Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Tiggre.D

Trojan.Tiggre.D

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 9,965
Threat Level: 80 % (High)
Infected Computers: 928
First Seen: June 17, 2021
Last Seen: February 24, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Tiggre.D
Packers: UPX
Signature status: No Signature

Known Samples

MD5: 041ae0fa00e7b21d55cc45bd9d9d0fb7
SHA1: f52e62d602fe52792a15ceb31591b223e4ed6573
File Size: 3.78 MB, 3776494 bytes
MD5: 5c2a1e73843c203759d9f6a8f55d9aba
SHA1: d84bfc42fa3610bd5978b3ca89798054d66b1149
SHA256: DF0BC9D30689A37746A4CFC86625B4391380E7224CE747BA0B9078F353400781
File Size: 1.42 MB, 1421312 bytes
MD5: a9fe79e34a65cd410399a5c7a45c3af3
SHA1: 8cf70a4108810781911e62a20057dd74b66230b9
SHA256: 8DB9D210AF604493D20BB53D11E966DB0FACDAC59ED8E510B788B679BB778027
File Size: 980.48 KB, 980480 bytes
MD5: e3413264b24672c8bcecdb5a0d06d5a1
SHA1: e799df2e5ce98437d2889480f3feac9da1018a9d
SHA256: C895318C9741CA342C0B8ADB9DBFECB9F48C7E7171F86EE1B94ED4683728B8C8
File Size: 1.50 MB, 1500672 bytes
MD5: c9f9be53bbdbc02877a3ad818bba41a5
SHA1: 8ff4894b6dcb5c891a1627e497007890b867f554
SHA256: 0743CD503FA77AB20993583479F2702F08742C76A109913AE565E09F7D08FACB
File Size: 2.27 MB, 2271321 bytes
Show More
MD5: b11f70d1664d7275d182a5dadb522ef0
SHA1: 225cd2fcfb3db8f30fab7986e43bfb910e6280ea
SHA256: 6C376138DD5A83938827AFD101707774691D7D0DED16A175B644CCBCA7F668F0
File Size: 3.71 MB, 3706715 bytes
MD5: 2f407a933a76c90f8d9fa54b084aa47d
SHA1: aea83eaa22ca7795a3d83735b9391524d2ee85a1
SHA256: DC59EE077BD7CE4E1237BCD9A9B478456359A0E8A48F949D1CE3F072066C1E46
File Size: 5.63 MB, 5625901 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Builder Admin 20:04:41 08/01/2025
Comments
  • DrvIndex
  • http://usbtor.ru/viewtopic.php?t=272
  • https://fastcopy.jp
  • Modified By DSystem mdyblog.blog.163.com
Company Name
  • DrvIndex
  • DSystem
  • FastCopy Lab, LLC.
  • UsbTor.ru
Created 7z SFX Constructor v4.6.0.0 (http://usbtor.ru/viewtopic.php?t=798)
File Description
  • FastCopy
  • Tools for installing the drive x86
  • Utility for preparation bootable USB flash drive and HDD
  • WinPE Commander (Modified By DSystem mdyblog.blog.163.com)
  • 红色警戒地图编辑器 SP版
File Version
  • v2.0 x86/x64
  • 1201.88.5.86
  • 5.10.0.0
  • 5.2.2.2
  • 1.5.1
Internal Name
  • FastCopy
Legal Copyright
  • (C) 2021 lightn PE
  • CopyLeft (L) 2018 @ conty9
  • Copyright (C) 2004-2025 SHIROUZU Hiroaki and FastCopy Lab, LLC. All rights reserved.
  • NoCopyRight (L) 2012-2015 DSystem Non rights reserved.
  • 版权所有 (C) 2004-2025 SHIROUZU Hiroaki 和 FastCopy Lab, LLC. 保留所有权利。
Original Filename
  • DrvIndex.exe
  • FastCopy.exe
  • PECMD.EXE
  • UTmake.exe
Product Name
  • DrvIndex
  • FastCopy
  • PECMD
  • UTmake
Product Version
  • conty9
  • 1201.88.5.86
  • 5.10.0.0
  • 5.2.2.2

File Traits

  • .UPX
  • 00 section
  • 2+ executable sections
  • 7-zip (In Overlay)
  • GetConsoleWindow
  • HighEntropy
  • Installer Version
  • No Version Info
  • packed
  • VirtualQueryEx
Show More
  • WriteProcessMemory
  • x86

Block Information

Similar Families

  • Kryptik.FGH
  • Tiggre.D

Files Modified

File Attributes
\device\namedpipe\pecmd_exec_1126561243 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pecmd_exec_1629660301 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pecmd_exec_2616448359 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pecmd_exec_2982556060 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pecmd_exec_3072581461 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pecmd_exec_3956715695 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pecmd_exec_399744801 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pecmd_exec_648309217 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pecmd_exec_697589819 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pecmd_exec_899861559 Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\soft\snapshot\32 Synchronize,Write Attributes
c:\soft\snapshot\32\snapshot.exe Generic Write,Read Attributes
c:\soft\snapshot\32\snapshot.exe Synchronize,Write Attributes
c:\soft\snapshot\32\snapshot_c.exe Generic Write,Read Attributes
c:\soft\snapshot\32\snapshot_c.exe Synchronize,Write Attributes
c:\soft\snapshot\64 Synchronize,Write Attributes
c:\soft\snapshot\64\snapshot.exe Generic Write,Read Attributes
c:\soft\snapshot\64\snapshot.exe Synchronize,Write Attributes
c:\soft\snapshot\64\snapshot_c.exe Generic Write,Read Attributes
c:\soft\snapshot\64\snapshot_c.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rgiaf46.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgiaf46.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgiafd3.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgiafd3.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgiafe4.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgiafe4.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgiaff5.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgiaff5.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rgib015.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rgib015.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmp4352$.tmp Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\~1013222900492471498.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~1013222900492471498.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~1908835724058413820~ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~1908835724058413820~\7z.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~1908835724058413820~\lang\zh-cn.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~1908835724058413820~\lang\zh-tw.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~1908835724058413820~\sg.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~3303855450091938770~ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~3303855450091938770~\sg.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~4744812488014077799.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~4744812488014077799.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~5969870145735620014.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~5969870145735620014.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~6480875222563359178\!‘ïo üòûßvî9- - o, (1).docx Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~6480875222563359178\!‘ïo üòûßvî9- - o,.docx Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~6480875222563359178\!‘ïo üòûßvî9-.docx Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~6480875222563359178\!‘ïo üòûßvî9-m.docx Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~6480875222563359178\!‘ïo üòûßvî9.docx Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~6480875222563359178\!‘ïo üòûßvî9.pdf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~6480875222563359178\!‘ïo üòûßvî9docx.docx Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~6480875222563359178\*}\røþ.drawio Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~6480875222563359178\0d90fb8775d84337a36cf096fd986fc6.pdf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~6480875222563359178\0d90fb8775d84337a36cf096fd986fc6.pdf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~6480875222563359178\m9_pdfsph_åí¥j_[!‘ïo üòûßvî9- ].pdf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~6480875222563359178\º‡àk¥j.pdf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~6480875222563359178\º‡àk¥j.pdf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~6480875222563359178\â[\á.pdf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~8902339412195039260~ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~8902339412195039260~\sg.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~9064732280644531595.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~9064732280644531595.cmd Synchronize,Write Attributes
c:\users\user\appdata\roaming\microsoft\windows\recent\automaticdestinations\5f7b5f1e01b83767.automaticdestinations-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\control\windows::errormode  RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer::nodrivetypeautorun ÿ RegNtPreCreateKey
Show More
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 蕮櫢嬯ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 櫤嬯ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ޕ殇嬯ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 震쎤妃ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 屘쎩妃ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 戴莰ꌹǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 峞莳ꌹǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 繛萶ꌹǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\advanced inf setup\ie complist::ie.hkcuzoneinfo RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 宙蕸ꌹǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 븴蕺ꌹǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAdjustPrivilegesToken
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
Show More
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExcludeClipRect
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtSelectClipRgn
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFlush
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetBoundsRect

105 additional items are not displayed above.

Other Suspicious
  • AdjustTokenPrivileges
Anti Debug
  • IsDebuggerPresent
Keyboard Access
  • GetKeyboardState
  • GetKeyState
Process Terminate
  • TerminateProcess

Shell Command Execution

(NULL) 64\snapshot_c.exe
"C:\users\user\downloads\Syringe.exe" "fa2yr.sp"
cmd.exe /c set
C:\Users\Dzmazfql\AppData\Local\Temp\~8902339412195039260~\sg.tmp 7zG_exe x "c:\users\user\downloads\8ff4894b6dcb5c891a1627e497007890b867f554_0002271321" -y -aoa -o"C:\Users\Dzmazfql\AppData\Local\Temp\~7730221608837483214"
"C:\Users\Dzmazfql\AppData\Local\Temp\~7730221608837483214\FastCopy.exe"
Show More
c:\users\user\downloads\8ff4894b6dcb5c891a1627e497007890b867f554_0002271321 PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Dzmazfql\AppData\Local\Temp\~5969870145735620014.cmd"
c:\users\user\downloads\8ff4894b6dcb5c891a1627e497007890b867f554_0002271321 PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Dzmazfql\AppData\Local\Temp\~4744812488014077799.cmd"
C:\Users\Bdiwsbqw\AppData\Local\Temp\~1908835724058413820~\sg.tmp 7zG_exe x "c:\users\user\downloads\225cd2fcfb3db8f30fab7986e43bfb910e6280ea_0003706715" -y -aoa -o"C:\Users\Bdiwsbqw\AppData\Local\Temp\~6480875222563359178"
C:\Users\Pkomqoti\AppData\Local\Temp\~3303855450091938770~\sg.tmp 7zG_exe x "c:\users\user\downloads\aea83eaa22ca7795a3d83735b9391524d2ee85a1_0005625901" -y -aoa -o"C:\Users\Pkomqoti\AppData\Local\Temp\~9037660684911682621"
"C:\Users\Pkomqoti\AppData\Local\Temp\~9037660684911682621\pdftoppm.exe"
c:\users\user\downloads\aea83eaa22ca7795a3d83735b9391524d2ee85a1_0005625901 PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Pkomqoti\AppData\Local\Temp\~1013222900492471498.cmd"
cmd /c "C:\Users\Pkomqoti\AppData\Local\Temp\~1013222900492471498.cmd"
c:\users\user\downloads\aea83eaa22ca7795a3d83735b9391524d2ee85a1_0005625901 PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Pkomqoti\AppData\Local\Temp\~9064732280644531595.cmd"

Trending

Most Viewed

Loading...