Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
11/10/2023, 22:24
General
-
Target
f66cd965006e38ef70dd9fb3c7b91f49_JC.exe
-
Size
325KB
-
MD5
f66cd965006e38ef70dd9fb3c7b91f49
-
SHA1
e0036e9ad3187886ab8c7e3b7479275cfb8c2297
-
SHA256
ca94ff779cc84bbb1df3933f087778e23af0519a119bc268a1aee78a203adf8d
-
SHA512
75d29d50b59ba121ee130c2853e9b69d0257896696a52683a06f52fc4ade892584c014235e0b01c64cb569f70e9c54df4c2c7a285d2829bbf3346cfee32e150e
-
SSDEEP
6144:POLzcS0Rs+Hsohxd2Quohdbd0zscwIGUKfvUJ43ewmxteZekR+1b/KVC0CLzg:6cXHxdzZdxGwsYIL0
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f66cd965006e38ef70dd9fb3c7b91f49_JC.exe"C:\Users\Admin\AppData\Local\Temp\f66cd965006e38ef70dd9fb3c7b91f49_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pkabbgol.exeC:\Windows\system32\Pkabbgol.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Abpcja32.exeC:\Windows\system32\Abpcja32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Acppddig.exeC:\Windows\system32\Acppddig.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aimhmkgn.exeC:\Windows\system32\Aimhmkgn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aioebj32.exeC:\Windows\system32\Aioebj32.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Alpnde32.exeC:\Windows\system32\Alpnde32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Amoknh32.exeC:\Windows\system32\Amoknh32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ddekmo32.exeC:\Windows\system32\Ddekmo32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dlqpaafg.exeC:\Windows\system32\Dlqpaafg.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fgkfqgce.exeC:\Windows\system32\Fgkfqgce.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gnjhhpgl.exeC:\Windows\system32\Gnjhhpgl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gjqinamq.exeC:\Windows\system32\Gjqinamq.exe13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gfgjbb32.exeC:\Windows\system32\Gfgjbb32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gqokekph.exeC:\Windows\system32\Gqokekph.exe15⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ggicbe32.exeC:\Windows\system32\Ggicbe32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hqddqj32.exeC:\Windows\system32\Hqddqj32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hcembe32.exeC:\Windows\system32\Hcembe32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hqimlihn.exeC:\Windows\system32\Hqimlihn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hdffah32.exeC:\Windows\system32\Hdffah32.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hqmggi32.exeC:\Windows\system32\Hqmggi32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Icqmncof.exeC:\Windows\system32\Icqmncof.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ijmapm32.exeC:\Windows\system32\Ijmapm32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Inkjfk32.exeC:\Windows\system32\Inkjfk32.exe24⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jnmglk32.exeC:\Windows\system32\Jnmglk32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jgekdq32.exeC:\Windows\system32\Jgekdq32.exe26⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jjfdfl32.exeC:\Windows\system32\Jjfdfl32.exe27⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jjhalkjc.exeC:\Windows\system32\Jjhalkjc.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jjknakhq.exeC:\Windows\system32\Jjknakhq.exe29⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jepbodhg.exeC:\Windows\system32\Jepbodhg.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kagbdenk.exeC:\Windows\system32\Kagbdenk.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kdhlepkl.exeC:\Windows\system32\Kdhlepkl.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kallod32.exeC:\Windows\system32\Kallod32.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kjdqhjpf.exeC:\Windows\system32\Kjdqhjpf.exe34⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Kanidd32.exeC:\Windows\system32\Kanidd32.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kmeiie32.exeC:\Windows\system32\Kmeiie32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lndfchdj.exeC:\Windows\system32\Lndfchdj.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmjcdd32.exeC:\Windows\system32\Lmjcdd32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Loiong32.exeC:\Windows\system32\Loiong32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lokldg32.exeC:\Windows\system32\Lokldg32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lkbmih32.exeC:\Windows\system32\Lkbmih32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mdkabmjf.exeC:\Windows\system32\Mdkabmjf.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mopeofjl.exeC:\Windows\system32\Mopeofjl.exe9⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mhkgnkoj.exeC:\Windows\system32\Mhkgnkoj.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Moeoje32.exeC:\Windows\system32\Moeoje32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nnabladg.exeC:\Windows\system32\Nnabladg.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nkebee32.exeC:\Windows\system32\Nkebee32.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nnfkgp32.exeC:\Windows\system32\Nnfkgp32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ndpcdjho.exeC:\Windows\system32\Ndpcdjho.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oakjnnap.exeC:\Windows\system32\Oakjnnap.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oookgbpj.exeC:\Windows\system32\Oookgbpj.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Odkcpi32.exeC:\Windows\system32\Odkcpi32.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdnpeh32.exeC:\Windows\system32\Pdnpeh32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pnfdnnbo.exeC:\Windows\system32\Pnfdnnbo.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pnhacn32.exeC:\Windows\system32\Pnhacn32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pgaelcgm.exeC:\Windows\system32\Pgaelcgm.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdeffgff.exeC:\Windows\system32\Pdeffgff.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pnmjomlg.exeC:\Windows\system32\Pnmjomlg.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qomghp32.exeC:\Windows\system32\Qomghp32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qhekaejj.exeC:\Windows\system32\Qhekaejj.exe26⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Qbmpjkqk.exeC:\Windows\system32\Qbmpjkqk.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qhghge32.exeC:\Windows\system32\Qhghge32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aijeme32.exeC:\Windows\system32\Aijeme32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Adqeaf32.exeC:\Windows\system32\Adqeaf32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aofjoo32.exeC:\Windows\system32\Aofjoo32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bghddp32.exeC:\Windows\system32\Bghddp32.exe32⤵
-
C:\Windows\SysWOW64\Belemd32.exeC:\Windows\system32\Belemd32.exe33⤵
-
C:\Windows\SysWOW64\Bkfmjnii.exeC:\Windows\system32\Bkfmjnii.exe34⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bgmnooom.exeC:\Windows\system32\Bgmnooom.exe35⤵
-
C:\Windows\SysWOW64\Bgokdomj.exeC:\Windows\system32\Bgokdomj.exe36⤵
-
C:\Windows\SysWOW64\Bnicai32.exeC:\Windows\system32\Bnicai32.exe37⤵
-
C:\Windows\SysWOW64\Cbglgg32.exeC:\Windows\system32\Cbglgg32.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Clpppmqn.exeC:\Windows\system32\Clpppmqn.exe39⤵
-
C:\Windows\SysWOW64\Cbihmg32.exeC:\Windows\system32\Cbihmg32.exe40⤵
-
C:\Windows\SysWOW64\Cpmifkgd.exeC:\Windows\system32\Cpmifkgd.exe41⤵
-
C:\Windows\SysWOW64\Cejaobel.exeC:\Windows\system32\Cejaobel.exe42⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cbnbhfde.exeC:\Windows\system32\Cbnbhfde.exe43⤵
-
C:\Windows\SysWOW64\Chkjpm32.exeC:\Windows\system32\Chkjpm32.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cnebmgjj.exeC:\Windows\system32\Cnebmgjj.exe45⤵
-
C:\Windows\SysWOW64\Dhmgfm32.exeC:\Windows\system32\Dhmgfm32.exe46⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dbckcf32.exeC:\Windows\system32\Dbckcf32.exe47⤵
-
C:\Windows\SysWOW64\Dimcppgm.exeC:\Windows\system32\Dimcppgm.exe48⤵
-
C:\Windows\SysWOW64\Dpglmjoj.exeC:\Windows\system32\Dpglmjoj.exe49⤵
-
C:\Windows\SysWOW64\Dpihbjmg.exeC:\Windows\system32\Dpihbjmg.exe50⤵
-
C:\Windows\SysWOW64\Efhjjcpo.exeC:\Windows\system32\Efhjjcpo.exe51⤵
-
C:\Windows\SysWOW64\Epiaig32.exeC:\Windows\system32\Epiaig32.exe52⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fbhnec32.exeC:\Windows\system32\Fbhnec32.exe53⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Flpbnh32.exeC:\Windows\system32\Flpbnh32.exe54⤵
-
C:\Windows\SysWOW64\Fpqgjf32.exeC:\Windows\system32\Fpqgjf32.exe55⤵
-
C:\Windows\SysWOW64\Fempbm32.exeC:\Windows\system32\Fempbm32.exe56⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fcaqka32.exeC:\Windows\system32\Fcaqka32.exe57⤵
-
C:\Windows\SysWOW64\Gebimmco.exeC:\Windows\system32\Gebimmco.exe58⤵
-
C:\Windows\SysWOW64\Gcfjfqah.exeC:\Windows\system32\Gcfjfqah.exe59⤵
-
C:\Windows\SysWOW64\Glnnofhi.exeC:\Windows\system32\Glnnofhi.exe60⤵
-
C:\Windows\SysWOW64\Gheodg32.exeC:\Windows\system32\Gheodg32.exe61⤵
-
C:\Windows\SysWOW64\Hcommoin.exeC:\Windows\system32\Hcommoin.exe62⤵
-
C:\Windows\SysWOW64\Hofmaq32.exeC:\Windows\system32\Hofmaq32.exe63⤵
-
C:\Windows\SysWOW64\Hjlaoioh.exeC:\Windows\system32\Hjlaoioh.exe64⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hohjgpmo.exeC:\Windows\system32\Hohjgpmo.exe65⤵
-
C:\Windows\SysWOW64\Hjnndime.exeC:\Windows\system32\Hjnndime.exe66⤵
-
C:\Windows\SysWOW64\Hokgmpkl.exeC:\Windows\system32\Hokgmpkl.exe67⤵
-
C:\Windows\SysWOW64\Ijedehgm.exeC:\Windows\system32\Ijedehgm.exe68⤵
-
C:\Windows\SysWOW64\Iqombb32.exeC:\Windows\system32\Iqombb32.exe69⤵
-
C:\Windows\SysWOW64\Ijgakgej.exeC:\Windows\system32\Ijgakgej.exe70⤵
-
C:\Windows\SysWOW64\Ifqoehhl.exeC:\Windows\system32\Ifqoehhl.exe71⤵
-
C:\Windows\SysWOW64\Imjgbb32.exeC:\Windows\system32\Imjgbb32.exe72⤵
-
C:\Windows\SysWOW64\Jfehpg32.exeC:\Windows\system32\Jfehpg32.exe73⤵
-
C:\Windows\SysWOW64\Jjcqffkm.exeC:\Windows\system32\Jjcqffkm.exe74⤵
-
C:\Windows\SysWOW64\Jqmicpbj.exeC:\Windows\system32\Jqmicpbj.exe75⤵
-
C:\Windows\SysWOW64\Jmdjha32.exeC:\Windows\system32\Jmdjha32.exe76⤵
-
C:\Windows\SysWOW64\Jcnbekok.exeC:\Windows\system32\Jcnbekok.exe77⤵
-
C:\Windows\SysWOW64\Kpilekqj.exeC:\Windows\system32\Kpilekqj.exe78⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kjopbd32.exeC:\Windows\system32\Kjopbd32.exe79⤵
-
C:\Windows\SysWOW64\Kcgekjgp.exeC:\Windows\system32\Kcgekjgp.exe80⤵
-
C:\Windows\SysWOW64\Kmpido32.exeC:\Windows\system32\Kmpido32.exe81⤵
-
C:\Windows\SysWOW64\Kpnepk32.exeC:\Windows\system32\Kpnepk32.exe82⤵
-
C:\Windows\SysWOW64\Kjcjmclj.exeC:\Windows\system32\Kjcjmclj.exe83⤵
-
C:\Windows\SysWOW64\Kanbjn32.exeC:\Windows\system32\Kanbjn32.exe84⤵
-
C:\Windows\SysWOW64\Kggjghkd.exeC:\Windows\system32\Kggjghkd.exe85⤵
-
C:\Windows\SysWOW64\Liifnp32.exeC:\Windows\system32\Liifnp32.exe86⤵
-
C:\Windows\SysWOW64\Lcnkli32.exeC:\Windows\system32\Lcnkli32.exe87⤵
-
C:\Windows\SysWOW64\Likcdpop.exeC:\Windows\system32\Likcdpop.exe88⤵
-
C:\Windows\SysWOW64\Lpjelibg.exeC:\Windows\system32\Lpjelibg.exe89⤵
-
C:\Windows\SysWOW64\Lfcmhc32.exeC:\Windows\system32\Lfcmhc32.exe90⤵
-
C:\Windows\SysWOW64\Mdlgmgdh.exeC:\Windows\system32\Mdlgmgdh.exe91⤵
-
C:\Windows\SysWOW64\Mfkcibdl.exeC:\Windows\system32\Mfkcibdl.exe92⤵
-
C:\Windows\SysWOW64\Mapgfk32.exeC:\Windows\system32\Mapgfk32.exe93⤵
-
C:\Windows\SysWOW64\Nkpbpp32.exeC:\Windows\system32\Nkpbpp32.exe94⤵
-
C:\Windows\SysWOW64\Nhcbidcd.exeC:\Windows\system32\Nhcbidcd.exe95⤵
-
C:\Windows\SysWOW64\Nalgbi32.exeC:\Windows\system32\Nalgbi32.exe96⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ngipjp32.exeC:\Windows\system32\Ngipjp32.exe97⤵
-
C:\Windows\SysWOW64\Nmbhgjoi.exeC:\Windows\system32\Nmbhgjoi.exe98⤵
-
C:\Windows\SysWOW64\Ogbbqo32.exeC:\Windows\system32\Ogbbqo32.exe99⤵
-
C:\Windows\SysWOW64\Oiqomj32.exeC:\Windows\system32\Oiqomj32.exe100⤵
-
C:\Windows\SysWOW64\Pjjaci32.exeC:\Windows\system32\Pjjaci32.exe101⤵
-
C:\Windows\SysWOW64\Ppdjpcng.exeC:\Windows\system32\Ppdjpcng.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pjlnhi32.exeC:\Windows\system32\Pjlnhi32.exe103⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Qpkppbho.exeC:\Windows\system32\Qpkppbho.exe104⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aqbfaa32.exeC:\Windows\system32\Aqbfaa32.exe105⤵
-
C:\Windows\SysWOW64\Ajjjjghg.exeC:\Windows\system32\Ajjjjghg.exe106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Adpogp32.exeC:\Windows\system32\Adpogp32.exe107⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Addhbo32.exeC:\Windows\system32\Addhbo32.exe108⤵
-
C:\Windows\SysWOW64\Bggnijof.exeC:\Windows\system32\Bggnijof.exe109⤵
-
C:\Windows\SysWOW64\Bqpbboeg.exeC:\Windows\system32\Bqpbboeg.exe110⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bnfoac32.exeC:\Windows\system32\Bnfoac32.exe111⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bgodjiio.exeC:\Windows\system32\Bgodjiio.exe112⤵
-
C:\Windows\SysWOW64\Cbfema32.exeC:\Windows\system32\Cbfema32.exe113⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cnmebblf.exeC:\Windows\system32\Cnmebblf.exe114⤵
-
C:\Windows\SysWOW64\Cejjdlap.exeC:\Windows\system32\Cejjdlap.exe115⤵
-
C:\Windows\SysWOW64\Ckfofe32.exeC:\Windows\system32\Ckfofe32.exe116⤵
-
C:\Windows\SysWOW64\Djpfbahm.exeC:\Windows\system32\Djpfbahm.exe117⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dlobmd32.exeC:\Windows\system32\Dlobmd32.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dehgejep.exeC:\Windows\system32\Dehgejep.exe119⤵
-
C:\Windows\SysWOW64\Enpknplq.exeC:\Windows\system32\Enpknplq.exe120⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Eejcki32.exeC:\Windows\system32\Eejcki32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-