Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Rugmi.TB

Trojan.Rugmi.TB

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Rugmi.TB
Signature status: No Signature

Known Samples

MD5: 213a6665f1a5699c5ba4421b053ac1af
SHA1: a7eb6f1c312b0a16667e74f3f42791306e915ee0
SHA256: 29436436BD1729DFF89BDEF3F519039FFA4086E8B6B971B88E94F115D8376EC2
File Size: 4.31 MB, 4311884 bytes
MD5: b7354418a6575e24d01d888765c46a5d
SHA1: 2935085892cd06e5ec5be6f299e409396449f941
SHA256: B5B2A1EF5D907E11CC7E0FF767045FA59423A35AA62897DF233B824A1C3E8113
File Size: 2.64 MB, 2639872 bytes
MD5: 556b566cf6e981f5ca45e135cb815e03
SHA1: 73725732c9c3bef06c7db54ca5db114896f02a6e
SHA256: E4EF75A0CB4F4DEBCCD10BDC4B0EE2463482E70519E26CDFD180904C465E0F9C
File Size: 1.82 MB, 1818344 bytes
MD5: e27a9ec02d3eeadd4973007c2bb6eb9e
SHA1: 6e59955808440cb6d9e569b791a922ab2118681a
SHA256: 1A5E37466D7764F45C694662CD1E4ED3C959B993AE5230410A8F6DE9BC426597
File Size: 247.31 KB, 247312 bytes
MD5: 6057670d1f0b43be384e7a2131f89990
SHA1: 385e643cab0d50206723a64d707ce80c153fc8eb
SHA256: 0FFEFE81451AC82599B1BD92D908ABB181495CA012D161F659FE815BC43AE8B9
File Size: 2.64 MB, 2639872 bytes
Show More
MD5: 3c95a99a34ceeb9153417c6aa6afa3c9
SHA1: 39429d00d05110d7d4e12eeff833fc91c01b8738
SHA256: 350D67D3E6E1A9DBF0B2E8EA15E8219AFB07E2715BD6A9A2D6DE507C26718D4D
File Size: 247.31 KB, 247312 bytes
MD5: 2423eb3ba9bacc9ea61ddf2ff6a175d5
SHA1: 114c59a3589ecdb25520388cb192357ed5fae433
SHA256: B740810D8C0067FD558E70F841FC591C6DC4CA1DA559E7659A480A6C36953B76
File Size: 1.49 MB, 1492232 bytes
MD5: aa3ba06a4fa46a62aac39f920392a642
SHA1: 294018a11c1bfae4cdc39669019aa68d9f19d280
SHA256: DD3DDE736C10E1AC16D98224E0A531D2A819E7D1073D996A2074896DEDC626DF
File Size: 249.65 KB, 249648 bytes
MD5: 1ccd6bed2addbc3beca917cfab149377
SHA1: d5eb5e7ccccf865b5da3bb7745ea550f9d4f7bdf
SHA256: 78C597040702C15A20DE640F9ADA8FDCF81540078D38A105EB4E70C211E93A68
File Size: 605.70 KB, 605696 bytes
MD5: 22e070791015e8718c0713cf7f4b00c9
SHA1: 1ddb5721d6ba76a360079fdf1598262745e872b2
SHA256: C40D2DD5BA0A94FD7F177149590B276B8AE27CAFDBD3191A6DC47D02846A26C4
File Size: 2.50 MB, 2501736 bytes
MD5: 0b2e71b1f9b72208dabe3b4b4a1c8003
SHA1: 517b58aebedebe02b9180e3e7e824f008122472b
SHA256: 97F2E0C674C235588E45511DE542EB7538A24DFDC739299D41B34ADE76410F2E
File Size: 1.18 MB, 1184256 bytes
MD5: cc6ee8e88e0dbde29563be02e7224a13
SHA1: f46f7a7e2371324733d2063f17a746c42a1b1730
SHA256: 384A8913E79AEE100C810CA0E06206C370A6BE0DA4C964D7F841E931AE084CD3
File Size: 875.69 KB, 875688 bytes
MD5: bba7188126b55e0339ee3e3476296538
SHA1: 087d3527c2094a509f9ff6e7b611f896c95632d6
SHA256: E94309E56A1FDA5957F5A5BF0DB001C43F173D155386FC9D7563CBAFC6FD05DD
File Size: 188.48 KB, 188480 bytes
MD5: 51d88dd82a319681ed11098a5f88685f
SHA1: b700b47e312fd370e2c8c2cb47d97c72af26ba7f
SHA256: 30CEBA7CBD15CF989D9E75A6742DACCBF6C9BC3F17E9B82FE3554455B26A4C21
File Size: 4.67 MB, 4669768 bytes
MD5: 133a4cc016f2486a8d3d804172be75f0
SHA1: 93b4bd663b5224ea431d009e34e853a25de685b2
SHA256: CF51FA0BB15729EC6F8C880D1617EC852A4539FA10AA6E2C63D87701D9046100
File Size: 5.30 MB, 5298296 bytes
MD5: 3f4699c17966857c625426fbbda039b3
SHA1: 6497b975c47e55dd0ac08e7c1faf7142de7a637c
SHA256: DECE1423C08AB0F3CE07E0358B424F41891977842BBA20807564C00E8A783C75
File Size: 2.74 MB, 2744320 bytes
MD5: 946f1c3326fc61c0d3c9f92b1c1d5f2d
SHA1: 03b688995c2483fa448d970b458a1214f3400f50
SHA256: 1C53636C057477792D6ACCC5431AAE32E85225584C5BFB5FF609A8457B8A71DF
File Size: 1.67 MB, 1668848 bytes
MD5: c17203e6946dcb5f2b66190d87089c12
SHA1: 551f3ae070eb2916a13f58b623662a91f49dfdcb
SHA256: C475B9765E2A98B21C1EE763E2E0251FA81FFF29C3397209660117C15FE5D401
File Size: 163.46 KB, 163464 bytes
MD5: 8d442e0048281c90b912b032154e42c2
SHA1: 0003c6c6f17359ee6a0eb7b598c7171e3a64739f
SHA256: FE55913C58D3BD6ECB4EA66340AC822229E565CE048843DC7C6C70FFDD52F0B5
File Size: 959.62 KB, 959624 bytes
MD5: a85f3a710bbc4c21ff6454aad2e0d007
SHA1: 00f83ddcf7330e2d43c148a414b06b8a8620b13b
SHA256: B6DD576F9ABF046DC16863858FC93408592ACB54268C73A270ED84A0EAAEE5DA
File Size: 2.25 MB, 2249520 bytes
MD5: e8e17ffc5ced089ea7ac0797fcb4c21b
SHA1: ca647864bd507c9595fa1f7c9a3c5ee91bd7cda0
SHA256: 872690A56CEDF5B27A2C3F40D2C803FF4C369037F49B99C55E246D1C2F50CCAF
File Size: 139.83 KB, 139832 bytes
MD5: 6cb1be289c67c80d860b32c56de5af09
SHA1: 463c1f4c2519f2ee46a12cc4b6141ef0d382e5b6
SHA256: 95EA614129A89B10254EAC4B58B0A145312BC322DBA14D9A93F3B4B844C1EC17
File Size: 265.83 KB, 265832 bytes
MD5: 3c6f2a8ab7827bf922be5d6b0a6b0093
SHA1: 96a5ff76de1da9510086f11c92ae65754b22ba64
SHA256: 11B544043C392120F3B11AACAF9B027050D4A9784F12390836A10EA4F428B0C4
File Size: 1.82 MB, 1818344 bytes
MD5: a01e866bc5529f01d3557f5d73bc4f93
SHA1: e5e69eb27a2db5bb4ce787e9e2a99edb2a0bd6ae
SHA256: 010B17578AE1F4ED8B9F8878EE7630F467DCE780E5E8E2CE279FA42B43B0AFEA
File Size: 249.65 KB, 249648 bytes
MD5: 25dcfdc7e645f23ce585fe58cefdb11a
SHA1: cafe2bbc9ac3aa4fac12c878b361858ca636dbf9
SHA256: 4F5DAD79EEC34CD39C52C8A82B278FE1843FBE9607233CDEAD343C7C795F26AD
File Size: 1.82 MB, 1818344 bytes
MD5: 794fbb2315bc6b3accfb9e2614e8b6ed
SHA1: 2deffdbcdbff6a09c8ad22d138a836bc2bcebe28
SHA256: E9E0DD357E1EE5F3B6DD41BE46D048EED274297D9AFFA62337404FC720DD0D34
File Size: 5.30 MB, 5298296 bytes
MD5: e85e2fba64ddf82ed9cbe1a8092fb2e5
SHA1: d83cfc7bd683bb0f3421389d2b24b655f7f637dd
SHA256: CEDD37A48FCB6343DD2014CDEC8D7C64E9A108F3AB681364D4C2928828C52841
File Size: 1.13 MB, 1132848 bytes
MD5: c68eac2e774f43ab0ed0df85e0e36fdf
SHA1: 2874eecf069999adc3d5290691ed901a6773f743
SHA256: 6098B427B1646DECF1003A6F826AFB162AB9AD4A8E02CD6D529662B9CCFC93AF
File Size: 294.30 KB, 294296 bytes
MD5: 7fb34f2e795c31b83e779cccb1322ab5
SHA1: ad71f2928398f5fa017598e5187bb50a51b735dc
SHA256: 6FD329FFFFC933F01E41A0355E8EFC3419690C78BFD6AF762D202BB7FD72F46F
File Size: 303.57 KB, 303568 bytes
MD5: 13f3d039a5cde76a84d81d31676f6653
SHA1: 07930316b76ba2ea2c8084b7302f878e2975c086
SHA256: 30F7995072FA99E2ABB9F88F44748AE7ABF2AFA06A61661FBD0AF896118D6568
File Size: 4.63 MB, 4631144 bytes
MD5: 908c2f1926391856990352869ffaaa6d
SHA1: e6ac9500c849302999bc7235ebf4f129ba699c61
SHA256: B17CB6FF077A44CD166F26E0A443BA5EDE90C46CD725BEBEDF52B70B21FD56CB
File Size: 1.83 MB, 1827584 bytes
MD5: 2b66737ea731d5588cc6fbcfb61a5c19
SHA1: 2d3583827f69e8b597d1aa35ad8ef12e599bd8ef
SHA256: FAEB27ABE7BDA1C7A51AB6E430BAA0C52F4B66A3B2DF19FB1315016FBFCED755
File Size: 418.36 KB, 418360 bytes
MD5: 77eaac35cfd8edaa8308e2b96620d840
SHA1: ff0a95a8e2c410cf33e116e82b1a0e5d993d74e8
SHA256: E3F7D07A89584407DCF7FB90E326D5786D7B20EB7A8997560CD9747ACF9F635A
File Size: 249.65 KB, 249648 bytes
MD5: 48ffe2403455a0a575f7e6a0528092be
SHA1: 5b022869061bc46e8be39757a69e67e4ab42b5f8
SHA256: 66E452FCB0605A679119FBDB735E9443CF383D3FB033E0FD5786C5ECED2C68E3
File Size: 1.82 MB, 1818344 bytes
MD5: 84188c946b16311ac34c20992db762ca
SHA1: 79c2461d16d6cd9d4ce642e0118c69bd7bad4e7b
SHA256: 06240F665879AD1C97441529EB23A150006CD790D44C415200FF635C31CDACED
File Size: 249.65 KB, 249648 bytes
MD5: ec3e8d10e3f9fb4e3d72bf0c21f8d3b9
SHA1: 2e333331fe23817bbdaddea6d19a49d0679ea6ca
SHA256: 3BF6112D96525C71DD0612689D10EF6A857C303C928A8A2A53BF2D8B009849D1
File Size: 1.30 MB, 1303896 bytes
MD5: 884b06b81f608117247836ada4c747a6
SHA1: a82586454fce0295201beadf349b5800bb34e446
SHA256: C0D0EEF15ED5FA87FB6F39CC9430FDFBF0625E94C05BA57FAA0940027EA6D2AD
File Size: 5.65 MB, 5653424 bytes
MD5: 2173acdd67bfeaf79ccec983bf34dcfb
SHA1: 728221d51dea25b16b4fc8f913d54ff5ef58c8bc
SHA256: 395BF42947A30BE495B5A1E0790B0F43432553610A66307BB80A9291F60ACBAA
File Size: 1.14 MB, 1138120 bytes
MD5: 7d0fe40c249161356533d18ec18337b4
SHA1: 7ff4c8afb57785f940c7850644298c667d0bd205
SHA256: FF94985E894E2FACF6480AB14D1D87EEBE091FAD4C1EF3156CB99BF5E83EABF0
File Size: 519.68 KB, 519680 bytes
MD5: 9be0e07d77862a8ee4af27bf3f570248
SHA1: 117546eebb12fccce250ed330e1ad3ae24a3dd14
SHA256: 32BFED8BA964A46BA6BA6DA6504062DE85034E275975C02827031F228771C914
File Size: 603.38 KB, 603376 bytes
MD5: e39ef712de211bde5aab9c16d390e43f
SHA1: 3cb6d1f8d2061d1f19ccc667b81fbc0b4c0e2812
SHA256: 617F3944C263EE7350577E1FF3460BC07B6318229D59A503227B557371A0DC91
File Size: 154.62 KB, 154624 bytes
MD5: 3a919aedfd7fcc3123b82f7b672a2c93
SHA1: 1ce996de54f596e6b316f9c1dd57706f3a8ffdf8
SHA256: 5035B5ABBBD439B8A1601B197AB8F4E375B20E6C2C9469F84C84195F081C8795
File Size: 265.83 KB, 265832 bytes
MD5: 56d3ed69f3780681a6899dcc1e38aae0
SHA1: 15b5606b0007907aa231d85a7056b92a2b9ec5a9
SHA256: A1E0ABFC7850A609E91303F6B2C0753A03857346431BA79942598A62B68860BA
File Size: 5.13 MB, 5127088 bytes
MD5: 3450c3cb6fb8ac086a672e2ae43763f2
SHA1: 1bccab9eda8fa7afbf24df3d10b5e835de96951e
SHA256: 0E15B30515A2F7BD82404B60A83980791A8C04B286A1D99C8C63D54DC0695F26
File Size: 489.98 KB, 489984 bytes
MD5: 4959dbecf0907f5e4ebf178e8e7daff7
SHA1: 32d901707b741fa5a53b261c4368e02be2c24f44
SHA256: A4801569735EA51CD1DDD093DE14BA88C304855D754EDA54C46CB379F501F26D
File Size: 399.93 KB, 399928 bytes
MD5: 6827e0012b8c93b350dc5f97137fedb7
SHA1: 9121b97df74ba5c6336fd6cd601f1e10e2a38e3b
SHA256: 25B5F3EC091B15956F0DA94DA4056AD0F5C7C34DEB9E6CFD5B9748F6254BB547
File Size: 5.30 MB, 5298296 bytes
MD5: ddc87e35550b9cf722d448ae211f13cf
SHA1: ac0d0c8bac4c7e690c9ef82946d154097923442d
SHA256: 4F9101B62DFE901774413F19E3B4F2E9CA3A3D12C3F0DD4882321F9EA5AABBCE
File Size: 7.39 MB, 7388954 bytes
MD5: 355c7bd1b3897f14360ce0b46332ca5e
SHA1: 4817812846073778c0be584737f4ab00d0c6f76e
SHA256: 7BB05120006BCAC6DC541EDF8CD823FC4EFBBC3E01F773CB5980B977741773B9
File Size: 2.40 MB, 2400256 bytes
MD5: 436a3e8beb8d4096155e84391cde5dee
SHA1: bc8afcc614c9dee80175aa163f0aaa80473d9bf8
SHA256: 8CDFA3BDC194E6D96948A8E091FBB61B37ABCCDE79AC0EB12FBB54827C268D3C
File Size: 1.83 MB, 1827584 bytes
MD5: 7145a6c80cfbb0b9c53f7f6177c2f139
SHA1: 595bda303fd00e90dc0dc058214ffdbb8263be06
SHA256: 24BA140F6386414D62B07F57C62AC3F6BBA7FFE93C1DAE091FB3C9AC23C12420
File Size: 294.30 KB, 294296 bytes
MD5: de0db956250703902f1afedcb5f30485
SHA1: a1a1bb1844cd584c335b56f1f25152bdd804431c
SHA256: 6A63BFAE10B5A26B378583E4EF1BDDDF7164C626B2961942E9346630BCD2F0F5
File Size: 2.25 MB, 2249520 bytes
MD5: 7da9ee1981edcaddea0bacea110446fc
SHA1: 1cda345c44cea2a0d7af799f543506d305173f41
SHA256: F34CC6588D6C288DBDE70AF5B1DB89FF35C2F0F61D049EA2788356059B64D5F5
File Size: 3.30 MB, 3297944 bytes
MD5: cda3eed3d479c614354e1aea90280da6
SHA1: f6da7428db5a043cceabfeebfacc184715607de0
SHA256: 199916DDB6A3AF2EB92C6D1FD8E5E19F59B36A234121D0D57717BA74739DB76B
File Size: 2.50 MB, 2501736 bytes
MD5: f1c75b14a0ff140b5f70a78a97db991a
SHA1: 42247822ef160a9e327ac3a7f4338c3c6c36cb51
SHA256: A84074DC2B0DB6434B0D93D9D11AD25927219C47CBF81A6783789AC00805C297
File Size: 1.67 MB, 1668848 bytes
MD5: c1d37e7187b3ece21e15890533b58633
SHA1: a37bb94071fd2f67764e7229b1b5e1b3cda1baeb
SHA256: C27501C896B07DDD3B02BFABC952A573E46B29DAA014002DA529262FE681A206
File Size: 1.12 MB, 1115256 bytes
MD5: ce0271ca17a4b96cc71e37db24cffb92
SHA1: 5085ee77264b4471bf31657ee4b8015dc3952507
SHA256: 152A310D7248686507E3FE4121AEB61902992994BD19D0847F837DAD3D01F991
File Size: 1.82 MB, 1818344 bytes
MD5: 48607771fe87402b3f747f08b8e8efa2
SHA1: 4fb5d564dd894bb87177585c32ed0553d42f8099
SHA256: C39B8D0524A5032610096DC67639B1D9BB58EB9E0281DFF6AC8A6C18C91387FA
File Size: 294.30 KB, 294296 bytes
MD5: 3d8327d79fe5eb7e5fc6fbdafb3d817f
SHA1: 03dc4390c9c8e6d123011f5bf5a689f9de6d0aa4
SHA256: 31892B6EF87CB2D7793C12BB3E3D0D43A8F85201979143EA26B369DCFF00A586
File Size: 249.65 KB, 249648 bytes
MD5: d68e90f7a26ca1b6903d7dfa7732e0ca
SHA1: 80351bb9029f66fb74a4fab00561401183aa28d2
SHA256: 8C27A187FA5789F277AFFAAE4AF150AADE51E4988F32EF09469EB15BDE194EAD
File Size: 2.74 MB, 2744320 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Active Movie Filter dll
Comments
  • Bibliothek für mehrere kleinere Aufgaben in Spybot-S&D.
  • http://icu-project.org
  • Library for multiple small purposes of Spybot-S&D.
  • Used dependencies: winfuse.24.65.0@NPK, backupsdk.7.18.0@NPK, ufs.6.6.0@NPK, googletest.2.2.0@NPK, kernelio.1.11.0@NPK, macsnapshot.3.3.0@NPK, uimdrv.0.7.0@NPK, boost.1.68.0.3@NPK, esxrwblockmanager.1.45.0@NPK, inventorymanager.0.5.0@NPK, hypervinventory.0.5.0@NPK, hdmtools.1.9.0@NPK, cpprestsdk.2.10.11@NPK, openssl.1.1.1.1@NPK, libxml2.2.9.8@NPK, libxslt.1.1.30@NPK, lsl.8.11.0@NPK, olsemulator.1.3.0@NPK, licensetools.0.4.0@NPK, biontdrv.1.3.0@NPK, sqlite.6.1.0@NPK, allegro.1.18.0@NPK
  • Used dependencies: winfuse.26.20.0@NPK, uimdrv.0.9.1@NPK, slimphysical.5.22.0@NPK, slimcore.0.224.0@NPK, backupsdk.10.4.0@NPK, zlib.1.7.0@NPK, ufs.10.6.0@NPK, libxml.4.10.0@NPK, kernelio.1.11.0@NPK, macsnapshot.3.3.0@NPK, awssdk.1.22.0@NPK, curl.7.73.0@NPK, ssh2.1.22.0@NPK, openssl.3.12.0@NPK, azurestorage.0.30.0@NPK, cpprestsdk.3.14.0@NPK, boost.2.12.0@NPK, signalrcpp.2.22.0@NPK, esxrwblockmanager.1.107.0@NPK, lsl.11.15.0@NPK, hypervinventory.0.24.0@NPK, hdmtools.3.21.0@NPK, inventorymanager.0.15.0@NPK, allegro.1.22.0@NPK, sqlite.7.0.0@NPK, biontdrv.2.0.0@NPK, googletest.3.2.0@NPK
Company Name
  • BugSplat, LLC
  • FASoft
  • Microsoft Corporation
  • Nokia Corporation and/or its subsidiary(-ies)
  • Oleg N. Scherbakov
  • Paragon Software
  • Paragon Software Group
  • Python Software Foundation
  • Safer Networking Limited
  • Stardock Corporation
Show More
  • The cURL library, http://curl.haxx.se/
  • The ICU Project
  • The Qt Company Ltd
  • The Qt Company Ltd.
File Description
  • 7z Setup SFX (x86)
  • A part of Paragon System Utilities
  • Bibliothek für Spybot-S&D
  • C++ Application Development Framework
  • C++ application development framework.
  • Crash Handling Module
  • Crash reporting module, BugSplat.DLL
  • Developers version of the smooth library.
  • FASoft DirectX Audio Plug-In
  • ICU Common DLL
Show More
  • libcurl Shared Library
  • Library for Spybot-S&D
  • MFCDLL Shared Library - Retail Version
  • Microsoft.VisualStudio.QualityTools.VideoRecorderEngine.dll
  • Microsoft® C/C++ OpenMP Runtime
  • Microsoft® C Runtime Library
  • Python Core
  • Stardock Application Services
  • Test Authoring and Execution Framework: Common [v10.88k]
  • Test Authoring and Execution Framework: TE.Loaders [v10.88]
  • Visual Studio Debugger Script Target Agent Implementation
  • Windows Image Helper
File Version
  • 69, 1, 0, 0
  • 40.7.2
  • 32.0.1
  • 17.0.36101.15 built by: d17.14
  • 17.0.36015.10 built by: d17.14
  • 14.44.35112.1
  • 14.29.30139.0 built by: vcwrkspc
  • 11.00.61227.0 built by: Q11REL
  • 10.88.2411.08001
  • 7.41.0
Show More
  • 6.2.9200.20512 (debuggers(dbg).120906-1803)
  • 5.14.2.0
  • 5.7.0.0
  • 5.1.2600.1106 (xpsp1.020828-1920)
  • 4.7.0.0
  • 3.6.3
  • 3.4.4
  • 3, 3, 1, 0
  • 2.7.13
  • 2, 1, 6, 10
  • 1.9.3.2353
  • 1.4.0.1795
  • 1.4.0.2
  • 1.0.0.0
  • 0.9.10.5690
  • 0, 8, 0, 0
Internal Name
  • 7ZSfxMod
  • BugSplat.DLL
  • CrashRpt
  • DBGHELP.DLL
  • FASoft Compressor
  • hdmengine_sche
  • libcurl
  • MFC140U.DLL
  • Microsoft.VisualStudio.QualityTools.VideoRecorderEngine.dll
  • msvcr110.dll
Show More
  • Python DLL
  • SdAppServices.dll
  • SMOOTH
  • TE.Loaders
  • VCOMP140.DLL
  • VSDebugScriptAgent170.dll
  • Wex.Common
Legal Copyright
  • ?1996 - 2015 Daniel Stenberg, <daniel@haxx.se>.
  • Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies).
  • Copyright (C) 2015 The Qt Company Ltd.
  • Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html
  • Copyright (C) 2020 The Qt Company Ltd.
  • Copyright 1994-2019 Paragon Software GmbH
  • Copyright 1994-2025 Paragon Software Group
  • Copyright 2003-2013 The CrashRpt Project Authors
  • Copyright BugSplat, LLC (C) 2015
  • Copyright © 1998 Flavio Antonioli
Show More
  • Copyright © 1998-2023 Robert Kausch
  • Copyright © 2001-2015 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC.
  • Copyright © 2001-2016 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC.
  • Copyright © 2005-2010 Oleg N. Scherbakov
  • Copyright © 2014-2024 Stardock Corporation
  • © 2003-2008 Safer Networking Limited. Alle Rechte vorbehalten.
  • © 2003-2008 Safer Networking Limited. All rights reserved.
  • ©Microsoft Corporation. All rights reserved.
  • © Microsoft Corporation. All rights reserved.
License http://curl.haxx.se/docs/copyright.html
O L E Self Register AM10
Official Website http://www.smooth-project.org/
Original Filename
  • 7ZSfxMod_x86.exe
  • BugSplat.DLL
  • CrashRpt.dll
  • DBGHELP.DLL
  • fa4bdeq.dll
  • icuuc69.dll
  • libcurl.dll
  • MFC140U.DLL
  • Microsoft.VisualStudio.QualityTools.VideoRecorderEngine.dll
  • msvcr110.dll
Show More
  • python27.dll
  • python34.dll
  • python36.dll
  • Qt5Core.dll
  • Qt5Network.dll
  • QtCore4.dll
  • SdAppServices.dll
  • smooth.dll
  • TE.Loaders.dll
  • tools.dll
  • VCOMP140.DLL
  • VSDebugScriptAgent170.dll
  • Wex.Common.dll
Private Build June 27, 2010
Product Name
  • 7-Zip SFX
  • BugSplat Dynamic Link Library
  • CrashRpt
  • FASoft 4-Band Parametric EQ
  • hdmengine_sche
  • International Components for Unicode
  • Microsoft® Visual Studio®
  • Microsoft® Visual Studio® 2012
  • Microsoft® Windows® Operating System
  • Python
Show More
  • Qt4
  • Qt5
  • smooth Class Library
  • Spybot - Search & Destroy
  • Stardock Application Services
  • Test Authoring and Execution Framework
  • The cURL library
Product Version
  • 69, 1, 0, 0
  • 40.7.2
  • 32.0.1
  • 17.0.36101.15
  • 17.0.36015.10
  • 14.44.35112.1
  • 14.29.30139.0
  • 11.00.61227.0
  • 10.88.2411.08001
  • 7.41.0
Show More
  • 6.2.9200.20512
  • 5.14.2.0
  • 5.7.0.0
  • 5.1.2600.1106
  • 3.6.3
  • 3.4.4
  • 3, 3, 1, 0
  • 2.7.13
  • 1.9.23.0
  • 1.4.0.1795
  • 1.4.0.2
  • 1.0.0.0
  • 1, 6, 0, 0
  • 0.9
  • 0, 8, 0, 0
Special Build 0
E Mail Contact info@smooth-project.org

Digital Signatures

Signer Root Status
Planestate Software AB COMODO RSA Code Signing CA Hash Mismatch
Open Source Developer, Robert Kausch Certum Code Signing 2021 CA Hash Mismatch
HITPAW CO., LIMITED DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Paragon Software GmbH DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Plex, Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Show More
Steinberg Media Technologies GmbH DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
HITPAW CO., LIMITED DigiCert Trusted Root G4 Hash Mismatch
STARDOCK SYSTEMS, INC. DigiCert Trusted Root G4 Hash Mismatch
BugSplat LLC Go Daddy Secure Certification Authority Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA 2010 Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA 2011 Hash Mismatch
Microsoft Windows Software Compatibility Publisher Microsoft Windows Third Party Component CA 2013 Hash Mismatch
AOMEI International Network Limited Sectigo Public Code Signing Root R46 Hash Mismatch
Comodo Security Solutions Inc Sectigo Public Code Signing Root R46 Hash Mismatch
Softouch Development, Inc. Sectigo Public Code Signing Root R46 Hash Mismatch
Ventis Media, Inc. Sectigo Public Code Signing Root R46 Hash Mismatch
Python Software Foundation StartCom Class 3 Object CA Hash Mismatch
Safer Networking Ltd. VeriSign Class 3 Code Signing 2004 CA Hash Mismatch
Paragon Software GmbH VeriSign Class 3 Public Primary Certification Authority - G5 Hash Mismatch
The Qt Company Oy thawte SHA256 Code Signing CA Hash Mismatch

File Traits

  • 2+ executable sections
  • dll
  • HighEntropy
  • ntdll
  • VirtualQueryEx
  • x64
  • x86

Block Information

Total Blocks: 7,721
Potentially Malicious Blocks: 5,203
Whitelisted Blocks: 2,376
Unknown Blocks: 142

Visual Map

0 0 0 x x x x x x 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x 0 0 x x 0 x x x x x x x x x ? x x x 1 x x x x x 0 x x 0 x x x 0 x x 0 x 0 x x x 0 x x 0 x x 0 x x x 0 x x x x x x x 1 1 1 1 0 x x x x 0 x x x x x x x x x x 0 x x x x x x x x x x x 0 x x x x 0 x x x x 0 x 0 x x 0 x x x x x x x x 0 x 0 x x x x x x x x x x x x x x x 0 0 x x x 0 x x x x x 0 x x x 0 0 x x 0 0 0 0 x x x 0 x x x x x x x x x x x x x 0 x x x x x x x x x x x x 0 0 0 x 0 x x 0 x x x x x x x 0 0 x x x 0 0 x 0 x x x x x 0 0 x x x 0 0 x x x 0 x x x x x x x 0 0 x x x x x x x x x x 0 0 x x 0 x x x x x x 0 x x x x x x x x x x x x x x x 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 x x 0 x x x x x x x x x x 0 x 0 0 x x 0 x x x x x x x x x x 0 x x x x x x 0 x x 0 x x x 0 x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x 0 x x x x x x 0 x x 0 x x x x x 0 0 x 0 x x 0 0 0 0 x x x 0 0 0 x x x x x x x 0 0 0 x x x x x x x x x x x 0 0 x x x x x x 0 0 0 x x x x x x 0 0 x 0 x x 0 x x x x x x x x x 0 0 x 0 0 0 0 x x 0 0 x 0 x x x x x x 0 0 x 0 x 0 0 x x x 0 x x x x x 0 x x x x x x 0 0 x x x x x 0 0 x x x x x x 0 x 0 0 0 x x x x x x x x x x x 0 0 x x x x x x x x x x x x x x 0 x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 x x x x x 0 0 0 0 0 0 x x 0 x x x x 0 x x 0 0 x x x x x x x 0 x 0 x x 0 0 x x x x x x 0 x x x x 0 x x 0 x x x x x 0 x x x x 0 0 x x x x x 0 0 x 0 x x x x x x x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 x 0 x 0 0 x x x 0 x 0 x x 1 x x 0 x x x x 0 x x x x 0 x x x x x x x x 0 x 0 0 x x 0 x x 0 x x x x 0 x x x 0 0 x 0 0 x x x 0 x x 0 x x x x x x x x x x x x 0 x 0 x x x x x x 0 x 0 x x x x x 0 x 0 x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x 0 x 0 x x 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x 0 x x x x x 0 x x x x 0 x 0 0 0 0 0 0 0 x x x x x x x x x x x x x x 0 0 0 0 0 0 0 x 0 2 2 0 x 0 x x x x x 0 x 0 x x 0 x x 0 x 0 0 0 x x 0 x x x x x x x x x x x x 0 x x x x x x x x x 0 x x 0 0 0 x x x x x x x x 0 0 x 0 x 0 0 0 0 0 x x x 0 x x x x 0 0 0 x x x x 0 x 0 x 0 x x 0 x x x x x x x x x x 0 0 0 0 0 x x 0 0 0 x 0 x x x x x 0 0 0 0 0 0 x x x x x x x x x x x 0 x 0 0 0 x x x x 0 0 x x x x x x 0 0 x x 0 x x x x x x x x 0 x x x 0 0 x x x x 0 x x x x x x x x x 0 x x x x x x x x 0 x 0 x x x x x 0 0 0 0 0 x 0 0 x x 0 0 0 x x 0 x 0 x x 0 x x x x 0 x x x x x x 0 0 0 0 x 0 x x x x x x x 0 x 0 0 x x 0 x x 0 x x x x x x x x x x x x 0 0 x x x 0 x x x x 0 x 0 x x x x x x 0 x x x 0 x x 0 x 0 0 x x x x 0 x 0 x x x 0 x 0 x x x 0 x 0 x x x 0 x x x x x 0 x 0 x x x x 0 x x x x x 0 0 x x x x x 0 0 0 0 x x 0 x x x x 0 x x 0 0 x x x x x x x x x 0 0 0 0 0 x x x x x x 0 x 0 x x 0 x x x x x 0 x x 0 x x 0 0 x x 0 x x 0 x x x 0 x x 0 0 x x 0 x x 0 x x x x x x x x x x x 0 x x x x x 0 x x 0 x x 0 0 0 0 x x x x x x x x x x x x x x 0 0 x x x x x x 0 x x 0 x x 0 0 x x x x 0 0 x x x x x x x x 0 0 x x x x x x x x x 0 0 x x x x x x x x 0 0 x x 0 x x 0 0 x x x x 0 0 x x x x x x x 0 0 0 x x x x x x x x x 0 0 0 x x 0 x x x x x x x x x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 x x 0 0 0 x x x x x 0 x x x x 0 x x x x x 0 x x x x 0 x x 0 x 0 x 0 0 x x x x x 0 x x x x x 0 0 0 x x 0 x x x 0 x x x x x x x x x x x 0 0 0 0 x x x x x 0 0 0 x x x x 0 x x x x x x x x 0 x 0 0 x x x 0 0 x 0 x 0 x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x 0 0 0 x x x x x 0 x x 0 x x x x x x x x x x x x x x x x 0 x x 0 0 x 0 0 x x 0 x x x x x x x x x x x x x x x 0 x x x 0 x x x x x 0 x x x 0 0 x x x x x x x x 0 0 x 0 x x x x x 0 0 x x x x x x x x 0 x x x x x x 0 x x 0 x x x x x x x x x x x x x x x x x x x x x 0 x x 0 x x x x x x x x x 0 0 x x x x 0 x x 0 0 x x 0 x x 0 x x 0 x 0 x 0 0 x x x x x x x x x x x 0 0 x x x x x x x x x x x x x x 0 0 x x x x x x x x x x 0 x x x 0 0 0 0 0 x x x x x 0 x x x x x x x 0 x x x x x 0 x x 0 x 0 x x x x x x x x x x x x 0 0 0 0 0 0 1 x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 x x 0 0 x x x x x x x x x x x x 0 0 x 0 0 0 0 0 x 0 x x x x x x x x 0 x 0 x 0 x x x 0 x x x x x x x x x x x x x 0 x x 0 x x x x x x x x x x x x x x x 0 x x x x x x x x x x
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Danabot.DL
  • Danabot.LA
  • Expiro.GA
  • Filecoder.DW
  • Filecoder.DWA
Show More
  • Filecoder.DWB
  • Loader.DE
  • Rugmi.FC
  • Rugmi.FE
  • Rugmi.FG
  • Rugmi.FH
  • Rugmi.FS
  • Rugmi.FSA
  • Rugmi.GI
  • Rugmi.GM
  • Rugmi.IFB
  • Rugmi.KA
  • Rugmi.KB
  • Rugmi.LDB
  • Rugmi.O
  • Rugmi.OH
  • Rugmi.OI
  • Rugmi.OO
  • Rugmi.PG
  • Rugmi.TB
  • Rugmi.TC
  • Rugmi.YA
  • Stealer.KFA
  • TrickBot.FJB
  • TrickBot.FJC
  • Trigona.A
  • Trojan.Downloader.Gen.AW
  • Trojan.Downloader.Gen.BA
  • Trojan.Downloader.Gen.CD
  • Trojan.Downloader.Gen.EF
  • Trojan.Downloader.Gen.FY
  • Trojan.Downloader.Gen.G
  • Trojan.Downloader.Gen.HR
  • Trojan.Downloader.Gen.JY

Files Modified

File Attributes
c:\programdata\syncchannelv1_x86\dragon_util.dll Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\syncchannelv1_x86\jielklirt.ktn Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\syncchannelv1_x86\peangcroumcrind.qj Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\syncchannelv1_x86\vr.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\dragon_util.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dragon_util.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jielklirt.ktn Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jielklirt.ktn Synchronize,Write Attributes
c:\users\user\appdata\local\temp\peangcroumcrind.qj Generic Write,Read Attributes
c:\users\user\appdata\local\temp\peangcroumcrind.qj Synchronize,Write Attributes
Show More
c:\users\user\appdata\local\temp\vr.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\vr.exe Synchronize,Write Attributes
c:\windows\syswow64\log\reg.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\temp\comodo logsfolder\vr.exe.log Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiComputeXformCoefficients
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiExcludeClipRect
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtSelectClipRgn
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW

85 additional items are not displayed above.

Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation

Shell Command Execution

(NULL) C:\Users\Izbqcalh\AppData\Local\Temp\VR.exe
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2935085892cd06e5ec5be6f299e409396449f941_0002639872.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6e59955808440cb6d9e569b791a922ab2118681a_0000247312.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\385e643cab0d50206723a64d707ce80c153fc8eb_0002639872.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\39429d00d05110d7d4e12eeff833fc91c01b8738_0000247312.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\114c59a3589ecdb25520388cb192357ed5fae433_0001492232.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1ddb5721d6ba76a360079fdf1598262745e872b2_0002501736.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\517b58aebedebe02b9180e3e7e824f008122472b_0001184256.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f46f7a7e2371324733d2063f17a746c42a1b1730_0000875688.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\087d3527c2094a509f9ff6e7b611f896c95632d6_0000188480.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\93b4bd663b5224ea431d009e34e853a25de685b2_0005298296.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6497b975c47e55dd0ac08e7c1faf7142de7a637c_0002744320.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\03b688995c2483fa448d970b458a1214f3400f50_0001668848.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\551f3ae070eb2916a13f58b623662a91f49dfdcb_0000163464.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0003c6c6f17359ee6a0eb7b598c7171e3a64739f_0000959624.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\00f83ddcf7330e2d43c148a414b06b8a8620b13b_0002249520.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ca647864bd507c9595fa1f7c9a3c5ee91bd7cda0_0000139832.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\463c1f4c2519f2ee46a12cc4b6141ef0d382e5b6_0000265832.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2deffdbcdbff6a09c8ad22d138a836bc2bcebe28_0005298296.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d83cfc7bd683bb0f3421389d2b24b655f7f637dd_0001132848.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ad71f2928398f5fa017598e5187bb50a51b735dc_0000303568.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\07930316b76ba2ea2c8084b7302f878e2975c086_0004631144.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e6ac9500c849302999bc7235ebf4f129ba699c61_0001827584.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2d3583827f69e8b597d1aa35ad8ef12e599bd8ef_0000418360.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2e333331fe23817bbdaddea6d19a49d0679ea6ca_0001303896.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\728221d51dea25b16b4fc8f913d54ff5ef58c8bc_0001138120.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7ff4c8afb57785f940c7850644298c667d0bd205_0000519680.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\117546eebb12fccce250ed330e1ad3ae24a3dd14_0000603376.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3cb6d1f8d2061d1f19ccc667b81fbc0b4c0e2812_0000154624.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1ce996de54f596e6b316f9c1dd57706f3a8ffdf8_0000265832.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\15b5606b0007907aa231d85a7056b92a2b9ec5a9_0005127088.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1bccab9eda8fa7afbf24df3d10b5e835de96951e_0000489984.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\32d901707b741fa5a53b261c4368e02be2c24f44_0000399928.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9121b97df74ba5c6336fd6cd601f1e10e2a38e3b_0005298296.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4817812846073778c0be584737f4ab00d0c6f76e_0002400256.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bc8afcc614c9dee80175aa163f0aaa80473d9bf8_0001827584.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a1a1bb1844cd584c335b56f1f25152bdd804431c_0002249520.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1cda345c44cea2a0d7af799f543506d305173f41_0003297944.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f6da7428db5a043cceabfeebfacc184715607de0_0002501736.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\42247822ef160a9e327ac3a7f4338c3c6c36cb51_0001668848.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a37bb94071fd2f67764e7229b1b5e1b3cda1baeb_0001115256.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\80351bb9029f66fb74a4fab00561401183aa28d2_0002744320.,LiQMAxHB

Trending

Most Viewed

Loading...