Multi-License Discount Quote

Change Region

English
Threat Database Viruses Virus.Ramnit.B

Virus.Ramnit.B

By CagedTech in Viruses

Threat Scorecard

Popularity Rank: 8,395
Threat Level: 80 % (High)
Infected Computers: 5,989
First Seen: December 17, 2012
Last Seen: January 28, 2026
OS(es) Affected: Windows

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
Panda W32/Nimnul.A
AVG Win32/Zbot.G
Ikarus Trojan-Spy.Win32.Zbot
AhnLab-V3 Win32/Ramnit.N
Microsoft Virus:Win32/Ramnit.V
Sophos W32/Ramnit-A
AntiVir W32/Ramnit.C
Comodo Packed.Win32.MUPX.Gen
Kaspersky Virus.Win32.Nimnul.a
eSafe Win32.Ramnit
Avast Win32:RmnDrp
Symantec W32.Ramnit.B!inf
F-Prot W32/Ramnit.E
K7AntiVirus Virus
McAfee PWS-Zbot.gen.pq

Analysis Report

General information

Family Name: Ramnit.V
Signature status: No Signature

Known Samples

MD5: f253c0f9df0f2e637b0d2633447a35ab
SHA1: ba50538c5e72034e8564a8df96393ca248c2c23c
SHA256: 0B1FE09B989B66BBCD1D21759B16E54824890DD3DD2152D9252136769BE1ADBB
File Size: 508.30 KB, 508304 bytes
MD5: 9d6583499223812e32bd43f3e266ecf7
SHA1: 86ebd589768578e02fa6345af8d1db1e9162a6b8
SHA256: BF532CF5BAE62F25559F763F0202E34099E5FF9EE8F639A47D92FA00482E2691
File Size: 1.74 MB, 1735680 bytes
MD5: 162d7b91352ed1d864fe863654408ffb
SHA1: 919246908a8085275bdc90e2b1c1d26ca5e7cccb
SHA256: 031F6D5ABAD7E78E08D2556E835443A5426E0EC700437F1EFF80AD094704FD51
File Size: 781.31 KB, 781312 bytes
MD5: 9de8bf57cf3c2f23f99bd67b6133668f
SHA1: 69775badb1749955990e0b84af748aad5f6d5dec
SHA256: D2AFFB082E1FD943F604FE0A8B30B0116AC526DB14926AB038436294DEF2679C
File Size: 356.88 KB, 356876 bytes
MD5: 0965975c48a07d9207a17359117de8b6
SHA1: e7c4d380987a83cc11809207d41200e7a2f68dc6
SHA256: A23C4A3FAA0DB067C819CFED6D1CF7B48C9BBCD2F9C9A9B4F01C7A37D196F33E
File Size: 194.99 KB, 194986 bytes
Show More
MD5: 2c0f2f5b173f3325e1cea7fa7e9e363e
SHA1: 3eeba35bb05f0956aff69ac401361ec8e44b5d50
SHA256: 873B7A51B396B7A8713BDD621248E8449A501FC5B28B0936EB94E6AEA93213EA
File Size: 197.01 KB, 197008 bytes
MD5: 6ec76aaa8797e26a56613420ded8eb71
SHA1: 935be1044a0c7501861b85713b1d51208f91738f
SHA256: F4F6E6F9ABF75988D2EA23048E30EB6CA8602114F072099C5929CEBF132B6675
File Size: 233.89 KB, 233888 bytes
MD5: ac691fa268d3e6e5bed0680f8c990137
SHA1: 28b2aa809bf600ee41554a6d2576d3494f77f7b6
SHA256: E982CC39133C112C2209E6B79C44B32788CD4500383FABC42F750DA23EB2B839
File Size: 258.46 KB, 258459 bytes
MD5: 62e41e79b79e3907b957b624beba1434
SHA1: f89be0e2f023c90df2a753508998894e193285ff
SHA256: F8025C176FA794A30B2B3A397CA354EDD7365E5CC8382CD84FBF4D5B79ED967C
File Size: 162.84 KB, 162839 bytes
MD5: eaab678b6791e589f821279110376692
SHA1: d7b9f6e72280f133a25c5e3e787c251f4a1c0f45
SHA256: 160695E3E88F261E43B2988E12BC92E5930442C9C1824DED127484F3FFB4D951
File Size: 873.88 KB, 873881 bytes
MD5: 190b8e3bb77a90e57f04e2843a78988e
SHA1: bf8c7c8c6fdcb9123929d1d527f852739646833e
SHA256: 08182F1213C542E4AB1F47AB98F3D23BAF699575968FB5E162527CB4274308FF
File Size: 223.58 KB, 223576 bytes
MD5: fa4d444ea382954ab4836c3baed5fbd0
SHA1: 41d5728d0b5054a5af625104e16b8e7e6c86901b
SHA256: 585EB95FE6CD70A311D2C43E41BD498FA3A3D74AA22A5A617975732F564A2BAD
File Size: 331.67 KB, 331673 bytes
MD5: 217933d8d9ed4016b3e9700c58a01fb9
SHA1: ac144c10238e068b5bdf236e57be97b9201823d6
SHA256: A7A0130956ED6B10152D7D264F2D7E5F0181D544DB7420DD02507FC872FFEAB1
File Size: 448.50 KB, 448505 bytes
MD5: fab2fe955b48967c7297d76cb54fa706
SHA1: 2b1efbf40370f5c893ccda6219d946df441ec3b1
SHA256: EC3E8538343AECEC87BCF7D0F948F4CF7E138F86412462CACD8ADBFEA0BA0AAB
File Size: 736.24 KB, 736243 bytes
MD5: 1745e9959eea9642d33332a03fa158fb
SHA1: f0e14c2abb82e8491678a6aa635ef5bf28efec15
SHA256: 6F61F0C0F79FCB5FBC390DF46BD8097D55E6CEAB0A8E9C8E3802645B61CA729F
File Size: 505.76 KB, 505765 bytes
MD5: 63958e9948ba35110e045913b17058c7
SHA1: a38968a7e21afcdff03a97a807a5728e3d0474f2
SHA256: 94F847943AD03025A30B04D677B673A7C25646A73195E71A6D35AD7B780C4613
File Size: 227.22 KB, 227222 bytes
MD5: 8361039c6a23b4afa7336a4c2c730810
SHA1: 666b4aa68796b6da5c91371e452f5c8381e4c3c9
SHA256: 6347F206C24AEE89B68E67D8403A8F4B537373A2C406B2AA189EDEDC0B9B2E83
File Size: 528.26 KB, 528258 bytes
MD5: 96c545198060a5c4b0d86ccce74e4962
SHA1: fcf93da861ecbcc07bcea7606ae1d9d74b5467a5
SHA256: 17B488CF0C6144CA4CC6A4D9F6B114E0131F49DB3B599AFCB0760F5BFD5A2BF0
File Size: 1.29 MB, 1290578 bytes
MD5: 6cabf762685dad2127f152b63467d625
SHA1: 5926e3d250ea28602cb70240c8107f5443fda2d8
SHA256: 67AD403F2D006B6CF5F5471E259988303D54FEBBD702BE9E8E3B5D28D6E20D8B
File Size: 201.14 KB, 201137 bytes
MD5: 5df9cfe8e24e22dcb9b898fd20ca33bd
SHA1: 76e7a3cdd197163ee8cbadd6f5d1d49b543f546b
SHA256: 467566E1D0D2CA5D85032FCDF70A310951D1EB8B3F10F93A50966D95011F8CA9
File Size: 179.54 KB, 179545 bytes
MD5: cba6da27c14c4feb231e663373ff8233
SHA1: e3ac5e25871e111e281395912c71eb08e5748061
SHA256: A9BEE8BA0DCBEBDF1C8CC66133E180FBDED1383770BF3D2C4727DB866CC243DB
File Size: 475.48 KB, 475479 bytes
MD5: c44423179dcb53076945c610f54568e3
SHA1: 0c3ec1237a597daf34eb6d7dea74a1d82ea9581f
SHA256: C53789385E2BA3D0A0A232372DD8FEB034EC1248AE467E347D4187C075D8C07D
File Size: 3.58 KB, 3584 bytes
MD5: 44f495a8385e7d803f409f9e4ec0537f
SHA1: 3ee8002678681608775e29948bab96bf5267b548
SHA256: E9F86C843BD72AB616CE8F8C493D2B78615CF3D6DF5D8011EE21DF4E3BAD752F
File Size: 361.90 KB, 361901 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments https://www.henrypp.org
Company Name
  • Adobe Systems Incorporated
  • Henry++
  • Hyperionics Technology LLC
  • Igor Pavlov
  • Microsoft Corporation
  • Soft Service Company
  • Sun Microsystems, Inc.
  • The OpenSSL Project, https://www.openssl.org/
  • Twain Working Group
File Description
  • 7-Zip Shell Extension
  • ATL Module for Windows (Unicode)
  • BITS Server Extensions Upgrade
  • Communication Unit Monitor
  • HyperSnap 8
  • Java(TM) Platform SE binary
  • Mem Reduct
  • MFCDLL Shared Library - Retail Version
  • OpenSSL library
  • QuickSFV Application
Show More
  • Setup Launcher
  • SwiftShader libEGL 32-bit Dynamic Link Library
  • Twain_32 Source Manager (Image Acquisition Interface)
  • WCL to WidComm API stub DLL
File Version
  • 24.01
  • 8.11.0.0
  • 8.00.50727.762
  • 7.10.6030.0
  • 7.0.0
  • 6.2.9200.16384 (win8_rtm.120725-1247)
  • 6.0.110.3
  • 6, 10, 1, 0
  • 4.1.0.7
  • 3.3.5
Show More
  • 3.0.16
  • 2, 3, 6, 0
  • 1,7,1,3
  • 1, 1, 1, 1
Full Version 1.6.0_11-b03
Internal Name
  • 7-zip
  • ATL71.DLL
  • bitsmig.dll
  • Communication Unit Monitor
  • DSM
  • HprSnap8
  • libEGL
  • libssl
  • memreduct
  • MFC80.DLL
Show More
  • net
  • QuickSFV
  • setup.exe
  • wcl2wbt
Legal Copyright
  • (c) 2011-2019 Henry++. All Rights Reversed.
  • Copyright (C) 1995-2015 Hyperionics Technology, LLC
  • Copyright (c) 1999-2024 Igor Pavlov
  • Copyright (C) 2003 InstallShield Software Corp.
  • Copyright (C) 2006-2012 Mike Petrichenko
  • Copyright (C) 2008
  • Copyright (C) 2010
  • Copyright (C) 2016 Google Inc.
  • Copyright 1998-2025 The OpenSSL Authors. All rights reserved.
  • Copyright © 2004
Show More
  • © Microsoft Corporation. All rights reserved.
  • © Microsoft Corporation. All rights reserved.
Original Filename
  • 7-zip.dll
  • ATL71.DLL
  • bitsmig.dll
  • Communication Unit Monitor.exe
  • HprRes8.dll
  • libEGL.dll
  • libssl
  • memreduct.exe
  • MFC80.DLL
  • net.dll
Show More
  • QuickSFV.exe
  • setup.exe
  • Twain_32.dll
  • wcl2wbt.DLL
Private Build 4.1.0.7
Product Name
  • 7-Zip
  • Adobe Reader 7.0
  • Communication Unit Monitor
  • HyperSnap v.8
  • Java(TM) Platform SE 6 U11
  • Mem Reduct
  • Microsoft® Visual Studio .NET
  • Microsoft® Visual Studio® 2005
  • Microsoft® Windows® Operating System
  • QuickSFV Application
Show More
  • SwiftShader libEGL Dynamic Link Library
  • The OpenSSL Toolkit
  • Twain_32 Source Manager
  • Wireless Communication Library
Product Version
  • 24.01
  • 8.11.0.0
  • 8.00.50727.762
  • 7.10.6030.0
  • 7.0.0
  • 6.2.9200.16384
  • 6.0.110.3
  • 6, 10, 1, 0
  • 4.1.0.7
  • 3.3.5
Show More
  • 3.0.16
  • 2, 3, 6, 0
  • 1,7,1,0
  • 1, 1, 1, 1

File Traits

  • .adata
  • 00 section
  • 2+ executable sections
  • dll
  • HighEntropy
  • Installer Manifest
  • Installer Version
  • No Version Info
  • ntdll
  • packed
Show More
  • upx
  • UPX!
  • x86

Block Information

Total Blocks: 848
Potentially Malicious Blocks: 17
Whitelisted Blocks: 705
Unknown Blocks: 126

Visual Map

0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? x 0 0 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? x x 0 0 0 ? ? 0 0 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 1 0 1 0 1 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x x x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.LGR
  • Agent.XCO
  • FakeDoc.A
  • KillMBR.XE
  • Ramnit.AAA
Show More
  • Ramnit.V

Files Modified

File Attributes
\device\namedpipe\dav rpc service Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_256.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_isd479.tmp Synchronize,Write Attributes
Show More
c:\users\user\appdata\local\temp\_msi5166._is Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\filelock.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\twain.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\twain001.mtx Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~tm629.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\~tm91b2.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\~tmb5e8.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\downloads\41d5728d0b5054a5af625104e16b8e7e6c86901b_0000331673 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\cmgr.exe Generic Write,Read Attributes
c:\users\user\downloads\temp\shsandbox-win32.dll-5.22.1.9999-x86.dmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\syswow64\rundll32mgr.exe Generic Write,Read Attributes
c:\windows\syswow64\temp\shsandbox-win32.dll-5.22.1.9999-x86.dmp Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::1 Z1湊睬敥潤B 뻯.Jnlweedo RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::0 RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::mrulistex ￿￿ RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots  RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::nodeslot ± RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::mrulistex ￿￿ RegNtPreCreateKey
Show More
HKCU\local settings\software\microsoft\windows\shell\bags\177\shell::sniffedfoldertype Documents RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState

Shell Command Execution

cmgr.exe
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\69775badb1749955990e0b84af748aad5f6d5dec_0000356876.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3eeba35bb05f0956aff69ac401361ec8e44b5d50_0000197008.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f89be0e2f023c90df2a753508998894e193285ff_0000162839.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d7b9f6e72280f133a25c5e3e787c251f4a1c0f45_0000873881.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ac144c10238e068b5bdf236e57be97b9201823d6_0000448505.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2b1efbf40370f5c893ccda6219d946df441ec3b1_0000736243.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a38968a7e21afcdff03a97a807a5728e3d0474f2_0000227222.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\fcf93da861ecbcc07bcea7606ae1d9d74b5467a5_0001290578.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5926e3d250ea28602cb70240c8107f5443fda2d8_0000201137.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\76e7a3cdd197163ee8cbadd6f5d1d49b543f546b_0000179545.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e3ac5e25871e111e281395912c71eb08e5748061_0000475479.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0c3ec1237a597daf34eb6d7dea74a1d82ea9581f_0000003584.,LiQMAxHB

Trending

Most Viewed

Loading...