Trojan.Rugmi.FH
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Rugmi.FH |
|---|---|
| Signature status: | Hash Mismatch |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
2a1130d46d29ae0a5a7e5e104a4879ef
SHA1:
13e56301b87052ec3dc45f598404c75d0963f62d
SHA256:
B5F8DE20097DA6B3CED57A31102FA746BA396A53BA914A51201580937B3B528D
File Size:
662.51 KB, 662512 bytes
|
|
MD5:
a96e00e2e907fb501470babc9c1789ca
SHA1:
ef7123cf07c34210616c4ed8dc8b2dd976f2b0c0
SHA256:
262FB3C3EEC7FFA0FF482419EE64C6C45A16E7F7D7FCCA7D38E608C11A24758B
File Size:
154.22 KB, 154224 bytes
|
|
MD5:
e918411e800890706d49646bb9999ddd
SHA1:
4f245db5a485c05798572083a233639c5ae137da
SHA256:
4644FA6550B51F637C8F36400A3F81E5C80DC59EEE26B65A872000E85AD1F0D9
File Size:
555.08 KB, 555080 bytes
|
|
MD5:
e84a4d246a4fa6b812f6bb889e650b6d
SHA1:
37d6e05af511e1efe75f24414fa3d6b84fff6c31
SHA256:
683F38D62D76F46CA0B4978C982280B0B441E97050F3171227CDEF8C239EF811
File Size:
508.75 KB, 508752 bytes
|
|
MD5:
81e11e6172b6f86496e34b59fdac9fb8
SHA1:
15e91b376e9b81031d40ea217c5aa3992e4cbd40
SHA256:
A75A4A1CADF7ABD6F98A7ABE39F13595C941A1302BAA0BAA58463F415321600D
File Size:
125.90 KB, 125904 bytes
|
Show More
|
MD5:
45d3362d9b94be26f6744a7e46e13f30
SHA1:
72f50f17f1f8c852b33002bcf1cc800119a1bb3d
SHA256:
6DDCCBD63EDB277218A511179C3C2BA4325EF19CD9266E12A7E7841034E29ACB
File Size:
224.26 KB, 224256 bytes
|
|
MD5:
84940776ef57857cd77680d27918d27a
SHA1:
e1c05772e264361c0693e272cc84261c74c9cfa9
SHA256:
2BC690ED2FAF7EBFF021BFFB94D5B1C1FC3B924B9932A7B2DF032D6CC20AD7AE
File Size:
904.19 KB, 904192 bytes
|
|
MD5:
abe035fc9d5c2129ca9dd3224fdffeaa
SHA1:
2436983b46d7184fe6f9618a6125686ee6b70f78
SHA256:
1A564F348AB2E69119238A3CD0B71245EF0143494F9B15CF9FA2843DC68ADCAC
File Size:
125.90 KB, 125904 bytes
|
|
MD5:
a0f71fb9b77245896b652b8c615ac391
SHA1:
19111c33dfc133af531e4c8eb251ac7055f68302
SHA256:
3E438911A1E18ECB0770C8E312CCD25291FCC0C8034FD16DF6BDC0BC4E924C31
File Size:
125.90 KB, 125904 bytes
|
|
MD5:
ef6866207b9ab2d9a118b6ec3b2d7595
SHA1:
c5f9f38fa030661842b2a08d1da10a851cc45053
SHA256:
1DCF138ECCA4D5185604E01D80303DA973B3F4DD9BC658AE426C5F043E1CA0D1
File Size:
339.53 KB, 339528 bytes
|
|
MD5:
a36b379f752833af34dc3d56d0fb5829
SHA1:
2c3566efa85ce0dd275d9202a78c572132bdefbf
SHA256:
8DE2C2E05A29E0DB9DE9DDD666FDADCA9E433AF07AA615AD203A2B773AA29F93
File Size:
131.58 KB, 131584 bytes
|
|
MD5:
5bbe4fe6891615462fce45bbde5ecad7
SHA1:
6e46d4dd5eb8881af27eea23a490163358839bcf
SHA256:
F39F640059691C9AA731EEBAC40C36CA9FEB10D3FCDD7E09D117D6E61F4543D6
File Size:
125.90 KB, 125904 bytes
|
|
MD5:
dd50593dcbcf58965cde3593aae8d545
SHA1:
56ac7323a4f0e4e6943700467a8348f6b0d2b0e6
SHA256:
79313383797B141849D32BB82D05F7E7470278E0650838FEC241E03B879F911F
File Size:
562.21 KB, 562208 bytes
|
|
MD5:
a3382fdd2e31f621f403e28c25c14b74
SHA1:
b779f82fa05de7255fb7d7be3ef4701e69b035c2
SHA256:
1E34042B0FE80B6C6494A52A34E4BEC5FE4AD87D38C2BF86284CDA3430343D62
File Size:
126.12 KB, 126120 bytes
|
|
MD5:
ad2eccb7c69b6e354a69b33ae8fa5e48
SHA1:
a5fbd4d21516c87b3defbdd14336581ba085d9ce
SHA256:
EE3D09B1B3484FDD10169E3AD7B3F2202CDB64B51D0AFED9EEAB8E88F510D041
File Size:
537.76 KB, 537760 bytes
|
|
MD5:
4a354b6cec29edd6f2d86b644838c4c7
SHA1:
688f26071b52793c5a6579ccf1af1f2fe2360b3b
SHA256:
0968874CDDC43E808B86E6C14F69526B5F485F24FAF1C64A4AEA179D3376EBF2
File Size:
904.19 KB, 904192 bytes
|
|
MD5:
c41f51daf1c3217cd8380bf0c35a245c
SHA1:
bc6b65303b242373c049f71e7bc3da03e2cc2e0c
SHA256:
391FE6E20F031130140427C44466F4C9651F592AAD6E6055AB44A9A6A9B64FAF
File Size:
537.76 KB, 537760 bytes
|
|
MD5:
b2632886630d6f47d4653e422eb9b7ae
SHA1:
b8636e3c45fcd658de133423ead64c40b03a303b
SHA256:
6D039B523BC0EFD92B32447B329EB77F5F54F0AF8F685292D488380403660FD3
File Size:
171.01 KB, 171008 bytes
|
|
MD5:
3980e039085249f098afb4da4810f409
SHA1:
a8c8c0d08beb1667660d526f0c87a63cfb58157c
SHA256:
2AECFC17D08D7DCF995182C353BBA25B341BA8B035A74E72C1EF9C20BC069C63
File Size:
224.26 KB, 224256 bytes
|
|
MD5:
eadbdf9088df7b5e4b6205fbe74f0265
SHA1:
c4aeab63bd2a940ab6f778870ac787035359ca0b
SHA256:
F88A43A6D766B9C68D7FFE013F07C961EAA5E2778ACEC546B6A1E1A934903284
File Size:
537.76 KB, 537760 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have security information
- File has exports table
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments | This module is part of Zoner products. |
| Company Name |
|
| Division Name | Natural Language Group |
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Legal Trademarks |
|
| Legal Trademarks1 | Microsoft® is a registered trademark of Microsoft Corporation. |
| Legal Trademarks2 | Windows® is a registered trademark of Microsoft Corporation. |
| Original Filename |
|
| Product Name |
|
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| ORANGE VIEW LIMITED | DigiCert High Assurance EV Root CA | Hash Mismatch |
| CHENGDU YIWO Tech Development Co., Ltd. | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Hash Mismatch |
| Plex, Inc. | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Hash Mismatch |
| Microsoft Corporation | Microsoft Code Signing PCA | Hash Mismatch |
| Microsoft Corporation | Microsoft Code Signing PCA 2011 | Hash Mismatch |
Show More
| John Paul Chacha | Sectigo Public Code Signing Root R46 | Hash Mismatch |
| ZONER software, a.s. | Symantec Class 3 Extended Validation Code Signing CA - G2 | Hash Mismatch |
File Traits
- 2+ executable sections
- dll
- fptable
- HighEntropy
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 2,446 |
|---|---|
| Potentially Malicious Blocks: | 2 |
| Whitelisted Blocks: | 2,442 |
| Unknown Blocks: | 2 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
1
0
0
0
0
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
1
1
0
3
1
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
1
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
2
3
0
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
1
0
0
0
0
0
1
1
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
2
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
2
2
0
1
0
0
1
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
1
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
0
1
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Kryptik.KBO
- Rugmi.FC
- Rugmi.FE
- Rugmi.FG
- Rugmi.FH
Show More
- Rugmi.IFB
- Rugmi.LDA
- Rugmi.LDB
- Rugmi.PG
- Rugmi.TB
- Rugmi.TD
- Trojan.Agent.Gen.CG
- Trojan.Downloader.Gen.CC
- Trojan.Downloader.Gen.HC
- Trojan.Downloader.Gen.MG
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\downloads\aliyunconfig.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
| Anti Debug |
|
| Process Manipulation Evasion |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\13e56301b87052ec3dc45f598404c75d0963f62d_0000662512.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ef7123cf07c34210616c4ed8dc8b2dd976f2b0c0_0000154224.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4f245db5a485c05798572083a233639c5ae137da_0000555080.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\37d6e05af511e1efe75f24414fa3d6b84fff6c31_0000508752.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\15e91b376e9b81031d40ea217c5aa3992e4cbd40_0000125904.,LiQMAxHB
|
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\72f50f17f1f8c852b33002bcf1cc800119a1bb3d_0000224256.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e1c05772e264361c0693e272cc84261c74c9cfa9_0000904192.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2436983b46d7184fe6f9618a6125686ee6b70f78_0000125904.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\19111c33dfc133af531e4c8eb251ac7055f68302_0000125904.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c5f9f38fa030661842b2a08d1da10a851cc45053_0000339528.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2c3566efa85ce0dd275d9202a78c572132bdefbf_0000131584.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6e46d4dd5eb8881af27eea23a490163358839bcf_0000125904.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\56ac7323a4f0e4e6943700467a8348f6b0d2b0e6_0000562208.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b779f82fa05de7255fb7d7be3ef4701e69b035c2_0000126120.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a5fbd4d21516c87b3defbdd14336581ba085d9ce_0000537760.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\688f26071b52793c5a6579ccf1af1f2fe2360b3b_0000904192.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bc6b65303b242373c049f71e7bc3da03e2cc2e0c_0000537760.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b8636e3c45fcd658de133423ead64c40b03a303b_0000171008.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a8c8c0d08beb1667660d526f0c87a63cfb58157c_0000224256.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c4aeab63bd2a940ab6f778870ac787035359ca0b_0000537760.,LiQMAxHB
|
