Analysis
-
max time kernel
140s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
07/11/2022, 04:42
General
-
Target
cff3b479c1bb2610f4d451565180361e5ebcbe4a7b17348684237a2d48d831bf.exe
-
Size
92KB
-
MD5
079ef782fb1b8db0df85600ecb38eb00
-
SHA1
ca573a1348ccc55e23b85809e6fdbf775206c53a
-
SHA256
cff3b479c1bb2610f4d451565180361e5ebcbe4a7b17348684237a2d48d831bf
-
SHA512
0bcfe8a174631c2831a4e156d0dc27e6ec3e295845abf43056823e2019d9f7b5e2958d9831d55583e345813ba337a383ba466729ecc6363f81dde33fa69f2d12
-
SSDEEP
1536:Vxm6SjL7rowIjmYeWUxSpWROZYQ9+5FTzBA3jLV3BGnMPJKEsztuJO:cjLvoFYSp7S5FJkjLlBRh1sN
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cff3b479c1bb2610f4d451565180361e5ebcbe4a7b17348684237a2d48d831bf.exe"C:\Users\Admin\AppData\Local\Temp\cff3b479c1bb2610f4d451565180361e5ebcbe4a7b17348684237a2d48d831bf.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Plgpqb32.exeC:\Windows\system32\Plgpqb32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pikqjf32.exeC:\Windows\system32\Pikqjf32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ppeigqop.exeC:\Windows\system32\Ppeigqop.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ppgelp32.exeC:\Windows\system32\Ppgelp32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pedndg32.exeC:\Windows\system32\Pedndg32.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qplogpih.exeC:\Windows\system32\Qplogpih.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qidcpe32.exeC:\Windows\system32\Qidcpe32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qoalhl32.exeC:\Windows\system32\Qoalhl32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Alelbpmi.exeC:\Windows\system32\Alelbpmi.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Abodoj32.exeC:\Windows\system32\Abodoj32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Amdilc32.exeC:\Windows\system32\Amdilc32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Agmmeijl.exeC:\Windows\system32\Agmmeijl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aohbik32.exeC:\Windows\system32\Aohbik32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aphncnoj.exeC:\Windows\system32\Aphncnoj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
C:\Windows\SysWOW64\Ncnofeof.exeC:\Windows\system32\Ncnofeof.exe11⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Nflkbanj.exeC:\Windows\system32\Nflkbanj.exe12⤵
-
C:\Windows\SysWOW64\Nncccnol.exeC:\Windows\system32\Nncccnol.exe13⤵
-
C:\Windows\SysWOW64\Nqbpojnp.exeC:\Windows\system32\Nqbpojnp.exe14⤵
-
C:\Windows\SysWOW64\Ncqlkemc.exeC:\Windows\system32\Ncqlkemc.exe15⤵
-
C:\Windows\SysWOW64\Nfohgqlg.exeC:\Windows\system32\Nfohgqlg.exe16⤵
-
C:\Windows\SysWOW64\Ngndaccj.exeC:\Windows\system32\Ngndaccj.exe17⤵
-
C:\Windows\SysWOW64\Njmqnobn.exeC:\Windows\system32\Njmqnobn.exe18⤵
-
C:\Windows\SysWOW64\Nmkmjjaa.exeC:\Windows\system32\Nmkmjjaa.exe19⤵
-
C:\Windows\SysWOW64\Npiiffqe.exeC:\Windows\system32\Npiiffqe.exe20⤵
-
C:\Windows\SysWOW64\Ngqagcag.exeC:\Windows\system32\Ngqagcag.exe21⤵
-
C:\Windows\SysWOW64\Onkidm32.exeC:\Windows\system32\Onkidm32.exe22⤵
-
C:\Windows\SysWOW64\Ocgbld32.exeC:\Windows\system32\Ocgbld32.exe23⤵
-
C:\Windows\SysWOW64\Oakbehfe.exeC:\Windows\system32\Oakbehfe.exe24⤵
-
C:\Windows\SysWOW64\Ogekbb32.exeC:\Windows\system32\Ogekbb32.exe25⤵
-
C:\Windows\SysWOW64\Ojdgnn32.exeC:\Windows\system32\Ojdgnn32.exe26⤵
-
C:\Windows\SysWOW64\Oanokhdb.exeC:\Windows\system32\Oanokhdb.exe27⤵
-
C:\Windows\SysWOW64\Oclkgccf.exeC:\Windows\system32\Oclkgccf.exe28⤵
-
C:\Windows\SysWOW64\Ojfcdnjc.exeC:\Windows\system32\Ojfcdnjc.exe29⤵
-
C:\Windows\SysWOW64\Omdppiif.exeC:\Windows\system32\Omdppiif.exe30⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Opclldhj.exeC:\Windows\system32\Opclldhj.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Opeiadfg.exeC:\Windows\system32\Opeiadfg.exe32⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pfoann32.exeC:\Windows\system32\Pfoann32.exe33⤵
-
C:\Windows\SysWOW64\Pmiikh32.exeC:\Windows\system32\Pmiikh32.exe34⤵
-
C:\Windows\SysWOW64\Ppgegd32.exeC:\Windows\system32\Ppgegd32.exe35⤵
-
C:\Windows\SysWOW64\Phonha32.exeC:\Windows\system32\Phonha32.exe36⤵
-
C:\Windows\SysWOW64\Pjmjdm32.exeC:\Windows\system32\Pjmjdm32.exe37⤵
-
C:\Windows\SysWOW64\Pagbaglh.exeC:\Windows\system32\Pagbaglh.exe38⤵
-
C:\Windows\SysWOW64\Paiogf32.exeC:\Windows\system32\Paiogf32.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Phcgcqab.exeC:\Windows\system32\Phcgcqab.exe40⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pjbcplpe.exeC:\Windows\system32\Pjbcplpe.exe41⤵
-
C:\Windows\SysWOW64\Pmpolgoi.exeC:\Windows\system32\Pmpolgoi.exe42⤵
-
C:\Windows\SysWOW64\Ppolhcnm.exeC:\Windows\system32\Ppolhcnm.exe43⤵
-
C:\Windows\SysWOW64\Phfcipoo.exeC:\Windows\system32\Phfcipoo.exe44⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pjdpelnc.exeC:\Windows\system32\Pjdpelnc.exe45⤵
-
C:\Windows\SysWOW64\Qdoacabq.exeC:\Windows\system32\Qdoacabq.exe46⤵
-
C:\Windows\SysWOW64\Qfmmplad.exeC:\Windows\system32\Qfmmplad.exe47⤵
-
C:\Windows\SysWOW64\Qmgelf32.exeC:\Windows\system32\Qmgelf32.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Qdaniq32.exeC:\Windows\system32\Qdaniq32.exe49⤵
-
C:\Windows\SysWOW64\Akkffkhk.exeC:\Windows\system32\Akkffkhk.exe50⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Amjbbfgo.exeC:\Windows\system32\Amjbbfgo.exe51⤵
-
C:\Windows\SysWOW64\Aphnnafb.exeC:\Windows\system32\Aphnnafb.exe52⤵
-
C:\Windows\SysWOW64\Ahofoogd.exeC:\Windows\system32\Ahofoogd.exe53⤵
-
C:\Windows\SysWOW64\Adfgdpmi.exeC:\Windows\system32\Adfgdpmi.exe54⤵
-
C:\Windows\SysWOW64\Akpoaj32.exeC:\Windows\system32\Akpoaj32.exe55⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Apmhiq32.exeC:\Windows\system32\Apmhiq32.exe56⤵
-
C:\Windows\SysWOW64\Aggpfkjj.exeC:\Windows\system32\Aggpfkjj.exe57⤵
-
C:\Windows\SysWOW64\Aonhghjl.exeC:\Windows\system32\Aonhghjl.exe58⤵
-
C:\Windows\SysWOW64\Apodoq32.exeC:\Windows\system32\Apodoq32.exe59⤵
-
C:\Windows\SysWOW64\Ahfmpnql.exeC:\Windows\system32\Ahfmpnql.exe60⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bgkiaj32.exeC:\Windows\system32\Bgkiaj32.exe61⤵
-
C:\Windows\SysWOW64\Bobabg32.exeC:\Windows\system32\Bobabg32.exe62⤵
-
C:\Windows\SysWOW64\Bpdnjple.exeC:\Windows\system32\Bpdnjple.exe63⤵
-
C:\Windows\SysWOW64\Bgnffj32.exeC:\Windows\system32\Bgnffj32.exe64⤵
-
C:\Windows\SysWOW64\Boenhgdd.exeC:\Windows\system32\Boenhgdd.exe65⤵
-
C:\Windows\SysWOW64\Bacjdbch.exeC:\Windows\system32\Bacjdbch.exe66⤵
-
C:\Windows\SysWOW64\Bhmbqm32.exeC:\Windows\system32\Bhmbqm32.exe67⤵
-
C:\Windows\SysWOW64\Bklomh32.exeC:\Windows\system32\Bklomh32.exe68⤵
-
C:\Windows\SysWOW64\Bknlbhhe.exeC:\Windows\system32\Bknlbhhe.exe69⤵
-
C:\Windows\SysWOW64\Bahdob32.exeC:\Windows\system32\Bahdob32.exe70⤵
-
C:\Windows\SysWOW64\Bdfpkm32.exeC:\Windows\system32\Bdfpkm32.exe71⤵
-
C:\Windows\SysWOW64\Bhblllfo.exeC:\Windows\system32\Bhblllfo.exe72⤵
-
C:\Windows\SysWOW64\Boldhf32.exeC:\Windows\system32\Boldhf32.exe73⤵
-
C:\Windows\SysWOW64\Cpmapodj.exeC:\Windows\system32\Cpmapodj.exe74⤵
-
C:\Windows\SysWOW64\Ckbemgcp.exeC:\Windows\system32\Ckbemgcp.exe75⤵
-
C:\Windows\SysWOW64\Chfegk32.exeC:\Windows\system32\Chfegk32.exe76⤵
-
C:\Windows\SysWOW64\Coqncejg.exeC:\Windows\system32\Coqncejg.exe77⤵
-
C:\Windows\SysWOW64\Cdmfllhn.exeC:\Windows\system32\Cdmfllhn.exe78⤵
-
C:\Windows\SysWOW64\Chiblk32.exeC:\Windows\system32\Chiblk32.exe79⤵
-
C:\Windows\SysWOW64\Cocjiehd.exeC:\Windows\system32\Cocjiehd.exe80⤵
-
C:\Windows\SysWOW64\Cpdgqmnb.exeC:\Windows\system32\Cpdgqmnb.exe81⤵
-
C:\Windows\SysWOW64\Cgnomg32.exeC:\Windows\system32\Cgnomg32.exe82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cgqlcg32.exeC:\Windows\system32\Cgqlcg32.exe83⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cnjdpaki.exeC:\Windows\system32\Cnjdpaki.exe84⤵
-
C:\Windows\SysWOW64\Dddllkbf.exeC:\Windows\system32\Dddllkbf.exe85⤵
-
C:\Windows\SysWOW64\Dgcihgaj.exeC:\Windows\system32\Dgcihgaj.exe86⤵
-
C:\Windows\SysWOW64\Dnmaea32.exeC:\Windows\system32\Dnmaea32.exe87⤵
-
C:\Windows\SysWOW64\Dpkmal32.exeC:\Windows\system32\Dpkmal32.exe88⤵
-
C:\Windows\SysWOW64\Dgeenfog.exeC:\Windows\system32\Dgeenfog.exe89⤵
-
C:\Windows\SysWOW64\Dnonkq32.exeC:\Windows\system32\Dnonkq32.exe90⤵
-
C:\Windows\SysWOW64\Dnajppda.exeC:\Windows\system32\Dnajppda.exe91⤵
-
C:\Windows\SysWOW64\Dqpfmlce.exeC:\Windows\system32\Dqpfmlce.exe92⤵
-
C:\Windows\SysWOW64\Dhgonidg.exeC:\Windows\system32\Dhgonidg.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Bgfpkgbb.exeC:\Windows\system32\Bgfpkgbb.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bcmqphhf.exeC:\Windows\system32\Bcmqphhf.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bleein32.exeC:\Windows\system32\Bleein32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Blhbnn32.exeC:\Windows\system32\Blhbnn32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bngnhq32.exeC:\Windows\system32\Bngnhq32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hpmkao32.exeC:\Windows\system32\Hpmkao32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hffcni32.exeC:\Windows\system32\Hffcni32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ikdldglk.exeC:\Windows\system32\Ikdldglk.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ihhmml32.exeC:\Windows\system32\Ihhmml32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ihkick32.exeC:\Windows\system32\Ihkick32.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Imjoqbef.exeC:\Windows\system32\Imjoqbef.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jmlkfacd.exeC:\Windows\system32\Jmlkfacd.exe12⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jolhpdjg.exeC:\Windows\system32\Jolhpdjg.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jondfdhd.exeC:\Windows\system32\Jondfdhd.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jkeeke32.exeC:\Windows\system32\Jkeeke32.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jhifdimb.exeC:\Windows\system32\Jhifdimb.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Khkbjiko.exeC:\Windows\system32\Khkbjiko.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kgpokepg.exeC:\Windows\system32\Kgpokepg.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Khpleh32.exeC:\Windows\system32\Khpleh32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Knmdmo32.exeC:\Windows\system32\Knmdmo32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kpkqik32.exeC:\Windows\system32\Kpkqik32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kgeife32.exeC:\Windows\system32\Kgeife32.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Khdephbd.exeC:\Windows\system32\Khdephbd.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kkcalcbh.exeC:\Windows\system32\Kkcalcbh.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhgbeg32.exeC:\Windows\system32\Lhgbeg32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ldnbjhff.exeC:\Windows\system32\Ldnbjhff.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lglofdej.exeC:\Windows\system32\Lglofdej.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lpdcpi32.exeC:\Windows\system32\Lpdcpi32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lkjhmblp.exeC:\Windows\system32\Lkjhmblp.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lohpcq32.exeC:\Windows\system32\Lohpcq32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lddikg32.exeC:\Windows\system32\Lddikg32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mkanma32.exeC:\Windows\system32\Mkanma32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mnagolbi.exeC:\Windows\system32\Mnagolbi.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Moacio32.exeC:\Windows\system32\Moacio32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mkhdnppp.exeC:\Windows\system32\Mkhdnppp.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mqelfg32.exeC:\Windows\system32\Mqelfg32.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mbdipjej.exeC:\Windows\system32\Mbdipjej.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nkmmip32.exeC:\Windows\system32\Nkmmip32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nbfefj32.exeC:\Windows\system32\Nbfefj32.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Niqnbdjd.exeC:\Windows\system32\Niqnbdjd.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nojfon32.exeC:\Windows\system32\Nojfon32.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nbibki32.exeC:\Windows\system32\Nbibki32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nicjhchb.exeC:\Windows\system32\Nicjhchb.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nkagdoge.exeC:\Windows\system32\Nkagdoge.exe44⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nqnomfem.exeC:\Windows\system32\Nqnomfem.exe45⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Niegnc32.exeC:\Windows\system32\Niegnc32.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nkccjo32.exeC:\Windows\system32\Nkccjo32.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nbnlfimp.exeC:\Windows\system32\Nbnlfimp.exe48⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Nelhbdlc.exeC:\Windows\system32\Nelhbdlc.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ngjdopkg.exeC:\Windows\system32\Ngjdopkg.exe50⤵
-
C:\Windows\SysWOW64\Oacige32.exeC:\Windows\system32\Oacige32.exe51⤵
-
C:\Windows\SysWOW64\Oijqibbj.exeC:\Windows\system32\Oijqibbj.exe52⤵
-
C:\Windows\SysWOW64\Oodiem32.exeC:\Windows\system32\Oodiem32.exe53⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Obbeah32.exeC:\Windows\system32\Obbeah32.exe54⤵
-
C:\Windows\SysWOW64\Oeqanc32.exeC:\Windows\system32\Oeqanc32.exe55⤵
-
C:\Windows\SysWOW64\Ogonjo32.exeC:\Windows\system32\Ogonjo32.exe56⤵
-
C:\Windows\SysWOW64\Oniffino.exeC:\Windows\system32\Oniffino.exe57⤵
-
C:\Windows\SysWOW64\Ogajooeo.exeC:\Windows\system32\Ogajooeo.exe58⤵
-
C:\Windows\SysWOW64\Onkbli32.exeC:\Windows\system32\Onkbli32.exe59⤵
-
C:\Windows\SysWOW64\Oeekicdi.exeC:\Windows\system32\Oeekicdi.exe60⤵
-
C:\Windows\SysWOW64\Oehgnbbf.exeC:\Windows\system32\Oehgnbbf.exe61⤵
-
C:\Windows\SysWOW64\Ogfcjnaj.exeC:\Windows\system32\Ogfcjnaj.exe62⤵
-
C:\Windows\SysWOW64\Pnplghhf.exeC:\Windows\system32\Pnplghhf.exe63⤵
-
C:\Windows\SysWOW64\Pejddb32.exeC:\Windows\system32\Pejddb32.exe64⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ppbegkmg.exeC:\Windows\system32\Ppbegkmg.exe65⤵
-
C:\Windows\SysWOW64\Pacaoc32.exeC:\Windows\system32\Pacaoc32.exe66⤵
-
C:\Windows\SysWOW64\Phmjkmka.exeC:\Windows\system32\Phmjkmka.exe67⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pngbhg32.exeC:\Windows\system32\Pngbhg32.exe68⤵
-
C:\Windows\SysWOW64\Peajdajk.exeC:\Windows\system32\Peajdajk.exe69⤵
-
C:\Windows\SysWOW64\Plkbak32.exeC:\Windows\system32\Plkbak32.exe70⤵
-
C:\Windows\SysWOW64\Pbekne32.exeC:\Windows\system32\Pbekne32.exe71⤵
-
C:\Windows\SysWOW64\Piockppb.exeC:\Windows\system32\Piockppb.exe72⤵
-
C:\Windows\SysWOW64\Qpikgj32.exeC:\Windows\system32\Qpikgj32.exe73⤵
-
C:\Windows\SysWOW64\Qajhobmm.exeC:\Windows\system32\Qajhobmm.exe74⤵
-
C:\Windows\SysWOW64\Qiclfo32.exeC:\Windows\system32\Qiclfo32.exe75⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Albibj32.exeC:\Windows\system32\Albibj32.exe76⤵
-
C:\Windows\SysWOW64\Aaoaja32.exeC:\Windows\system32\Aaoaja32.exe77⤵
-
C:\Windows\SysWOW64\Ahiigkqd.exeC:\Windows\system32\Ahiigkqd.exe78⤵
-
C:\Windows\SysWOW64\Aocace32.exeC:\Windows\system32\Aocace32.exe79⤵
-
C:\Windows\SysWOW64\Aemjpp32.exeC:\Windows\system32\Aemjpp32.exe80⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Aoeniefo.exeC:\Windows\system32\Aoeniefo.exe81⤵
-
C:\Windows\SysWOW64\Aackeqeb.exeC:\Windows\system32\Aackeqeb.exe82⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aikbfnfd.exeC:\Windows\system32\Aikbfnfd.exe83⤵
-
C:\Windows\SysWOW64\Aliobieh.exeC:\Windows\system32\Aliobieh.exe84⤵
-
C:\Windows\SysWOW64\Aogkoedl.exeC:\Windows\system32\Aogkoedl.exe85⤵
-
C:\Windows\SysWOW64\Aafgkpcp.exeC:\Windows\system32\Aafgkpcp.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aimoln32.exeC:\Windows\system32\Aimoln32.exe87⤵
-
C:\Windows\SysWOW64\Alkkhi32.exeC:\Windows\system32\Alkkhi32.exe88⤵
-
C:\Windows\SysWOW64\Aojhdd32.exeC:\Windows\system32\Aojhdd32.exe89⤵
-
C:\Windows\SysWOW64\Aahdqp32.exeC:\Windows\system32\Aahdqp32.exe90⤵
-
C:\Windows\SysWOW64\Blnhni32.exeC:\Windows\system32\Blnhni32.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bbhqjchp.exeC:\Windows\system32\Bbhqjchp.exe92⤵
-
C:\Windows\SysWOW64\Bhdibj32.exeC:\Windows\system32\Bhdibj32.exe93⤵
-
C:\Windows\SysWOW64\Booaodnd.exeC:\Windows\system32\Booaodnd.exe94⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Blbaihmn.exeC:\Windows\system32\Blbaihmn.exe95⤵
-
C:\Windows\SysWOW64\Boanecla.exeC:\Windows\system32\Boanecla.exe96⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bekfan32.exeC:\Windows\system32\Bekfan32.exe97⤵
-
C:\Windows\SysWOW64\Bhibni32.exeC:\Windows\system32\Bhibni32.exe98⤵
-
C:\Windows\SysWOW64\Bbofkbbh.exeC:\Windows\system32\Bbofkbbh.exe99⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bemcgmak.exeC:\Windows\system32\Bemcgmak.exe100⤵
-
C:\Windows\SysWOW64\Cafpanem.exeC:\Windows\system32\Cafpanem.exe101⤵
-
C:\Windows\SysWOW64\Chphoh32.exeC:\Windows\system32\Chphoh32.exe102⤵
-
C:\Windows\SysWOW64\Cojqkbdf.exeC:\Windows\system32\Cojqkbdf.exe103⤵
-
C:\Windows\SysWOW64\Cedihl32.exeC:\Windows\system32\Cedihl32.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Clnadfbp.exeC:\Windows\system32\Clnadfbp.exe105⤵
-
C:\Windows\SysWOW64\Commqb32.exeC:\Windows\system32\Commqb32.exe106⤵
-
C:\Windows\SysWOW64\Cakjmm32.exeC:\Windows\system32\Cakjmm32.exe107⤵
-
C:\Windows\SysWOW64\Clckpf32.exeC:\Windows\system32\Clckpf32.exe108⤵
-
C:\Windows\SysWOW64\Coagla32.exeC:\Windows\system32\Coagla32.exe109⤵
-
C:\Windows\SysWOW64\Capchmmb.exeC:\Windows\system32\Capchmmb.exe110⤵
-
C:\Windows\SysWOW64\Dlegeemh.exeC:\Windows\system32\Dlegeemh.exe111⤵
-
C:\Windows\SysWOW64\Dpacfd32.exeC:\Windows\system32\Dpacfd32.exe112⤵
-
C:\Windows\SysWOW64\Dabpnlkp.exeC:\Windows\system32\Dabpnlkp.exe113⤵
-
C:\Windows\SysWOW64\Denlnk32.exeC:\Windows\system32\Denlnk32.exe114⤵
-
C:\Windows\SysWOW64\Dhlhjf32.exeC:\Windows\system32\Dhlhjf32.exe115⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dofpgqji.exeC:\Windows\system32\Dofpgqji.exe116⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dadlclim.exeC:\Windows\system32\Dadlclim.exe117⤵
-
C:\Windows\SysWOW64\Dhnepfpj.exeC:\Windows\system32\Dhnepfpj.exe118⤵
-
C:\Windows\SysWOW64\Dcdimopp.exeC:\Windows\system32\Dcdimopp.exe119⤵
-
C:\Windows\SysWOW64\Djnaji32.exeC:\Windows\system32\Djnaji32.exe120⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dllmfd32.exeC:\Windows\system32\Dllmfd32.exe121⤵
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-