Analysis
-
max time kernel
84s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
11-10-2023 06:06
General
-
Target
d91e71a6c05302fcfaa8302814a77055_JC.exe
-
Size
481KB
-
MD5
d91e71a6c05302fcfaa8302814a77055
-
SHA1
90132cecdb0bd315d627dc3baf9d1a1e51f3c082
-
SHA256
86f31224364f162c514dd798d2f3590cef913a242f9917c3033ac9470cc5a8d5
-
SHA512
6d770436eec01f58ee865eb7d1bb2b5d2b41708b5f0f79d0faba31bed3a86245f255daa7294b414dea82050b178d0735e1d3c915e3c8af4626d6743d02ef4a0e
-
SSDEEP
6144:Vk380CkSZuFM6234lKm3mo8Yvi4KsLTFM6234lKm3+ry+dBQ:k8KSUFB24lwR45FB24l4++dBQ
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d91e71a6c05302fcfaa8302814a77055_JC.exe"C:\Users\Admin\AppData\Local\Temp\d91e71a6c05302fcfaa8302814a77055_JC.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ppepkmhi.exeC:\Windows\system32\Ppepkmhi.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ajnmjp32.exeC:\Windows\system32\Ajnmjp32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bgggockk.exeC:\Windows\system32\Bgggockk.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bkepeaaa.exeC:\Windows\system32\Bkepeaaa.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ckiipa32.exeC:\Windows\system32\Ckiipa32.exe6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cmpoch32.exeC:\Windows\system32\Cmpoch32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dcnqkb32.exeC:\Windows\system32\Dcnqkb32.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
-
-
-
-
C:\Windows\SysWOW64\Idfaolpb.exeC:\Windows\system32\Idfaolpb.exe5⤵
-
C:\Windows\SysWOW64\Ilafcomm.exeC:\Windows\system32\Ilafcomm.exe6⤵
-
C:\Windows\SysWOW64\Jkgpleaf.exeC:\Windows\system32\Jkgpleaf.exe7⤵
-
C:\Windows\SysWOW64\Jkligd32.exeC:\Windows\system32\Jkligd32.exe8⤵
-
C:\Windows\SysWOW64\Jqhaolli.exeC:\Windows\system32\Jqhaolli.exe9⤵
-
C:\Windows\SysWOW64\Knlbipjb.exeC:\Windows\system32\Knlbipjb.exe10⤵
-
C:\Windows\SysWOW64\Kdfjej32.exeC:\Windows\system32\Kdfjej32.exe11⤵
-
C:\Windows\SysWOW64\Kjccna32.exeC:\Windows\system32\Kjccna32.exe12⤵
-
C:\Windows\SysWOW64\Kdigkjpl.exeC:\Windows\system32\Kdigkjpl.exe13⤵
-
C:\Windows\SysWOW64\Kjepcqnd.exeC:\Windows\system32\Kjepcqnd.exe14⤵
-
C:\Windows\SysWOW64\Kmfhelke.exeC:\Windows\system32\Kmfhelke.exe15⤵
-
C:\Windows\SysWOW64\Kkgicccd.exeC:\Windows\system32\Kkgicccd.exe16⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Dqdnjfpc.exeC:\Windows\system32\Dqdnjfpc.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Debfpd32.exeC:\Windows\system32\Debfpd32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\Ekcemmgo.exeC:\Windows\system32\Ekcemmgo.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Egjebn32.exeC:\Windows\system32\Egjebn32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Febogbhg.exeC:\Windows\system32\Febogbhg.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fmpaqd32.exeC:\Windows\system32\Fmpaqd32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ghohdk32.exeC:\Windows\system32\Ghohdk32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gdkbdllj.exeC:\Windows\system32\Gdkbdllj.exe6⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hldgkiki.exeC:\Windows\system32\Hldgkiki.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hmhphqoe.exeC:\Windows\system32\Hmhphqoe.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hddejjdo.exeC:\Windows\system32\Hddejjdo.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Idinej32.exeC:\Windows\system32\Idinej32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iehkpmgl.exeC:\Windows\system32\Iehkpmgl.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ioeicajh.exeC:\Windows\system32\Ioeicajh.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jkqccbkf.exeC:\Windows\system32\Jkqccbkf.exe13⤵
- Executes dropped EXE
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Embdofop.exeC:\Windows\system32\Embdofop.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jkeloa32.exeC:\Windows\system32\Jkeloa32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jekpljgg.exeC:\Windows\system32\Jekpljgg.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kadnfkji.exeC:\Windows\system32\Kadnfkji.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Khpcid32.exeC:\Windows\system32\Khpcid32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Knphfklg.exeC:\Windows\system32\Knphfklg.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lbpmbipk.exeC:\Windows\system32\Lbpmbipk.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mmodfqhf.exeC:\Windows\system32\Mmodfqhf.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mnggnh32.exeC:\Windows\system32\Mnggnh32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nbiioe32.exeC:\Windows\system32\Nbiioe32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmommn32.exeC:\Windows\system32\Nmommn32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oihkgo32.exeC:\Windows\system32\Oihkgo32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ofnhfbjl.exeC:\Windows\system32\Ofnhfbjl.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ppnbpg32.exeC:\Windows\system32\Ppnbpg32.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pikqcl32.exeC:\Windows\system32\Pikqcl32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ppgeff32.exeC:\Windows\system32\Ppgeff32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qfanbpjg.exeC:\Windows\system32\Qfanbpjg.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aploae32.exeC:\Windows\system32\Aploae32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aeigilml.exeC:\Windows\system32\Aeigilml.exe15⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Aifpoj32.exeC:\Windows\system32\Aifpoj32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bpgnmcdh.exeC:\Windows\system32\Bpgnmcdh.exe17⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bckddn32.exeC:\Windows\system32\Bckddn32.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Benjkijd.exeC:\Windows\system32\Benjkijd.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cjnoggoh.exeC:\Windows\system32\Cjnoggoh.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Clohhbli.exeC:\Windows\system32\Clohhbli.exe21⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cnndbecl.exeC:\Windows\system32\Cnndbecl.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dnqaheai.exeC:\Windows\system32\Dnqaheai.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dqajjp32.exeC:\Windows\system32\Dqajjp32.exe24⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dqdgop32.exeC:\Windows\system32\Dqdgop32.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dmmdjp32.exeC:\Windows\system32\Dmmdjp32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dfeibf32.exeC:\Windows\system32\Dfeibf32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ejcaidlp.exeC:\Windows\system32\Ejcaidlp.exe28⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eckfaj32.exeC:\Windows\system32\Eckfaj32.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Emfgpo32.exeC:\Windows\system32\Emfgpo32.exe30⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Epgpajdp.exeC:\Windows\system32\Epgpajdp.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ffjkdc32.exeC:\Windows\system32\Ffjkdc32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gfaaebnj.exeC:\Windows\system32\Gfaaebnj.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Galonj32.exeC:\Windows\system32\Galonj32.exe34⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hjdcfp32.exeC:\Windows\system32\Hjdcfp32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hhjqec32.exeC:\Windows\system32\Hhjqec32.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hfonfp32.exeC:\Windows\system32\Hfonfp32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ifipmo32.exeC:\Windows\system32\Ifipmo32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kgnbol32.exeC:\Windows\system32\Kgnbol32.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Khplnn32.exeC:\Windows\system32\Khplnn32.exe40⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lonnfg32.exeC:\Windows\system32\Lonnfg32.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ladpcb32.exeC:\Windows\system32\Ladpcb32.exe42⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lkldlgok.exeC:\Windows\system32\Lkldlgok.exe43⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mdgejmdi.exeC:\Windows\system32\Mdgejmdi.exe44⤵
-
C:\Windows\SysWOW64\Mdibplaf.exeC:\Windows\system32\Mdibplaf.exe45⤵
-
C:\Windows\SysWOW64\Mbmbiqqp.exeC:\Windows\system32\Mbmbiqqp.exe46⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nqgiel32.exeC:\Windows\system32\Nqgiel32.exe47⤵
-
C:\Windows\SysWOW64\Oagbljcp.exeC:\Windows\system32\Oagbljcp.exe48⤵
-
C:\Windows\SysWOW64\Ophbja32.exeC:\Windows\system32\Ophbja32.exe49⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pgdgodhj.exeC:\Windows\system32\Pgdgodhj.exe50⤵
-
C:\Windows\SysWOW64\Pehghhgc.exeC:\Windows\system32\Pehghhgc.exe51⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pnplqn32.exeC:\Windows\system32\Pnplqn32.exe52⤵
-
C:\Windows\SysWOW64\Piepnfnj.exeC:\Windows\system32\Piepnfnj.exe53⤵
-
C:\Windows\SysWOW64\Pbndgl32.exeC:\Windows\system32\Pbndgl32.exe54⤵
-
C:\Windows\SysWOW64\Pngbam32.exeC:\Windows\system32\Pngbam32.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qlkbka32.exeC:\Windows\system32\Qlkbka32.exe56⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aejmdegn.exeC:\Windows\system32\Aejmdegn.exe57⤵
-
C:\Windows\SysWOW64\Aihfjd32.exeC:\Windows\system32\Aihfjd32.exe58⤵
-
C:\Windows\SysWOW64\Boldcj32.exeC:\Windows\system32\Boldcj32.exe59⤵
-
C:\Windows\SysWOW64\Chlomnfl.exeC:\Windows\system32\Chlomnfl.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Commjgga.exeC:\Windows\system32\Commjgga.exe61⤵
-
C:\Windows\SysWOW64\Dcmcfeke.exeC:\Windows\system32\Dcmcfeke.exe62⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ehcndkaa.exeC:\Windows\system32\Ehcndkaa.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ebplhp32.exeC:\Windows\system32\Ebplhp32.exe64⤵
-
C:\Windows\SysWOW64\Fqhbgf32.exeC:\Windows\system32\Fqhbgf32.exe65⤵
-
C:\Windows\SysWOW64\Gobicbgf.exeC:\Windows\system32\Gobicbgf.exe66⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Iffmmihf.exeC:\Windows\system32\Iffmmihf.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jfopcgpk.exeC:\Windows\system32\Jfopcgpk.exe68⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jaddpppa.exeC:\Windows\system32\Jaddpppa.exe69⤵
-
C:\Windows\SysWOW64\Jmkdeaee.exeC:\Windows\system32\Jmkdeaee.exe70⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jpjqaldi.exeC:\Windows\system32\Jpjqaldi.exe71⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jfdinf32.exeC:\Windows\system32\Jfdinf32.exe72⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jmnakqcc.exeC:\Windows\system32\Jmnakqcc.exe73⤵
-
C:\Windows\SysWOW64\Kanffogf.exeC:\Windows\system32\Kanffogf.exe74⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kinefp32.exeC:\Windows\system32\Kinefp32.exe75⤵
-
C:\Windows\SysWOW64\Laqlclga.exeC:\Windows\system32\Laqlclga.exe76⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mallojmd.exeC:\Windows\system32\Mallojmd.exe77⤵
-
C:\Windows\SysWOW64\Nqdeefpi.exeC:\Windows\system32\Nqdeefpi.exe78⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ncihbaie.exeC:\Windows\system32\Ncihbaie.exe79⤵
-
C:\Windows\SysWOW64\Ojjfpjjj.exeC:\Windows\system32\Ojjfpjjj.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pbfglg32.exeC:\Windows\system32\Pbfglg32.exe81⤵
-
C:\Windows\SysWOW64\Pjalpida.exeC:\Windows\system32\Pjalpida.exe82⤵
-
C:\Windows\SysWOW64\Aeemop32.exeC:\Windows\system32\Aeemop32.exe83⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aloekjod.exeC:\Windows\system32\Aloekjod.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Abimhd32.exeC:\Windows\system32\Abimhd32.exe85⤵
-
C:\Windows\SysWOW64\Ahffqk32.exeC:\Windows\system32\Ahffqk32.exe86⤵
-
C:\Windows\SysWOW64\Acmfel32.exeC:\Windows\system32\Acmfel32.exe87⤵
-
C:\Windows\SysWOW64\Bbemdb32.exeC:\Windows\system32\Bbemdb32.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cbnpja32.exeC:\Windows\system32\Cbnpja32.exe89⤵
-
C:\Windows\SysWOW64\Cahffmel.exeC:\Windows\system32\Cahffmel.exe90⤵
-
C:\Windows\SysWOW64\Dampal32.exeC:\Windows\system32\Dampal32.exe91⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eahomk32.exeC:\Windows\system32\Eahomk32.exe92⤵
-
C:\Windows\SysWOW64\Ednajepe.exeC:\Windows\system32\Ednajepe.exe93⤵
-
C:\Windows\SysWOW64\Flgfqb32.exeC:\Windows\system32\Flgfqb32.exe94⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fklcbocl.exeC:\Windows\system32\Fklcbocl.exe95⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fbkdjh32.exeC:\Windows\system32\Fbkdjh32.exe96⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ghgjlaln.exeC:\Windows\system32\Ghgjlaln.exe97⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ifplgc32.exeC:\Windows\system32\Ifplgc32.exe98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ikmepj32.exeC:\Windows\system32\Ikmepj32.exe99⤵
-
C:\Windows\SysWOW64\Ifcimb32.exeC:\Windows\system32\Ifcimb32.exe100⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ilpaei32.exeC:\Windows\system32\Ilpaei32.exe101⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ifefbbdj.exeC:\Windows\system32\Ifefbbdj.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ifjoma32.exeC:\Windows\system32\Ifjoma32.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jcefgeif.exeC:\Windows\system32\Jcefgeif.exe104⤵
-
C:\Windows\SysWOW64\Jbjciano.exeC:\Windows\system32\Jbjciano.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kpncbemh.exeC:\Windows\system32\Kpncbemh.exe106⤵
-
C:\Windows\SysWOW64\Kihdqkaf.exeC:\Windows\system32\Kihdqkaf.exe107⤵
-
C:\Windows\SysWOW64\Kdqecc32.exeC:\Windows\system32\Kdqecc32.exe108⤵
-
C:\Windows\SysWOW64\Kimnlj32.exeC:\Windows\system32\Kimnlj32.exe109⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Llpcceho.exeC:\Windows\system32\Llpcceho.exe110⤵
-
C:\Windows\SysWOW64\Lepnli32.exeC:\Windows\system32\Lepnli32.exe111⤵
-
C:\Windows\SysWOW64\Nlhbja32.exeC:\Windows\system32\Nlhbja32.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ngbpbjoe.exeC:\Windows\system32\Ngbpbjoe.exe113⤵
-
C:\Windows\SysWOW64\Nnlhod32.exeC:\Windows\system32\Nnlhod32.exe114⤵
-
C:\Windows\SysWOW64\Oggjni32.exeC:\Windows\system32\Oggjni32.exe115⤵
-
C:\Windows\SysWOW64\Onqbjccl.exeC:\Windows\system32\Onqbjccl.exe116⤵
-
C:\Windows\SysWOW64\Ognpoheh.exeC:\Windows\system32\Ognpoheh.exe117⤵
-
C:\Windows\SysWOW64\Pgpmdh32.exeC:\Windows\system32\Pgpmdh32.exe118⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pqhammje.exeC:\Windows\system32\Pqhammje.exe119⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pqbdclak.exeC:\Windows\system32\Pqbdclak.exe120⤵
-
C:\Windows\SysWOW64\Aedfdjdl.exeC:\Windows\system32\Aedfdjdl.exe121⤵
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-