Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
20/10/2022, 16:30
General
-
Target
5cb80b84540636a34e81a42eccd301646d5ab0a9ead4bfc09e203734aa9980dd.exe
-
Size
50KB
-
MD5
a02d184f73dbd4b7f044777bab15b3c0
-
SHA1
7f347252c26c321066d6b95bdd01ea54e7c8b705
-
SHA256
5cb80b84540636a34e81a42eccd301646d5ab0a9ead4bfc09e203734aa9980dd
-
SHA512
a5d7b2ac8c8594928dc10414f568086f3fe849c9b52464a6fc041e5736a9b0066a784f968462e43f0570ffe89ef148e6dba6ed16c78ea4d288291db0898eec95
-
SSDEEP
768:2e/rZKsmqqgkqVlSBqSaxpSu8bCyTtlwpNEOAr+RbRKS/1H5:2edKlnqVlSLZDSNE9aRbd
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5cb80b84540636a34e81a42eccd301646d5ab0a9ead4bfc09e203734aa9980dd.exe"C:\Users\Admin\AppData\Local\Temp\5cb80b84540636a34e81a42eccd301646d5ab0a9ead4bfc09e203734aa9980dd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ckcbgp32.exeC:\Windows\system32\Ckcbgp32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Celgpfjp.exeC:\Windows\system32\Celgpfjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cbphjj32.exeC:\Windows\system32\Cbphjj32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cgmpba32.exeC:\Windows\system32\Cgmpba32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cnghokon.exeC:\Windows\system32\Cnghokon.exe6⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dgomgq32.exeC:\Windows\system32\Dgomgq32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dniedk32.exeC:\Windows\system32\Dniedk32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dgajmpcl.exeC:\Windows\system32\Dgajmpcl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dbgnjicb.exeC:\Windows\system32\Dbgnjicb.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dgdfbpai.exeC:\Windows\system32\Dgdfbpai.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ebbmfgid.exeC:\Windows\system32\Ebbmfgid.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eimecapa.exeC:\Windows\system32\Eimecapa.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eninkhni.exeC:\Windows\system32\Eninkhni.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eiobhano.exeC:\Windows\system32\Eiobhano.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eolkqhlf.exeC:\Windows\system32\Eolkqhlf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eefcmbdc.exeC:\Windows\system32\Eefcmbdc.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Elpkjl32.exeC:\Windows\system32\Elpkjl32.exe18⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ficlcq32.exeC:\Windows\system32\Ficlcq32.exe19⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Foqdlg32.exeC:\Windows\system32\Foqdlg32.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fhiidm32.exeC:\Windows\system32\Fhiidm32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fbnmbf32.exeC:\Windows\system32\Fbnmbf32.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fhkejm32.exeC:\Windows\system32\Fhkejm32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Facjcbco.exeC:\Windows\system32\Facjcbco.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbcfmejb.exeC:\Windows\system32\Fbcfmejb.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gahcna32.exeC:\Windows\system32\Gahcna32.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gakpcamg.exeC:\Windows\system32\Gakpcamg.exe27⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Gehijp32.exeC:\Windows\system32\Gehijp32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gkeabf32.exeC:\Windows\system32\Gkeabf32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Glenli32.exeC:\Windows\system32\Glenli32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hadcjpel.exeC:\Windows\system32\Hadcjpel.exe4⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hliggieb.exeC:\Windows\system32\Hliggieb.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hafpopcj.exeC:\Windows\system32\Hafpopcj.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hlldmhcp.exeC:\Windows\system32\Hlldmhcp.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hcflib32.exeC:\Windows\system32\Hcflib32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hipdfm32.exeC:\Windows\system32\Hipdfm32.exe9⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hkaqnegg.exeC:\Windows\system32\Hkaqnegg.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ioccobji.exeC:\Windows\system32\Ioccobji.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ijiglk32.exeC:\Windows\system32\Ijiglk32.exe12⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ikjcdcom.exeC:\Windows\system32\Ikjcdcom.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iohljb32.exeC:\Windows\system32\Iohljb32.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Illmcfdm.exeC:\Windows\system32\Illmcfdm.exe15⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jhcmhg32.exeC:\Windows\system32\Jhcmhg32.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jbkbamqa.exeC:\Windows\system32\Jbkbamqa.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jbnogl32.exeC:\Windows\system32\Jbnogl32.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jlccde32.exeC:\Windows\system32\Jlccde32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jbpkll32.exeC:\Windows\system32\Jbpkll32.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jkhpeacm.exeC:\Windows\system32\Jkhpeacm.exe21⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jbbhblkj.exeC:\Windows\system32\Jbbhblkj.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jhlpof32.exeC:\Windows\system32\Jhlpof32.exe23⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jcbdlo32.exeC:\Windows\system32\Jcbdlo32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jjlmiiii.exeC:\Windows\system32\Jjlmiiii.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kkmipa32.exeC:\Windows\system32\Kkmipa32.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kfbmnjon.exeC:\Windows\system32\Kfbmnjon.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kiajjena.exeC:\Windows\system32\Kiajjena.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kcfngnng.exeC:\Windows\system32\Kcfngnng.exe29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kicfoelo.exeC:\Windows\system32\Kicfoelo.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Komolo32.exeC:\Windows\system32\Komolo32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kfggii32.exeC:\Windows\system32\Kfggii32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kopkaoai.exeC:\Windows\system32\Kopkaoai.exe33⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kbngnjql.exeC:\Windows\system32\Kbngnjql.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kjepogao.exeC:\Windows\system32\Kjepogao.exe35⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kobhgnof.exeC:\Windows\system32\Kobhgnof.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lijlpdff.exeC:\Windows\system32\Lijlpdff.exe37⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ljjijf32.exeC:\Windows\system32\Ljjijf32.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ljlepfkg.exeC:\Windows\system32\Ljlepfkg.exe39⤵
-
C:\Windows\SysWOW64\Lcdjhl32.exeC:\Windows\system32\Lcdjhl32.exe40⤵
-
C:\Windows\SysWOW64\Liabqc32.exeC:\Windows\system32\Liabqc32.exe41⤵
-
C:\Windows\SysWOW64\Lbjgihfo.exeC:\Windows\system32\Lbjgihfo.exe42⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ljaokega.exeC:\Windows\system32\Ljaokega.exe43⤵
-
C:\Windows\SysWOW64\Llblbnmp.exeC:\Windows\system32\Llblbnmp.exe44⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Mfhppfme.exeC:\Windows\system32\Mfhppfme.exe1⤵
-
C:\Windows\SysWOW64\Mldhhnkm.exeC:\Windows\system32\Mldhhnkm.exe2⤵
-
C:\Windows\SysWOW64\Mboqdh32.exeC:\Windows\system32\Mboqdh32.exe3⤵
-
C:\Windows\SysWOW64\Mlgemm32.exeC:\Windows\system32\Mlgemm32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mflikf32.exeC:\Windows\system32\Mflikf32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mikega32.exeC:\Windows\system32\Mikega32.exe6⤵
-
C:\Windows\SysWOW64\Mcpjdj32.exeC:\Windows\system32\Mcpjdj32.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mfofpe32.exeC:\Windows\system32\Mfofpe32.exe8⤵
-
C:\Windows\SysWOW64\Mimbla32.exeC:\Windows\system32\Mimbla32.exe9⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mllnhm32.exeC:\Windows\system32\Mllnhm32.exe10⤵
-
C:\Windows\SysWOW64\Mmkkbo32.exeC:\Windows\system32\Mmkkbo32.exe11⤵
-
C:\Windows\SysWOW64\Mpigok32.exeC:\Windows\system32\Mpigok32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nbhckf32.exeC:\Windows\system32\Nbhckf32.exe13⤵
-
C:\Windows\SysWOW64\Niblgqal.exeC:\Windows\system32\Niblgqal.exe14⤵
-
C:\Windows\SysWOW64\Nmmgho32.exeC:\Windows\system32\Nmmgho32.exe15⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nplddj32.exeC:\Windows\system32\Nplddj32.exe16⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nfflad32.exeC:\Windows\system32\Nfflad32.exe17⤵
-
C:\Windows\SysWOW64\Nlbdik32.exeC:\Windows\system32\Nlbdik32.exe18⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nbmmfefj.exeC:\Windows\system32\Nbmmfefj.exe19⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nifebp32.exeC:\Windows\system32\Nifebp32.exe20⤵
-
C:\Windows\SysWOW64\Njfamb32.exeC:\Windows\system32\Njfamb32.exe21⤵
-
C:\Windows\SysWOW64\Nlgndkkg.exeC:\Windows\system32\Nlgndkkg.exe22⤵
-
C:\Windows\SysWOW64\Npcjei32.exeC:\Windows\system32\Npcjei32.exe23⤵
-
C:\Windows\SysWOW64\Nfmbacjn.exeC:\Windows\system32\Nfmbacjn.exe24⤵
-
C:\Windows\SysWOW64\Niknnoia.exeC:\Windows\system32\Niknnoia.exe25⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Odabkhig.exeC:\Windows\system32\Odabkhig.exe26⤵
-
C:\Windows\SysWOW64\Omigdmph.exeC:\Windows\system32\Omigdmph.exe27⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Odcoqg32.exeC:\Windows\system32\Odcoqg32.exe28⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ofalmc32.exeC:\Windows\system32\Ofalmc32.exe29⤵
-
C:\Windows\SysWOW64\Oiphin32.exeC:\Windows\system32\Oiphin32.exe30⤵
-
C:\Windows\SysWOW64\Olndej32.exeC:\Windows\system32\Olndej32.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Odelfg32.exeC:\Windows\system32\Odelfg32.exe32⤵
-
C:\Windows\SysWOW64\Ofdhbb32.exeC:\Windows\system32\Ofdhbb32.exe33⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oibdnnci.exeC:\Windows\system32\Oibdnnci.exe34⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Omnqom32.exeC:\Windows\system32\Omnqom32.exe1⤵
-
C:\Windows\SysWOW64\Oplmkh32.exeC:\Windows\system32\Oplmkh32.exe2⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Obkigc32.exeC:\Windows\system32\Obkigc32.exe3⤵
-
C:\Windows\SysWOW64\Oidadnaf.exeC:\Windows\system32\Oidadnaf.exe4⤵
-
C:\Windows\SysWOW64\Opoiqh32.exeC:\Windows\system32\Opoiqh32.exe5⤵
-
C:\Windows\SysWOW64\Obmfmc32.exeC:\Windows\system32\Obmfmc32.exe6⤵
-
C:\Windows\SysWOW64\Okdnnq32.exeC:\Windows\system32\Okdnnq32.exe7⤵
-
C:\Windows\SysWOW64\Ombjjlhm.exeC:\Windows\system32\Ombjjlhm.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Opaffggq.exeC:\Windows\system32\Opaffggq.exe9⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pbobbcfd.exeC:\Windows\system32\Pbobbcfd.exe10⤵
-
C:\Windows\SysWOW64\Pmefplej.exeC:\Windows\system32\Pmefplej.exe11⤵
-
C:\Windows\SysWOW64\Pdoolf32.exeC:\Windows\system32\Pdoolf32.exe12⤵
-
C:\Windows\SysWOW64\Pgmkha32.exeC:\Windows\system32\Pgmkha32.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pilgdm32.exeC:\Windows\system32\Pilgdm32.exe14⤵
-
C:\Windows\SysWOW64\Ppepag32.exeC:\Windows\system32\Ppepag32.exe15⤵
-
C:\Windows\SysWOW64\Pgphnajh.exeC:\Windows\system32\Pgphnajh.exe16⤵
-
C:\Windows\SysWOW64\Pindjlil.exeC:\Windows\system32\Pindjlil.exe17⤵
-
C:\Windows\SysWOW64\Pphlgf32.exeC:\Windows\system32\Pphlgf32.exe18⤵
-
C:\Windows\SysWOW64\Pcfhcb32.exeC:\Windows\system32\Pcfhcb32.exe19⤵
-
C:\Windows\SysWOW64\Aijcfkoo.exeC:\Windows\system32\Aijcfkoo.exe20⤵
-
C:\Windows\SysWOW64\Adohccod.exeC:\Windows\system32\Adohccod.exe21⤵
-
C:\Windows\SysWOW64\Akippnfa.exeC:\Windows\system32\Akippnfa.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Anhlliee.exeC:\Windows\system32\Anhlliee.exe23⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Addanc32.exeC:\Windows\system32\Addanc32.exe24⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Aknikm32.exeC:\Windows\system32\Aknikm32.exe25⤵
-
C:\Windows\SysWOW64\Alofbehj.exeC:\Windows\system32\Alofbehj.exe26⤵
-
C:\Windows\SysWOW64\Adfndbil.exeC:\Windows\system32\Adfndbil.exe27⤵
-
C:\Windows\SysWOW64\Akpfqm32.exeC:\Windows\system32\Akpfqm32.exe28⤵
-
C:\Windows\SysWOW64\Bpmoic32.exeC:\Windows\system32\Bpmoic32.exe29⤵
-
C:\Windows\SysWOW64\Bckkeo32.exeC:\Windows\system32\Bckkeo32.exe30⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bkbcflng.exeC:\Windows\system32\Bkbcflng.exe31⤵
-
C:\Windows\SysWOW64\Bldond32.exeC:\Windows\system32\Bldond32.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bdkgob32.exeC:\Windows\system32\Bdkgob32.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bgickm32.exeC:\Windows\system32\Bgickm32.exe34⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bjhpgi32.exeC:\Windows\system32\Bjhpgi32.exe35⤵
-
C:\Windows\SysWOW64\Blflcd32.exeC:\Windows\system32\Blflcd32.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bcpdpnio.exeC:\Windows\system32\Bcpdpnio.exe37⤵
-
C:\Windows\SysWOW64\Bglpqm32.exeC:\Windows\system32\Bglpqm32.exe38⤵
-
C:\Windows\SysWOW64\Bnfhmg32.exeC:\Windows\system32\Bnfhmg32.exe39⤵
-
C:\Windows\SysWOW64\Bqdeib32.exeC:\Windows\system32\Bqdeib32.exe40⤵
-
C:\Windows\SysWOW64\Bcbaen32.exeC:\Windows\system32\Bcbaen32.exe41⤵
-
C:\Windows\SysWOW64\Bjlibhoi.exeC:\Windows\system32\Bjlibhoi.exe42⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bqfaob32.exeC:\Windows\system32\Bqfaob32.exe43⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bcenkn32.exeC:\Windows\system32\Bcenkn32.exe44⤵
-
C:\Windows\SysWOW64\Bklflk32.exeC:\Windows\system32\Bklflk32.exe45⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cmmbdc32.exeC:\Windows\system32\Cmmbdc32.exe46⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cddjeq32.exeC:\Windows\system32\Cddjeq32.exe47⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Cknbbkdi.exeC:\Windows\system32\Cknbbkdi.exe48⤵
-
C:\Windows\SysWOW64\Cmpoic32.exeC:\Windows\system32\Cmpoic32.exe49⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cdggkp32.exeC:\Windows\system32\Cdggkp32.exe50⤵
-
C:\Windows\SysWOW64\Cgecgl32.exeC:\Windows\system32\Cgecgl32.exe51⤵
-
C:\Windows\SysWOW64\Cjcocg32.exeC:\Windows\system32\Cjcocg32.exe52⤵
-
C:\Windows\SysWOW64\Cmblob32.exeC:\Windows\system32\Cmblob32.exe53⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cdicpphg.exeC:\Windows\system32\Cdicpphg.exe54⤵
-
C:\Windows\SysWOW64\Cggplkgk.exeC:\Windows\system32\Cggplkgk.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cjflhggo.exeC:\Windows\system32\Cjflhggo.exe56⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cmdhdbfb.exeC:\Windows\system32\Cmdhdbfb.exe57⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cqpdea32.exeC:\Windows\system32\Cqpdea32.exe58⤵
-
C:\Windows\SysWOW64\Ccnqal32.exeC:\Windows\system32\Ccnqal32.exe59⤵
-
C:\Windows\SysWOW64\Cjhinfdl.exeC:\Windows\system32\Cjhinfdl.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cmfejbdp.exeC:\Windows\system32\Cmfejbdp.exe61⤵
-
C:\Windows\SysWOW64\Cdnmko32.exeC:\Windows\system32\Cdnmko32.exe62⤵
-
C:\Windows\SysWOW64\Cgligk32.exeC:\Windows\system32\Cgligk32.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Djjecf32.exeC:\Windows\system32\Djjecf32.exe64⤵
-
C:\Windows\SysWOW64\Dqdnppjf.exeC:\Windows\system32\Dqdnppjf.exe65⤵
-
C:\Windows\SysWOW64\Dkjbnijl.exeC:\Windows\system32\Dkjbnijl.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dnhnjdip.exeC:\Windows\system32\Dnhnjdip.exe67⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dqgjfphc.exeC:\Windows\system32\Dqgjfphc.exe68⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dgabbjpp.exeC:\Windows\system32\Dgabbjpp.exe69⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dmnkkang.exeC:\Windows\system32\Dmnkkang.exe70⤵
-
C:\Windows\SysWOW64\Dgcohjmn.exeC:\Windows\system32\Dgcohjmn.exe71⤵
-
C:\Windows\SysWOW64\Dnmhed32.exeC:\Windows\system32\Dnmhed32.exe72⤵
-
C:\Windows\SysWOW64\Degpanlg.exeC:\Windows\system32\Degpanlg.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dclmbjao.exeC:\Windows\system32\Dclmbjao.exe74⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ejfeod32.exeC:\Windows\system32\Ejfeod32.exe75⤵
-
C:\Windows\SysWOW64\Emdakp32.exeC:\Windows\system32\Emdakp32.exe76⤵
-
C:\Windows\SysWOW64\Eelimm32.exeC:\Windows\system32\Eelimm32.exe77⤵
-
C:\Windows\SysWOW64\Ekfaig32.exeC:\Windows\system32\Ekfaig32.exe78⤵
-
C:\Windows\SysWOW64\Endnec32.exeC:\Windows\system32\Endnec32.exe79⤵
-
C:\Windows\SysWOW64\Egmbnhec.exeC:\Windows\system32\Egmbnhec.exe80⤵
-
C:\Windows\SysWOW64\Eaeggn32.exeC:\Windows\system32\Eaeggn32.exe81⤵
-
C:\Windows\SysWOW64\Ekjkdg32.exeC:\Windows\system32\Ekjkdg32.exe82⤵
-
C:\Windows\SysWOW64\Enigqbkm.exeC:\Windows\system32\Enigqbkm.exe83⤵
-
C:\Windows\SysWOW64\Eecoml32.exeC:\Windows\system32\Eecoml32.exe84⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Egalih32.exeC:\Windows\system32\Egalih32.exe85⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ejphec32.exeC:\Windows\system32\Ejphec32.exe86⤵
-
C:\Windows\SysWOW64\Emndao32.exeC:\Windows\system32\Emndao32.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Fgchog32.exeC:\Windows\system32\Fgchog32.exe88⤵
-
C:\Windows\SysWOW64\Fjbdkc32.exeC:\Windows\system32\Fjbdkc32.exe89⤵
-
C:\Windows\SysWOW64\Fmpagnmb.exeC:\Windows\system32\Fmpagnmb.exe90⤵
-
C:\Windows\SysWOW64\Fegihlnd.exeC:\Windows\system32\Fegihlnd.exe91⤵
-
C:\Windows\SysWOW64\Fjdaqbll.exeC:\Windows\system32\Fjdaqbll.exe92⤵
-
C:\Windows\SysWOW64\Fanimm32.exeC:\Windows\system32\Fanimm32.exe93⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fcmfih32.exeC:\Windows\system32\Fcmfih32.exe94⤵
-
C:\Windows\SysWOW64\Fldnke32.exeC:\Windows\system32\Fldnke32.exe95⤵
-
C:\Windows\SysWOW64\Faqfclaf.exeC:\Windows\system32\Faqfclaf.exe96⤵
-
C:\Windows\SysWOW64\Fdobohaj.exeC:\Windows\system32\Fdobohaj.exe97⤵
-
C:\Windows\SysWOW64\Flfjpeal.exeC:\Windows\system32\Flfjpeal.exe98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fndglqqp.exeC:\Windows\system32\Fndglqqp.exe99⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Facchlpc.exeC:\Windows\system32\Facchlpc.exe100⤵
-
C:\Windows\SysWOW64\Fdaodgog.exeC:\Windows\system32\Fdaodgog.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fjkgaa32.exeC:\Windows\system32\Fjkgaa32.exe102⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Faepnlnq.exeC:\Windows\system32\Faepnlnq.exe103⤵
-
C:\Windows\SysWOW64\Ghohkfen.exeC:\Windows\system32\Ghohkfen.exe104⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gmlpcmce.exeC:\Windows\system32\Gmlpcmce.exe105⤵
-
C:\Windows\SysWOW64\Gdfipg32.exeC:\Windows\system32\Gdfipg32.exe106⤵
-
C:\Windows\SysWOW64\Gdkbkfgl.exeC:\Windows\system32\Gdkbkfgl.exe107⤵
-
C:\Windows\SysWOW64\Glbjlcgo.exeC:\Windows\system32\Glbjlcgo.exe108⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gmcfcl32.exeC:\Windows\system32\Gmcfcl32.exe109⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gdmopfdj.exeC:\Windows\system32\Gdmopfdj.exe110⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gkggmplf.exeC:\Windows\system32\Gkggmplf.exe111⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gmecikkj.exeC:\Windows\system32\Gmecikkj.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hemkjill.exeC:\Windows\system32\Hemkjill.exe113⤵
-
C:\Windows\SysWOW64\Hhkgfdkp.exeC:\Windows\system32\Hhkgfdkp.exe114⤵
-
C:\Windows\SysWOW64\Hoepcn32.exeC:\Windows\system32\Hoepcn32.exe115⤵
-
C:\Windows\SysWOW64\Hacloj32.exeC:\Windows\system32\Hacloj32.exe116⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hdahke32.exeC:\Windows\system32\Hdahke32.exe117⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hlipmbag.exeC:\Windows\system32\Hlipmbag.exe118⤵
-
C:\Windows\SysWOW64\Hklpho32.exeC:\Windows\system32\Hklpho32.exe119⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hddeaeoa.exeC:\Windows\system32\Hddeaeoa.exe120⤵
-
C:\Windows\SysWOW64\Hhpaac32.exeC:\Windows\system32\Hhpaac32.exe121⤵
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-