Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Patcher.C

Trojan.Patcher.C

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 424
Threat Level: 90 % (High)
Infected Computers: 94,292
First Seen: July 24, 2009
Last Seen: February 6, 2026
OS(es) Affected: Windows

Aliases

5 security vendors flagged this file as malicious.

Antivirus Vendor Detection
Symantec Trojan.Kibik!inf
Panda W32/PatchLog.P
Microsoft Trojan:Win32/Patched.J
eTrust-Vet Win32/Eldycow.P
AntiVir HEUR/Malware

SpyHunter Detects & Remove Trojan.Patcher.C

File System Details

Trojan.Patcher.C may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. ntiMUI.exe 184153149155ba5fda1284b66c9e6f30 0

Analysis Report

General information

Family Name: Trojan.Patcher.C
Signature status: No Signature

Known Samples

MD5: 07dddaf543a58590143cb402eb782d4f
SHA1: b9e5c797dafdc4c2a18c5dd570d826ec526d9bb8
File Size: 212.48 KB, 212480 bytes
MD5: 549ea60394e29511bce76984faf39402
SHA1: 8107d9d52387f47e445498a4daba438b536756df
File Size: 161.28 KB, 161280 bytes
MD5: 0ce60ddf9b7db5433df1ddd0f816c203
SHA1: d4574349561413710f273c7e90b0ce763cfee93b
File Size: 861.18 KB, 861184 bytes
MD5: 3bcead036ca0bab5304a4b1080231e7d
SHA1: 212f5c1954b33bfcf66924bf05a0ef1d312618cd
File Size: 65.54 KB, 65536 bytes
MD5: 2b5b7b039952d7e4d9f2b0f62ec43470
SHA1: effc3e2ce306d27dc6da5380f1932b16d977b3dd
File Size: 74.24 KB, 74240 bytes
Show More
MD5: 8ee2620ef3622c0240aa11ef46517740
SHA1: fb6a7b00001f5195ca31490657a017c1394cd38b
File Size: 432.35 KB, 432347 bytes
MD5: 1266f9a6f03ef969566f4947ed7c4247
SHA1: 96e4dce8427f159008ed00b186405654eb0a1bff
File Size: 161.79 KB, 161792 bytes
MD5: 397c5a02f3befefc4b68db61084cf493
SHA1: 17f82fb016fb318a04e9c29b5260bc4f0a06179b
File Size: 161.28 KB, 161280 bytes
MD5: bf7428f3cba3d45e6e50c19faa37b248
SHA1: 796f2cd8731fcf208d3d2d8af5795df8d1cbca35
File Size: 20.48 KB, 20480 bytes
MD5: bbca11dfeb176f8beb5e2d7184ae491d
SHA1: cb99accb3baec7abff887fe5791811168694dda2
File Size: 9.95 MB, 9954080 bytes
MD5: 76f691b0e715d2a43656e8411046bb9f
SHA1: 30d237f874d4b1b964daada00463b8523b52fe6e
SHA256: 12ECABC48F5C319C1F81248B18875F78AD272D8CCA4CD13E21D6C58699A6958A
File Size: 1.48 MB, 1482752 bytes
MD5: 5a8bf1048f659294d534e59e24b43b7b
SHA1: 1ee1e552155639fc90f4e161fc37d22d435e6750
SHA256: 55CA880FE45EE2D6946DA62582EEA6FBAFEEA7C83B9183BD95AB8EB73C6952A8
File Size: 77.31 KB, 77312 bytes
MD5: 7eb2d61da0a25c5e429f34fb178ed87f
SHA1: 1c673ae4f52bc0c31c58cbe1cb2e13934ffb2ebd
SHA256: 55C20EA2BACA955A94635AFBDDE916559CF55AA49F95BEC623DD50871A8B0F07
File Size: 524.29 KB, 524288 bytes
MD5: 6ccd6546e74073388b08087b023a0126
SHA1: cbc41648717effa61cf4394bb391530cfba1fb40
SHA256: 7DA8D6B3697B3132D3C692C93AD178BC396FB6FF46E6A7423D701C38F2EB9BB2
File Size: 212.48 KB, 212480 bytes
MD5: c66ec416da3985809c1e34e015d2e7a2
SHA1: 4257e3f743d557a6854dbf3375d436d6b44874fe
SHA256: 9AD038A834360CFBBFB9F26EC3E07F42B4137352D03F011201DC5C00358AF1BC
File Size: 571.90 KB, 571904 bytes
MD5: 377243deac39f456cee5b1e697f7220a
SHA1: da725bd576eb8c0ea57f77a6e8f456f7e162229e
SHA256: A0D8FB2BDFDD4879CA9719563D25772D8BC662FA4519035E5DB751C59006F421
File Size: 67.58 KB, 67584 bytes
MD5: 6f6dbbdcc636cbcf1f6f17e3ec117bed
SHA1: 3f3ffb4af8a7b90d6e8ff0d0612b27b6bb3a9d27
SHA256: 08F6AEA212D32CE6387A8A10927B588FD2AFA96B0E69ADACEE3DE5EFA425EE32
File Size: 211.46 KB, 211456 bytes
MD5: a47e21db5b46cdaa04f2af931c649c21
SHA1: e2e48cd957578abac618a3239c3f4b452388653d
SHA256: 44F2BC40A3A37D969B5235B61041F217021859D84E41225E9ADAF545C7444CFC
File Size: 13.31 KB, 13312 bytes
MD5: 0f78d292f975618bd4b7723aaca36c85
SHA1: 2804d1c87cae953714bf29f0c8aef861afbc8add
SHA256: B791176F0DFFDF3AD020D661A6C0F7D3958075FD9057C2DEC94588DEE3BFD5E4
File Size: 515.58 KB, 515584 bytes
MD5: e8ebb4d228260488c1b5bc525f9f152a
SHA1: 43b14a317f6f5d9c88f4ae0c6a519e1b13b5e8f6
SHA256: 1C1D5F028E6759F8BBA750A94C963C3BF51BFDD2F6462CA496B54231E46B705F
File Size: 62.98 KB, 62976 bytes
MD5: cf8fd2b95c573b11935d7df691feed4e
SHA1: 5f28fa6aeb2c1991c4c7233dfc781df083782a72
SHA256: C444ACE8C022C2F607F8CD862BF9DCD49CBA5524226B2C8F3C2FF3BB83E7D6FE
File Size: 169.98 KB, 169984 bytes
MD5: add9f186e7f740b7f6d2796d4a4d39d0
SHA1: 2dd1596444ba5bc347de570e61b6ef125ad7fecb
SHA256: EF118F8543E6A7901E928A8722B4ABE71112FAA35D0C557B40991DB28191DEF2
File Size: 343.99 KB, 343991 bytes
MD5: e6e861f4d5ce002d795db1028fd601cb
SHA1: ee382deea3917fc2f17f1b0df5907ad176d01197
SHA256: 4740E2D727CC728AE08031228857047EDF192BB8953D4339D9BFE63616AB3230
File Size: 492.54 KB, 492544 bytes
MD5: 94fea3707816d1ceebdeb025a262d8ef
SHA1: d19ba3c6a36d7acf286102c9cc436236b49db8a5
SHA256: 538245B80D23A1399DBA980E115A7D0A99291D201724B6643FD0BB45099C6EC1
File Size: 155.30 KB, 155299 bytes
MD5: c4ca7bebd415741be2f311192cc8274e
SHA1: 34bf114b6416be81481a6a4a09614e6084c99788
SHA256: 5DF34C8CC4CC6ECAF4DABA2D233862390DD17BD1726FB9C05112A3C05927C939
File Size: 80.90 KB, 80896 bytes
MD5: d35920e9e42d4833e62868c5b8b518f0
SHA1: ea3edae37c44838cfa653839de477eb87d96d8d5
SHA256: ECC05AC1FA715231BE526C138DF4464187A8BDB5926303EE9B0FD2512449BE72
File Size: 344.03 KB, 344033 bytes
MD5: ba7e1ee37140c04343ad372826663256
SHA1: 7530a35cced4125ecfa447c49b440452f832a675
SHA256: F71009F3CEE351B5B4C2ED19ECD0C6EE8A79FD4D9E26C7AA52826EDE3675C052
File Size: 899.47 KB, 899466 bytes
MD5: 106d746a8d7c29204bc84a08527f26d3
SHA1: fa031f8537de35afced07b0cfd150174a7a1e331
SHA256: 89133EF8945346EAC934DB694486320E67C39A41E87BE165A0C3DD6B6F182A5A
File Size: 616.13 KB, 616129 bytes
MD5: 860615d7d4f976f27d5ac5525f723fa2
SHA1: 245af545ef77df646066f73ba68d498af6ff8be8
SHA256: C8D3987B7BE92A92B22237F8C6A9F7A5E382804DE38988601BF865E6165C263E
File Size: 75.26 KB, 75264 bytes
MD5: e7cd65ecbf5647bd57ad9018c9c05e3d
SHA1: 7fb60006981772e4349c465e2767499ab32bf994
SHA256: 6B454C70AC7FEEE39C65CAC3529217F32BBEE930B3ACC6BA1B61A04831DCC0E2
File Size: 210.94 KB, 210944 bytes
MD5: 7a6cd290c40fe2f8651076fad7b59af0
SHA1: d622425d70d19b2a61c4ee01562c61f57277b973
SHA256: E8CD008DC56888555136F8B26090124B5D3FF1D7EEC4BAD026F12F6E245F5D37
File Size: 355.33 KB, 355328 bytes
MD5: 40a9abbfefc766d2b825438b5e8c95d5
SHA1: 9f7f811e9281bb6be18eab2f3e188b22f114d67e
SHA256: 8B3DD92A05E5EB402A7EE077789D521646DC4AD73909CE497EE0A2246E1C6A56
File Size: 2.50 MB, 2497797 bytes
MD5: c6781720b331fa181b7ab81a726ec59f
SHA1: c279f94c76d32498c4182db614fc0ea4b15eb817
SHA256: 6577D776260E748F3451F099B94704DBC55AA75F10583E3E7B34592C0748AF02
File Size: 76.29 KB, 76288 bytes
MD5: 0aea96f88863bd46fd0f23693ab9c3e4
SHA1: 3aa3d4a6f1b43c4187917aa1f815c276311fcb1d
SHA256: A509E837714E7726C489BA4F3EDD8F6D9208C2A484032E4E634BBCBE21C30CB5
File Size: 468.99 KB, 468992 bytes
MD5: 4c91e40ca14c001dd8260b57837e0e98
SHA1: 7a5763861f5189085af53a70dbe5d638b35cb370
SHA256: D83D9DB56F86DA894DDA6ABBA348DA93BB7F13E91EC2060DD338DF38F63CD70D
File Size: 62.98 KB, 62976 bytes
MD5: f8f2a42b360dc4c938245184004313fe
SHA1: 3e6d92d2198cb9cd35cbbf5074d5f4e1c79adaa4
SHA256: FD1EA55F33AA684DBEB00993E2500A29C0EA118061C12A751E3D2898B04CC57E
File Size: 603.09 KB, 603093 bytes
MD5: 8368d3115fa6a2b2c6f3ed84da694c5e
SHA1: 24b8eea09577126de33efc4a21d9dca20c2921b1
SHA256: 02535010FAEE4BF242BA632E0F494EE497A8AD46BC9EFF6D23DCE05B490259AE
File Size: 73.22 KB, 73216 bytes
MD5: 245e9aa017d5ccaba8b6ea4f296796ab
SHA1: 64186f826c0b07e856410dedb344879a327835ed
SHA256: FBBAD10D6D632DF59AEC91B33BC83940A84D7C968A7A2D35FE1ADB476C8736A3
File Size: 325.63 KB, 325632 bytes
MD5: e32230c446df528797a1f5e91cf4b545
SHA1: ce65f04219ae2f7c5404fbbd66921487fac65116
SHA256: 94C8EDB19304F127B81A8153CEB0FDC7520EE90BB488F6E17714E4D6C3726934
File Size: 464.38 KB, 464384 bytes
MD5: 164f854e4f4233f23fd8fbe0c538c9a0
SHA1: 62312df2653327fe658d8583025aad190e0595c1
SHA256: 6CB22FB410DED13C0F4D7313B0A52B924428C8AE31139F3B21F4F561229F83AD
File Size: 404.98 KB, 404982 bytes
MD5: f4d6ad59ec42d7247dee9b96aede77ca
SHA1: 9bf0523f7e2736b642f5b41259d3cc957ae1a427
SHA256: 95561C06955DB653E2D9B28A28C9A746EDCA4590BEDE6BA8B3E19E84CC66A90C
File Size: 1.06 MB, 1062400 bytes
MD5: ef42a5d96e632b6999689911301b11bb
SHA1: a3123d9f0ad02b4957bf65e1e5723633aff470e5
SHA256: B6BF79B871776BE9B5AE4CC5C304ECFD14C09B1477305BC411303735C9609A36
File Size: 818.74 KB, 818742 bytes
MD5: 539a2542601327aea4dedffcc1519a02
SHA1: 7643a751fb4e046e018e68c0976fb05ddb8142d5
SHA256: 09A1712DAC25B088386D946246D7B4A929B21407377A41E4489EC6A883049968
File Size: 64.00 KB, 64000 bytes
MD5: 8ba5790a66bc2ea254b56e591bdb23ad
SHA1: c03bc8ddf738c87ddd43307ac8c400d261c2c68e
SHA256: 92589CC7685F8CE70F784F2A404E252D121268AF4CA8757DCD74A540A48376A8
File Size: 274.94 KB, 274944 bytes
MD5: a3e25e9cf1e334c297575c8d879edec0
SHA1: 89a2306b36e1d9e40aefc50f6f104592ad3cd983
SHA256: B600D0FA0DB5FB22D3C68B01C945ED3B1AE4D9024C09EFA7FB026605EFBE69AA
File Size: 546.30 KB, 546304 bytes
MD5: 3d424ebd33942a45686421fc76af5b51
SHA1: c7b809ee45d96c5aa0f67d33893f2cb3abc960b7
SHA256: 569ABD1F31656EAE2FAA4BA306D4222E7EB7264A46E91790BC761784FC94A8FE
File Size: 63.49 KB, 63488 bytes
MD5: c867423f4f2df1f323a0be72b92d5c0d
SHA1: 0d4c1fd72a32f6ae395083829e054779815b25d1
SHA256: 76290F68EC5F2377FE3ABF7BCD2ED02897C288B768FD24B233ADE02E40837112
File Size: 64.51 KB, 64512 bytes
MD5: 0885bf5c777e2d361c9d5bb071e658a5
SHA1: 9d8d4d99b8b893c3ef07dfddbc7b24a9b934d3cd
SHA256: 442AACB153447BA2C2CE39C4FB0DE1DD7CA74028B807A9475034BEF69367038D
File Size: 154.11 KB, 154112 bytes
MD5: 5c5c1df81331357813b298d0d67bc713
SHA1: 07c6d7565d77d89bfdbf35cacaafe9fa6c853e81
SHA256: D154652FBEF28C6CC5008E7DF7050B6D763D6776344FF0A3BC76CE9BE900FA2A
File Size: 3.02 MB, 3015424 bytes
MD5: f54f3d623cc75661633d33873d9f0b93
SHA1: 421d9d92dc63c61be717c847841d8a27b1f08a27
SHA256: 7F8D86DC7938674FAB4D56DBD01BE9EFC647303A127A17CCB7BD8BA2E6360DE2
File Size: 62.98 KB, 62976 bytes
MD5: 2961fc5b7d33833baba1e71fb159fba5
SHA1: e6f4302c6edd5889a19889c20c2bc2db36e2f352
SHA256: CE2DD6DE559D5D2BC464C9B1D23DFB8C03C603C4274EFB78ADC037C6A2AF360A
File Size: 733.70 KB, 733696 bytes
MD5: e414e7d87391b9627410f705054bca47
SHA1: 683de6a67edd7fcce11f36dbc927f3d824526e82
SHA256: 5B96EFC8A44F20EDC3193D0E715C03A138A804197CA8CB5AC128C9789D4F20F2
File Size: 2.19 MB, 2187435 bytes
MD5: f20860383f538104a2f3e94da113a91d
SHA1: f5a56aae84c635d2b02587673450ef896da3909d
SHA256: A3DCDE85B84256E3BFE5593EFCDBE29676022C27C14C4CC8DDA6BBB76BB8578B
File Size: 5.05 MB, 5049344 bytes
MD5: 9a73ff99ff6bfea74cbc7c493a106bd9
SHA1: 3a008c2e09b10e668553bd6914d83c7620d7a8b8
SHA256: 1315C330C65842A3A2D06C6AEB59E167B7D0C646E7193150A66E2477F87F40C1
File Size: 459.30 KB, 459300 bytes
MD5: 2f960a404ced5b0436c3ec15eb3cd9eb
SHA1: 25ac24fa960ff1e26abbc69649180e33e1aa3e7b
SHA256: 1340F629D6DAC97F16E221BF8B855AACE0769D11FD23503C2CA3EF94F94E9FED
File Size: 756.74 KB, 756736 bytes
MD5: b449d63a52c0863657396e55fdfea6a4
SHA1: 7e62043be710980c001e6833817e1579e8acac86
SHA256: 842AB5905FB5F006F0E46EE9C25A8A25A19EBA253994D9877E574E58AE8081F5
File Size: 2.25 MB, 2248192 bytes
MD5: 05b261fcaf49c8ad702413ea4191bd2e
SHA1: 34e02f5a8cc2e1da4b94a2cb37c7648a9fdd8ff6
SHA256: 150B79F05612549BB3ECA868A3CB375211AA454A4478DA0D2C87FB4B54FE8E42
File Size: 146.43 KB, 146432 bytes
MD5: c549f6356ffcf80fa0e7c0301771992d
SHA1: 7a977c0bc58761e4c5f91a378d9c06e549d775b5
SHA256: D1FD7F447D5622512E65B89B17E1D408D02475E86927530826994B94104C82DB
File Size: 56.32 KB, 56320 bytes
MD5: 54dcae6c0a6c55369994207e8364b6e3
SHA1: 2f1b6b1b9c7f61e459cf7a49131241084048579b
SHA256: E2A0514D7E05580F28FA57EC0EF5F6A02A8D6EDBBF111ADD2A15F1AE4D5B50B1
File Size: 115.45 KB, 115449 bytes
MD5: c01777bfffb639d68e518469c205ff39
SHA1: 446b08b67968c9c920e2f0585caaa43b75656e21
SHA256: 88A99CBD0E3751004F537BDD471740EEFCB910D1DD1C5CD8C226BF090BE9EA10
File Size: 218.62 KB, 218624 bytes
MD5: 0190d75fe23f0d467cdb8dbe6faca99d
SHA1: e81fc84a23c98815e4af7b1627e7db99bed90eed
SHA256: 8A67264C44AE1BFBEB9637AC11D45346CF7028B551AFED74B53A4195F4CF0D14
File Size: 212.48 KB, 212480 bytes
MD5: f4d5112628d7192236bf62d3528b8ad0
SHA1: 3c8a9c70d7d01eefbeba0dd5f076ba3612ae0b9a
SHA256: 4DD50ECE4ACE98050A3CE7D9A1601D29ECF81330BBFA43FE50DE6394B72C7AE5
File Size: 56.83 KB, 56832 bytes
MD5: d3a693fbd3f2b9130e923f9e0396dfdc
SHA1: 0f13ace38ba609bd9526f79e84243ba22ddcf7f2
SHA256: D69EA09D2CE10650015C846788202D92DDE5F034BBC74BD9944613A469E28A8F
File Size: 161.28 KB, 161280 bytes
MD5: 82e6884fed3698af5d6275205d29599e
SHA1: 2a3ab8fe78c45dc89ed94cdde136fcf319f73e05
SHA256: 7B5B4A6C363FE43A86CF02B52400945C218E16795109BA7DF7929499B0A094FC
File Size: 4.79 MB, 4785449 bytes
MD5: dabc0bdcb1eda904053cc762abe2af26
SHA1: 54209323ad05bbcdcd55c5348d2dcc49e22e1c57
SHA256: EEAFE9F1FD65DA875951A297073A007E3DC3BFC78F3382DED52893C51C458A22
File Size: 263.17 KB, 263168 bytes
MD5: b64ae181953aafc8356c75280ba7193b
SHA1: 2407a8420008ab8fae081661b82a6890adac5d75
SHA256: F45F474CFF0041A2EC37CB7AC74C1914D086DE4F30F30E65E8CB9B1F31362878
File Size: 578.05 KB, 578048 bytes
MD5: 2819274dea7448e4a35edbc0a6109033
SHA1: 855ceb20b4ce9f03046a203f8dd5a37991050dfa
SHA256: 7D8F6C0797E7C890E8064A7B91E6F79FB6FB2ED61886AE854BC7EDA7CFB23909
File Size: 1.20 MB, 1195008 bytes
MD5: 23fb6022ec70875d892b10f6c0abee67
SHA1: fc5d2dcdfd700900ba3f38576f7ecfd240e78831
SHA256: D7801A6D81593D8FDAF3EA00FEE6C73127716729B662A6413CCFBEA938034079
File Size: 866.30 KB, 866304 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

73 additional icons are not displayed above.

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name
  • Microsoft
  • Soft Sara, Inc.
Compiled Script AutoIt v3 Script: 3, 3, 8, 1
File Description
  • Setup/Uninstall
  • softsara.ir
File Version
  • 51.1052.0.0
  • 3, 3, 8, 1
  • 1.00
Internal Name
  • TJprojMain
  • Win
Original Filename
  • TJprojMain.exe
  • Win.exe
Product Name
  • Project1
  • Soft Sara Patcher
  • Win
Product Version 1.00

File Traits

  • .UPX
  • 2+ executable sections
  • big overlay
  • HighEntropy
  • MPRESS
  • MPRESS Win32
  • Native MPRESS x86
  • No Version Info
  • packed
  • PEC2
Show More
  • PECompact v2.20
  • upx
  • UPX!
  • virut
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 4
Potentially Malicious Blocks: 3
Whitelisted Blocks: 1
Unknown Blocks: 0

Visual Map

x x x 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.EDA
  • Autoit
  • Dacic.O
  • Glupteba.P
  • IEHelper.B
Show More
  • Lamer.CF
  • Patcher.A
  • Patcher.B
  • Patcher.C
  • Patcher.CA
  • Protux.D
  • Stealer.BBA
  • Trojan.Downloader.Gen.M
  • Upatre.VC
  • VtFlooder.R
  • Wapomi.F

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\program files (x86)\alcohol soft Synchronize,Write Attributes
c:\program files (x86)\alcohol soft\alcohol 120 Synchronize,Write Attributes
c:\program files (x86)\alcohol soft\alcohol 120\__tmp_rar_sfx_access_check_2926687 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\alcohol soft\alcohol 120\alcohol.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\alcohol soft\alcohol 120\alcohol.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1911cdb02fcf13435872cfdd7434e2b1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\64f4ea4c8142cac73e06647d59a699d1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7ceb9b2a0e395bd64e74381485a106af.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\9ce5948f6f706809ad1df3709868df94.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut4eb.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta8dd.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autad05.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd3.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bassmod.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\berlin sans fb.ttf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bus led display small.ttf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\c5e3399ed9a072fe864748d49ba96094.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\commodore 64.ttf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dup2patcher.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\gfgjqm.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\gfgjqm.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-93m0a.tmp\fb6a7b00001f5195ca31490657a017c1394cd38b_0000432347.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\mjxixj.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\mjxixj.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\motorway.ttf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\uxcclm.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\uxcclm.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\visitor -brk-.fon Generic Write,Read Attributes
c:\users\user\appdata\local\temp\zbsrnv.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\zbsrnv.exe Generic Write,Read Attributes
c:\windows\system.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\syswow64\bassmod.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\winrar sfx::c%%program files (x86)%alcohol soft%alcohol 120% C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list::c:\users\user\downloads\54209323ad05bbcdcd55c5348d2dcc49e22e1c57_0000263168 c:\users\user\downloads\54209323ad05bbcdcd55c5348d2dcc49e22e1c57_0000263168:*:enabled:@shell32.dll,-1 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 º RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://www.andbookz.com/br.gifhttp://acbilgisayar.com.tr/br.g RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 奆 RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey
HKCU\software\apcr::u1_1 ꦭ㞫 RegNtPreCreateKey
HKCU\software\apcr::u2_1 槙牥 RegNtPreCreateKey
HKCU\software\apcr::u3_1 ᥜ獦 RegNtPreCreateKey
HKCU\software\apcr::u4_1 獵牥 RegNtPreCreateKey
HKCU\software\apcr::u1_2 舺ᓐ RegNtPreCreateKey
HKCU\software\apcr::u2_2 ﴃ RegNtPreCreateKey
HKCU\software\apcr::u3_2 賃 RegNtPreCreateKey
HKCU\software\apcr::u4_2  RegNtPreCreateKey
HKCU\software\apcr::u1_3 钅臧 RegNtPreCreateKey
HKCU\software\apcr::u2_3 䝔地 RegNtPreCreateKey
HKCU\software\apcr::u3_3 ぶ嘳 RegNtPreCreateKey
HKCU\software\apcr::u4_3 婟地 RegNtPreCreateKey
HKCU\software\apcr::u1_4 ꧲썱 RegNtPreCreateKey
HKCU\software\apcr::u2_4 RegNtPreCreateKey
HKCU\software\apcr::u3_4 ꟽ좖 RegNtPreCreateKey
HKCU\software\apcr::u4_4 췔즕 RegNtPreCreateKey
HKCU\software\apcr::u1_5 鍷媬 RegNtPreCreateKey
HKCU\software\apcr::u2_5 婛㯻 RegNtPreCreateKey
HKCU\software\apcr::u3_5 ⭠㫸 RegNtPreCreateKey
HKCU\software\apcr::u4_5 䅉㯻 RegNtPreCreateKey
HKCU\software\apcr::u1_6 蛋ᙏ RegNtPreCreateKey
HKCU\software\apcr::u2_6 괫깠 RegNtPreCreateKey
HKCU\software\apcr::u3_6 RegNtPreCreateKey
HKCU\software\apcr::u4_6 뒾깠 RegNtPreCreateKey
HKCU\software\apcr::u1_7 RegNtPreCreateKey
HKCU\software\apcr::u2_7 㕚⃆ RegNtPreCreateKey
HKCU\software\apcr::u3_7 䈚⇅ RegNtPreCreateKey
HKCU\software\apcr::u4_7 ⠳⃆ RegNtPreCreateKey
HKCU\software\apcr::u1_8 RegNtPreCreateKey
HKCU\software\apcr::u2_8 赱錫 RegNtPreCreateKey
HKCU\software\apcr::u3_8 鈨 RegNtPreCreateKey
HKCU\software\apcr::u4_8 鮨錫 RegNtPreCreateKey
HKCU\software\apcr::u1_9 Ɐ RegNtPreCreateKey
HKCU\software\apcr::u2_9 ᦓ֑ RegNtPreCreateKey
HKCU\software\apcr::u3_9 攴Ғ RegNtPreCreateKey
HKCU\software\apcr::u4_9 ༝֑ RegNtPreCreateKey
HKCU\software\apcr::u1_10 㯽뙽 RegNtPreCreateKey
HKCU\software\apcr::u2_10 鑮矶 RegNtPreCreateKey
HKCU\software\apcr::u3_10 盵 RegNtPreCreateKey
HKCU\software\apcr::u4_10 芒矶 RegNtPreCreateKey
HKCU\software\apcr::u1_11 ൢ츝 RegNtPreCreateKey
HKCU\software\apcr::u2_11  RegNtPreCreateKey
HKCU\software\apcr::u3_11 鰮 RegNtPreCreateKey
HKCU\software\apcr::u4_11  RegNtPreCreateKey
HKCU\software\apcr::u1_12 뚼냟 RegNtPreCreateKey
HKCU\software\apcr::u2_12 缋峁 RegNtPreCreateKey
HKCU\software\apcr::u3_12 ͕巂 RegNtPreCreateKey
HKCU\software\apcr::u4_12 楼峁 RegNtPreCreateKey
HKCU\software\apcr::u1_13 テ䕲 RegNtPreCreateKey
HKCU\software\apcr::u2_13 솾켦 RegNtPreCreateKey
HKCU\software\apcr::u3_13 뛘츥 RegNtPreCreateKey
HKCU\software\apcr::u4_13 RegNtPreCreateKey
HKCU\software\apcr::u1_14 㛑瀴 RegNtPreCreateKey
HKCU\software\apcr::u2_14 䳘䆌 RegNtPreCreateKey
HKCU\software\apcr::u3_14 㩏䂏 RegNtPreCreateKey
HKCU\software\apcr::u4_14 偦䆌 RegNtPreCreateKey
HKCU\software\apcr::u1_15 RegNtPreCreateKey
HKCU\software\apcr::u2_15 RegNtPreCreateKey
HKCU\software\apcr::u3_15 ꧲닲 RegNtPreCreateKey
HKCU\software\apcr::u4_15 쏛돱 RegNtPreCreateKey
HKCU\software\apcr::u1_16 쿲ꘉ RegNtPreCreateKey
HKCU\software\apcr::u2_16 ៍♗ RegNtPreCreateKey
HKCU\software\apcr::u3_16 嵹❔ RegNtPreCreateKey
HKCU\software\apcr::u4_16 㝐♗ RegNtPreCreateKey
HKCU\software\apcr::u1_17 뼌 RegNtPreCreateKey
HKCU\software\apcr::u2_17 똢颼 RegNtPreCreateKey
HKCU\software\apcr::u3_17 샬馿 RegNtPreCreateKey
HKCU\software\apcr::u4_17 ꫅颼 RegNtPreCreateKey
HKCU\software\apcr::u1_18 穀ㅳ RegNtPreCreateKey
HKCU\software\apcr::u2_18 ޡଢ RegNtPreCreateKey
HKCU\software\apcr::u3_18 琓ਡ RegNtPreCreateKey
HKCU\software\apcr::u4_18 Ḻଢ RegNtPreCreateKey
HKCU\software\apcr::u1_19 䳢즆 RegNtPreCreateKey
HKCU\software\apcr::u2_19 델綇 RegNtPreCreateKey
HKCU\software\apcr::u3_19 ﮆ粄 RegNtPreCreateKey
HKCU\software\apcr::u4_19 醯綇 RegNtPreCreateKey
HKCU\software\apcr::u1_20 RegNtPreCreateKey
HKCU\software\apcr::u2_20 ᣳ RegNtPreCreateKey
HKCU\software\apcr::u3_20 漍 RegNtPreCreateKey
HKCU\software\apcr::u4_20 Ԥ RegNtPreCreateKey
HKCU\software\apcr::u1_21 潟ᢁ RegNtPreCreateKey
HKCU\software\apcr::u2_21 嵓扒 RegNtPreCreateKey
HKCU\software\apcr::u3_21 ኰ捑 RegNtPreCreateKey
HKCU\software\apcr::u4_21 碙扒 RegNtPreCreateKey
HKCU\software\apcr::u1_22 RegNtPreCreateKey
HKCU\software\apcr::u2_22 풷 RegNtPreCreateKey
HKCU\software\apcr::u3_22 蘧햴 RegNtPreCreateKey
HKCU\software\apcr::u4_22 풷 RegNtPreCreateKey
HKCU\software\apcr::u1_23 ㇸ兘 RegNtPreCreateKey
HKCU\software\apcr::u2_23 䀟䜝 RegNtPreCreateKey
HKCU\software\apcr::u3_23 㖪䘞 RegNtPreCreateKey
HKCU\software\apcr::u4_23 徃䜝 RegNtPreCreateKey
HKCU\software\apcr::u1_24 핌 RegNtPreCreateKey
HKCU\software\apcr::u2_24 칞릂 RegNtPreCreateKey
HKCU\software\apcr::u3_24 룑뢁 RegNtPreCreateKey
HKCU\software\apcr::u4_24 틸릂 RegNtPreCreateKey
HKCU\software\apcr::u1_25 笜恹 RegNtPreCreateKey
HKCU\software\apcr::u2_25 墻⯨ RegNtPreCreateKey
HKCU\software\apcr::u3_25 ⱄ⫫ RegNtPreCreateKey
HKCU\software\apcr::u4_25 䙭⯨ RegNtPreCreateKey
HKCU\software\apcr::u1_26 捖㌙ RegNtPreCreateKey
HKCU\software\apcr::u2_26 ꇅ鹍 RegNtPreCreateKey
HKCU\software\apcr::u3_26 폋齎 RegNtPreCreateKey
HKCU\software\apcr::u4_26 맢鹍 RegNtPreCreateKey
HKCU\software\apcr::u1_27 剬盧 RegNtPreCreateKey
HKCU\software\apcr::u2_27 ㌇Ⴓ RegNtPreCreateKey
HKCU\software\apcr::u3_27 䝾ᆰ RegNtPreCreateKey
HKCU\software\apcr::u4_27 ⵗႳ RegNtPreCreateKey
HKCU\software\apcr::u1_28 䰅 RegNtPreCreateKey
HKCU\software\apcr::u2_28 먧茘 RegNtPreCreateKey
HKCU\software\apcr::u3_28 쫥舛 RegNtPreCreateKey
HKCU\software\apcr::u4_28 ꃌ茘 RegNtPreCreateKey
HKCU\software\apcr::u1_29 阩懴 RegNtPreCreateKey
HKCU\software\apcr::u2_29 ଔ RegNtPreCreateKey
HKCU\software\apcr::u3_29 繨 RegNtPreCreateKey
HKCU\software\apcr::u4_29 ᑁ RegNtPreCreateKey
HKCU\software\apcr::u1_30 ᦇ  RegNtPreCreateKey
HKCU\software\apcr::u2_30 饠柣 RegNtPreCreateKey
HKCU\software\apcr::u3_30 曠 RegNtPreCreateKey
HKCU\software\apcr::u4_30 螶柣 RegNtPreCreateKey
HKCU\software\apcr::u1_31 ⏢᮷ RegNtPreCreateKey
HKCU\software\apcr::u2_31 RegNtPreCreateKey
HKCU\software\apcr::u3_31 RegNtPreCreateKey
HKCU\software\apcr::u4_31 RegNtPreCreateKey
HKCU\software\apcr::u1_32 盒㘰 RegNtPreCreateKey
HKCU\software\apcr::u2_32 眺䲮 RegNtPreCreateKey
HKCU\software\apcr::u3_32 ҉䶭 RegNtPreCreateKey
HKCU\software\apcr::u4_32 溠䲮 RegNtPreCreateKey
HKCU\software\apcr::u1_33 ნ㎃ RegNtPreCreateKey
HKCU\software\apcr::u2_33 뼓 RegNtPreCreateKey
HKCU\software\apcr::u3_33 蠼븐 RegNtPreCreateKey
HKCU\software\apcr::u4_33 뼓 RegNtPreCreateKey
HKCU\software\apcr::u1_34 ቑ狵 RegNtPreCreateKey
HKCU\software\apcr::u2_34 侕ㅹ RegNtPreCreateKey
HKCU\software\apcr::u3_34 㾣ぺ RegNtPreCreateKey
HKCU\software\apcr::u4_34 喊ㅹ RegNtPreCreateKey
HKCU\software\apcr::u1_35 㑝㫖 RegNtPreCreateKey
HKCU\software\apcr::u2_35 ꏞ RegNtPreCreateKey
HKCU\software\apcr::u3_35 ꋖꋝ RegNtPreCreateKey
HKCU\software\apcr::u4_35 죿ꏞ RegNtPreCreateKey
HKCU\software\apcr::u1_36 ᴆⷁ RegNtPreCreateKey
HKCU\software\apcr::u2_36 ▩ᙄ RegNtPreCreateKey
HKCU\software\apcr::u3_36 噝ᝇ RegNtPreCreateKey
HKCU\software\apcr::u4_36 㱴ᙄ RegNtPreCreateKey
HKCU\software\apcr::u1_37 拕㯁 RegNtPreCreateKey
HKCU\software\apcr::u2_37 艨袩 RegNtPreCreateKey
HKCU\software\apcr::u3_37 엀親 RegNtPreCreateKey
HKCU\software\apcr::u4_37 꿩袩 RegNtPreCreateKey
HKCU\software\apcr::u1_38 韱౐ RegNtPreCreateKey
HKCU\software\apcr::u2_38 㡲﬏ RegNtPreCreateKey
HKCU\software\apcr::u3_38 䥷兀 RegNtPreCreateKey
HKCU\software\apcr::u4_38 ⍞﬏ RegNtPreCreateKey
HKCU\software\apcr::u1_39 ⴉ RegNtPreCreateKey
HKCU\software\apcr::u2_39 蠅浴 RegNtPreCreateKey
HKCU\software\apcr::u3_39 ﳺ汷 RegNtPreCreateKey
HKCU\software\apcr::u4_39 雓浴 RegNtPreCreateKey
HKCU\software\apcr::u1_40 ꝉ㺘 RegNtPreCreateKey
HKCU\software\apcr::u2_40 RegNtPreCreateKey
HKCU\software\apcr::u3_40 RegNtPreCreateKey
HKCU\software\apcr::u4_40 RegNtPreCreateKey
HKCU\software\apcr::u1_41 䠌 RegNtPreCreateKey
HKCU\software\apcr::u2_41 妣刿 RegNtPreCreateKey
HKCU\software\apcr::u3_41 ប匼 RegNtPreCreateKey
HKCU\software\apcr::u4_41 綽刿 RegNtPreCreateKey

92 additional registry modifications are not displayed above.

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetComputerName
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserObjectInformation
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Network Winsock2
  • WSAStartup
Network Winsock
  • gethostbyname
  • inet_addr
  • socket
Keyboard Access
  • GetKeyState
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateThreadEx
Show More
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext

Shell Command Execution

"C:\Users\Gehiyvgt\AppData\Local\Temp\is-93M0A.tmp\fb6a7b00001f5195ca31490657a017c1394cd38b_0000432347.tmp" /SL5="$2027C,154517,77824,c:\users\user\downloads\fb6a7b00001f5195ca31490657a017c1394cd38b_0000432347.exe"
C:\Users\Mbgamrhp\AppData\Local\Temp/MJXIXJ.exe
C:\Users\Mbgamrhp\AppData\Local\Temp/ZBSRNV.exe
C:\Users\Tspqbvap\AppData\Local\Temp/UXCCLM.exe
C:\Users\Tspqbvap\AppData\Local\Temp/GFGJQM.exe

Trending

Most Viewed

Loading...