Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Rugmi.GI

Trojan.Rugmi.GI

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Rugmi.GI
Signature status: No Signature

Known Samples

MD5: 6069534f0c3c5ebda3e8df88ae8ff750
SHA1: efd18332f96f09b2d0d7b3d397dbab5a53bd605b
SHA256: 727A5FC0511DF9A57EBF684D14AE365AF6E828C56F87569FDAEB9E81D31D04E7
File Size: 4.05 MB, 4051016 bytes
MD5: 8c72bc688df0e635e26382dfb2050751
SHA1: 4601b894182aee1d6685913f4b3ac54d87b3a246
SHA256: 3689B35A06F52EA6EF279857466EFC3EE86EE3EB9439D05A384B0D0C43CA8FC4
File Size: 303.57 KB, 303568 bytes
MD5: a495ff019ec60c6dcba13151ed85a1fb
SHA1: 49451c180cd29bf27c8fe563a12b20ead4d71444
SHA256: 3E6B9E74986C31895651B50421D4F997375CDE6BCC18E5D51437085503BD1091
File Size: 303.57 KB, 303568 bytes
MD5: f536ebdd617daa6e6e82383d40125661
SHA1: 720b584047af14f9b5b3efa4b2a2a0c16b7e33a0
SHA256: 0FA53ED070E515F3CEA9152A3641BC1B6A07E44DAAAD7AAA105B96AB343FCD61
File Size: 2.25 MB, 2249520 bytes
MD5: 514a35eb103d9ae1ac82b09c9c64b720
SHA1: 0df08e85bd146f84e206738e0e088e946c8a4bba
SHA256: C8D8406269AADD8A37B810BC177C8669875060CCBB5207CB2A97D1C5662CCEAB
File Size: 303.57 KB, 303568 bytes
Show More
MD5: 20817828f66e2d1d237f2610c5a2e470
SHA1: 48ce9de445f468b50e948306d6a7ad5626801882
SHA256: FA2FE0F539A16AA5D1FFA4B24F76707F51B69B95B88A571F185C2CD05838D449
File Size: 2.14 MB, 2137072 bytes
MD5: dd33fdeffd99dd877f6ea04e94b502db
SHA1: 464f81586d2c20d70ee7962ea21e8da2f547fbca
SHA256: 8E98938E5A33F8B70FF8D55B3592F9FD9E1B7E851D8B517B87827736E980257A
File Size: 303.57 KB, 303568 bytes
MD5: fb6a5275c7b100bc5d46e44a60394390
SHA1: 612054aa5a46fdd36fd78e942568a264b91436c7
SHA256: 98DC62D39A3AA10E9238A2769C4F8FC95CC65E993AD5AC843A3B65524BA7AC77
File Size: 9.59 MB, 9591368 bytes
MD5: b6b71c446433ce7a32437d63a7b31484
SHA1: 8caa97be4e383d125eec22efe353055d4dd298c6
SHA256: 6411E21322F66424D566B3AEBA7CBC53AA55025792CFA6D3D5EC8FD017D13A87
File Size: 4.05 MB, 4051016 bytes
MD5: 697b13a52b50c6dccd7a31497febd4a7
SHA1: d07a1179249481eb447ed98a40dedb7d846b0e72
SHA256: F75CC8403AE3DBA23FC242F9C1BE35800F46BBC5FE566E4B1463A10B2143C0CE
File Size: 4.07 MB, 4067828 bytes
MD5: ddbef6f379060b234e1c907673209357
SHA1: 6419bd209518350d1e1daa5b32e79a70f740ceb4
SHA256: 5C9ECAEEB7B518886F5CF54D6911EFE63BE72C758EA43F3F77E840EC9D924995
File Size: 9.59 MB, 9591368 bytes
MD5: 1c016b9974d3b9ec88f7e32159d28e39
SHA1: f5e2a88b67ec47ef65f43632a4b3e042e62724e1
SHA256: F17EEF4E0BEEB89E4FC6C9D62CB1764364EBFB502A7884418549805F1000B10D
File Size: 2.25 MB, 2249520 bytes
MD5: 722a77eb9309d4cdd700cd9c5bf62205
SHA1: 58e1e24654c71c475f23fc0f4111a93cca47f169
SHA256: 026FBDA0AF33AA924B28341012A8B58BFA497311BB910D373958F81F81B27025
File Size: 303.57 KB, 303568 bytes
MD5: 128bfd576381c99428a9d23d9910b189
SHA1: f192315d78590d58df76f1c6b563e31e32338e66
SHA256: 8F2E20ACC009D3001EB08C0DA7DA0652AEBE4411A2DC2321357397424DDCA8E8
File Size: 3.02 MB, 3016920 bytes
MD5: f192466731f530116e13bffd01728bad
SHA1: 97885c95671d2ba4f75764aae659f56a4b8c3fe9
SHA256: 98F9B777D19D6A992F549437B81D507EBAEFF8712E3E2D23B1F3469AAD1DC78C
File Size: 131.58 KB, 131584 bytes
MD5: e6c4790f7e8f5d19574e1439477db4e5
SHA1: d6534d0c567e93d833142194f841fd87f9d40669
SHA256: 7A84BC2E77821BA1427C3002032925A93EB37E1D62F9B64E59F5D111756BD743
File Size: 3.02 MB, 3023872 bytes
MD5: 71de3774b5c6509075758320aa2bdb83
SHA1: da25dfc0bae5a0d52ac0c60ef9a094d447fabf10
SHA256: E2B38B4431A20B7521C863FD03E57DD5C61593B33B7404E96149CCED507842C7
File Size: 9.59 MB, 9591368 bytes
MD5: 125e071f31818173ce91415ae2646e6e
SHA1: 6046bbbe1eadb386f88affa4cd14c72d8488da14
SHA256: EFF58417F4045E41257E9FA64D2D34431DC80E1D2F40DDAE4A61D95A75B73B71
File Size: 9.59 MB, 9591368 bytes
MD5: e758a922f01c990bbb767824c1aba22e
SHA1: 34e572c7a29fb8e93c391a0f3a4b93c001b05fae
SHA256: 30A141B067249B4A62110B5B2980652D486A7552FEA3558B71ECFA50A4DD8BF5
File Size: 1.79 MB, 1794048 bytes
MD5: 73f42e1b9d3ffe629056e9836adffd3e
SHA1: ad8fa67a96762f12c9b7dabe190af8e405280940
SHA256: A973579254181257ABDE474CB3CD1E7FF7CCD117A50DC6D8EA4B379C888A2A26
File Size: 5.13 MB, 5127088 bytes
MD5: 9db3ac695e6196e2d0550d2e88d2ba95
SHA1: 735d2bda04b5a27f273791ae736a00ea667ca093
SHA256: 9D8042E62BC6EDBDC60ABBF35CF4951B5D1048D6069272AEB841202961CA5E8C
File Size: 2.25 MB, 2249520 bytes
MD5: 47a9502fb4d4cb7dd4495cf39818a8fb
SHA1: 006ca93f6d4dfdff02e3dc57a58ee5cd6af82720
SHA256: 19951231AFBB50BDAD66830781F6192926B06F9A09A379ABFBCA1C1E7E836EAB
File Size: 145.26 KB, 145256 bytes
MD5: 7cd36eb4c3ad055726083c9304333353
SHA1: 28487fe6656cda97306593399255178be2a4e65f
SHA256: E73B998AFD377E0C10D9F5DCB2453DB5ED60D2795A778A4DFA2E3EF8A0C77ABB
File Size: 145.26 KB, 145256 bytes
MD5: dd7990c9f4c83126463161e92ee7dceb
SHA1: 458a899360e0c710249925ee9b1c0746db7a1656
SHA256: BC1BDB5BE31ABFF7B601CF2220AB952CF307558F0D8051A34FBF002A0B86C73C
File Size: 9.60 MB, 9603552 bytes
MD5: a2b50273425825f3b70d683f729201df
SHA1: a1ca4b004fcda1ec4e56cf794e8623a0b2182c31
SHA256: F333D2E711B936F7D771704F6B6E45F514E7A34B39B8892A9BFF947D6B9048BC
File Size: 303.57 KB, 303568 bytes
MD5: afd306c1227c27b67ebe959382c7d7fc
SHA1: bc24420f2476bd9f4749c8b4e5d82aca1cac17a8
SHA256: 10B51631B54C7F283F3E5CF7F5AD6DFF81FD0886269D2484E62A49B508E0932D
File Size: 1.79 MB, 1794048 bytes
MD5: dfb72790450b5cd05da9d284a611016f
SHA1: 043e085a4119b12b3987c3bf5e3b28f79af245f0
SHA256: 30C2DFB4BB418A2100727B150158060C699C2F0830ABDB43B56D4D15B85FBB0F
File Size: 2.25 MB, 2249520 bytes
MD5: c91a050494e2879e17b874e78fdaa13e
SHA1: d9559bb9886ea4a5090ccf189993979156740d1b
SHA256: 3FD481B3B7668FC931B3162D4658FD0F3BC923C680DE18E6FD6D186EF53B08FA
File Size: 1.79 MB, 1794048 bytes
MD5: bedaff64ccdf3f03d3f48a0835c86820
SHA1: fd6c315b4793cb94be548e96568ec0d0b0a799b8
SHA256: 64FF66B7FB1D9ECA79A2FBB377C1BB8E098B499D2E48BE61CF811683FB65B809
File Size: 2.25 MB, 2249520 bytes
MD5: 2a2c8250526a9f76ec4386b98d89b629
SHA1: 696cd1463365281f40925eb9868ea0f7bef5a80c
SHA256: 59EB18E0A27A14C4B9978917D50A1060F9DA6F6751ABF1F288ECC3AEF8EF3EDF
File Size: 4.05 MB, 4051016 bytes
MD5: 71f6e6072107dbcf155ddf5752b842ff
SHA1: 2eaf91a40270e6639144510bfbdaf8e1a265d348
SHA256: 6D19434A80272635771BC8B099099083C03289B4D16DC357467FD3D4A106CD07
File Size: 8.60 MB, 8602792 bytes
MD5: 1bee8a6914c10e5041f9772fd253d844
SHA1: 5c207717753f7f18ef409ddd198b26f433772f80
SHA256: 4D9A185788BDAC1C0FCD72ACD85A8DD2790B30E5E8BE7000ADE8AEAB93F84EC4
File Size: 2.25 MB, 2249520 bytes
MD5: 007fd818f2b7ccc62bae1b8c249872c9
SHA1: 0cb30d063e33542b4871c37927faa4a44052882d
SHA256: A5BDADB2F01C0D057B6F0F1DC9F062E6AE298B74B3F8BEFFC6409BE940158D46
File Size: 2.25 MB, 2249520 bytes
MD5: 49a0200ab12d84c475066442972ffbc4
SHA1: 937126ed6102e9f330780269d2306742c1c4544b
SHA256: 6132240670CD3A248C9EF4A3EB0A9C50BFD35DC25FD364C45F39EC0BCD6C0A26
File Size: 9.59 MB, 9591368 bytes
MD5: 0b0c8288013931e8e27146fe372a5653
SHA1: 608fc00536411de3c9f2fd91e9f4ca438ed810d8
SHA256: 7CECE8E173D5ECB2273EC0D10B341AD5A78B25A78E619A940FD0C758887755D5
File Size: 1.79 MB, 1794048 bytes
MD5: 29fbc69c6f056add606b56ae8fc19e1b
SHA1: aa1b070532cc4344ecb6a7e0759389d817a34ece
SHA256: 30DA6969D5F5EDAD083F338A01AE9BD7782EC3A67388C91C924CCF5214B6F679
File Size: 8.60 MB, 8602792 bytes
MD5: cf33b58e43ee141a1dd4e454eeac8e66
SHA1: b78c798a2e00d4fbaf7f1715d57c7399b9c348cf
SHA256: 4A761212E7920F46EEB60B53F178C05E73972C5A220DE3889CFB18856250C793
File Size: 1.79 MB, 1794048 bytes
MD5: 058cd4ea86a1d5686a3bdfeefd7d4531
SHA1: dff4159d6d9b2f5ff2d989e0997870fda8351b1c
SHA256: F5E473AE254CA0C45F0AF38F3CC92060D2F7D1B3903FB61C1149C0642AE98CCF
File Size: 9.59 MB, 9591368 bytes
MD5: ad1e7ff98707aa243352dfd1b2691741
SHA1: f1cf17b97a74b61afca131adf73c8910dd972c03
SHA256: F46AFF8388DA5754B41C03455B626626FD6075674A81D877C8B47795A84776E9
File Size: 8.60 MB, 8602792 bytes
MD5: a09b09ab0fa01c541c6155143299ce25
SHA1: b0827b0daa2a3b7e9ff88366e28c34e13c8a4be6
SHA256: E6DF51F3A1863014D68155F83B7551B03A71187F8220E7B4BED8F07EF3F6A9DC
File Size: 4.41 MB, 4413729 bytes
MD5: ec915ab8bd2d80bf9a689ef0c5cf6488
SHA1: 9dd9fca3eb64ca5794aded591119d5eeab5ea6c7
SHA256: 2D87783C47ECD51AD4AFFEF3936EEAF069A55463C9AB2492B91713763AA770D3
File Size: 8.60 MB, 8604848 bytes
MD5: 66ca4ccc0aa1c94213e2bf8411634e6c
SHA1: ea2e50794a885e8ab2f79b818ef74228cedd2d5c
SHA256: AE985F750421F852419FDF2AE724A2EA467146DEF25B2E254AA0B0A90F049B53
File Size: 5.13 MB, 5127088 bytes
MD5: c7b0ca07606ef16e94fffe57bb0c45e4
SHA1: dec635251e577ae1332d3875e06884afa496162b
SHA256: 5BEF869CD6DBC4DAE9CD3DA1844D8F8534C94B0397C9135FD1BCDAB42B970794
File Size: 8.60 MB, 8602792 bytes
MD5: 36813ce9e2f5c1563ab01e661d8022d1
SHA1: 60c664d9c624c7928b24878e26906fc5e2dcd3d1
SHA256: C565D57EFD422A77704517FE0E96C69BA32E60ED60EC4C25A848FC6F6F772101
File Size: 3.77 MB, 3768968 bytes
MD5: 22ec3651009eeb9ad99543124e792564
SHA1: 9c5bf9316c9d928d12b354b8b00458a265b32b0b
SHA256: 1ED213AFAA8A68677F9B0115EE25A42ACE884D23348AECC459A0CEA0D9D325AC
File Size: 1.79 MB, 1794048 bytes
MD5: bf14b103d67bf1535cd6b140d556b00a
SHA1: 56914083d73c086e0e6f2b2160840c356a6a6653
SHA256: 45B77339724AF13140D0E19C883DF04F5E6C4F1AA863AF51B8BF8C52EE8B57A7
File Size: 1.39 MB, 1388304 bytes
MD5: 6f39f220a38ef15822f00b08e07ce498
SHA1: 66f237d98ec8999655cdbeb9d3fae6568bc083ba
SHA256: F7BCB5E5A8AB7762F5E079B0AD6DB75B30348C3BE329242A802A0C09DFA8ADA6
File Size: 5.13 MB, 5127088 bytes
MD5: 9e6a3b9a0617c7b3a6e4d827ff8384c7
SHA1: 73652b61480806fffe4328633ea6e34bb04e7ee8
SHA256: 6DF3A375AE6BA90A21734F19E9672E41D4FB0F7B0214F049B98FA4B1B3050C32
File Size: 1.79 MB, 1794048 bytes
MD5: 903a0b23e8fa93926c3865721e23a1b7
SHA1: c3fc1d593b5d7a5f47f70f04c311c1f8d998351e
SHA256: 92689F634D3519E5ACAE26CC67EDDAFB101E427C699151E89C2CF34330E85BB1
File Size: 782.85 KB, 782848 bytes
MD5: 0742562fafd06bdcd0bbd3d3078d6a7a
SHA1: 6a8e0f5577da5eb08a7a9077b8b7b29a464a605f
SHA256: 87C9DBA405DEB419E4B0E5C85E67595438C23EFDBC48CBD9D77C633333FFD587
File Size: 4.05 MB, 4051016 bytes
MD5: 9b2513eccee4118c0da511d67ea9f533
SHA1: da0d7c2eb65e796744458a9d5cbcb58e78fb1ff4
SHA256: 13F44EB1DC841FAAABFED4A84A7F327689B42C03209A465DB5BB0A8A86FE2A9B
File Size: 5.13 MB, 5127088 bytes
MD5: 4f0e0894b69388e7f350732e5ff68a7f
SHA1: 99505ec797bbcd2c2973edc8f5743b939d289716
SHA256: B97F1E33295BCD61DA0569D390B0A3B650CF49ADB196DDA7A931C646E85D3715
File Size: 9.59 MB, 9591368 bytes
MD5: c2cace330e99bffeaf94c17cd96b93bf
SHA1: 58fb7ee13327afd4bfea6c8ba5271b38cf309c31
SHA256: 228008CA695D971CFA976050055D5AF5AA18BE18FECD77721562BC086C2545D2
File Size: 5.13 MB, 5127088 bytes
MD5: 8086008786bdee6448ed4ddeb06b7b8c
SHA1: 38a72d6a1d95a879cccc4b74256297ef41586645
SHA256: 3329C832BAD35F6EBC9B923BB2DFA93DBA44F96E6C79626982E2C5243D3F4DC1
File Size: 9.59 MB, 9591368 bytes
MD5: 9c20332a7ca16452c71cb546608317d2
SHA1: 34d34c324b0582e74c1778644c12e56430e44d9a
SHA256: 625B42565881EEC393F2DC0D53E408344BE69A1848132E97D7E115C840517A32
File Size: 5.13 MB, 5127088 bytes
MD5: 273a62c554bbf5f6952ad3afd69c27b3
SHA1: d806ced6fb83aeb22148d20e07abd14aaeae5b90
SHA256: 66317FA526E37AE44963010A660EF93E196394A698A165B0E4CB1984451B3F3C
File Size: 1.79 MB, 1794048 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • http://www.iFoerster.com
  • This is a required part of Stardock WindowBlinds. DO NOT DELETE IT. If you want to uninstall WindowBlinds then please use the uninstaller
  • This module is part of Zoner products.
  • WinSparkle updates checking library (https://winsparkle.org).
Company Name
  • AOMEI Technology Co., Ltd.
  • BugSplat, LLC
  • Digital Wave Ltd
  • iFoerster Development
  • Microsoft Corporation
  • Nokia Corporation and/or its subsidiary(-ies)
  • Oleg N. Scherbakov
  • Python Software Foundation
  • Stardock Software, Inc
  • winsparkle.org
Show More
  • ZONER software
File Description
  • 7z Setup SFX (x86)
  • AOMEI DiskInfo
  • C++ application development framework.
  • Crash reporting module, BugSplat.DLL
  • Developers version of the smooth library.
  • ExceptionHandler Dynamic Link Library
  • FoxBurner SDK
  • MFCDLL Shared Library - Retail Version
  • Python Core
  • tier0
Show More
  • WindowBlinds
  • WinSparkle updater
  • Zoner support library
File Version
  • 18.0.1.10
  • 14.29.30139.0 built by: vcwrkspc
  • 8.0
  • 6.6.0.0
  • 4.7.0.0
  • 3.8.5
  • 3, 3, 1, 0
  • 1.4.0.1795
  • 1.0.0.1
  • 1, 4, 0, 0
Show More
  • 1,2,47,1017
  • 0.9.10.5690
  • 0.5.1
Internal Name
  • 7ZSfxMod
  • BugSplat.DLL
  • DiskInfo.dll
  • ExceptionHandler
  • FoxBurnerMFC.dll
  • MFC140U.DLL
  • Python DLL
  • SMOOTH
  • tier0.dll
  • WindowBlinds
Show More
  • WinSparkle
Legal Copyright
  • Copyright (C) 2009-2016 Vaclav Slavik
  • Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies).
  • Copyright (C) 2013
  • Copyright 2002-2012 iFoerster Development
  • Copyright BugSplat, LLC (C) 2015
  • Copyright © 1995-2016
  • Copyright © 1997-2013 Neil Banfield, © 1998-2013 Stardock Software, Inc - All Rights Reserved
  • Copyright © 1998-2023 Robert Kausch
  • Copyright © 2001-2016 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC.
  • Copyright © 2005-2010 Oleg N. Scherbakov
Show More
  • Copytight (C) AOMEI International Network Limited
  • © 2010-2022 Digital Wave Ltd
  • © Microsoft Corporation. All rights reserved.
Legal Trademarks Zoner is trademark of ZONER software
Official Website http://www.smooth-project.org/
Original Filename
  • 7ZSfxMod_x86.exe
  • BugSplat.DLL
  • DiskInfo.dll
  • ExceptionHandler.dll
  • FoxBurnerMFC.dll
  • MFC140U.DLL
  • python38.dll
  • QtGui4.dll
  • smooth.dll
  • tier0.dll
Show More
  • WBlind.dll
  • WinSparkle.dll
Private Build
  • Do not redistribute. Part of WindowBlinds - http://www.stardock.com
  • June 27, 2010
Product Name
  • 7-Zip SFX
  • AOMEI Partition Assistant
  • BugSplat Dynamic Link Library
  • ExceptionHandler Dynamic Link Library
  • FoxBurner SDK
  • Free Studio
  • Microsoft® Visual Studio®
  • Python
  • Qt4
  • smooth Class Library
Show More
  • WindowBlinds
  • WinSparkle
  • Zoner support library
Product Version
  • 18.0.1.10
  • 14.29.30139.0
  • 8.0
  • 6.6.0.0
  • 3.8.5
  • 3, 3, 1, 0
  • 1.4.0.1795
  • 1.0.0.1
  • 1, 4, 0, 0
  • 1,2,47,1017
Show More
  • 0.9
  • 0.5.1
E Mail Contact info@smooth-project.org

Digital Signatures

Signer Root Status
AOMEI International Network Limited COMODO RSA Certification Authority Hash Mismatch
Burnaware COMODO RSA Code Signing CA Self Signed
Open Source Developer, Robert Kausch Certum Code Signing 2021 CA Hash Mismatch
Python Software Foundation DigiCert SHA2 Assured ID Code Signing CA Hash Mismatch
Digital Wave Ltd DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Show More
ASUSTeK COMPUTER INC. DigiCert Trusted Root G4 Hash Mismatch
Shenzhen Tengruiming Technology Co., Ltd. GlobalSign Code Signing Root R45 Hash Mismatch
AOMEI International Network Limited GlobalSign CodeSigning CA - G3 Hash Mismatch
BugSplat LLC Go Daddy Secure Certification Authority Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA 2011 Hash Mismatch
AOMEI International Network Limited Sectigo Public Code Signing Root R46 Hash Mismatch
ZONER software, a.s. Symantec Class 3 Extended Validation Code Signing CA - G2 Hash Mismatch

File Traits

  • dll
  • HighEntropy
  • imgui
  • Installer Version
  • ntdll
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 15,569
Potentially Malicious Blocks: 2,597
Whitelisted Blocks: 12,963
Unknown Blocks: 9

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? x ? 0 ? ? ? x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x x x x 0 0 0 x x x 0 x 0 0 x x x x 0 x 0 x 0 x 0 0 x x x x x 0 x x 0 0 0 0 0 x 0 x 0 0 x x 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x x 0 0 0 x 0 x 0 0 x 0 x x 0 0 0 x 0 x 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 x x 0 x x 0 x x 0 x x x x 0 x 0 0 0 0 x x 0 x x 0 x 0 0 x 0 0 0 x 0 0 0 0 0 0 x x 0 x 0 0 0 x x 0 x x 0 x x 0 x x x x 0 x 0 0 0 0 x x 0 x x 0 x 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 x x 0 0 x 0 x 0 0 x 0 x x 0 0 x 0 x x x x x x x 0 x 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 x x x 0 0 0 x 0 0 0 0 0 x 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x x x 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x 0 x 0 0 0 x 0 x 0 0 0 x x 0 0 x 0 x 0 0 0 x 0 x x x 0 0 x x 0 x 0 0 0 0 x 0 x 0 0 x x x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 x 0 0 x x x 0 0 0 0 0 0 0 x x 0 0 0 x x 0 x 0 0 0 0 x 0 x x 0 0 x 0 0 0 x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 x 0 x x x 0 0 0 0 x 0 0 x 0 x 0 x 0 0 x x 0 x 0 x x 0 x x x x 0 x 0 x x 0 x 0 x x 0 x 0 x x x x x x 0 x x x x x x x x 0 x 0 0 x x x 0 0 x 0 0 0 0 0 0 0 x 0 0 x x 0 0 x 0 x x 0 0 0 x 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 x
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.FRFD
  • Emotet.GX
  • Farfli.NB
  • Lotok.F
  • Rugmi.AB
Show More
  • Rugmi.FC
  • Rugmi.FD
  • Rugmi.GI
  • Rugmi.GK
  • Rugmi.OO
  • Rugmi.TB
  • ShellcodeRunner.FN

Files Modified

File Attributes
c:\programdata\controlhttpv5\kreanggaig.ix Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\controlhttpv5\preflector64.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\controlhttpv5\python38.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\controlhttpv5\shuck.rg Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\controlhttpv5\vcruntime140.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\helpadvanced_bax_alpha\drand.rm Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\helpadvanced_bax_alpha\fileassociation.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\helpadvanced_bax_alpha\msvcp140.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\helpadvanced_bax_alpha\pd.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\helpadvanced_bax_alpha\qt5core.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
Show More
c:\programdata\helpadvanced_bax_alpha\qt5network.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\helpadvanced_bax_alpha\vcruntime140.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\helpadvanced_bax_alpha\zog.vzqn Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\igecom\breelcliekfand.ig Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\igecom\log\reg.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\igecom\mfc140u.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\igecom\msvcp140.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\igecom\ppevnt.ini Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\igecom\up.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\igecom\vcruntime140.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\igecom\vector-neur.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\igecom\voond.vb Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\3314ea7.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\34857ff.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\9a2447b.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\breelcliekfand.ig Generic Write,Read Attributes
c:\users\user\appdata\local\temp\breelcliekfand.ig Synchronize,Write Attributes
c:\users\user\appdata\local\temp\d1fb263.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\drand.rm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\drand.rm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\fileassociation.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fileassociation.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\kreanggaig.ix Generic Write,Read Attributes
c:\users\user\appdata\local\temp\kreanggaig.ix Synchronize,Write Attributes
c:\users\user\appdata\local\temp\log\reg.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\mfc140u.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\mfc140u.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msvcp140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msvcp140.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\pd.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pd.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ppevnt.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ppevnt.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\preflector64.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\preflector64.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\python38.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\python38.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\qt5core.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\qt5core.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\qt5network.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\qt5network.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\shuck.rg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\shuck.rg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\up.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\up.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\vcruntime140.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\vector-neur.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\vector-neur.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\voond.vb Generic Write,Read Attributes
c:\users\user\appdata\local\temp\voond.vb Synchronize,Write Attributes
c:\users\user\appdata\local\temp\zog.vzqn Generic Write,Read Attributes
c:\users\user\appdata\local\temp\zog.vzqn Synchronize,Write Attributes
c:\users\user\appdata\roaming\controlhttpv5\tcpvcon.exe Read Attributes,Synchronize,Write Data
c:\users\user\appdata\roaming\helpadvanced_bax_alpha\xpfix.exe Read Attributes,Synchronize,Write Data
c:\users\user\appdata\roaming\igecom\chime.exe Read Attributes,Synchronize,Write Data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Anti Debug
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\efd18332f96f09b2d0d7b3d397dbab5a53bd605b_0004051016.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4601b894182aee1d6685913f4b3ac54d87b3a246_0000303568.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\49451c180cd29bf27c8fe563a12b20ead4d71444_0000303568.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\720b584047af14f9b5b3efa4b2a2a0c16b7e33a0_0002249520.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0df08e85bd146f84e206738e0e088e946c8a4bba_0000303568.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\48ce9de445f468b50e948306d6a7ad5626801882_0002137072.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\464f81586d2c20d70ee7962ea21e8da2f547fbca_0000303568.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\612054aa5a46fdd36fd78e942568a264b91436c7_0009591368.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8caa97be4e383d125eec22efe353055d4dd298c6_0004051016.,LiQMAxHB
(NULL) C:\Users\Umtcqnag\AppData\Local\Temp\Vector-Neur.exe
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6419bd209518350d1e1daa5b32e79a70f740ceb4_0009591368.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f5e2a88b67ec47ef65f43632a4b3e042e62724e1_0002249520.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\58e1e24654c71c475f23fc0f4111a93cca47f169_0000303568.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f192315d78590d58df76f1c6b563e31e32338e66_0003016920.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\97885c95671d2ba4f75764aae659f56a4b8c3fe9_0000131584.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d6534d0c567e93d833142194f841fd87f9d40669_0003023872.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\da25dfc0bae5a0d52ac0c60ef9a094d447fabf10_0009591368.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6046bbbe1eadb386f88affa4cd14c72d8488da14_0009591368.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\34e572c7a29fb8e93c391a0f3a4b93c001b05fae_0001794048.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ad8fa67a96762f12c9b7dabe190af8e405280940_0005127088.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\735d2bda04b5a27f273791ae736a00ea667ca093_0002249520.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\006ca93f6d4dfdff02e3dc57a58ee5cd6af82720_0000145256.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\28487fe6656cda97306593399255178be2a4e65f_0000145256.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\458a899360e0c710249925ee9b1c0746db7a1656_0009603552.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a1ca4b004fcda1ec4e56cf794e8623a0b2182c31_0000303568.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bc24420f2476bd9f4749c8b4e5d82aca1cac17a8_0001794048.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\043e085a4119b12b3987c3bf5e3b28f79af245f0_0002249520.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d9559bb9886ea4a5090ccf189993979156740d1b_0001794048.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fd6c315b4793cb94be548e96568ec0d0b0a799b8_0002249520.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\696cd1463365281f40925eb9868ea0f7bef5a80c_0004051016.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2eaf91a40270e6639144510bfbdaf8e1a265d348_0008602792.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5c207717753f7f18ef409ddd198b26f433772f80_0002249520.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0cb30d063e33542b4871c37927faa4a44052882d_0002249520.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\937126ed6102e9f330780269d2306742c1c4544b_0009591368.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\608fc00536411de3c9f2fd91e9f4ca438ed810d8_0001794048.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\aa1b070532cc4344ecb6a7e0759389d817a34ece_0008602792.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b78c798a2e00d4fbaf7f1715d57c7399b9c348cf_0001794048.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\dff4159d6d9b2f5ff2d989e0997870fda8351b1c_0009591368.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f1cf17b97a74b61afca131adf73c8910dd972c03_0008602792.,LiQMAxHB
(NULL) C:\Users\Oexwbpud\AppData\Local\Temp\PReflector64.exe
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9dd9fca3eb64ca5794aded591119d5eeab5ea6c7_0008604848.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ea2e50794a885e8ab2f79b818ef74228cedd2d5c_0005127088.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\dec635251e577ae1332d3875e06884afa496162b_0008602792.,LiQMAxHB
(NULL) C:\Users\Bncilxum\AppData\Local\Temp\PD.exe
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9c5bf9316c9d928d12b354b8b00458a265b32b0b_0001794048.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\56914083d73c086e0e6f2b2160840c356a6a6653_0001388304.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\66f237d98ec8999655cdbeb9d3fae6568bc083ba_0005127088.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\73652b61480806fffe4328633ea6e34bb04e7ee8_0001794048.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c3fc1d593b5d7a5f47f70f04c311c1f8d998351e_0000782848.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6a8e0f5577da5eb08a7a9077b8b7b29a464a605f_0004051016.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\da0d7c2eb65e796744458a9d5cbcb58e78fb1ff4_0005127088.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\99505ec797bbcd2c2973edc8f5743b939d289716_0009591368.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\58fb7ee13327afd4bfea6c8ba5271b38cf309c31_0005127088.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\38a72d6a1d95a879cccc4b74256297ef41586645_0009591368.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\34d34c324b0582e74c1778644c12e56430e44d9a_0005127088.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d806ced6fb83aeb22148d20e07abd14aaeae5b90_0001794048.,LiQMAxHB

Trending

Most Viewed

Loading...