floxif | 388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-01-2025 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe
Size

14.1MB
MD5

4bcc12be886d135e83a392b3a067f5f2
SHA1

888f2c6a9316704ed0c81540292f81a07a1c5ddd
SHA256

388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0
SHA512

0112eb31d756203440ece13cf5c89d1cd56c4b89c7038ab0f63c4f7967a43c7b69882ce43aca4b4946e63d2448bb8d0343f9f05fb8f6c5bc227a2815da4f8f3a
SSDEEP

196608:AYMYwcqvXbpFnPomUeMgigB2efrCR3acBcaTPSz33Hfr0Dz2GtNr7JwN83AgBqJm:UYd6rbnLNg3acBca2D01tNPJimiZYb

Score

10^/10

floxif backdoor defense_evasion discovery trojan upx

Malware Config

Signatures

Floxif family
floxif
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
backdoor trojan floxif

Detects Floxif payload 1 IoCs

backdoor

resource	yara_rule
behavioral1/files/0x0008000000012117-1.dat	floxif

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000012117-1.dat	acprotect

Executes dropped EXE 2 IoCs

pid	Process
2744	rarmaradio_setup.exe
2708	rarmaradio_setup.tmp

Loads dropped DLL 11 IoCs

pid	Process
1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe
1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe
1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe
1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe
1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe
1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe
2744	rarmaradio_setup.exe
1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe
2708	rarmaradio_setup.tmp
2708	rarmaradio_setup.tmp
2708	rarmaradio_setup.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\e:	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1092-3-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/files/0x0008000000012117-1.dat	upx
behavioral1/memory/1092-1385-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1092-1391-0x0000000010000000-0x0000000010030000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\16x16\is-KDF82.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\16x16\is-G4DS4.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\32x32\is-KE1AV.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\48x48\.svn\props\is-01RDA.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\48x48\.svn\tmp\text-base\is-6E74H.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\props\is-M19RG.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\tmp\text-base\is-VLIAS.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\is-6I3LF.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\props\is-DVCDM.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\props\is-0LT82.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\32x32\is-IH79F.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\32x32\is-HF9QF.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\32x32\.svn\props\is-3BELG.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\32x32\.svn\tmp\text-base\is-GCJJG.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\48x48\.svn\props\is-HM99G.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\is-E4EL0.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\is-CUDLL.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\is-BUU88.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\is-540VQ.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\props\is-HBDQH.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\props\is-P7BFL.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\props\is-JDCMT.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\16x16\.svn\tmp\text-base\is-1S8S8.tmp	rarmaradio_setup.tmp
File opened for modification	C:\Program Files (x86)\RarmaRadio\Bass_vis.dll	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\16x16\is-J82FH.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\16x16\is-I1ONK.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\16x16\.svn\props\is-IL12K.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\32x32\.svn\tmp\text-base\is-GU9PF.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\48x48\.svn\props\is-AVG2F.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\is-JSCE6.tmp	rarmaradio_setup.tmp
File opened for modification	C:\Program Files (x86)\RarmaRadio\RarmaRadio.exe	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\is-DJ8SK.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\props\is-ONHCK.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\props\is-84ROL.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\is-H6MP9.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\props\is-5HC0G.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\16x16\.svn\props\is-2D019.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\32x32\is-FHFFH.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\48x48\.svn\props\is-8GG88.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\is-FLS0E.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\is-0Q5BD.tmp	rarmaradio_setup.tmp
File opened for modification	C:\Program Files (x86)\RarmaRadio\bass_old.dll	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\is-D5NCR.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\is-5THKH.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\tmp\text-base\is-QPHPM.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\16x16\is-H7EL1.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\48x48\is-84VNL.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\48x48\.svn\props\is-7GPNT.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\is-N40VV.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\props\is-S9JKG.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\props\is-EKGT0.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\tmp\text-base\is-VP84M.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\is-4JH8Q.tmp	rarmaradio_setup.tmp
File opened for modification	C:\Program Files (x86)\RarmaRadio\bass_wadsp.dll	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\is-H1RIE.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\props\is-SIPKM.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\props\is-FGN4F.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\48x48\is-7FGS5.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\48x48\.svn\props\is-F2805.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\is-AGFA5.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll.tmp	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe
File opened for modification	C:\Program Files (x86)\RarmaRadio\bass_aac.dll	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\is-K6VCU.tmp	rarmaradio_setup.tmp
File created	C:\Program Files (x86)\RarmaRadio\Skins\Default\is-MLS1A.tmp	rarmaradio_setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rarmaradio_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rarmaradio_setup.tmp

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe
2708	rarmaradio_setup.tmp
2708	rarmaradio_setup.tmp

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2708	rarmaradio_setup.tmp

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 2744	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	30
PID 1092 wrote to memory of 2744	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	30
PID 1092 wrote to memory of 2744	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	30
PID 1092 wrote to memory of 2744	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	30
PID 1092 wrote to memory of 2744	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	30
PID 1092 wrote to memory of 2744	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	30
PID 1092 wrote to memory of 2744	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	30
PID 2744 wrote to memory of 2708	2744	rarmaradio_setup.exe	31
PID 2744 wrote to memory of 2708	2744	rarmaradio_setup.exe	31
PID 2744 wrote to memory of 2708	2744	rarmaradio_setup.exe	31
PID 2744 wrote to memory of 2708	2744	rarmaradio_setup.exe	31
PID 2744 wrote to memory of 2708	2744	rarmaradio_setup.exe	31
PID 2744 wrote to memory of 2708	2744	rarmaradio_setup.exe	31
PID 2744 wrote to memory of 2708	2744	rarmaradio_setup.exe	31
PID 1092 wrote to memory of 2912	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	32
PID 1092 wrote to memory of 2912	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	32
PID 1092 wrote to memory of 2912	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	32
PID 1092 wrote to memory of 2912	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	32
PID 1092 wrote to memory of 2852	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	33
PID 1092 wrote to memory of 2852	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	33
PID 1092 wrote to memory of 2852	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	33
PID 1092 wrote to memory of 2852	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	33
PID 1092 wrote to memory of 2716	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	36
PID 1092 wrote to memory of 2716	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	36
PID 1092 wrote to memory of 2716	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	36
PID 1092 wrote to memory of 2716	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	36
PID 1092 wrote to memory of 2604	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	37
PID 1092 wrote to memory of 2604	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	37
PID 1092 wrote to memory of 2604	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	37
PID 1092 wrote to memory of 2604	1092	388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe	37

C:\Users\Admin\AppData\Local\Temp\388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe
"C:\Users\Admin\AppData\Local\Temp\388e53aa02116e387bcd59bc9cd2c460d33ebe63086c9f27aa86b51696489ad0.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\rarmaradio_setup.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\rarmaradio_setup.exe" /silent
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\is-DN3OA.tmp\rarmaradio_setup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-DN3OA.tmp\rarmaradio_setup.tmp" /SL5="$50166,13003007,121344,C:\Users\Admin\AppData\Local\Temp\RarSFX0\rarmaradio_setup.exe" /silent
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:2708
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c rd /S /Q "C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll.tmp"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2912
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c del /F /Q "C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll.tmp"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2852
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c rd /S /Q "C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll.tmp"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2716
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c del /F /Q "C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll.tmp"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\props\is-A3J2L.tmp

Filesize
53B

MD5
113136892f2137aa0116093a524ade0b

SHA1
a0284943f8ddfe69ceec90833e66d96bdf4a97f0

SHA256
ebbf7e8800c3446bc3a195fa53573bde1073b0bf7581a614372f1391a9286d02

SHA512
d3201cc19ae702a9813aa8bc39612ebaa48138903e9ede64dcadff213691f6e711876aa4fa083887c545325d5d8bf70649523c528090542459f2b01697180e99

Download Submit
C:\Program Files (x86)\RarmaRadio\Skins\Default\.svn\tmp\text-base\is-QPHPM.tmp

Filesize
24KB

MD5
6fc11438172c03001f999f08acbd1543

SHA1
6bf94a38ff9f680a9b884572872a2bab45d6809d

SHA256
068581438993e705057d4e87adb23fb6fc0b69ba75d3db4ab2566fa4e82be8d7

SHA512
c768a53391cf865d020695c86e7189e5f2e15ea561159cf02fb67e5934aa7d403e0567208a4dcd771817a107fe56c3592fcc410ea1f258d253bd033d95147d68

Download Submit
C:\Program Files (x86)\RarmaRadio\Skins\Default\32x32\.svn\is-GMTS2.tmp

Filesize
2B

MD5
7c5aba41f53293b712fd86d08ed5b36e

SHA1
b6abd567fa79cbe0196d093a067271361dc6ca8b

SHA256
2e6d31a5983a91251bfae5aefa1c0a19d8ba3cf601d0e8a706b4cfa9661a6b8a

SHA512
67403e2e061fea6d54770f26bb22883c4586cbf3b37898d8b8e1b41f56a123b62a2f85bbfa891c6bebc1a0c9d0c5849acd5d79af364938ff80725dfbc69037c4

Download Submit
C:\Program Files (x86)\RarmaRadio\Skins\Default\32x32\is-QQVL2.tmp

Filesize
2KB

MD5
d7f8cf4636dd8652e32a7e46772c45bc

SHA1
91c71377e684dc582712f5de591aeab1f9a1d684

SHA256
9b49a247d86b9028d2af56a2f9e26860aa199279038650a8b1286d186b844200

SHA512
a5c249f070bfdb5ccb4d655d650dc2b847e151f9f0a0e6b0cb2c826fcedf403fb44467e02be09d89d33b7f19619b7ebdd6a70dd056124049ccc85a1b9311c984

Download Submit
C:\Program Files (x86)\RarmaRadio\Skins\Default\48x48\is-BCSBO.tmp

Filesize
3KB

MD5
6ccd66dc57a1e1e0b49d83e9429ce5a2

SHA1
3f0f90361981e9a9b9767a7a52b1fbaaed385627

SHA256
8693f0f926012ec044f92922e6896f002af38dd7923bd38a5a8932d6de76c631

SHA512
3b21e7bd33efec420818343baac71e71c4fba08e3c811f4e4ac26ec91dca95581fe8502ecd4cf11388f01af83b7fb324de555129e9a65bbb77e096bafd418d27

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe

Filesize
413KB

MD5
9c055d5e4ee02b6d24295c8ef1b2a863

SHA1
2333e6f28e377520dd5a40d614917ab5385579e6

SHA256
6af42bad7877afe3c5beff35c458b858f440e03ecafda38e9bdfab65220e992b

SHA512
642178b92bc20adfc319da7ff8c71cd1106a90687b8d1a6eb22a77b1e801d16720648fa0638b3ded491b244cc8437d6c74c1f4944eeaad45fe625d5fae68e0f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\rarmaradio_setup.exe

Filesize
12.9MB

MD5
7ffd165c7e8821599a41ee06e49a4abb

SHA1
451299ee6ca3770c42383b4f3380972ba69173e1

SHA256
290dfbf5b35af149efb5cd538cf902f255069612d20051807c09f70c6697a239

SHA512
5c276eb436f9e4df7ffcf06a068051cabc0fd7c81166a315d9491938f4d55a4eacc4ca508560df8e48ab4ea811c67538f766a5b63ef718988b7e6cd65624a9bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DN3OA.tmp\rarmaradio_setup.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
C:\Users\Admin\AppData\Roaming\RaimaRadioPro\Database\is-QLIU4.tmp

Filesize
14KB

MD5
3837fa72695771b493c38f73cbd40b4f

SHA1
a65d8bfa6c6f3d7161ce80cb891bbb42914f8813

SHA256
6fc6c961aadd26d0164b24d97210f046070e084086c98d358e600bd73def0c9c

SHA512
d5439e9d60b88d3b9ad27a1fc95ecede92f5634764815c213c251ab5bd99ce6fd90bd81f65b4a30dfedd101be173c8af49aa04aa8a893d8958d1ff8b70d27c33

Download Submit
C:\Users\Admin\AppData\Roaming\RaimaRadioPro\Html\TV\images\is-03M85.tmp

Filesize
718B

MD5
b71d6f3fee6a8840444920fa8e356630

SHA1
1b4576c89f23773f3f6aa193650e4f02098740ef

SHA256
96d0344039deba93f41c26968332d1f2050a79b0fd0dd45471a6c6d7cb960178

SHA512
c62c456bd78ba607085eee4ea85f20511a18cb6047285f695bb7005e5d6ffadbc4a24b9083f2169b6d476f87a21230d7f3d744b39e2a3f5434fef925fd9ef54d

Download Submit
C:\Users\Admin\AppData\Roaming\RaimaRadioPro\Html\TV\is-GD7AA.tmp

Filesize
2KB

MD5
7e99e1159a3686f6aa4f90043c554483

SHA1
bd54db91b81fa8a9ec37c93b10948dd8b690e4c4

SHA256
81ea81be1d862d36c34b6dc4f12aefb87b656e319003263d8274974b48ccf869

SHA512
aef471830517267a4b5d4b9e7145b5b670ed8c068b61c806d67a6b386a274aa2bd991142f8a1e2896cb0bbf6c5024fa9df224c0f2605581593d34b750273a6ed

Download Submit
C:\Users\Admin\AppData\Roaming\RaimaRadioPro\Html\TrayWindows\is-1NJ6V.tmp

Filesize
717B

MD5
56f54954cc0c5537e17d73c03b3bd36e

SHA1
1dcddae120b356cd54261e07c6f0ad00fb72af0d

SHA256
48508a42f2f3e49af5ba23310bcf21a9bca85ad460514a4bfee5b2b193b7b5ab

SHA512
a30183b59face9023af38dc89f575497022aacbc81148d74eba4ba8e1eae6f7667b325ecee822f1e905ad1eeb84aacea7bcb84a83297941a3f022757a02a8979

Download Submit
C:\Users\Admin\AppData\Roaming\RaimaRadioPro\Html\TrayWindows\is-31DMU.tmp

Filesize
607B

MD5
bab7471fa900fecaefaf06b6653ce79b

SHA1
2116dd01a8a09281b01ef939729a1e21b9af1d95

SHA256
29b99f533ccbfe680633d7f4a51ceeaf1d36a2045f10a8eab56426537d9ee5b6

SHA512
cc0a36ad5020a2b09bf5a20abad352e05c08293cab6489e1ee5a03dff5a231306685b6e58aa812e51c7aa02e862884ad702e1d6e26328efe477ad5ab4bdfb25b

Download Submit
C:\Users\Admin\AppData\Roaming\RaimaRadioPro\Html\TrayWindows\is-8B2F6.tmp

Filesize
695B

MD5
2aee7d4b583428feeaddd01c323f0c88

SHA1
75c13eaa36454ab54cf41aed880293a1fe297787

SHA256
721a322511df7559743ea5054be5105b3a47bf1271e6d3783a5d094edb298933

SHA512
30c390c2f3b13fb0279e11ebdf67c9f0e6a581f9f84ac8b168065540d09e2ad2e23c2d0a639a34aebbbfcdda176539ea6a026af19765f5dfc26b7269a7264049

Download Submit
C:\Users\Admin\AppData\Roaming\RaimaRadioPro\Html\TrayWindows\is-8Q48U.tmp

Filesize
403B

MD5
edf662499f01156bd716e1a6f240416f

SHA1
bb5a258a5a0a8bf31f4fc2163d102cdbf467a918

SHA256
f33af6d1514b4a1f3a1304dae91e61b46bd8cf68dc956a434faa08311a565d7c

SHA512
83d4270e1cb76af1b7d1f323d74ba14cbbbf4928b9bb56cf5673269e723ace04298cf3852f59f3cd2e155561ba36f3a0474ffc972ea069f860d6061a6106bc14

Download Submit
\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll.tmp

Filesize
416KB

MD5
9c504f0ab8d9c3282d855380ce1b03d1

SHA1
3586765857552e758a816cddcff5db12b679e4a1

SHA256
b4c44bc56116a7c97a31adeae8923ae6e981b9b96a4be7756f9f1b9b3b79cf69

SHA512
b18fb2ac07c3dadd9ee4406ce02fb6cd647a54f53733fe667acea86b7d8f65256f598844c00fdf814d36b7bd9417196398d7fae3c12cee8ef9cbf7845290197a

Download Submit
\Program Files (x86)\RarmaRadio\RarmaRadio.exe

Filesize
9.9MB

MD5
acfd8ed9a38eb7dbd0ecb1326026598b

SHA1
56f44ae483da632959f25921e8d0583855bb14ab

SHA256
4e5422909058b63b22197fc454bce7779f3a8a1ac1a7a1c27a946777e4264bc2

SHA512
ed7278bc60deab8396ef928a57717b90e57e0a69bbaa76116916ddad4ac511ed362eeb4cecd31c26be7a72a8b896c04bcceb7f19294842c868ea5048130c79bc

Download Submit
\Program Files (x86)\RarmaRadio\unins000.exe

Filesize
1.2MB

MD5
b0bca37ca48eb3be5ba86f5cdedfa8df

SHA1
ce173570d55b47d0fecb9ab9ca52239446ccecad

SHA256
325754db1a4164fb765afd9a627691c5413021efee172ff862ec0fc8f0e98540

SHA512
831f78934f64fd24f30706891996c5ce918738a8f474007a0c0e021c29cf69d24455f44e0f7393edf22a56b4ec30ad9ed268a5a25ef94b309468edca2ab15bd0

Download Submit
\Program Files\Common Files\System\symsrv.dll

Filesize
67KB

MD5
7574cf2c64f35161ab1292e2f532aabf

SHA1
14ba3fa927a06224dfe587014299e834def4644f

SHA256
de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

SHA512
4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe.tmp

Filesize
490KB

MD5
d4125b52a6f9cc4bdd3fc260cd737fe1

SHA1
1fd07e850c487f8bf5bfa88758abdb4e09b03fe1

SHA256
9cc759a56499d18f51b48eac894de0fda75cb45dc8fa76009ce11c0cdc74460e

SHA512
d74cd0cf4fc9f942e4cf5fc34ade6305c644f981be6cc2da329e64ffc333d1708dd4bcd1b95eacf18a4e59bd94198c9985665f9329a7de4d2dd89c0dc6904444

Download Submit
memory/1092-3-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1092-1383-0x00000000008F0000-0x0000000000973000-memory.dmp

Filesize
524KB

Download
memory/1092-1385-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1092-1389-0x00000000008F0000-0x0000000000973000-memory.dmp

Filesize
524KB

Download
memory/1092-1391-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2708-1380-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2744-45-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2744-1381-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download