Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
129s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
07/11/2022, 04:43
General
-
Target
1f4a00c02cb87be3efc8fff9eab00ff67e8f33d5e0f817cf1233a9afcd912fb7.exe
-
Size
92KB
-
MD5
16034e94585422f3df3b2ed91a28e350
-
SHA1
d40e2f5229535f035e067cc13439ef704c49720f
-
SHA256
1f4a00c02cb87be3efc8fff9eab00ff67e8f33d5e0f817cf1233a9afcd912fb7
-
SHA512
c282ab1573cdc61ff6bf24fb0eac3c71b5fd1865786d38b3224a5871c74a27ea437056df4c71f1364e456026b66d1442e49264c9b2cfe4f914c986d866f13493
-
SSDEEP
1536:VmGp5y7k+jX6Wnaxv/LuQr05UFrEoc4lzBT3jLV3BGnMPJKEsztuJO:X2Rax3L42Fa4XbjLlBRh1sN
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1f4a00c02cb87be3efc8fff9eab00ff67e8f33d5e0f817cf1233a9afcd912fb7.exe"C:\Users\Admin\AppData\Local\Temp\1f4a00c02cb87be3efc8fff9eab00ff67e8f33d5e0f817cf1233a9afcd912fb7.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mipflggj.exeC:\Windows\system32\Mipflggj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mibbbg32.exeC:\Windows\system32\Mibbbg32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Npmkoamd.exeC:\Windows\system32\Npmkoamd.exe4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nmqkhekn.exeC:\Windows\system32\Nmqkhekn.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nkdlai32.exeC:\Windows\system32\Nkdlai32.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nmchne32.exeC:\Windows\system32\Nmchne32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ndmpjoah.exeC:\Windows\system32\Ndmpjoah.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dnnoojhf.exeC:\Windows\system32\Dnnoojhf.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Elfhdn32.exeC:\Windows\system32\Elfhdn32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eahjgdml.exeC:\Windows\system32\Eahjgdml.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eefcmbdc.exeC:\Windows\system32\Eefcmbdc.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ficlcq32.exeC:\Windows\system32\Ficlcq32.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fifhiphg.exeC:\Windows\system32\Fifhiphg.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fiheopfd.exeC:\Windows\system32\Fiheopfd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fbqjge32.exeC:\Windows\system32\Fbqjge32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fklnlhjp.exeC:\Windows\system32\Fklnlhjp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fhpoelii.exeC:\Windows\system32\Fhpoelii.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gbecbeho.exeC:\Windows\system32\Gbecbeho.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ghbkklgf.exeC:\Windows\system32\Ghbkklgf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gakpcamg.exeC:\Windows\system32\Gakpcamg.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gammiakd.exeC:\Windows\system32\Gammiakd.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gifapn32.exeC:\Windows\system32\Gifapn32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ghlnajol.exeC:\Windows\system32\Ghlnajol.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hepojo32.exeC:\Windows\system32\Hepojo32.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hohccddf.exeC:\Windows\system32\Hohccddf.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Himgqmcl.exeC:\Windows\system32\Himgqmcl.exe27⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hcflib32.exeC:\Windows\system32\Hcflib32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hommnc32.exeC:\Windows\system32\Hommnc32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hiball32.exeC:\Windows\system32\Hiball32.exe30⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hcjedbfg.exeC:\Windows\system32\Hcjedbfg.exe31⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ioaficlk.exeC:\Windows\system32\Ioaficlk.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ioccobji.exeC:\Windows\system32\Ioccobji.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ilgchg32.exeC:\Windows\system32\Ilgchg32.exe34⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ihndmhnf.exeC:\Windows\system32\Ihndmhnf.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Illmcfdm.exeC:\Windows\system32\Illmcfdm.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jhcmhg32.exeC:\Windows\system32\Jhcmhg32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jhejng32.exeC:\Windows\system32\Jhejng32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jkdfjbgb.exeC:\Windows\system32\Jkdfjbgb.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jbnogl32.exeC:\Windows\system32\Jbnogl32.exe40⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jhhgcffl.exeC:\Windows\system32\Jhhgcffl.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Joaopq32.exeC:\Windows\system32\Joaopq32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jflgmkee.exeC:\Windows\system32\Jflgmkee.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jhjcifdi.exeC:\Windows\system32\Jhjcifdi.exe44⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jcphfo32.exeC:\Windows\system32\Jcphfo32.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jcbdlo32.exeC:\Windows\system32\Jcbdlo32.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Koieapgq.exeC:\Windows\system32\Koieapgq.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kkpffqme.exeC:\Windows\system32\Kkpffqme.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Komolo32.exeC:\Windows\system32\Komolo32.exe49⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kjccihca.exeC:\Windows\system32\Kjccihca.exe50⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kmaoecbe.exeC:\Windows\system32\Kmaoecbe.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kkflfp32.exeC:\Windows\system32\Kkflfp32.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ljhldg32.exeC:\Windows\system32\Ljhldg32.exe53⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Limiecdd.exeC:\Windows\system32\Limiecdd.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmkblajj.exeC:\Windows\system32\Lmkblajj.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmmoaahh.exeC:\Windows\system32\Lmmoaahh.exe56⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmokga32.exeC:\Windows\system32\Lmokga32.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Plhgkh32.exeC:\Windows\system32\Plhgkh32.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pgmkha32.exeC:\Windows\system32\Pgmkha32.exe59⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ppepag32.exeC:\Windows\system32\Ppepag32.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pkkdop32.exeC:\Windows\system32\Pkkdop32.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmipkk32.exeC:\Windows\system32\Pmipkk32.exe62⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pcfhcb32.exeC:\Windows\system32\Pcfhcb32.exe63⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Plomlgfm.exeC:\Windows\system32\Plomlgfm.exe64⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qpmfbfmc.exeC:\Windows\system32\Qpmfbfmc.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qgfnop32.exeC:\Windows\system32\Qgfnop32.exe66⤵
-
C:\Windows\SysWOW64\Qcmoca32.exeC:\Windows\system32\Qcmoca32.exe67⤵
-
C:\Windows\SysWOW64\Qiggpkaa.exeC:\Windows\system32\Qiggpkaa.exe68⤵
-
C:\Windows\SysWOW64\Alfclfpe.exeC:\Windows\system32\Alfclfpe.exe69⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Akgcjn32.exeC:\Windows\system32\Akgcjn32.exe70⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Anepfi32.exeC:\Windows\system32\Anepfi32.exe71⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Apclbe32.exeC:\Windows\system32\Apclbe32.exe72⤵
-
C:\Windows\SysWOW64\Acbhopeo.exeC:\Windows\system32\Acbhopeo.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ajlpkj32.exeC:\Windows\system32\Ajlpkj32.exe74⤵
-
C:\Windows\SysWOW64\Aljmgf32.exeC:\Windows\system32\Aljmgf32.exe75⤵
-
C:\Windows\SysWOW64\Ajnmaj32.exeC:\Windows\system32\Ajnmaj32.exe76⤵
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Almime32.exeC:\Windows\system32\Almime32.exe1⤵
-
C:\Windows\SysWOW64\Acgajpaj.exeC:\Windows\system32\Acgajpaj.exe2⤵
-
C:\Windows\SysWOW64\Alofbehj.exeC:\Windows\system32\Alofbehj.exe3⤵
-
C:\Windows\SysWOW64\Adfndbil.exeC:\Windows\system32\Adfndbil.exe4⤵
-
C:\Windows\SysWOW64\Bnobmh32.exeC:\Windows\system32\Bnobmh32.exe5⤵
-
C:\Windows\SysWOW64\Bdikibgj.exeC:\Windows\system32\Bdikibgj.exe6⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bgggenfn.exeC:\Windows\system32\Bgggenfn.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Bnaobhmj.exeC:\Windows\system32\Bnaobhmj.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bldond32.exeC:\Windows\system32\Bldond32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bdkgob32.exeC:\Windows\system32\Bdkgob32.exe10⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bkepllld.exeC:\Windows\system32\Bkepllld.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Blflcd32.exeC:\Windows\system32\Blflcd32.exe12⤵
-
C:\Windows\SysWOW64\Blhiidpp.exeC:\Windows\system32\Blhiidpp.exe13⤵
-
C:\Windows\SysWOW64\Bnhecg32.exeC:\Windows\system32\Bnhecg32.exe14⤵
-
C:\Windows\SysWOW64\Bdbnpaoo.exeC:\Windows\system32\Bdbnpaoo.exe15⤵
-
C:\Windows\SysWOW64\Bgpjllnc.exeC:\Windows\system32\Bgpjllnc.exe16⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Cjofhhmf.exeC:\Windows\system32\Cjofhhmf.exe17⤵
-
C:\Windows\SysWOW64\Cknbbkdi.exeC:\Windows\system32\Cknbbkdi.exe18⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cnmonfcm.exeC:\Windows\system32\Cnmonfcm.exe19⤵
-
C:\Windows\SysWOW64\Cdggkp32.exeC:\Windows\system32\Cdggkp32.exe20⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cgecgl32.exeC:\Windows\system32\Cgecgl32.exe21⤵
-
C:\Windows\SysWOW64\Cjcocg32.exeC:\Windows\system32\Cjcocg32.exe22⤵
-
C:\Windows\SysWOW64\Cmblob32.exeC:\Windows\system32\Cmblob32.exe23⤵
-
C:\Windows\SysWOW64\Ccldlm32.exeC:\Windows\system32\Ccldlm32.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ckclmj32.exeC:\Windows\system32\Ckclmj32.exe25⤵
-
C:\Windows\SysWOW64\Cmdhdbfb.exeC:\Windows\system32\Cmdhdbfb.exe26⤵
-
C:\Windows\SysWOW64\Cdkpfpfd.exeC:\Windows\system32\Cdkpfpfd.exe27⤵
-
C:\Windows\SysWOW64\Cgjmbkeh.exeC:\Windows\system32\Cgjmbkeh.exe28⤵
-
C:\Windows\SysWOW64\Cndeoe32.exeC:\Windows\system32\Cndeoe32.exe29⤵
-
C:\Windows\SysWOW64\Cqbakq32.exeC:\Windows\system32\Cqbakq32.exe30⤵
-
C:\Windows\SysWOW64\Cdnmko32.exeC:\Windows\system32\Cdnmko32.exe31⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dkhehilo.exeC:\Windows\system32\Dkhehilo.exe32⤵
-
C:\Windows\SysWOW64\Dnfadekb.exeC:\Windows\system32\Dnfadekb.exe33⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dqdnppjf.exeC:\Windows\system32\Dqdnppjf.exe34⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dnhnjdip.exeC:\Windows\system32\Dnhnjdip.exe35⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Degpanlg.exeC:\Windows\system32\Degpanlg.exe36⤵
-
C:\Windows\SysWOW64\Dkahnhdd.exeC:\Windows\system32\Dkahnhdd.exe37⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dnpdjcch.exeC:\Windows\system32\Dnpdjcch.exe38⤵
-
C:\Windows\SysWOW64\Deimgn32.exeC:\Windows\system32\Deimgn32.exe39⤵
-
C:\Windows\SysWOW64\Dghici32.exeC:\Windows\system32\Dghici32.exe40⤵
-
C:\Windows\SysWOW64\Enbapcae.exeC:\Windows\system32\Enbapcae.exe41⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eapmlopi.exeC:\Windows\system32\Eapmlopi.exe42⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Emgnapem.exeC:\Windows\system32\Emgnapem.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ecafnj32.exeC:\Windows\system32\Ecafnj32.exe44⤵
-
C:\Windows\SysWOW64\Eaeggn32.exeC:\Windows\system32\Eaeggn32.exe45⤵
-
C:\Windows\SysWOW64\Ecccci32.exeC:\Windows\system32\Ecccci32.exe46⤵
-
C:\Windows\SysWOW64\Ecepiiid.exeC:\Windows\system32\Ecepiiid.exe47⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Elmhjfig.exeC:\Windows\system32\Elmhjfig.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Eeelcl32.exeC:\Windows\system32\Eeelcl32.exe49⤵
-
C:\Windows\SysWOW64\Fmpagnmb.exeC:\Windows\system32\Fmpagnmb.exe50⤵
-
C:\Windows\SysWOW64\Fegihlnd.exeC:\Windows\system32\Fegihlnd.exe51⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fanimm32.exeC:\Windows\system32\Fanimm32.exe52⤵
-
C:\Windows\SysWOW64\Fcmfih32.exeC:\Windows\system32\Fcmfih32.exe53⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fjfnfbji.exeC:\Windows\system32\Fjfnfbji.exe54⤵
-
C:\Windows\SysWOW64\Felbck32.exeC:\Windows\system32\Felbck32.exe55⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Flfjpeal.exeC:\Windows\system32\Flfjpeal.exe56⤵
-
C:\Windows\SysWOW64\Facchlpc.exeC:\Windows\system32\Facchlpc.exe57⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fhmkef32.exeC:\Windows\system32\Fhmkef32.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Fjkgaa32.exeC:\Windows\system32\Fjkgaa32.exe59⤵
-
C:\Windows\SysWOW64\Faepnlnq.exeC:\Windows\system32\Faepnlnq.exe60⤵
-
C:\Windows\SysWOW64\Ghohkfen.exeC:\Windows\system32\Ghohkfen.exe61⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gjndgada.exeC:\Windows\system32\Gjndgada.exe62⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gmlpcmce.exeC:\Windows\system32\Gmlpcmce.exe63⤵
-
C:\Windows\SysWOW64\Gdfipg32.exeC:\Windows\system32\Gdfipg32.exe64⤵
-
C:\Windows\SysWOW64\Gjpalabo.exeC:\Windows\system32\Gjpalabo.exe65⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gajiik32.exeC:\Windows\system32\Gajiik32.exe66⤵
-
C:\Windows\SysWOW64\Gdheefio.exeC:\Windows\system32\Gdheefio.exe67⤵
-
C:\Windows\SysWOW64\Gjbnbq32.exeC:\Windows\system32\Gjbnbq32.exe68⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gehboi32.exeC:\Windows\system32\Gehboi32.exe69⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ghikadmc.exeC:\Windows\system32\Ghikadmc.exe70⤵
-
C:\Windows\SysWOW64\Gkggmplf.exeC:\Windows\system32\Gkggmplf.exe71⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gmecikkj.exeC:\Windows\system32\Gmecikkj.exe72⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hdokfe32.exeC:\Windows\system32\Hdokfe32.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hkicbpjd.exeC:\Windows\system32\Hkicbpjd.exe74⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hoepcn32.exeC:\Windows\system32\Hoepcn32.exe75⤵
-
C:\Windows\SysWOW64\Heohphjj.exeC:\Windows\system32\Heohphjj.exe76⤵
-
C:\Windows\SysWOW64\Hhmdldin.exeC:\Windows\system32\Hhmdldin.exe77⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hmjmdk32.exeC:\Windows\system32\Hmjmdk32.exe78⤵
-
C:\Windows\SysWOW64\Headeh32.exeC:\Windows\system32\Headeh32.exe79⤵
-
C:\Windows\SysWOW64\Hhpaac32.exeC:\Windows\system32\Hhpaac32.exe80⤵
-
C:\Windows\SysWOW64\Hknmno32.exeC:\Windows\system32\Hknmno32.exe81⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hahejimk.exeC:\Windows\system32\Hahejimk.exe82⤵
-
C:\Windows\SysWOW64\Hdfafdlo.exeC:\Windows\system32\Hdfafdlo.exe83⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Holfdm32.exeC:\Windows\system32\Holfdm32.exe84⤵
-
C:\Windows\SysWOW64\Hajbpi32.exeC:\Windows\system32\Hajbpi32.exe85⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hhdjmcce.exeC:\Windows\system32\Hhdjmcce.exe86⤵
-
C:\Windows\SysWOW64\Honbim32.exeC:\Windows\system32\Honbim32.exe87⤵
-
C:\Windows\SysWOW64\Iehkfgao.exeC:\Windows\system32\Iehkfgao.exe88⤵
-
C:\Windows\SysWOW64\Ilbcca32.exeC:\Windows\system32\Ilbcca32.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Iekglg32.exeC:\Windows\system32\Iekglg32.exe90⤵
-
C:\Windows\SysWOW64\Ihichb32.exeC:\Windows\system32\Ihichb32.exe91⤵
-
C:\Windows\SysWOW64\Ikgpdn32.exeC:\Windows\system32\Ikgpdn32.exe92⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Inflpi32.exeC:\Windows\system32\Inflpi32.exe93⤵
-
C:\Windows\SysWOW64\Iemdaf32.exeC:\Windows\system32\Iemdaf32.exe94⤵
-
C:\Windows\SysWOW64\Ihkpma32.exeC:\Windows\system32\Ihkpma32.exe95⤵
-
C:\Windows\SysWOW64\Ikjmim32.exeC:\Windows\system32\Ikjmim32.exe96⤵
-
C:\Windows\SysWOW64\Iafalg32.exeC:\Windows\system32\Iafalg32.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ihpjhaih.exeC:\Windows\system32\Ihpjhaih.exe98⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Iojbek32.exeC:\Windows\system32\Iojbek32.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jahnag32.exeC:\Windows\system32\Jahnag32.exe100⤵
-
C:\Windows\SysWOW64\Jdgjmbnl.exeC:\Windows\system32\Jdgjmbnl.exe101⤵
-
C:\Windows\SysWOW64\Jakkgfmf.exeC:\Windows\system32\Jakkgfmf.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jheccq32.exeC:\Windows\system32\Jheccq32.exe103⤵
-
C:\Windows\SysWOW64\Jookpjlp.exeC:\Windows\system32\Jookpjlp.exe104⤵
-
C:\Windows\SysWOW64\Jamhlfkc.exeC:\Windows\system32\Jamhlfkc.exe105⤵
-
C:\Windows\SysWOW64\Jhgpipbp.exeC:\Windows\system32\Jhgpipbp.exe106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jkelelad.exeC:\Windows\system32\Jkelelad.exe107⤵
-
C:\Windows\SysWOW64\Japdbe32.exeC:\Windows\system32\Japdbe32.exe108⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jdnqna32.exeC:\Windows\system32\Jdnqna32.exe109⤵
-
C:\Windows\SysWOW64\Ldglkmbg.exeC:\Windows\system32\Ldglkmbg.exe110⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mkadhg32.exeC:\Windows\system32\Mkadhg32.exe111⤵
-
C:\Windows\SysWOW64\Mnpadc32.exeC:\Windows\system32\Mnpadc32.exe112⤵
-
C:\Windows\SysWOW64\Mmaabj32.exeC:\Windows\system32\Mmaabj32.exe113⤵
-
C:\Windows\SysWOW64\Mopmnf32.exeC:\Windows\system32\Mopmnf32.exe114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mihbgkfk.exeC:\Windows\system32\Mihbgkfk.exe115⤵
-
C:\Windows\SysWOW64\Mobjce32.exeC:\Windows\system32\Mobjce32.exe116⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mbpfpa32.exeC:\Windows\system32\Mbpfpa32.exe117⤵
-
C:\Windows\SysWOW64\Meoblllo.exeC:\Windows\system32\Meoblllo.exe118⤵
-
C:\Windows\SysWOW64\Mmfkmjla.exeC:\Windows\system32\Mmfkmjla.exe119⤵
-
C:\Windows\SysWOW64\Mfnofo32.exeC:\Windows\system32\Mfnofo32.exe120⤵
-
C:\Windows\SysWOW64\Miohgjpc.exeC:\Windows\system32\Miohgjpc.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-