Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
102s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
28/10/2022, 22:46
General
-
Target
d0694af6981a8146489c905027771567f1e811ad4e113f11a2f15ea31d9ed445.exe
-
Size
51KB
-
MD5
0c74e95a670c3ea7d0dbbb209329f880
-
SHA1
112a0f1d8791a7f8e624bab0b20087e80419aa63
-
SHA256
d0694af6981a8146489c905027771567f1e811ad4e113f11a2f15ea31d9ed445
-
SHA512
7005794182db6d1569e46ef99dda9bb2a6ed79a1622110954221068f8808951993f680d765ab49949e92699feb1e0a3960f114f76f393fe32e94a43beb0f2abb
-
SSDEEP
768:VhcdmIii2YFh0T3ORqon1ip6uP+b2K5oOmnxM7AHUzz/1H5:VhY28q3ORqvguE20oOm8MUzB
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0694af6981a8146489c905027771567f1e811ad4e113f11a2f15ea31d9ed445.exe"C:\Users\Admin\AppData\Local\Temp\d0694af6981a8146489c905027771567f1e811ad4e113f11a2f15ea31d9ed445.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dajnff32.exeC:\Windows\system32\Dajnff32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dlobco32.exeC:\Windows\system32\Dlobco32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dalkkegj.exeC:\Windows\system32\Dalkkegj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dlaoingp.exeC:\Windows\system32\Dlaoingp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Diepbbfi.exeC:\Windows\system32\Diepbbfi.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eihlhb32.exeC:\Windows\system32\Eihlhb32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Enedpi32.exeC:\Windows\system32\Enedpi32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eeommcjk.exeC:\Windows\system32\Eeommcjk.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Engaei32.exeC:\Windows\system32\Engaei32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eeajbc32.exeC:\Windows\system32\Eeajbc32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eninkhni.exeC:\Windows\system32\Eninkhni.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eecfhb32.exeC:\Windows\system32\Eecfhb32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fhiidm32.exeC:\Windows\system32\Fhiidm32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Focaagfn.exeC:\Windows\system32\Focaagfn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fiheopfd.exeC:\Windows\system32\Fiheopfd.exe16⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Foenggdk.exeC:\Windows\system32\Foenggdk.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fikbdpda.exeC:\Windows\system32\Fikbdpda.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fogjlf32.exeC:\Windows\system32\Fogjlf32.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fhpoelii.exeC:\Windows\system32\Fhpoelii.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gojgbf32.exeC:\Windows\system32\Gojgbf32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Giokoo32.exeC:\Windows\system32\Giokoo32.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gkqhgg32.exeC:\Windows\system32\Gkqhgg32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gefldp32.exeC:\Windows\system32\Gefldp32.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gkcdlg32.exeC:\Windows\system32\Gkcdlg32.exe25⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gammiakd.exeC:\Windows\system32\Gammiakd.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Glbafjkj.exeC:\Windows\system32\Glbafjkj.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Goambe32.exeC:\Windows\system32\Goambe32.exe28⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ghiakkqo.exeC:\Windows\system32\Ghiakkqo.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gboficpd.exeC:\Windows\system32\Gboficpd.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ghlnajol.exeC:\Windows\system32\Ghlnajol.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hliggieb.exeC:\Windows\system32\Hliggieb.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Himgqmcl.exeC:\Windows\system32\Himgqmcl.exe33⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Hipdfm32.exeC:\Windows\system32\Hipdfm32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hchiobhj.exeC:\Windows\system32\Hchiobhj.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hamepo32.exeC:\Windows\system32\Hamepo32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ikfjid32.exeC:\Windows\system32\Ikfjid32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Icmbja32.exeC:\Windows\system32\Icmbja32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ijgjglla.exeC:\Windows\system32\Ijgjglla.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ikhgnd32.exeC:\Windows\system32\Ikhgnd32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iaboknil.exeC:\Windows\system32\Iaboknil.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ijiglk32.exeC:\Windows\system32\Ijiglk32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iofpdb32.exeC:\Windows\system32\Iofpdb32.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ijkdbk32.exeC:\Windows\system32\Ijkdbk32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ikmpicmj.exeC:\Windows\system32\Ikmpicmj.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iaghfm32.exeC:\Windows\system32\Iaghfm32.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ijnqgk32.exeC:\Windows\system32\Ijnqgk32.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kbngnjql.exeC:\Windows\system32\Kbngnjql.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kihpjd32.exeC:\Windows\system32\Kihpjd32.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kobhgnof.exeC:\Windows\system32\Kobhgnof.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kbqdcjoj.exeC:\Windows\system32\Kbqdcjoj.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lijlpdff.exeC:\Windows\system32\Lijlpdff.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lodemn32.exeC:\Windows\system32\Lodemn32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ljjijf32.exeC:\Windows\system32\Ljjijf32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmhefb32.exeC:\Windows\system32\Lmhefb32.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lpgabn32.exeC:\Windows\system32\Lpgabn32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ljlepfkg.exeC:\Windows\system32\Ljlepfkg.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lknbgo32.exeC:\Windows\system32\Lknbgo32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lcdjhl32.exeC:\Windows\system32\Lcdjhl32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lfcfdg32.exeC:\Windows\system32\Lfcfdg32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lcggnl32.exeC:\Windows\system32\Lcggnl32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lciccknb.exeC:\Windows\system32\Lciccknb.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mclpikko.exeC:\Windows\system32\Mclpikko.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mpbanlac.exeC:\Windows\system32\Mpbanlac.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mjhekdai.exeC:\Windows\system32\Mjhekdai.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mpencloq.exeC:\Windows\system32\Mpencloq.exe33⤵
-
C:\Windows\SysWOW64\Nifebp32.exeC:\Windows\system32\Nifebp32.exe34⤵
-
C:\Windows\SysWOW64\Ndliph32.exeC:\Windows\system32\Ndliph32.exe35⤵
-
C:\Windows\SysWOW64\Npcjei32.exeC:\Windows\system32\Npcjei32.exe36⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nfmbacjn.exeC:\Windows\system32\Nfmbacjn.exe37⤵
-
C:\Windows\SysWOW64\Niknnoia.exeC:\Windows\system32\Niknnoia.exe38⤵
-
C:\Windows\SysWOW64\Nljkjjhe.exeC:\Windows\system32\Nljkjjhe.exe39⤵
-
C:\Windows\SysWOW64\Ofoogc32.exeC:\Windows\system32\Ofoogc32.exe40⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Omigdmph.exeC:\Windows\system32\Omigdmph.exe1⤵
-
C:\Windows\SysWOW64\Odcoqg32.exeC:\Windows\system32\Odcoqg32.exe2⤵
-
C:\Windows\SysWOW64\Ojmgmaoa.exeC:\Windows\system32\Ojmgmaoa.exe3⤵
-
C:\Windows\SysWOW64\Olndej32.exeC:\Windows\system32\Olndej32.exe4⤵
-
C:\Windows\SysWOW64\Ofdhbb32.exeC:\Windows\system32\Ofdhbb32.exe5⤵
-
C:\Windows\SysWOW64\Oibdnnci.exeC:\Windows\system32\Oibdnnci.exe6⤵
-
C:\Windows\SysWOW64\Oplmkh32.exeC:\Windows\system32\Oplmkh32.exe7⤵
-
C:\Windows\SysWOW64\Obkigc32.exeC:\Windows\system32\Obkigc32.exe8⤵
-
C:\Windows\SysWOW64\Oidadnaf.exeC:\Windows\system32\Oidadnaf.exe9⤵
-
C:\Windows\SysWOW64\Olcmpiqj.exeC:\Windows\system32\Olcmpiqj.exe10⤵
-
C:\Windows\SysWOW64\Obmfmc32.exeC:\Windows\system32\Obmfmc32.exe11⤵
-
C:\Windows\SysWOW64\Okdnnq32.exeC:\Windows\system32\Okdnnq32.exe12⤵
-
C:\Windows\SysWOW64\Ombjjlhm.exeC:\Windows\system32\Ombjjlhm.exe13⤵
-
C:\Windows\SysWOW64\Pdmbgf32.exeC:\Windows\system32\Pdmbgf32.exe14⤵
-
C:\Windows\SysWOW64\Pgknca32.exeC:\Windows\system32\Pgknca32.exe15⤵
-
C:\Windows\SysWOW64\Piikom32.exeC:\Windows\system32\Piikom32.exe16⤵
-
C:\Windows\SysWOW64\Ppcclgen.exeC:\Windows\system32\Ppcclgen.exe17⤵
-
C:\Windows\SysWOW64\Pgmkha32.exeC:\Windows\system32\Pgmkha32.exe18⤵
-
C:\Windows\SysWOW64\Pilgdm32.exeC:\Windows\system32\Pilgdm32.exe19⤵
-
C:\Windows\SysWOW64\Ppepag32.exeC:\Windows\system32\Ppepag32.exe20⤵
-
C:\Windows\SysWOW64\Pkkdop32.exeC:\Windows\system32\Pkkdop32.exe21⤵
-
C:\Windows\SysWOW64\Pllpfhhp.exeC:\Windows\system32\Pllpfhhp.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pdchgeib.exeC:\Windows\system32\Pdchgeib.exe23⤵
-
C:\Windows\SysWOW64\Pknqdo32.exeC:\Windows\system32\Pknqdo32.exe24⤵
-
C:\Windows\SysWOW64\Pciehanj.exeC:\Windows\system32\Pciehanj.exe25⤵
-
C:\Windows\SysWOW64\Pibmel32.exeC:\Windows\system32\Pibmel32.exe26⤵
-
C:\Windows\SysWOW64\Plajag32.exeC:\Windows\system32\Plajag32.exe27⤵
-
C:\Windows\SysWOW64\Qdhabd32.exeC:\Windows\system32\Qdhabd32.exe28⤵
-
C:\Windows\SysWOW64\Qkbjooli.exeC:\Windows\system32\Qkbjooli.exe29⤵
-
C:\Windows\SysWOW64\Qmqfkjkm.exeC:\Windows\system32\Qmqfkjkm.exe30⤵
-
C:\Windows\SysWOW64\Qpobgekq.exeC:\Windows\system32\Qpobgekq.exe31⤵
-
C:\Windows\SysWOW64\Qcmoca32.exeC:\Windows\system32\Qcmoca32.exe32⤵
-
C:\Windows\SysWOW64\Qkdgen32.exeC:\Windows\system32\Qkdgen32.exe33⤵
-
C:\Windows\SysWOW64\Qiggpkaa.exeC:\Windows\system32\Qiggpkaa.exe34⤵
-
C:\Windows\SysWOW64\Admkndag.exeC:\Windows\system32\Admkndag.exe35⤵
-
C:\Windows\SysWOW64\Agkgjopk.exeC:\Windows\system32\Agkgjopk.exe36⤵
-
C:\Windows\SysWOW64\Alhpbfnb.exeC:\Windows\system32\Alhpbfnb.exe37⤵
-
C:\Windows\SysWOW64\Adohccod.exeC:\Windows\system32\Adohccod.exe38⤵
-
C:\Windows\SysWOW64\Akippnfa.exeC:\Windows\system32\Akippnfa.exe39⤵
-
C:\Windows\SysWOW64\Anhlliee.exeC:\Windows\system32\Anhlliee.exe40⤵
-
C:\Windows\SysWOW64\Apfhhddi.exeC:\Windows\system32\Apfhhddi.exe41⤵
-
C:\Windows\SysWOW64\Agpqeo32.exeC:\Windows\system32\Agpqeo32.exe42⤵
-
C:\Windows\SysWOW64\Anjiaicb.exeC:\Windows\system32\Anjiaicb.exe43⤵
-
C:\Windows\SysWOW64\Acgajpaj.exeC:\Windows\system32\Acgajpaj.exe44⤵
-
C:\Windows\SysWOW64\Ajqjfjif.exeC:\Windows\system32\Ajqjfjif.exe45⤵
-
C:\Windows\SysWOW64\Apkbcd32.exeC:\Windows\system32\Apkbcd32.exe46⤵
-
C:\Windows\SysWOW64\Akpfqm32.exeC:\Windows\system32\Akpfqm32.exe47⤵
-
C:\Windows\SysWOW64\Bnobmh32.exeC:\Windows\system32\Bnobmh32.exe48⤵
-
C:\Windows\SysWOW64\Bdikibgj.exeC:\Windows\system32\Bdikibgj.exe49⤵
-
C:\Windows\SysWOW64\Bkbcflng.exeC:\Windows\system32\Bkbcflng.exe50⤵
-
C:\Windows\SysWOW64\Bldond32.exeC:\Windows\system32\Bldond32.exe51⤵
-
C:\Windows\SysWOW64\Bcngjoka.exeC:\Windows\system32\Bcngjoka.exe52⤵
-
C:\Windows\SysWOW64\Bjhpgi32.exeC:\Windows\system32\Bjhpgi32.exe53⤵
-
C:\Windows\SysWOW64\Bqahdcjk.exeC:\Windows\system32\Bqahdcjk.exe54⤵
-
C:\Windows\SysWOW64\Bglpqm32.exeC:\Windows\system32\Bglpqm32.exe55⤵
-
C:\Windows\SysWOW64\Bjjmmh32.exeC:\Windows\system32\Bjjmmh32.exe56⤵
-
C:\Windows\SysWOW64\Bqdeib32.exeC:\Windows\system32\Bqdeib32.exe57⤵
-
C:\Windows\SysWOW64\Bgnmfmpe.exeC:\Windows\system32\Bgnmfmpe.exe58⤵
-
C:\Windows\SysWOW64\Bqfaob32.exeC:\Windows\system32\Bqfaob32.exe59⤵
-
C:\Windows\SysWOW64\Bcenkn32.exeC:\Windows\system32\Bcenkn32.exe60⤵
-
C:\Windows\SysWOW64\Bklflk32.exeC:\Windows\system32\Bklflk32.exe61⤵
-
C:\Windows\SysWOW64\Cnjbhfep.exeC:\Windows\system32\Cnjbhfep.exe62⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cqindbdc.exeC:\Windows\system32\Cqindbdc.exe63⤵
-
C:\Windows\SysWOW64\Cddjeq32.exeC:\Windows\system32\Cddjeq32.exe64⤵
-
C:\Windows\SysWOW64\Cknbbkdi.exeC:\Windows\system32\Cknbbkdi.exe65⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cnmonfcm.exeC:\Windows\system32\Cnmonfcm.exe66⤵
-
C:\Windows\SysWOW64\Cdggkp32.exeC:\Windows\system32\Cdggkp32.exe67⤵
-
C:\Windows\SysWOW64\Ccigfmad.exeC:\Windows\system32\Ccigfmad.exe68⤵
-
C:\Windows\SysWOW64\Ckqogjbg.exeC:\Windows\system32\Ckqogjbg.exe69⤵
-
C:\Windows\SysWOW64\Cnokcfaj.exeC:\Windows\system32\Cnokcfaj.exe70⤵
-
C:\Windows\SysWOW64\Ccldlm32.exeC:\Windows\system32\Ccldlm32.exe71⤵
-
C:\Windows\SysWOW64\Cdkpfpfd.exeC:\Windows\system32\Cdkpfpfd.exe72⤵
-
C:\Windows\SysWOW64\Cjhinfdl.exeC:\Windows\system32\Cjhinfdl.exe73⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cqbakq32.exeC:\Windows\system32\Cqbakq32.exe74⤵
-
C:\Windows\SysWOW64\Cgligk32.exeC:\Windows\system32\Cgligk32.exe75⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Djjecf32.exeC:\Windows\system32\Djjecf32.exe76⤵
-
C:\Windows\SysWOW64\Dqdnppjf.exeC:\Windows\system32\Dqdnppjf.exe77⤵
-
C:\Windows\SysWOW64\Dgnfmj32.exeC:\Windows\system32\Dgnfmj32.exe78⤵
-
C:\Windows\SysWOW64\Djmbif32.exeC:\Windows\system32\Djmbif32.exe79⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dqgjfphc.exeC:\Windows\system32\Dqgjfphc.exe80⤵
-
C:\Windows\SysWOW64\Dcegbk32.exeC:\Windows\system32\Dcegbk32.exe81⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dkloci32.exeC:\Windows\system32\Dkloci32.exe82⤵
-
C:\Windows\SysWOW64\Dkokih32.exeC:\Windows\system32\Dkokih32.exe83⤵
-
C:\Windows\SysWOW64\Dnmhed32.exeC:\Windows\system32\Dnmhed32.exe84⤵
-
C:\Windows\SysWOW64\Dqkdao32.exeC:\Windows\system32\Dqkdao32.exe85⤵
-
C:\Windows\SysWOW64\Dcjpmk32.exeC:\Windows\system32\Dcjpmk32.exe86⤵
-
C:\Windows\SysWOW64\Dgelni32.exeC:\Windows\system32\Dgelni32.exe87⤵
-
C:\Windows\SysWOW64\Dnpdjcch.exeC:\Windows\system32\Dnpdjcch.exe88⤵
-
C:\Windows\SysWOW64\Deimgn32.exeC:\Windows\system32\Deimgn32.exe89⤵
-
C:\Windows\SysWOW64\Ejfeod32.exeC:\Windows\system32\Ejfeod32.exe90⤵
-
C:\Windows\SysWOW64\Emdakp32.exeC:\Windows\system32\Emdakp32.exe91⤵
-
C:\Windows\SysWOW64\Eelimm32.exeC:\Windows\system32\Eelimm32.exe92⤵
-
C:\Windows\SysWOW64\Egjeii32.exeC:\Windows\system32\Egjeii32.exe93⤵
-
C:\Windows\SysWOW64\Ejhbedfi.exeC:\Windows\system32\Ejhbedfi.exe94⤵
-
C:\Windows\SysWOW64\Emgnapem.exeC:\Windows\system32\Emgnapem.exe95⤵
-
C:\Windows\SysWOW64\Eabjan32.exeC:\Windows\system32\Eabjan32.exe96⤵
-
C:\Windows\SysWOW64\Ecafnj32.exeC:\Windows\system32\Ecafnj32.exe97⤵
-
C:\Windows\SysWOW64\Ekhnog32.exeC:\Windows\system32\Ekhnog32.exe98⤵
-
C:\Windows\SysWOW64\Enfjkb32.exeC:\Windows\system32\Enfjkb32.exe99⤵
-
C:\Windows\SysWOW64\Eaeggn32.exeC:\Windows\system32\Eaeggn32.exe100⤵
-
C:\Windows\SysWOW64\Ecccci32.exeC:\Windows\system32\Ecccci32.exe101⤵
-
C:\Windows\SysWOW64\Ekjkdg32.exeC:\Windows\system32\Ekjkdg32.exe102⤵
-
C:\Windows\SysWOW64\Enigqbkm.exeC:\Windows\system32\Enigqbkm.exe103⤵
-
C:\Windows\SysWOW64\Eagcmnjq.exeC:\Windows\system32\Eagcmnjq.exe104⤵
-
C:\Windows\SysWOW64\Eecoml32.exeC:\Windows\system32\Eecoml32.exe105⤵
-
C:\Windows\SysWOW64\Egalih32.exeC:\Windows\system32\Egalih32.exe106⤵
-
C:\Windows\SysWOW64\Ejphec32.exeC:\Windows\system32\Ejphec32.exe107⤵
-
C:\Windows\SysWOW64\Emndao32.exeC:\Windows\system32\Emndao32.exe108⤵
-
C:\Windows\SysWOW64\Eaipbmhn.exeC:\Windows\system32\Eaipbmhn.exe109⤵
-
C:\Windows\SysWOW64\Echlniga.exeC:\Windows\system32\Echlniga.exe110⤵
-
C:\Windows\SysWOW64\Fgchog32.exeC:\Windows\system32\Fgchog32.exe111⤵
-
C:\Windows\SysWOW64\Fjbdkc32.exeC:\Windows\system32\Fjbdkc32.exe112⤵
-
C:\Windows\SysWOW64\Fmpagnmb.exeC:\Windows\system32\Fmpagnmb.exe113⤵
-
C:\Windows\SysWOW64\Fcjidh32.exeC:\Windows\system32\Fcjidh32.exe114⤵
-
C:\Windows\SysWOW64\Flaaef32.exeC:\Windows\system32\Flaaef32.exe115⤵
-
C:\Windows\SysWOW64\Fnpmaa32.exeC:\Windows\system32\Fnpmaa32.exe116⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fanimm32.exeC:\Windows\system32\Fanimm32.exe117⤵
-
C:\Windows\SysWOW64\Fcmfih32.exeC:\Windows\system32\Fcmfih32.exe118⤵
-
C:\Windows\SysWOW64\Fldnke32.exeC:\Windows\system32\Fldnke32.exe119⤵
-
C:\Windows\SysWOW64\Fmejbnim.exeC:\Windows\system32\Fmejbnim.exe120⤵
-
C:\Windows\SysWOW64\Fdobohaj.exeC:\Windows\system32\Fdobohaj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-