931840 bytes
Show More
MD5: eb9af86e9a93187446cb5ef20e584c97
SHA1: 354d8074c779b98e069ef799c0f6ad64d1db3372
SHA256: ABF6EB9944ECC2B2BBF917E8EB1D2808A0B2039012FE9FCA2E258A0EE44348B4
File Size: 3.56 MB, 3556864 bytes
MD5: 4c79adf4985b0eed816b2e50c492ceb9
SHA1: 043431f5763437d46e5be6ca2c89541e33194a08
SHA256: 781345A557D69E924E1007CFEDE159345BBB599B3A8728BFEA2F21D97DBE7840
File Size: 2.90 MB, 2903040 bytes
MD5: 7673ce5cf2caf383ceff51d68cfd6c56
SHA1: d09be1ab49b8b845ba5179a24a87f03fb4a61e94
SHA256: 6F54E4939DC191A41B81A52D73B157E55D42531CF0E5A234F1AF1AF1BC67BB82
File Size: 2.97 MB, 2969088 bytes
MD5: 862a549a273f8651b9fd24dbc1b58856
SHA1: e1c553b4500a34a085d499554ac7bb91f47a5c9b
SHA256: 5BFF95F95F1656E0635EB1C2FBB47041048741427E8CCEC36CA01294B6A5C3BB
File Size: 1.83 MB, 1826304 bytes
MD5: fbc2bad053e616dc9a35a65b8e8aa15d
SHA1: 38293f6c1d5f845fc846979e152e0b2619360da2
SHA256: 1441492770212A5FBF330E48A3EACB918E2E523F436E1C7D7320F44657C49163
File Size: 2.66 MB, 2663472 bytes
MD5: a4c0265147850c2ef6c99798373314c1
SHA1: a0504d91bd6df5b49d1892e63a002afde6fedfd0
SHA256: 7742267427E53623E5D8544E1D6F9DBC8877C875B645AD6B4B781EAA1006518A
File Size: 3.23 MB, 3225600 bytes
MD5: 59566fb43eefcff1b97022463e712add
SHA1: 5b52ae83ce955d96c1e06fef4fe703d27fbac527
SHA256: F7F0BC515007ADF0A4AED1933F0B00C0E03250D99AE87D05EF0324D93A82E24B
File Size: 2.90 MB, 2903040 bytes
MD5: 0aa9a133eed89e9f4e3d7c4c85ec5c16
SHA1: cbba42223e2c49e5c7deb0eb8ad4fc32cf07f6ff
SHA256: BCAE52A91168D640B2DF799FD14C12CB0096DEA423A6D9CA3A22547797FA65DC
File Size: 4.36 MB, 4360192 bytes
MD5: 42e63ac5dc385723c7d1d415d70e8c8d
SHA1: d2df8b2703ea95b7b607bab36ada68c6d2fae8a8
SHA256: 95A3F9260E4D46DA03F46749649BB0267B321F65AF83A85A5DA3CC9C681908A5
File Size: 2.90 MB, 2900992 bytes
MD5: 818f26dbf39b2d869eb2333eb0fb9ee3
SHA1: c43ff769f0c5dc83c1bd6f376ca1e8eeab7e9609
SHA256: A22E076F96C2B9A06B5C4F94F8ED21EF03DD8388743B93C5A83717C621F74CC0
File Size: 2.65 MB, 2647552 bytes
MD5: a2b9ae8f0ccd124d66567e5546f7dcf0
SHA1: d51aa625c5441e3f0ca53024a562e4eec577c784
SHA256: 0DA24EDE90A745D70B825C906020F05937825699673F77171101551AC933B163
File Size: 4.80 MB, 4803072 bytes
MD5: 54b0353f6f1f5940f0289b4a0f47e470
SHA1: 661ffe4084390d12267b1485b42f4b16e2a39743
SHA256: 804B475D87374EB149DA9756A1E9AEFBEA4AC21A632E137AA5A2B2CFDE35A3B3
File Size: 2.90 MB, 2901504 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • Comarch SmartCard Cryptographic Services Provider
  • Diese Bibliothek dient dem suchen von Festo CPX-CEC Steuerungen unter CoDeSys.
  • This library is needed to search for Festo CPX-CEC PLCs with CoDeSys.
Company Name
  • ComArch
  • Festo AG & Co. KG
  • GE Intelligent Platforms, Inc.
  • Lost Saga Exotic
  • MaxLim
  • SIEMENS AG
  • TODO: <公司名>
File Description
  • Burn_Card_Maker @amlogic.inc
  • Comarch SmartCard Cryptographic Services Provider dynamic load library
  • Compare PDF plugin is used to compare the difference between files.
  • Downloads
  • fxVersaPro GE Trace Library
  • GetFSN_IMEI DLL
  • LSWebBroker.exe
  • NetConfig Dynamic Link Library
  • Radio Player
  • Setup Application
File Version
  • 501.0.0.1
  • 8.50 (Build 6506)
  • 1.8.0.1
  • 1.2.1.0
  • 1.0.4
  • 1.0.1.211
  • 1.0.1.12
  • 1.0.0.1126
  • 1.0.0.2
  • 1.0.0.1
Show More
  • 1, 9, 1, 6
Internal Name
  • Burn_Card_Maker
  • cacsp
  • Compare plugin
  • Downloads.exe
  • fxVersaPro GE Trace Library
  • GetFSN_IMEI
  • LSWebBroker.exe
  • NetConfig
  • Radio Player.exe
  • Setup Application
Legal Copyright
  • Copyright (C) 2009 Festo AG & Co. KG
  • Copyright (C) 2013
  • Copyright © 2004-2013, Comarch S.A.
  • Copyright © 2006-2016 SIEMENS AG
  • Copyright © 2012-2014 Foxit Software Inc. All Rights Reserved.
  • Copyright © 2012-2016 Foxit Software Inc. All Rights Reserved.
  • Lost Saga Exotic. All rights reserved.
  • MaxLim
  • MEIG Smart 版权所有 (C) 2021
  • TODO: (C) <公司名>。保留所有权利。
Show More
  • © 2014, GE Intelligent Platforms, Inc.
Original Filename
  • Burn_Card_Maker.EXE
  • cacsp.dll
  • Compare plugin
  • Downloads.exe
  • GetFSN_IMEI.DLL
  • GETrace.DLL
  • LSWebBroker.exe
  • NetConfigCEC.dll
  • Radio Player.exe
  • Setup.exe
Product Date 2016-10-28
Product Name
  • Burn_Card_Maker tool
  • Comarch SmartCard CSP
  • Compare plugin
  • GetFSN_IMEI Dynamic Link Library
  • LostSaga Web Broker
  • NetConfig Dynamic Link Library
  • Proficy Machine Edition
  • Radio Player
  • Setup
  • TODO: <产品名>
Product Version
  • NetConfigCEC 1.0.4
  • 501.0.0.1
  • 8.50 (Build 6506)
  • 1.8.0.1
  • 1.2.1.0
  • 1.0.1.211
  • 1.0.1.12
  • 1.0.0.1126
  • 1.0.0.2
  • 1.0.0.1
Show More
  • 1, 9, 1, 6

Digital Signatures

Signer Root Status
Foxit Software Incorporated DigiCert EV Code Signing CA (SHA2) Self Signed
Foxit Software Incorporated Starfield Root Certificate Authority - G2 Root Not Trusted
Siemens AG VeriSign Class 3 Public Primary Certification Authority - G5 Hash Mismatch

File Traits

  • Default Version Info
  • dll
  • HighEntropy
  • imgui
  • Installer Version
  • packed
  • x86

Block Information

Total Blocks: 10,891
Potentially Malicious Blocks: 8
Whitelisted Blocks: 10,844
Unknown Blocks: 39

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 x ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? ? ? x 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 ? 0 ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.DJB
  • Agent.TRB
  • Agent.TRC
  • Debris.F
  • Downloader.Agent.XD
Show More
  • Downloader.Agent.XE
  • Farfli.KB
  • KillMBR.BD
  • Kryptik.FAXC
  • Mulinex.C
  • Ursnif.AD
  • Ursnif.XB

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\16c6c08b60a1462df30d56634dcbbc0f4d1129fd_0002903040.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f085edcf75a012008bd9ebca479fca6064097835_0003270848.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ac90a705903cd195ed8e10c7249cff2dcaa26271_0003271392.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\13218c48fa4d6a7a5d6f6aa889ca7e8202c580b2_0002929152.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\354d8074c779b98e069ef799c0f6ad64d1db3372_0003556864.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\043431f5763437d46e5be6ca2c89541e33194a08_0002903040.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d09be1ab49b8b845ba5179a24a87f03fb4a61e94_0002969088.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5b52ae83ce955d96c1e06fef4fe703d27fbac527_0002903040.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d2df8b2703ea95b7b607bab36ada68c6d2fae8a8_0002900992.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d51aa625c5441e3f0ca53024a562e4eec577c784_0004803072.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\661ffe4084390d12267b1485b42f4b16e2a39743_0002901504.,LiQMAxHB

Trending

Most Viewed

Loading...