Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
136s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
11/10/2023, 11:20
General
-
Target
b9e640b1dff3d9e00707708810f10dff_JC.exe
-
Size
79KB
-
MD5
b9e640b1dff3d9e00707708810f10dff
-
SHA1
fffc180f08ba0236789cdafe299a621d5b0cb0ff
-
SHA256
99416e317523b3e22474fbb0b766c258914fedae71f06cc7b5824ddedd957ef4
-
SHA512
319b1e27a4c0d10a75fab8f5c4d44b16e200b439126da66727686be5f8c116f1c85abefa9e2afec7b30af848304ebbe362428612ad97893b1aea845ba25b4ceb
-
SSDEEP
1536:PKX+kczNq2iR8Wej7XQwxXtstVQZrI1jHJZrR:PKOkmm8lXPJtstVQu1jHJ9R
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b9e640b1dff3d9e00707708810f10dff_JC.exe"C:\Users\Admin\AppData\Local\Temp\b9e640b1dff3d9e00707708810f10dff_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ccgjopal.exeC:\Windows\system32\Ccgjopal.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ejchhgid.exeC:\Windows\system32\Ejchhgid.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fibhpbea.exeC:\Windows\system32\Fibhpbea.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gigaka32.exeC:\Windows\system32\Gigaka32.exe5⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gfokoelp.exeC:\Windows\system32\Gfokoelp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hcblpdgg.exeC:\Windows\system32\Hcblpdgg.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ipmbjgpi.exeC:\Windows\system32\Ipmbjgpi.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jcphab32.exeC:\Windows\system32\Jcphab32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jcgnbaeo.exeC:\Windows\system32\Jcgnbaeo.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kdkdgchl.exeC:\Windows\system32\Kdkdgchl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kmkbfeab.exeC:\Windows\system32\Kmkbfeab.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lnmkfh32.exeC:\Windows\system32\Lnmkfh32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lqbncb32.exeC:\Windows\system32\Lqbncb32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mgaokl32.exeC:\Windows\system32\Mgaokl32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mkohaj32.exeC:\Windows\system32\Mkohaj32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nnbnhedj.exeC:\Windows\system32\Nnbnhedj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Najmjokc.exeC:\Windows\system32\Najmjokc.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oelolmnd.exeC:\Windows\system32\Oelolmnd.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Phdnngdn.exeC:\Windows\system32\Phdnngdn.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Phfjcf32.exeC:\Windows\system32\Phfjcf32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pkgcea32.exeC:\Windows\system32\Pkgcea32.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qdbdcg32.exeC:\Windows\system32\Qdbdcg32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Anaomkdb.exeC:\Windows\system32\Anaomkdb.exe24⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bdpaeehj.exeC:\Windows\system32\Bdpaeehj.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bahkih32.exeC:\Windows\system32\Bahkih32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bheplb32.exeC:\Windows\system32\Bheplb32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Chlflabp.exeC:\Windows\system32\Chlflabp.exe28⤵
-
C:\Windows\SysWOW64\Dooaoj32.exeC:\Windows\system32\Dooaoj32.exe29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dflfac32.exeC:\Windows\system32\Dflfac32.exe30⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dngjff32.exeC:\Windows\system32\Dngjff32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Efjbcakl.exeC:\Windows\system32\Efjbcakl.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbjena32.exeC:\Windows\system32\Fbjena32.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Glipgf32.exeC:\Windows\system32\Glipgf32.exe34⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hplbickp.exeC:\Windows\system32\Hplbickp.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iohejo32.exeC:\Windows\system32\Iohejo32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iibccgep.exeC:\Windows\system32\Iibccgep.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jenmcggo.exeC:\Windows\system32\Jenmcggo.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jmeede32.exeC:\Windows\system32\Jmeede32.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Johnamkm.exeC:\Windows\system32\Johnamkm.exe40⤵
- Executes dropped EXE
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Klahfp32.exeC:\Windows\system32\Klahfp32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Keimof32.exeC:\Windows\system32\Keimof32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Knqepc32.exeC:\Windows\system32\Knqepc32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Loighj32.exeC:\Windows\system32\Loighj32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ljqhkckn.exeC:\Windows\system32\Ljqhkckn.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lckiihok.exeC:\Windows\system32\Lckiihok.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mgloefco.exeC:\Windows\system32\Mgloefco.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mnegbp32.exeC:\Windows\system32\Mnegbp32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mcgiefen.exeC:\Windows\system32\Mcgiefen.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Npbceggm.exeC:\Windows\system32\Npbceggm.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ngqagcag.exeC:\Windows\system32\Ngqagcag.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Opnbae32.exeC:\Windows\system32\Opnbae32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Opclldhj.exeC:\Windows\system32\Opclldhj.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pnkbkk32.exeC:\Windows\system32\Pnkbkk32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Paiogf32.exeC:\Windows\system32\Paiogf32.exe15⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pmpolgoi.exeC:\Windows\system32\Pmpolgoi.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Afbgkl32.exeC:\Windows\system32\Afbgkl32.exe17⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Aonhghjl.exeC:\Windows\system32\Aonhghjl.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Apaadpng.exeC:\Windows\system32\Apaadpng.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bgkiaj32.exeC:\Windows\system32\Bgkiaj32.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bkphhgfc.exeC:\Windows\system32\Bkphhgfc.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cgnomg32.exeC:\Windows\system32\Cgnomg32.exe22⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Doojec32.exeC:\Windows\system32\Doojec32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ddkbmj32.exeC:\Windows\system32\Ddkbmj32.exe24⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Edeeci32.exeC:\Windows\system32\Edeeci32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Edionhpn.exeC:\Windows\system32\Edionhpn.exe26⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fohfbpgi.exeC:\Windows\system32\Fohfbpgi.exe27⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gghdaa32.exeC:\Windows\system32\Gghdaa32.exe28⤵
-
C:\Windows\SysWOW64\Geldkfpi.exeC:\Windows\system32\Geldkfpi.exe29⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gngeik32.exeC:\Windows\system32\Gngeik32.exe30⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hecjke32.exeC:\Windows\system32\Hecjke32.exe31⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iacngdgj.exeC:\Windows\system32\Iacngdgj.exe32⤵
-
C:\Windows\SysWOW64\Ihbponja.exeC:\Windows\system32\Ihbponja.exe33⤵
-
C:\Windows\SysWOW64\Jblmgf32.exeC:\Windows\system32\Jblmgf32.exe34⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Kedlip32.exeC:\Windows\system32\Kedlip32.exe35⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kidben32.exeC:\Windows\system32\Kidben32.exe36⤵
-
C:\Windows\SysWOW64\Kpnjah32.exeC:\Windows\system32\Kpnjah32.exe37⤵
-
C:\Windows\SysWOW64\Kcapicdj.exeC:\Windows\system32\Kcapicdj.exe38⤵
-
C:\Windows\SysWOW64\Lhcali32.exeC:\Windows\system32\Lhcali32.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mfkkqmiq.exeC:\Windows\system32\Mfkkqmiq.exe40⤵
-
C:\Windows\SysWOW64\Mcdeeq32.exeC:\Windows\system32\Mcdeeq32.exe41⤵
-
C:\Windows\SysWOW64\Nqmojd32.exeC:\Windows\system32\Nqmojd32.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nfqnbjfi.exeC:\Windows\system32\Nfqnbjfi.exe43⤵
-
C:\Windows\SysWOW64\Pqbala32.exeC:\Windows\system32\Pqbala32.exe44⤵
-
C:\Windows\SysWOW64\Pcgdhkem.exeC:\Windows\system32\Pcgdhkem.exe45⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Qjhbfd32.exeC:\Windows\system32\Qjhbfd32.exe46⤵
-
C:\Windows\SysWOW64\Aabkbono.exeC:\Windows\system32\Aabkbono.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ajjokd32.exeC:\Windows\system32\Ajjokd32.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Adgmoigj.exeC:\Windows\system32\Adgmoigj.exe49⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bfmolc32.exeC:\Windows\system32\Bfmolc32.exe50⤵
-
C:\Windows\SysWOW64\Cdjblf32.exeC:\Windows\system32\Cdjblf32.exe51⤵
-
C:\Windows\SysWOW64\Caqpkjcl.exeC:\Windows\system32\Caqpkjcl.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ccblbb32.exeC:\Windows\system32\Ccblbb32.exe53⤵
-
C:\Windows\SysWOW64\Daeifj32.exeC:\Windows\system32\Daeifj32.exe54⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ddcebe32.exeC:\Windows\system32\Ddcebe32.exe55⤵
-
C:\Windows\SysWOW64\Dnqcfjae.exeC:\Windows\system32\Dnqcfjae.exe56⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dpopbepi.exeC:\Windows\system32\Dpopbepi.exe57⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Egbken32.exeC:\Windows\system32\Egbken32.exe58⤵
-
C:\Windows\SysWOW64\Eahobg32.exeC:\Windows\system32\Eahobg32.exe59⤵
-
C:\Windows\SysWOW64\Ecikjoep.exeC:\Windows\system32\Ecikjoep.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fqbeoc32.exeC:\Windows\system32\Fqbeoc32.exe61⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hgocgjgk.exeC:\Windows\system32\Hgocgjgk.exe62⤵
-
C:\Windows\SysWOW64\Hghfnioq.exeC:\Windows\system32\Hghfnioq.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ieqpbm32.exeC:\Windows\system32\Ieqpbm32.exe64⤵
-
C:\Windows\SysWOW64\Iloajfml.exeC:\Windows\system32\Iloajfml.exe65⤵
-
C:\Windows\SysWOW64\Jjgkab32.exeC:\Windows\system32\Jjgkab32.exe66⤵
-
C:\Windows\SysWOW64\Kbgfhnhi.exeC:\Windows\system32\Kbgfhnhi.exe67⤵
-
C:\Windows\SysWOW64\Kdhbpf32.exeC:\Windows\system32\Kdhbpf32.exe68⤵
-
C:\Windows\SysWOW64\Lacijjgi.exeC:\Windows\system32\Lacijjgi.exe69⤵
-
C:\Windows\SysWOW64\Ldbefe32.exeC:\Windows\system32\Ldbefe32.exe70⤵
-
C:\Windows\SysWOW64\Lknjhokg.exeC:\Windows\system32\Lknjhokg.exe71⤵
-
C:\Windows\SysWOW64\Lcjldk32.exeC:\Windows\system32\Lcjldk32.exe72⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mclhjkfa.exeC:\Windows\system32\Mclhjkfa.exe73⤵
-
C:\Windows\SysWOW64\Moefdljc.exeC:\Windows\system32\Moefdljc.exe74⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mebkge32.exeC:\Windows\system32\Mebkge32.exe75⤵
-
C:\Windows\SysWOW64\Mhpgca32.exeC:\Windows\system32\Mhpgca32.exe76⤵
-
C:\Windows\SysWOW64\Mojopk32.exeC:\Windows\system32\Mojopk32.exe77⤵
-
C:\Windows\SysWOW64\Ncjdki32.exeC:\Windows\system32\Ncjdki32.exe78⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nlcidopb.exeC:\Windows\system32\Nlcidopb.exe79⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ohncdobq.exeC:\Windows\system32\Ohncdobq.exe80⤵
-
C:\Windows\SysWOW64\Obidcdfo.exeC:\Windows\system32\Obidcdfo.exe81⤵
-
C:\Windows\SysWOW64\Ohcmpn32.exeC:\Windows\system32\Ohcmpn32.exe82⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ohhfknjf.exeC:\Windows\system32\Ohhfknjf.exe83⤵
-
C:\Windows\SysWOW64\Ooangh32.exeC:\Windows\system32\Ooangh32.exe84⤵
-
C:\Windows\SysWOW64\Pilpfm32.exeC:\Windows\system32\Pilpfm32.exe85⤵
-
C:\Windows\SysWOW64\Pofhbgmn.exeC:\Windows\system32\Pofhbgmn.exe86⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pfbmdabh.exeC:\Windows\system32\Pfbmdabh.exe87⤵
-
C:\Windows\SysWOW64\Qejfkmem.exeC:\Windows\system32\Qejfkmem.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qmckbjdl.exeC:\Windows\system32\Qmckbjdl.exe89⤵
-
C:\Windows\SysWOW64\Aeopfl32.exeC:\Windows\system32\Aeopfl32.exe90⤵
-
C:\Windows\SysWOW64\Abgjkpll.exeC:\Windows\system32\Abgjkpll.exe91⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Aiabhj32.exeC:\Windows\system32\Aiabhj32.exe92⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Acgfec32.exeC:\Windows\system32\Acgfec32.exe93⤵
-
C:\Windows\SysWOW64\Aidomjaf.exeC:\Windows\system32\Aidomjaf.exe94⤵
-
C:\Windows\SysWOW64\Bfabmmhe.exeC:\Windows\system32\Bfabmmhe.exe95⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cdgolq32.exeC:\Windows\system32\Cdgolq32.exe96⤵
-
C:\Windows\SysWOW64\Cehlcikj.exeC:\Windows\system32\Cehlcikj.exe97⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cdjlap32.exeC:\Windows\system32\Cdjlap32.exe98⤵
-
C:\Windows\SysWOW64\Cleqfb32.exeC:\Windows\system32\Cleqfb32.exe99⤵
-
C:\Windows\SysWOW64\Dbcbnlcl.exeC:\Windows\system32\Dbcbnlcl.exe100⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Epcbbohh.exeC:\Windows\system32\Epcbbohh.exe101⤵
-
C:\Windows\SysWOW64\Fdogjk32.exeC:\Windows\system32\Fdogjk32.exe102⤵
-
C:\Windows\SysWOW64\Gnjhhpgl.exeC:\Windows\system32\Gnjhhpgl.exe103⤵
-
C:\Windows\SysWOW64\Ggbmafnm.exeC:\Windows\system32\Ggbmafnm.exe104⤵
-
C:\Windows\SysWOW64\Gnanioad.exeC:\Windows\system32\Gnanioad.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gdkffi32.exeC:\Windows\system32\Gdkffi32.exe106⤵
-
C:\Windows\SysWOW64\Gflcnanp.exeC:\Windows\system32\Gflcnanp.exe107⤵
-
C:\Windows\SysWOW64\Hqddqj32.exeC:\Windows\system32\Hqddqj32.exe108⤵
-
C:\Windows\SysWOW64\Hqfqfj32.exeC:\Windows\system32\Hqfqfj32.exe109⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Iglhob32.exeC:\Windows\system32\Iglhob32.exe110⤵
-
C:\Windows\SysWOW64\Ifcben32.exeC:\Windows\system32\Ifcben32.exe111⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Imnjbhaa.exeC:\Windows\system32\Imnjbhaa.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jgcooaah.exeC:\Windows\system32\Jgcooaah.exe113⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jnocakfb.exeC:\Windows\system32\Jnocakfb.exe114⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jmgmhgig.exeC:\Windows\system32\Jmgmhgig.exe115⤵
-
C:\Windows\SysWOW64\Kjmjgk32.exeC:\Windows\system32\Kjmjgk32.exe116⤵
-
C:\Windows\SysWOW64\Knmpbi32.exeC:\Windows\system32\Knmpbi32.exe117⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lfpkhjae.exeC:\Windows\system32\Lfpkhjae.exe118⤵
-
C:\Windows\SysWOW64\Laeoec32.exeC:\Windows\system32\Laeoec32.exe119⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lhogamih.exeC:\Windows\system32\Lhogamih.exe120⤵
-
C:\Windows\SysWOW64\Loiong32.exeC:\Windows\system32\Loiong32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-