Multi-License Discount Quote

Change Region

English
Threat Database Trojans Win32/DownloadAdmin.G

Win32/DownloadAdmin.G

By Domesticus in Trojans

Threat Scorecard

Popularity Rank: 5,706
Threat Level: 10 % (Normal)
Infected Computers: 20,941
First Seen: April 17, 2013
Last Seen: February 3, 2026
OS(es) Affected: Windows

Win32/DownloadAdmin.G is a virus that is related to rootkits. Win32/DownloadAdmin.G is difficult to detect and uninstall by many anti-virus software. Win32/DownloadAdmin.G downloads other malware infections on the infected computer, such as spyware, adware, Trojans, and many other. Win32/DownloadAdmin.G can install it partially or in fill as it executes the loads with compromised Administrator's authorizations. Win32/DownloadAdmin.G may take over the hijacked Internet browser and lead to unwanted diversions to doubtful websites. Win32/DownloadAdmin.G may show disturbing pop-up advertisements while the target PC user is browsing the web.

Aliases

1 security vendors flagged this file as malicious.

Antivirus Vendor Detection
AVG Generic.B09

SpyHunter Detects & Remove Win32/DownloadAdmin.G

File System Details

Win32/DownloadAdmin.G may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. UpdateAdmin.exe a2626b7668c0058fed2731b240f7a2ab 3
More files

Registry Details

Win32/DownloadAdmin.G may create the following registry entry or registry entries:
File name without path
http_www.downloadadmin.com_0.localstorage
http_www.downloadadmin.com_0.localstorage-journal
service.updateadmin[1].xml
www.downloadadmin[1].xml
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Classes\Installer\Features\45B71F1875D5E58488CC6F2DD0665B0E
SOFTWARE\Classes\Installer\Features\5C59CF75147BC96468703BC9CE248342
SOFTWARE\Classes\Installer\Products\45B71F1875D5E58488CC6F2DD0665B0E
SOFTWARE\Classes\Installer\Products\5C59CF75147BC96468703BC9CE248342
SOFTWARE\Classes\Installer\UpgradeCodes\E71AAEE8659CC5148A67A8122969D921
Software\DownloadAdmin
Software\Escolade
Software\Microsoft\Internet Explorer\DOMStorage\downloadadmin.com
Software\Microsoft\Internet Explorer\DOMStorage\service.updateadmin.com
Software\Microsoft\Internet Explorer\DOMStorage\updateadmin.com
Software\Microsoft\Internet Explorer\DOMStorage\www.downloadadmin.com
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateAdmin
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\E71AAEE8659CC5148A67A8122969D921
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateAdmin
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
{07B4B423-E4DA-47D1-8327-B589EB4BEB58}
{2DDF4FAF-F9ED-4D76-BB6C-29027CE4202C}
{57FC95C5-B741-469C-8607-B39CEC423824}
{81F17B54-5D57-485E-88CC-F6D20D66B5E0}
{8F1CD30B-3A84-4B95-BFA4-CC0F885B8463}

Directories

Win32/DownloadAdmin.G may create the following directory or directories:

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
%ALLUSERSPROFILE%\Start Menu\Programs\UpdateAdmin
%APPDATA%\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
%LOCALAPPDATA%\UpdateAdmin
%USERPROFILE%\Local Settings\Application Data\UpdateAdmin

Analysis Report

General information

Family Name: PUP.DownloadAdmin
Signature status: Modified signature

Known Samples

MD5: 7e9388d94b5bced839b65c1a70549772
SHA1: c74523a6007ccab3c75b60b291be7a253c9bc4f0
File Size: 439.56 KB, 439560 bytes
MD5: ba0158d9f7ba3a222564da4f82baf8d6
SHA1: 052ab38febdf7fe4c6a7dc00a44d3b8500f7ab98
File Size: 41.47 KB, 41472 bytes
MD5: 2589849345284b2921d207fa1238ba1a
SHA1: d022d48355134945f43030a46d34b203897c8fab
File Size: 843.08 KB, 843080 bytes
MD5: 920289435b894cad8cfab7a9d38f01fa
SHA1: 245d69059b6d4b617532516857e110a85af01f68
SHA256: 5DC56F3FF2AF23DA3AE588B8F7DB47C8F1217E91BEDD1E93E62833D563FF2604
File Size: 6.22 MB, 6221314 bytes
MD5: 39babe8fbfd96afc2180b7f152a07e02
SHA1: a3afed20b128c99281c3a1184f0464d7faaa4c2e
SHA256: CF88A9B1450FD8BBC7EC5473BFC658ABBD2BEAD337D253D8D4A4E7AA895758DE
File Size: 589.51 KB, 589512 bytes
Show More
MD5: e2b5f4cf1abbe5f717a5cd0b6ca7b375
SHA1: 3f247da2c6ec643eb832cbfdc3f47e1bd2d22039
SHA256: F808D182958C9350301013A58048C0C3FE51FEB252025CD14DECD98E7998CF34
File Size: 588.60 KB, 588600 bytes
MD5: bf126f0d512d39072f837d099a3cf3cf
SHA1: c627ead025ac4da57e652d095c3e108892ce54ff
SHA256: 1A38A34E09C179E0752D35691FA8DB1AE7ADD9AAA81BB72C08E8CFE252F2CCC6
File Size: 842.00 KB, 842000 bytes
MD5: 8908cc8f7187ccbcdf83e653cca1a397
SHA1: e9fb0a24f07b119dbce730dc3dc8d5c48bf28ae8
SHA256: 3FF3BCE3012ED2F0F6E4CDCB2594890D239B75843F3F377AF8F34F36CAB93D86
File Size: 857.10 KB, 857104 bytes
MD5: 6a3bbef0babe04f4ed5ccf02943d39eb
SHA1: 3f654e67795bec9444b4ddc648b8af97842b2bce
SHA256: EFE0E936B2EC302EBF2BC87CA34B75F9097764655794CED5D4AD4398BF2E768D
File Size: 479.24 KB, 479240 bytes
MD5: e475f20448eff1405bb6a406814c01c2
SHA1: 6246a11777d1b726d8005f396a608ca5c45fcfee
SHA256: 03609756C97844C960B731224D01DD70C743BC2B3BA60458802A8209641F3C2C
File Size: 833.86 KB, 833864 bytes
MD5: b4f9b5d28d8a9be9a65701a08b8209fe
SHA1: c68742bf5950ea5eb9e6eaf85c6e2fd71105880b
SHA256: 441CB52A5C24E839ED0647B12D230D2E3ACA74DA689050FD99A8759B2C6B1931
File Size: 589.62 KB, 589624 bytes
MD5: 0c68e2aa1109e54e58d2e278a106e14e
SHA1: 592f92ff81daa1451dd77c221eb8046aaa49943b
SHA256: F5DCD38DA72C489330BE78B4F3F25C43A2AB5FA2EE887AE968B21735E938056D
File Size: 4.99 MB, 4992128 bytes
MD5: e4b1af2ee8f12bfd3f2673f6064228e7
SHA1: 51b320f2ed11abb216239212056c2250a4c7368e
SHA256: 796A680D54C703241F86276043195DF5925D4F9521CC212442F219ADB37C430B
File Size: 618.91 KB, 618912 bytes
MD5: d1f9834fa896197fd044758b7a9f1fe1
SHA1: b049ba7aaebdb14cc43ecb00387d364e9c6555a9
SHA256: 1025B6201759518F7EA168FC680BF83066E81FD50284FADC832A4CACF3924ED6
File Size: 887.52 KB, 887520 bytes
MD5: 7087f1d1fcf0ecc1f9f56530255d54ee
SHA1: 8daa9fc5c48114a40b6d81d75804d050875b0372
SHA256: 545B37C4F664DF2EEA76AAD75803C841A9F262D8C93A2399232442FAC7CCB5F0
File Size: 505.12 KB, 505120 bytes
MD5: 6c2a6cfd28c11b6f2b9750d492e52c3e
SHA1: 8035e9b96623cfc6261898d00e67f38e35635a4b
SHA256: 0307119063F6ACAD188CA0C790CEA882150218D66F3AF242D8EEFCC86993F1CC
File Size: 618.91 KB, 618912 bytes
MD5: 6f3637056fbf4681d28aa637f719e338
SHA1: b4388d021aa894dda05083746a1c4342c8a8a3f9
SHA256: E02C834497FA645DA449CC0F2D16EBAE4FD37D7805B2DDA3072129814F92A0DD
File Size: 222.72 KB, 222720 bytes
MD5: 69c3ae5aacf7c979986fb8995aca6d9c
SHA1: f527708496fd73aec6f80a49397469a142a4ae0c
SHA256: F1FD40F254AA95A2895692090D96C816569E2B99A0C2B9E68A4D20A084BFCBBF
File Size: 824.10 KB, 824104 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • Cmnts
  • Created with Setup Factory 8.0
  • OCSClient v5.0
  • This installation was built with Inno Setup.
Company Name
  • Devhancer LLC
  • Elit -e - Company
  • Supersonic Smooth Software Installer
  • Tomorrow Software
File Description
  • Description is empty
  • Porro est quia 664ac38c98e4e5b8a35138508373bf7c id
  • Setup Application
  • StarMule
  • Supersonic Smooth Software Installer
  • Tomorrow Software Installer
File Version
  • 83.5.6.6387
  • 8.2.1.0
  • 5.8.0.0
  • 3, 5, 13, 0
  • 2.0.0.1
  • 1.00
Internal Name
  • ocsclient
  • setup.exe
  • suf80_launch
  • TnT
  • tomorrow-setup.exe
Legal Copyright
  • 2014
  • Copyright (C) 2015
  • Setup Engine Copyright © 2004-2009 Indigo Rose Corporation
  • � Devhancer LLC
Legal Trademarks
  • No
  • Setup Factory is a trademark of Indigo Rose Corporation.
Original Filename
  • DHelper
  • ocsclient.exe
  • setup.exe
  • suf80_launch.exe
  • tomorrow-setup.exe
Product Name
  • CHummer
  • OCSClient
  • Setup Factory 8.0 Runtime
  • StarMule
  • Supersonic Smooth Software Installer
  • Tomorrow Software Installer
  • Totam
Product Version
  • 83.5.6.6387
  • 8.2.1.0
  • 3, 5, 13, 0
  • 2.0.0.1
  • 1.5.1.10
  • 1.00
Special Build 3, 5, 13, 0
Com.build.date
  • 2/5/2013
  • 4/5/2013
  • 5/31/2013
  • 7/24/2014
  • 8/27/2014
Com.build.dir
  • C:\BM\2.5-Static\WebTemplates
  • C:\BM\2.5\WebTemplates
  • C:\BundleManager\25\WebTemplates
Com.build.id
  • 1c75a51319f7c57a76e3f5511f624ea77b3911d9
  • 8a2d1789e4ab6a8770ec9c50af8fe6b66a155ed3
  • 4946ae9bff8b490953f0d12f0c10060b7c0d7826
  • dcd928aa00774a794633df957ed93c5589d79c9a
  • ea9d979dcbb4c5ffd1cbea8eff65e4806ada1b92
Com.build.machine
  • BASEVM-PC
  • DENISE-X240
  • TESTINGASUS1-PC
Com.build.skin .
Com.build.time
  • 3:04:22 PM
  • 3:24:27 PM
  • 3:27:00 PM
  • 11:50:06 AM
  • 12:10:56 PM
Com.build.user $%USER%

Digital Signatures

Signer Root Status
Electronic Team, Inc AddTrust External CA Root Hash Mismatch
Electronic Team, Inc. AddTrust External CA Root Hash Mismatch
Download Admin Class 3 Public Primary Certification Authority Root Not Trusted
All Team Interactive Go Daddy Root Certificate Authority - G2 Root Not Trusted
Files Info Go Daddy Root Certificate Authority - G2 Root Not Trusted
Show More
Zen Bros Media Go Daddy Root Certificate Authority - G2 Root Not Trusted
Prospera Software Inc. USERTrust RSA Certification Authority Root Not Trusted
Chip Xonio Online GmbH UTN-USERFirst-Object Root Not Trusted
Luftix Limited VeriSign Class 3 Code Signing 2010 CA Self Signed
Sanflex VeriSign Class 3 Code Signing 2010 CA Root Not Trusted
Download Admin VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Full Spectrum Interactive VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
TEA TIME BISCUITS VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Web Install VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Micronames Corp, thawte SHA256 Code Signing CA Self Signed

File Traits

  • 2+ executable sections
  • HighEntropy
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • nosig nsis
  • VirtualQueryEx
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 170
Potentially Malicious Blocks: 0
Whitelisted Blocks: 169
Unknown Blocks: 1

Visual Map

0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 2 0 0 1 1 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 1 0 0 0 0 0 0 0 2 2 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 1 0 0 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • DownloadAdmin.B
  • DownloadAdmin.E
  • DownloadAdmin.G
  • Fareit.AI
  • Fareit.L
Show More
  • Fugrafa.J
  • Gamehack.FFO
  • Zusy.CB

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\4sf0yrgpt9xieb9bdz5\extramod.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\4sf0yrgpt9xieb9bdz5\loading_screen.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\4sf0yrgpt9xieb9bdz5\lua51.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\4sf0yrgpt9xieb9bdz5\nsis7z.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\4sf0yrgpt9xieb9bdz5\nsisunz.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\4sf0yrgpt9xieb9bdz5\shared_library.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\temp\_ir_sf_temp_0\] Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\] Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\irsetup.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\irsetup.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\irsetup.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_ir_sf_temp_0\rzÉÕ0oéhæØr:üÙ8&Í\òc¡}Ðzáåë"Àv?´^åÃgãar×]eÍ5 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\rzÉÕ0oéhæØr:üÙ8&Í\òc¡}Ðzáåë"Àv?´^åÃgãar×]eÍ5 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-lfk20.tmp\245d69059b6d4b617532516857e110a85af01f68_0006221314.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-nhpsp.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-nhpsp.tmp\enim.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-nhpsp.tmp\enim.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsa5d1f.tmp\luabridge.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa5f40.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsa5f41.tmp\luabridge.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd6207.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsd65aa.tmp\luabridge.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse5bb6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsf60e7.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsf60e8.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\__web.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\__web.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\advancedtests.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\advancedtests.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\browsercontrol.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\browsercontrol.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\bundleinstall.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\bundleinstall.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\callbackproxy.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\callbackproxy.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\definitions.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\definitions.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\downloadlist.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\downloadlist.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\downloads.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\downloads.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\downloadthread.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\downloadthread.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\eagerinstall.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\eagerinstall.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\env.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\env.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\events.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\events.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\extension.tlb Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\extension.tlb Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\floatingprogress.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\floatingprogress.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\accept_green.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\accept_green.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\animatedprogress.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\animatedprogress.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\close.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\close.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\decline.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\decline.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\exit.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\exit.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\generic_icon.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\generic_icon.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\generic_icon.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\generic_icon.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\open.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\open.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\run.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\run.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\save.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\save.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\show.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\show.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\tucow_bga1.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\tucow_bga1.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\guiinit.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\guiinit.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\integratedoffer.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\integratedoffer.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\json.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\json.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\lua51.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\lua51.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luabridge.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luabridge.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luacom.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luacom.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\ltn12.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\ltn12.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\mime.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\mime.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\ftp.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\ftp.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\http.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\http.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\smtp.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\smtp.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\tp.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\tp.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\url.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\url.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\mime Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\mime\core.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\mime\core.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\socket Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\socket\core.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\socket\core.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luaxml.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luaxml.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luaxml_lib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luaxml_lib.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\notifyicon.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\notifyicon.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\nsis7z.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\nsis7z.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\nsisunz.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\nsisunz.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\processfreefile.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\processfreefile.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\common.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\common.css Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\common.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\common.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\jquery.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\jquery.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\knockout.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\knockout.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\sandbox.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\sandbox.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\scheduler.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\scheduler.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\uacinfo.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\uacinfo.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\uistate.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\uistate.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\un.package.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\un.package.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\utils.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\utils.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\version.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\version.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\0\download.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\__localxml.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\__web.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\buttonevent.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\custombrandingurl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\customnsweb.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\definitions.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\floatingprogress.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\guiinit.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\lua51.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luabridge.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\ltn12.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\mime.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\socket.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\socket\ftp.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\socket\http.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\socket\smtp.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\socket\tp.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\socket\url.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\mime\core.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\socket\core.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luaxml.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luaxml_lib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\un.package.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\utils.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg60e6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsg60e7.tmp\luabridge.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh62bb.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsh63a5.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsh63a6.tmp\luabridge.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\api_substitution.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\async_tracking.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\bit.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\browserutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\bundleinstall.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\callbackproxy.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\conditional_engine.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\data_injection.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\data_stores.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\definitions.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\downloadlist.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\downloads.lua Generic Write,Read Attributes

328 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Bruxubmm\AppData\Local\Temp\nsn44A8.tmp\floatingprogress.dll RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Bruxubmm\AppData\Local\Temp\nsn44A8.tmp\floatingprogress.dll\??\C:\Users\Bruxubmm\AppData\Local\Temp\nsn44A8.tmp\ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.3570"hypervisor="Hypervisor detected (Micros RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9\??\C:\Windows\SystemTemp\b1a39cca-eadf-4949-a384-a0ef6a3b3fd2.tmp\ RegNtPreCreateKey
HKCU\software\ocs::cid 2fe650d0-7d11-4b38-bdc5-43c076c2c68f RegNtPreCreateKey
HKCU\software\ocs::pid chipde RegNtPreCreateKey
HKCU\software\ocs::lastpid chipde RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\ocs::cid 4db09816-7e87-4512-8238-92214b346968 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 闳ȁ ਪˣ鈯ˣ遙̃豤̃অˣ炑̃龡^濖̃賬̃ 獖}偫~엦1਷ˣ邯̃뫯ʃdᵂċᵆċeఆ엦1/¶i ꙥžr֢ RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
Network Winsock
  • getaddrinfo
  • getnameinfo
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
User Data Access
  • GetUserObjectInformation
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
  • WinHttpQueryHeaders
  • WinHttpReceiveResponse
  • WinHttpSendRequest
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile
  • InternetSetOption
Other Suspicious
  • SetWindowsHookEx
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Process Terminate
  • TerminateProcess

Shell Command Execution

c:\users\user\downloads\d022d48355134945f43030a46d34b203897c8fab_0000843080.exe "c:\users\user\downloads\d022d48355134945f43030a46d34b203897c8fab_0000843080.exe"
"C:\Users\Qgeovfga\AppData\Local\Temp\is-LFK20.tmp\245d69059b6d4b617532516857e110a85af01f68_0006221314.tmp" /SL5="$5003A,5508614,721408,c:\users\user\downloads\245d69059b6d4b617532516857e110a85af01f68_0006221314"
"C:\Users\Qgeovfga\AppData\Local\Temp\is-NHPSP.tmp\Enim.exe" 664ac38c98e4e5b8a35138508373bf7c
c:\users\user\downloads\c627ead025ac4da57e652d095c3e108892ce54ff_0000842000 "c:\users\user\downloads\c627ead025ac4da57e652d095c3e108892ce54ff_0000842000"
c:\users\user\downloads\e9fb0a24f07b119dbce730dc3dc8d5c48bf28ae8_0000857104 "c:\users\user\downloads\e9fb0a24f07b119dbce730dc3dc8d5c48bf28ae8_0000857104"
Show More
c:\users\user\downloads\6246a11777d1b726d8005f396a608ca5c45fcfee_0000833864 "c:\users\user\downloads\6246a11777d1b726d8005f396a608ca5c45fcfee_0000833864"
C:\Users\Jttinjgl\AppData\Local\Temp\OCS\ocs_v71.exe -install -54437584 -chipde -669aa1bb16904649ac1503f9bba63331 - -BLUB2 -xwxmhgjicshvdjmh -1902116
c:\users\user\downloads\b049ba7aaebdb14cc43ecb00387d364e9c6555a9_0000887520 "c:\users\user\downloads\b049ba7aaebdb14cc43ecb00387d364e9c6555a9_0000887520"
C:\Users\Wunphgxa\AppData\Local\Temp\OCS\ocs_v71.exe -install -60828874 -chipde -965132c999b74aaa88d77eb649956a11 - -ChromeBundle -rglounjdngkgqqkh -393584
open C:\Users\Mklouapt\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe __IRAOFF:662050 "__IRAFN:c:\users\user\downloads\f527708496fd73aec6f80a49397469a142a4ae0c_0000824104" "__IRCT:2" "__IRTSS:0" "__IRSID:S-1-5-21-3119368278-1123331430-659265220-1001"

Trending

Most Viewed

Loading...