Trojan.Rugmi.IFB
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Rugmi.IFB |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
07348670892df4814eaa780341d4053d
SHA1:
4c884108462ac1fd670f83c2e64bf0b87d126530
SHA256:
D65C5D3CC948FBA62021F127D36EFE743BF19EC8AD5FE5BBB4F532C40426C9AD
File Size:
2.55 MB, 2545928 bytes
|
|
MD5:
8256af68a409dd812e7a5fa401fac24d
SHA1:
f3637c3fd6357f0acd14019a5101c104f04632d9
SHA256:
E1BF8B7A723C8B7601F687001CC1962E734F9E7C8E7BAF83A4BA63F798A4C71D
File Size:
4.38 MB, 4379984 bytes
|
|
MD5:
c7b0257ef4b720eb280d4224185cc667
SHA1:
0e99a922c8236a2d552518431f003fd7ca77509f
SHA256:
CB896AD3C2419C369A8E98725CDCAE3EF360DCA9DDAD7DCCAD29AA4D2FD4E81D
File Size:
91.14 KB, 91136 bytes
|
|
MD5:
8dfee3544c2eb41d5bfda2780cfb5c33
SHA1:
2b0b3de06d0a92cbb0ecf3538c845389f8f1a314
SHA256:
FE9917A37A459E7DA257A7E4A5AAA27F61086CBB3A1DA589481070DB91DD79FA
File Size:
1.20 MB, 1204832 bytes
|
|
MD5:
25ffc700c2aa58a6afb107a2a89daeb8
SHA1:
0a33ab5370a339b3678fefdc511ceaff75c97ec2
SHA256:
B536BCEFA09FDD00C2AB1F7FA9E1972134DC21AFC11FD8CDE04C87181B9B4308
File Size:
1.67 MB, 1668848 bytes
|
Show More
|
MD5:
008d1d937cd8457697bd27c025afe07b
SHA1:
959f50a207a7db5a6ad091741abd84bdbbc7f247
SHA256:
32EB985CD4E26A3EB712DC714EAA4F987722E48117C2C589120CC70A4765B3C1
File Size:
131.58 KB, 131584 bytes
|
|
MD5:
59fd550d929db298b04bb2c8741b17cb
SHA1:
6973e79e2c0169d1c1cda78c47987323191ee0ab
SHA256:
89421ED44CACED972531F5BB34C1243C3D4374C866DE3D5C98647E2EC95FC65D
File Size:
856.06 KB, 856064 bytes
|
|
MD5:
ae46fd8db37b99c88c02e0d0b81a325e
SHA1:
e26b48b16b8f062bd26e7a303bc37adebbe3f331
SHA256:
3CE7ECE5CFC3F505726CD5F652BB91865180786C662D8BAAD9ECB1B2D4A8E88F
File Size:
125.90 KB, 125904 bytes
|
|
MD5:
1729fe2319bb887cb5406fc95c70effb
SHA1:
ba02265e89c0e321fa0446c2155079c4160fedd3
SHA256:
020400592352403B1E8D941CC4FD5B0A2777C8DD436E1D311EE0994C54CFBDAC
File Size:
1.67 MB, 1668848 bytes
|
|
MD5:
69d0bcc1c8b37049444f6fe09eb6bb94
SHA1:
47fe012fde1353da90f4ae2388a58934b1553a75
SHA256:
7C48B0DAE7C57BD4ED4E6D4622570C9CDD08A544E0D65486A4F17D0CCFA539CC
File Size:
383.87 KB, 383872 bytes
|
|
MD5:
894ccb2282375d35829461583ec515ee
SHA1:
e57d99cdf8a2a2323809a88af77743f61b9a30f9
SHA256:
0FF5D2C2FABE50C1DB5AE5004EAD851F71BC4E44CFC4AB4234A5C9A79BCE0BDD
File Size:
856.06 KB, 856064 bytes
|
|
MD5:
3a0220a51ea2cfa3a408f494b540b9a9
SHA1:
3e511b4f9ae6a6d9334126c35fa4578ee5e9bcb4
SHA256:
C63B57D5879A2B0F8647906098F322378D14D1988A4DCEA90ED6368A1D9C70A1
File Size:
1.41 MB, 1408048 bytes
|
|
MD5:
70bb69872bf4196404606a7d9e65dff0
SHA1:
2cfdc8724743e39377b670e8f73897d4bcf01ef1
SHA256:
EDEFE002D4E94720B5A5763DA67C0969238DDE8452281DD2A44C6D8DAC676C82
File Size:
4.63 MB, 4631144 bytes
|
|
MD5:
f89d556881bb6ed8021b764b89f5b277
SHA1:
2ae1379850219a8b12bcb411e27cbfb9bf9caa95
SHA256:
6B8C5524C52C5CBDB8CBD4E841BA59716D056330C540E9729FEEB9F235791D6A
File Size:
2.58 MB, 2584280 bytes
|
|
MD5:
7ea1a7568ffebf639f6d5fd9492b7da9
SHA1:
9347ff2cf26d124dbda3706cde1ddcae91bb70d1
SHA256:
E5726F48AA39234CB5C75309553B972490B86FB32A090B7124BC54B1B6594127
File Size:
669.80 KB, 669800 bytes
|
|
MD5:
ac2a7e1bcd2da120c58d180c0892b370
SHA1:
3ece21a2b0886988fc9e46ed098f278528af8fdd
SHA256:
163B8ABCC457E60A1FAAC8EC5021B97041CE8CC846623EF114E513F4826FEF56
File Size:
805.41 KB, 805408 bytes
|
|
MD5:
2787fe2e1b3cc18573f7f9dd03de37ed
SHA1:
656e736873d0dda7272688bc93956bbdbaa553bc
SHA256:
4C1993ED1571076AAA5A0D6DCDCF39BEBC2933C177493059372696833F83695F
File Size:
5.30 MB, 5298296 bytes
|
|
MD5:
4a0189726f850b3657fb9a38797c10f2
SHA1:
d47d21d668af02b51b16011d8cab094566c3abe8
SHA256:
E2EFF3E62586B0115CFEB3E0B5B8EE9ECC258B4E8861155121F757D8A3373582
File Size:
5.30 MB, 5298296 bytes
|
|
MD5:
1f621ff2c0b86303f67f74e9eb0add9e
SHA1:
471294819d9815607577e98ec9b188b247d45f11
SHA256:
F8B08BA8F95C7E5F9ED38F3F98B06782C5B29309CB2815DEDF6B222049592509
File Size:
2.50 MB, 2501736 bytes
|
|
MD5:
84a948c3f32213453c97bea3f9090bb9
SHA1:
20d8a0530d9d8200e2de385a5b01bc3c166de2ad
SHA256:
5B692529E03AF7163E77F7FFEFCFD52C3A099685D05C079CFA4A5A9DC8994CE7
File Size:
4.69 MB, 4694016 bytes
|
|
MD5:
79bc52af778440aaeb46b12a8bfef629
SHA1:
2e46c3ea87f814b798f70f4a86787119d2ee3890
SHA256:
108555481412A0E46348F0C38D2C0221429B5D65495170B42DF75754BCC3F9BC
File Size:
125.90 KB, 125904 bytes
|
|
MD5:
3d9947f62b3458128008140f5e59f935
SHA1:
fc71440518b67927fd3d9d72641c22fff6bb3dee
SHA256:
7063BF6F8D8E9862B38AE10B0A24DAD3B8856922464037BFFD346E2E07A16884
File Size:
5.25 MB, 5248360 bytes
|
|
MD5:
676409cbd84e11d0fde4880392e00c5b
SHA1:
e2331fb02e1544c604fcc4347eb78282dd4be67b
SHA256:
3DC123CF3EFD4378E51115EE95DDA470229CF1665FB7E5733146514AC7C88826
File Size:
1.27 MB, 1270184 bytes
|
|
MD5:
5e54a1e83e3595fad93c06fefdeed83b
SHA1:
0b9415b71b878c3643968add660a3edd29f27f7e
SHA256:
131AE6C9B2BE2FD6B3FBAD77C743AD22CF2D0669A83DCC24AA51EBC5D6CCFAA0
File Size:
603.38 KB, 603376 bytes
|
|
MD5:
db3e128f1088ddcf605075a8103140b5
SHA1:
cd725bf124d0a819129100022956621d8304754b
SHA256:
76534B9B175EE138B64ECBE4B17F9385037A820D335A445ECA82C039FAB82051
File Size:
125.90 KB, 125904 bytes
|
|
MD5:
5916102f379a08a4b36bba07f6bbb033
SHA1:
9eaa329805ff345d56f97fa90af3b915755fc022
SHA256:
003D789273694A2C0D2333DFC00CBC344E3680FDB28EB5640E3B49EE3D43E8BB
File Size:
5.30 MB, 5298296 bytes
|
|
MD5:
6b4d9095d5053be758884771f501aae2
SHA1:
6b29741d0fd0aa03af99891c577a1ee0fbf39ff4
SHA256:
36A65AB04F0234353FDD10ED08DED6A530A843277AF34E94D1346C12A6629F6F
File Size:
603.38 KB, 603376 bytes
|
|
MD5:
b7c1ed26b2c2b68a7ef0f59f60f15c7a
SHA1:
5bccbbb3a15eb76fc43a7dbec9693e0c54d841ad
SHA256:
E33E71789B6E8A95DC60383F6B2667838FCFFD6E1509BD73843E6B0DE8E82E32
File Size:
2.50 MB, 2501736 bytes
|
|
MD5:
7d78f979ab2d5070f9072ad06cef9a2b
SHA1:
ad787533811be82fb711eccc95848d22a481c84e
SHA256:
BC6C89CB99FBD3FCA8BDAB69CD7040156B9DF7398454A225EC79CE4FEE834FFD
File Size:
1.18 MB, 1184256 bytes
|
|
MD5:
d297fe804bdcd33bb43e120804e596f6
SHA1:
d7de50acf4f9c5f63a28cad7360cd0491417eb45
SHA256:
B3C55F0EB33BFA8CA2EFC6A5F6672366A0D1E191B8AABD2D37490D03F38462DC
File Size:
224.26 KB, 224256 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments | For more information visit https://libgit2.org/ |
| Company Name |
|
| File Description |
Show More
|
| File Version |
Show More
|
| Internal Name |
|
| Legal Copyright |
Show More
|
| Legal Trademarks | Microsoft® is a registered trademark of Microsoft Corporation. |
| Original Filename |
Show More
|
| Product Name |
Show More
|
| Product Version |
Show More
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Planestate Software AB | COMODO RSA Code Signing CA | Hash Mismatch |
| Mirillis Sp. z o.o. | Certum Extended Validation Code Signing 2021 CA | Hash Mismatch |
| Audials AG | DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1 | Hash Mismatch |
| Digital Wave Ltd | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Hash Mismatch |
| HITPAW CO., LIMITED | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Hash Mismatch |
Show More
| Shenzhen Jiehao Software Co., Ltd. | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Hash Mismatch |
| HITPAW CO., LIMITED | DigiCert Trusted Root G4 | Hash Mismatch |
| Shenzhen Jiehao Software Co., Ltd. | DigiCert Trusted Root G4 | Hash Mismatch |
| Microsoft Corporation | Microsoft Code Signing PCA | Hash Mismatch |
| Microsoft Corporation | Microsoft Code Signing PCA 2011 | Hash Mismatch |
| Microsoft Corporation | Microsoft Root Authority | Hash Mismatch |
| AOMEI International Network Limited | Sectigo Public Code Signing Root R46 | Hash Mismatch |
| Intel Corporation | Sectigo Public Code Signing Root R46 | Hash Mismatch |
| The Qt Company Oy | thawte SHA256 Code Signing CA | Hash Mismatch |
File Traits
- dll
- HighEntropy
- ntdll
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 916 |
|---|---|
| Potentially Malicious Blocks: | 5 |
| Whitelisted Blocks: | 898 |
| Unknown Blocks: | 13 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
?
0
?
?
?
?
?
?
0
?
?
?
?
x
?
x
x
1
1
?
1
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
2
0
0
0
0
0
0
1
0
0
0
0
0
1
1
1
1
0
0
0
0
0
0
0
1
0
0
1
1
0
0
1
0
0
0
0
0
0
0
0
0
2
0
1
0
2
1
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
1
0
2
0
1
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
1
0
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
2
0
0
0
0
0
0
0
1
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
1
0
0
1
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
1
0
2
3
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
1
0
0
1
0
0
0
1
0
1
0
0
1
0
0
0
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
2
2
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Kryptik.YB
- Rugmi.FC
- Rugmi.FE
- Rugmi.FH
- Rugmi.GI
Show More
- Rugmi.GM
- Rugmi.IFB
- Rugmi.LDA
- Rugmi.OO
- Rugmi.PG
- Rugmi.TB
- Trojan.Downloader.Gen.AM
- Trojan.Downloader.Gen.AT
- Trojan.Downloader.Gen.DM
- Trojan.Downloader.Gen.DR
- Trojan.Downloader.Gen.EF
- Trojan.Downloader.Gen.FY
- Trojan.Downloader.Gen.HC
- Trojan.Downloader.Gen.HR
- Trojan.Downloader.Gen.J
- Trojan.Downloader.Gen.KN
- Trojan.Downloader.Gen.KW
- Trojan.Downloader.Gen.OC
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\windows\syswow64\log\reg.log | Generic Read,Write Data,Write Attributes,Write extended,Append data |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
| Anti Debug |
|
| Process Manipulation Evasion |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4c884108462ac1fd670f83c2e64bf0b87d126530_0002545928.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f3637c3fd6357f0acd14019a5101c104f04632d9_0004379984.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0e99a922c8236a2d552518431f003fd7ca77509f_0000091136.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2b0b3de06d0a92cbb0ecf3538c845389f8f1a314_0001204832.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0a33ab5370a339b3678fefdc511ceaff75c97ec2_0001668848.,LiQMAxHB
|
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\959f50a207a7db5a6ad091741abd84bdbbc7f247_0000131584.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6973e79e2c0169d1c1cda78c47987323191ee0ab_0000856064.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e26b48b16b8f062bd26e7a303bc37adebbe3f331_0000125904.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ba02265e89c0e321fa0446c2155079c4160fedd3_0001668848.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\47fe012fde1353da90f4ae2388a58934b1553a75_0000383872.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e57d99cdf8a2a2323809a88af77743f61b9a30f9_0000856064.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3e511b4f9ae6a6d9334126c35fa4578ee5e9bcb4_0001408048.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2cfdc8724743e39377b670e8f73897d4bcf01ef1_0004631144.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2ae1379850219a8b12bcb411e27cbfb9bf9caa95_0002584280.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9347ff2cf26d124dbda3706cde1ddcae91bb70d1_0000669800.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3ece21a2b0886988fc9e46ed098f278528af8fdd_0000805408.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\656e736873d0dda7272688bc93956bbdbaa553bc_0005298296.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d47d21d668af02b51b16011d8cab094566c3abe8_0005298296.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\471294819d9815607577e98ec9b188b247d45f11_0002501736.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\20d8a0530d9d8200e2de385a5b01bc3c166de2ad_0004694016.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2e46c3ea87f814b798f70f4a86787119d2ee3890_0000125904.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fc71440518b67927fd3d9d72641c22fff6bb3dee_0005248360.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e2331fb02e1544c604fcc4347eb78282dd4be67b_0001270184.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0b9415b71b878c3643968add660a3edd29f27f7e_0000603376.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cd725bf124d0a819129100022956621d8304754b_0000125904.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9eaa329805ff345d56f97fa90af3b915755fc022_0005298296.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6b29741d0fd0aa03af99891c577a1ee0fbf39ff4_0000603376.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5bccbbb3a15eb76fc43a7dbec9693e0c54d841ad_0002501736.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ad787533811be82fb711eccc95848d22a481c84e_0001184256.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d7de50acf4f9c5f63a28cad7360cd0491417eb45_0000224256.,LiQMAxHB
|
