Multi-License Discount Quote

Change Region

English
Threat Database HEUR Malware HEUR.Malware.Malpack.Win32.Generic

HEUR.Malware.Malpack.Win32.Generic

By CagedTech in HEUR Malware, Malware

Threat Scorecard

Popularity Rank: 3,851
Threat Level: 100 % (High)
Infected Computers: 17,126
First Seen: September 7, 2017
Last Seen: February 14, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: HEUR.Malware.Malpack.Win32.Generic
Signature status: Self Signed

Known Samples

MD5: 2fe7217a150761601cb96cf4b70cf523
SHA1: 2453404243041c983a2c993bfc162e2322b3f773
File Size: 8.22 MB, 8223856 bytes
MD5: 4aba74643635f4098b2dfc46529587c8
SHA1: c96ff4c29d3d51caab7ecfd6830b8f49150151fb
SHA256: D1E0867D0325825D277E0FA86A9F71409FFAF34B7770FFC0E0E3968CDA4041DC
File Size: 8.82 KB, 8816 bytes
MD5: 336ef454287ed3ae7c9d391fbfdbbfea
SHA1: 3609c0472ba2b5ab7fcd5a79eb6bf69d6a99f30d
SHA256: A19875ECEE85FA2DD46761D412822A929F456AB4174D3F01686B3B01B5C6512A
File Size: 8.34 MB, 8341160 bytes
MD5: 20152243d74e8ee84172e98fd0a6e753
SHA1: e52e383b5ac88621703fed8727d2e626f898e146
SHA256: 1358DEBD94D84ED6184CD98EFCACFF24ED8B1BA0ACA0D0BBA7FF58A426BE285E
File Size: 2.30 MB, 2295808 bytes
MD5: ef5cb88303e4beab78c03511d2e6f1f2
SHA1: 590309f67a3461706a150718562cd3bad06044a7
SHA256: 42288954E5ABF7A2B11CFF45ED675CE0F3B244F02623A2251836AEE64890421C
File Size: 2.83 MB, 2826136 bytes
Show More
MD5: e45f8b3127cf153d3336a7ffdf508065
SHA1: 10f90f8dc9d75a4f27b54826e6c78e1f541eb8e1
SHA256: 0BEA4318849D4CF4CBB0C1DB57BABED7507939D563EB0163C19815034B3E6EC9
File Size: 8.31 MB, 8308392 bytes
MD5: bfbbeff8b736390f71d9a5974e63ad88
SHA1: 042d19be3f5b356a7815d3ae216a548c0765e3fa
SHA256: C21CEDC26293ECB7A9A9F02E599B1266ED8EEEFEF0FC6F229EA697F6A0058769
File Size: 8.35 MB, 8349352 bytes
MD5: b0e57eec768c06725532a9875bb8a8a4
SHA1: 6c32d5fc78c992d4e1ba164068aa37aa52d529e4
SHA256: C600EFBFA2FE3C01A47D40AB8651F06E6D11A5B937BF993D91B6E93849C63524
File Size: 8.36 MB, 8362664 bytes
MD5: 9aa14b4e43f1dbd16b5f32ae909903af
SHA1: 129caf746a10e52cdf7e1cb1c8e4459f76a88aba
SHA256: 91E2F5B6FE599529B48B1C90837E1751FD7C9D52413AADDF69BBC3CCCF0D2506
File Size: 136.45 KB, 136449 bytes
MD5: 61c18fe34ba71fa59c244f1e0e9207ea
SHA1: 7fcf58f9d1cf78900215f0b291374825373c76aa
SHA256: 64102FCD95E75F85AA5DBCCEB98CD836369A0BEB731D5DEF0F258C2927D6E50C
File Size: 8.37 MB, 8374440 bytes
MD5: 321a9d4fbad4981e36d542e6fb86fcbc
SHA1: 687b15d7e7b4ab1bfee3b2dbf02943e4c5b4ff36
SHA256: 99C1BECABF3C620ED28EB4513579402AB2F4E7E4A6CFBCD3B65D8662457C4F01
File Size: 8.36 MB, 8363176 bytes
MD5: 24235ac8b6db2591635355da70734941
SHA1: ca2118236f898baf8f6105957f7047c19a5ec60a
SHA256: FC0AFFBEB2D1724E9E85DBCA3773420F1DC9706FAA3F12503CEE76BE5741ED04
File Size: 8.37 MB, 8374952 bytes
MD5: 695156c4cb0639c3e4e4a97449a8d2bd
SHA1: 7230a9bc97725ea6112a9a01173a5b7d47b77dd6
SHA256: B0B292BD59ECBABF9858154A632B46F5815C1AD80AB1EE24E1686D524FD5339D
File Size: 44.54 KB, 44544 bytes
MD5: d9cdcffab66e5815df1c8f451b19da66
SHA1: 54065e1775d8e5d74e4964c7f2bfde4156bde6e4
SHA256: A84C8C1D15DF5A1EDFAD46BCCD2620F81B71355B030A4FCF0D6F3F84A596FD87
File Size: 5.41 MB, 5410376 bytes
MD5: f754336767964411ab8c948bfca8c7ea
SHA1: 744eafd029f52403ac01acb9a3b6f3ea9c4c3d12
SHA256: E65947DB844670C3D17D84EE40A70A340A193A8DF57EBA18BC54A686AFD445A8
File Size: 44.54 KB, 44544 bytes
MD5: 0c469842479ebce527b2d7e39bf4179b
SHA1: ee8f59ba0b5bf3fd042a4e130a1f3f7105c04126
SHA256: E757F6D594C705C7A2041AB78BCC951BD3A3BEB0A0A32CA57433AE7091586F4D
File Size: 14.34 KB, 14336 bytes
MD5: 5934da9751651b874bb965c50e75a2e8
SHA1: 138d94793dacb54911a7beca37b48b630d547f59
SHA256: 2C326FC5C60CA293578082180F78AC95526AA17E1AEDBC4E66628B74AB4563B0
File Size: 8.41 MB, 8407720 bytes
MD5: d1f7d0c6021cac4462464e85b42b1a38
SHA1: 4fca478cc1adbace97dae88bbfb0179fc359251b
SHA256: 67C8A71C8CA33B147447A6D4163CC600C83A93AF974F814229D0A69ACD6D95A3
File Size: 8.40 MB, 8399016 bytes
MD5: f485ffd8383a4c5cc79fc1bea67e0b2f
SHA1: 227d88be9507d104ebac0c26785885a9e4b90e37
SHA256: 1927197B31D626FE7BE4D36BE467873E1942168D8678D216D0B66864AEF05B18
File Size: 3.12 MB, 3121083 bytes
MD5: 5a1a1a8c34120fb5d587d7c6256e79af
SHA1: 9887c10a8af2aa9208e28bb2e65359693d65c47c
SHA256: E56B636DE4AD6BC3FE9BD310F1FAB091CCBA9463B2B40015922929574EED3B4C
File Size: 14.34 KB, 14336 bytes
MD5: 7c3c4ac21ae1e232a6c763e1ec5587c1
SHA1: d7e2f975f775d4123b835ef30adb2ff49ba8800c
SHA256: D6175BB438FBDAB723F3F32A6F6E34AFD62B46AD555A365DAFD2332B8606F84B
File Size: 1.20 MB, 1201536 bytes
MD5: ebfc7f67f9e0846290631f6783d25922
SHA1: d1571a69c38a8fb0ffe347882dcdcc962949c2c9
SHA256: 617F8594DFDEBAB13A7E4C7AE80E6EF17F2D7D441F9EA9FFE197D6187B692187
File Size: 8.39 MB, 8388776 bytes
MD5: 7ca24400f05a9698c15b889bc60282f8
SHA1: 35542b5e31f4a6b9f1446362d6ab824ce4f8833b
SHA256: BEBC565A94A573F1A528C452DC0CF9D23F7B6F06418D8E7DED1FF0228BA1EB9D
File Size: 8.41 MB, 8405672 bytes
MD5: acc74dd96b9a47ea604c8b955d7400fe
SHA1: 019801a17dbb0be889df14faa84589ba1ac16c62
SHA256: F3A6582A7B6FEABA3DA1216F7FDDF831CE891A98F24C2350D696C7D0C600D255
File Size: 1.89 MB, 1893144 bytes
MD5: 5d24d0ab514e820414980047521c5eaf
SHA1: 1ddc5542fb4bfca36a967651b39f63177334fd37
SHA256: 6EC25F801A4819105F80B7C60A397410C1DEEAFFBCE07319465E107DB093E6BB
File Size: 8.36 MB, 8361640 bytes
MD5: 749b462ada7495a792bd3ae83a7bff7f
SHA1: 86d9a383d68021280bace90cebbadb8e19d036e4
SHA256: 19C6AA57A27EC4D0DA6AFC418E391D39C726311A2752E8E777806193D277E85D
File Size: 6.00 MB, 5996544 bytes
MD5: 04c516b20f0511bd3cc0457944f2c641
SHA1: 65b3209b143ff79bd942644e7c69f67c2f931fdd
SHA256: 911CDEB078AF2D76CAA94EDE1351AC942D1C875C6F26F90B02084EC704199B84
File Size: 38.65 KB, 38645 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Microsoft
  • NoahSystem
  • The OpenSSL Project, https://www.openssl.org/
  • xunsai co.ltd
File Description
  • Knight Online Client
  • OpenSSL library
  • SMS and MMS dll
File Version
  • 4, 23, 13, 3000
  • 3.1.7
  • 3,0,0,0
  • 1.00
Internal Name
  • libcrypto
  • Warfare
  • Win
  • xssmsmms
Legal Copyright
  • Copyright 1998-2024 The OpenSSL Authors. All rights reserved.
  • Copyright 2004-2008
  • Copyright ? 2001. NoahSystem.co.ltd
Original Filename
  • KnightOnline.exe
  • libcrypto
  • Win.exe
  • xssmsmms.DLL
Product Name
  • Knight Online Client
  • SMS and MMS dll
  • The OpenSSL Toolkit
  • Win
Product Version
  • 4, 23, 13, 3000
  • 3.1.7
  • 3,0,0,0
  • 1.00

Digital Signatures

Signer Root Status
Zoom Video Communications, Inc. DigiCert Trusted Root G4 Hash Mismatch
Mgame Corp GlobalSign GCC R45 CodeSigning CA 2020 Self Signed
Game Cafe Services Inc SSL.com Code Signing Intermediate CA RSA R1 Self Signed

File Traits

  • .adata
  • 00 section
  • 2+ executable sections
  • dll
  • fptable
  • HighEntropy
  • No Version Info
  • VirtualQueryEx
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 1
Potentially Malicious Blocks: 0
Whitelisted Blocks: 0
Unknown Blocks: 1

Visual Map

?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.DSGA
  • Coiner.B
  • Coinminer.GCLA
  • FSG.Gen
  • Royal.AA
Show More
  • Stealer.GFA
  • Stealer.GFC

Files Modified

File Attributes
c: Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.blf Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\asfds Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\cdegfr Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\fdsf Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\sdfdsf Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\sdfff Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\downloads\wdcevf Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\wdcsadsad Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\zxczxc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\appcompat\programs\amcache.hve Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve.log1 Read Data,Write Data
c:\windows\appcompat\programs\amcache.hve.log1 Write Attributes
c:\windows\appcompat\programs\amcache.hve.log2 Read Data,Write Data
c:\windows\syswow64\cmd32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\z11.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\z12.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\z13.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\z14.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\z15.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\syswow64\z16.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㓽㋴௭ǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::controlpanel C:\WINDOWS\system32\cmd32.exe internat.dll,LoadKeyboardProfile RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ㌗௭ǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\rfc1156agent\currentversion\parameters::trappolltimemillisecs RegNtPreCreateKey
HKLM\software\wow6432node\licenses::{k7c0db872a3f777c0} 툪㗀⚝?￿篿㺰龩᠈棸㱬⫰ᅡ￿돿嫊쎴ΣS￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿ÿ⫰鷂ἦ￿￿끻ꤾ࢟汨︼숪￿￿쪳둚ꏃ㌃￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿ RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
  • WinExec
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
Show More
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExcludeClipRect
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtSelectClipRgn
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFlush
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject

110 additional items are not displayed above.

Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Network Winsock2
  • WSAStartup
Service Control
  • OpenSCManager
  • OpenService
Encryption Used
  • BCryptOpenAlgorithmProvider
Process Terminate
  • TerminateProcess
Process Manipulation Evasion
  • NtUnmapViewOfSection
Other Suspicious
  • SetWindowsHookEx

Shell Command Execution

netsh firewall set allowedprogram c:\users\user\downloads\c96ff4c29d3d51caab7ecfd6830b8f49150151fb_0000008816 enable
C:\WINDOWS\system32\z11.exe
C:\WINDOWS\system32\z14.exe
C:\WINDOWS\system32\z15.exe
C:\WINDOWS\system32\z16.exe
Show More
netsh firewall set allowedprogram C:\WINDOWS\system32\cmd32.exe enable
C:\WINDOWS\system32\z12.exe
C:\WINDOWS\system32\z13.exe
C:\WINDOWS\SysWOW64\rundll32.exe "C:\WINDOWS\SysWOW64\rundll32.exe" "C:\WINDOWS\SysWOW64\shell32.dll",#44 "c:\users\user\downloads\e52e383b5ac88621703fed8727d2e626f898e146_0002295808."
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\590309f67a3461706a150718562cd3bad06044a7_0002826136.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\129caf746a10e52cdf7e1cb1c8e4459f76a88aba_0000136449.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\7230a9bc97725ea6112a9a01173a5b7d47b77dd6_0000044544.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\744eafd029f52403ac01acb9a3b6f3ea9c4c3d12_0000044544.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ee8f59ba0b5bf3fd042a4e130a1f3f7105c04126_0000014336.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\9887c10a8af2aa9208e28bb2e65359693d65c47c_0000014336.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d7e2f975f775d4123b835ef30adb2ff49ba8800c_0001201536.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\019801a17dbb0be889df14faa84589ba1ac16c62_0001893144.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\65b3209b143ff79bd942644e7c69f67c2f931fdd_0000038645.,LiQMAxHB

Trending

Most Viewed

Loading...