Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
12/10/2023, 19:13
General
-
Target
1185a12cc2e16658527b9c39908e869b_JC.exe
-
Size
96KB
-
MD5
1185a12cc2e16658527b9c39908e869b
-
SHA1
67fd13c681628742b3a5057716b6fa35aa25015c
-
SHA256
1cd6003770e4b53d28e2278e9a96335a65bce228306662e955c85d4a8dc57940
-
SHA512
a8ea254135b7daed53b7c0b62ddc8b824f93af5aaddcb207022903c661b87d48035d7284f34efaa32f0d2bc228a502ce85a941563d0dcc75f3caad6067482a52
-
SSDEEP
1536:JJvAFd+pZs//wssG7n7NzpakBSckE2eIhxduV9jojTIvjrH:JJ40sgC77NzplWeIhxd69jc0vf
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1185a12cc2e16658527b9c39908e869b_JC.exe"C:\Users\Admin\AppData\Local\Temp\1185a12cc2e16658527b9c39908e869b_JC.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kahojc32.exeC:\Windows\system32\Kahojc32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kpmlkp32.exeC:\Windows\system32\Kpmlkp32.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kblhgk32.exeC:\Windows\system32\Kblhgk32.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
-
-
-
C:\Windows\SysWOW64\Kifpdelo.exeC:\Windows\system32\Kifpdelo.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lemaif32.exeC:\Windows\system32\Lemaif32.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\Llfifq32.exeC:\Windows\system32\Llfifq32.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lijjoe32.exeC:\Windows\system32\Lijjoe32.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Leajdfnm.exeC:\Windows\system32\Leajdfnm.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Llkbap32.exeC:\Windows\system32\Llkbap32.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lbeknj32.exeC:\Windows\system32\Lbeknj32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ldfgebbe.exeC:\Windows\system32\Ldfgebbe.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lajhofao.exeC:\Windows\system32\Lajhofao.exe7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mhdplq32.exeC:\Windows\system32\Mhdplq32.exe8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mmahdggc.exeC:\Windows\system32\Mmahdggc.exe9⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mgimmm32.exeC:\Windows\system32\Mgimmm32.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mpbaebdd.exeC:\Windows\system32\Mpbaebdd.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Mgljbm32.exeC:\Windows\system32\Mgljbm32.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Mmfbogcn.exeC:\Windows\system32\Mmfbogcn.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Mcbjgn32.exeC:\Windows\system32\Mcbjgn32.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Mimbdhhb.exeC:\Windows\system32\Mimbdhhb.exe15⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Nialog32.exeC:\Windows\system32\Nialog32.exe16⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Namqci32.exeC:\Windows\system32\Namqci32.exe17⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ndkmpe32.exeC:\Windows\system32\Ndkmpe32.exe18⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Noqamn32.exeC:\Windows\system32\Noqamn32.exe19⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Nejiih32.exeC:\Windows\system32\Nejiih32.exe20⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Nkgbbo32.exeC:\Windows\system32\Nkgbbo32.exe21⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Naajoinb.exeC:\Windows\system32\Naajoinb.exe22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Nhkbkc32.exeC:\Windows\system32\Nhkbkc32.exe23⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Nkiogn32.exeC:\Windows\system32\Nkiogn32.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Odkgec32.exeC:\Windows\system32\Odkgec32.exe14⤵
-
C:\Windows\SysWOW64\Onqkclni.exeC:\Windows\system32\Onqkclni.exe15⤵
-
C:\Windows\SysWOW64\Oejcpf32.exeC:\Windows\system32\Oejcpf32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Nlcibc32.exeC:\Windows\system32\Nlcibc32.exe10⤵
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Npfgpe32.exeC:\Windows\system32\Npfgpe32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Oklkmnbp.exeC:\Windows\system32\Oklkmnbp.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Oqideepg.exeC:\Windows\system32\Oqideepg.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ojahnj32.exeC:\Windows\system32\Ojahnj32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oqkqkdne.exeC:\Windows\system32\Oqkqkdne.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ojcecjee.exeC:\Windows\system32\Ojcecjee.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oqmmpd32.exeC:\Windows\system32\Oqmmpd32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Obojhlbq.exeC:\Windows\system32\Obojhlbq.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ohibdf32.exeC:\Windows\system32\Ohibdf32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Obafnlpn.exeC:\Windows\system32\Obafnlpn.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ofmbnkhg.exeC:\Windows\system32\Ofmbnkhg.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Okikfagn.exeC:\Windows\system32\Okikfagn.exe12⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Onhgbmfb.exeC:\Windows\system32\Onhgbmfb.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdaoog32.exeC:\Windows\system32\Pdaoog32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pgplkb32.exeC:\Windows\system32\Pgplkb32.exe15⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pnjdhmdo.exeC:\Windows\system32\Pnjdhmdo.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pqhpdhcc.exeC:\Windows\system32\Pqhpdhcc.exe17⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pgbhabjp.exeC:\Windows\system32\Pgbhabjp.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pjadmnic.exeC:\Windows\system32\Pjadmnic.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pefijfii.exeC:\Windows\system32\Pefijfii.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pkpagq32.exeC:\Windows\system32\Pkpagq32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmanoifd.exeC:\Windows\system32\Pmanoifd.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Peiepfgg.exeC:\Windows\system32\Peiepfgg.exe23⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pggbla32.exeC:\Windows\system32\Pggbla32.exe24⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pnajilng.exeC:\Windows\system32\Pnajilng.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Papfegmk.exeC:\Windows\system32\Papfegmk.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pcnbablo.exeC:\Windows\system32\Pcnbablo.exe27⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pjhknm32.exeC:\Windows\system32\Pjhknm32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qabcjgkh.exeC:\Windows\system32\Qabcjgkh.exe29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qfokbnip.exeC:\Windows\system32\Qfokbnip.exe30⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Qimhoi32.exeC:\Windows\system32\Qimhoi32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qcbllb32.exeC:\Windows\system32\Qcbllb32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qedhdjnh.exeC:\Windows\system32\Qedhdjnh.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Afcenm32.exeC:\Windows\system32\Afcenm32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aefeijle.exeC:\Windows\system32\Aefeijle.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aplifb32.exeC:\Windows\system32\Aplifb32.exe36⤵
-
C:\Windows\SysWOW64\Abjebn32.exeC:\Windows\system32\Abjebn32.exe37⤵
-
C:\Windows\SysWOW64\Aidnohbk.exeC:\Windows\system32\Aidnohbk.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Albjlcao.exeC:\Windows\system32\Albjlcao.exe39⤵
-
C:\Windows\SysWOW64\Anafhopc.exeC:\Windows\system32\Anafhopc.exe40⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aekodi32.exeC:\Windows\system32\Aekodi32.exe41⤵
-
C:\Windows\SysWOW64\Alegac32.exeC:\Windows\system32\Alegac32.exe42⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Anccmo32.exeC:\Windows\system32\Anccmo32.exe43⤵
-
C:\Windows\SysWOW64\Aemkjiem.exeC:\Windows\system32\Aemkjiem.exe44⤵
-
C:\Windows\SysWOW64\Adpkee32.exeC:\Windows\system32\Adpkee32.exe45⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ajjcbpdd.exeC:\Windows\system32\Ajjcbpdd.exe46⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aadloj32.exeC:\Windows\system32\Aadloj32.exe47⤵
-
C:\Windows\SysWOW64\Bhndldcn.exeC:\Windows\system32\Bhndldcn.exe48⤵
-
C:\Windows\SysWOW64\Bioqclil.exeC:\Windows\system32\Bioqclil.exe49⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bpiipf32.exeC:\Windows\system32\Bpiipf32.exe50⤵
-
C:\Windows\SysWOW64\Bfcampgf.exeC:\Windows\system32\Bfcampgf.exe51⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Clilkfnb.exeC:\Windows\system32\Clilkfnb.exe52⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Chpmpg32.exeC:\Windows\system32\Chpmpg32.exe53⤵
-
C:\Windows\SysWOW64\Ckoilb32.exeC:\Windows\system32\Ckoilb32.exe54⤵
-
C:\Windows\SysWOW64\Cahail32.exeC:\Windows\system32\Cahail32.exe55⤵
-
C:\Windows\SysWOW64\Cdgneh32.exeC:\Windows\system32\Cdgneh32.exe56⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cgejac32.exeC:\Windows\system32\Cgejac32.exe57⤵
-
C:\Windows\SysWOW64\Caknol32.exeC:\Windows\system32\Caknol32.exe58⤵
-
C:\Windows\SysWOW64\Cclkfdnc.exeC:\Windows\system32\Cclkfdnc.exe59⤵
-
C:\Windows\SysWOW64\Cjfccn32.exeC:\Windows\system32\Cjfccn32.exe60⤵
-
C:\Windows\SysWOW64\Cldooj32.exeC:\Windows\system32\Cldooj32.exe61⤵
-
C:\Windows\SysWOW64\Ccngld32.exeC:\Windows\system32\Ccngld32.exe62⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Djhphncm.exeC:\Windows\system32\Djhphncm.exe63⤵
-
C:\Windows\SysWOW64\Dpbheh32.exeC:\Windows\system32\Dpbheh32.exe64⤵
-
C:\Windows\SysWOW64\Dcadac32.exeC:\Windows\system32\Dcadac32.exe65⤵
-
C:\Windows\SysWOW64\Djklnnaj.exeC:\Windows\system32\Djklnnaj.exe66⤵
-
C:\Windows\SysWOW64\Dliijipn.exeC:\Windows\system32\Dliijipn.exe67⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dbfabp32.exeC:\Windows\system32\Dbfabp32.exe68⤵
-
C:\Windows\SysWOW64\Djmicm32.exeC:\Windows\system32\Djmicm32.exe69⤵
-
C:\Windows\SysWOW64\Dlkepi32.exeC:\Windows\system32\Dlkepi32.exe70⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Dcenlceh.exeC:\Windows\system32\Dcenlceh.exe71⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ddgjdk32.exeC:\Windows\system32\Ddgjdk32.exe72⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dkqbaecc.exeC:\Windows\system32\Dkqbaecc.exe73⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dnoomqbg.exeC:\Windows\system32\Dnoomqbg.exe74⤵
-
C:\Windows\SysWOW64\Ddigjkid.exeC:\Windows\system32\Ddigjkid.exe75⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dkcofe32.exeC:\Windows\system32\Dkcofe32.exe76⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Eqpgol32.exeC:\Windows\system32\Eqpgol32.exe77⤵
-
C:\Windows\SysWOW64\Ehgppi32.exeC:\Windows\system32\Ehgppi32.exe78⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ejhlgaeh.exeC:\Windows\system32\Ejhlgaeh.exe79⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ebodiofk.exeC:\Windows\system32\Ebodiofk.exe80⤵
-
C:\Windows\SysWOW64\Ednpej32.exeC:\Windows\system32\Ednpej32.exe81⤵
-
C:\Windows\SysWOW64\Ekhhadmk.exeC:\Windows\system32\Ekhhadmk.exe82⤵
-
C:\Windows\SysWOW64\Eqdajkkb.exeC:\Windows\system32\Eqdajkkb.exe83⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Egoife32.exeC:\Windows\system32\Egoife32.exe84⤵
-
C:\Windows\SysWOW64\Enhacojl.exeC:\Windows\system32\Enhacojl.exe85⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Eojnkg32.exeC:\Windows\system32\Eojnkg32.exe86⤵
-
C:\Windows\SysWOW64\Efcfga32.exeC:\Windows\system32\Efcfga32.exe87⤵
-
C:\Windows\SysWOW64\Emnndlod.exeC:\Windows\system32\Emnndlod.exe88⤵
-
C:\Windows\SysWOW64\Echfaf32.exeC:\Windows\system32\Echfaf32.exe89⤵
-
C:\Windows\SysWOW64\Effcma32.exeC:\Windows\system32\Effcma32.exe90⤵
-
C:\Windows\SysWOW64\Fmpkjkma.exeC:\Windows\system32\Fmpkjkma.exe91⤵
-
C:\Windows\SysWOW64\Fpngfgle.exeC:\Windows\system32\Fpngfgle.exe92⤵
-
C:\Windows\SysWOW64\Ffhpbacb.exeC:\Windows\system32\Ffhpbacb.exe93⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Flehkhai.exeC:\Windows\system32\Flehkhai.exe94⤵
-
C:\Windows\SysWOW64\Fncdgcqm.exeC:\Windows\system32\Fncdgcqm.exe95⤵
-
C:\Windows\SysWOW64\Ffklhqao.exeC:\Windows\system32\Ffklhqao.exe96⤵
-
C:\Windows\SysWOW64\Fglipi32.exeC:\Windows\system32\Fglipi32.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fepiimfg.exeC:\Windows\system32\Fepiimfg.exe98⤵
-
C:\Windows\SysWOW64\Fljafg32.exeC:\Windows\system32\Fljafg32.exe99⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fnhnbb32.exeC:\Windows\system32\Fnhnbb32.exe100⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fagjnn32.exeC:\Windows\system32\Fagjnn32.exe101⤵
-
C:\Windows\SysWOW64\Fhqbkhch.exeC:\Windows\system32\Fhqbkhch.exe102⤵
-
C:\Windows\SysWOW64\Fjongcbl.exeC:\Windows\system32\Fjongcbl.exe103⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fnkjhb32.exeC:\Windows\system32\Fnkjhb32.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gedbdlbb.exeC:\Windows\system32\Gedbdlbb.exe105⤵
-
C:\Windows\SysWOW64\Gffoldhp.exeC:\Windows\system32\Gffoldhp.exe106⤵
-
C:\Windows\SysWOW64\Gmpgio32.exeC:\Windows\system32\Gmpgio32.exe107⤵
-
C:\Windows\SysWOW64\Gdjpeifj.exeC:\Windows\system32\Gdjpeifj.exe108⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gjdhbc32.exeC:\Windows\system32\Gjdhbc32.exe109⤵
-
C:\Windows\SysWOW64\Gmbdnn32.exeC:\Windows\system32\Gmbdnn32.exe110⤵
-
C:\Windows\SysWOW64\Gdllkhdg.exeC:\Windows\system32\Gdllkhdg.exe111⤵
-
C:\Windows\SysWOW64\Gjfdhbld.exeC:\Windows\system32\Gjfdhbld.exe112⤵
-
C:\Windows\SysWOW64\Gmdadnkh.exeC:\Windows\system32\Gmdadnkh.exe113⤵
-
C:\Windows\SysWOW64\Glgaok32.exeC:\Windows\system32\Glgaok32.exe114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gbaileio.exeC:\Windows\system32\Gbaileio.exe115⤵
-
C:\Windows\SysWOW64\Gikaio32.exeC:\Windows\system32\Gikaio32.exe116⤵
-
C:\Windows\SysWOW64\Gpejeihi.exeC:\Windows\system32\Gpejeihi.exe117⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gbcfadgl.exeC:\Windows\system32\Gbcfadgl.exe118⤵
-
C:\Windows\SysWOW64\Gebbnpfp.exeC:\Windows\system32\Gebbnpfp.exe119⤵
-
C:\Windows\SysWOW64\Hlljjjnm.exeC:\Windows\system32\Hlljjjnm.exe120⤵
-
C:\Windows\SysWOW64\Hojgfemq.exeC:\Windows\system32\Hojgfemq.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-