Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
14/10/2023, 14:46
General
-
Target
NEAS.20d599c1600e32a9d963c31e5e9bf1e0_JC.exe
-
Size
304KB
-
MD5
20d599c1600e32a9d963c31e5e9bf1e0
-
SHA1
a18bc6cb83841ad1b888237a7c00566eed48ff2e
-
SHA256
ef0e6e0c21fe2ed4d44c2da13b164b588b60d4b30df6b4c9bc1ae819d7ad525b
-
SHA512
a3f4ad88f3444478435d8170a4027e0bf2b390462f83f9f010a44577bc3f57504febccbafc83e2bb1f32f1ea8452e453e4c8bf270503e090b1e267442ee9fc9c
-
SSDEEP
3072:y8fCfOR/xMyC2eWejz+k5rD0LZSnulc0VP7SnHjg:vzhxMy2WEKIrD0Lu
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.20d599c1600e32a9d963c31e5e9bf1e0_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.20d599c1600e32a9d963c31e5e9bf1e0_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ldoaklml.exeC:\Windows\system32\Ldoaklml.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lljfpnjg.exeC:\Windows\system32\Lljfpnjg.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lgokmgjm.exeC:\Windows\system32\Lgokmgjm.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mdckfk32.exeC:\Windows\system32\Mdckfk32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mpjlklok.exeC:\Windows\system32\Mpjlklok.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mdhdajea.exeC:\Windows\system32\Mdhdajea.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mlcifmbl.exeC:\Windows\system32\Mlcifmbl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mmbfpp32.exeC:\Windows\system32\Mmbfpp32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mnebeogl.exeC:\Windows\system32\Mnebeogl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ngmgne32.exeC:\Windows\system32\Ngmgne32.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nebdoa32.exeC:\Windows\system32\Nebdoa32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nlmllkja.exeC:\Windows\system32\Nlmllkja.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ngbpidjh.exeC:\Windows\system32\Ngbpidjh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nfgmjqop.exeC:\Windows\system32\Nfgmjqop.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Npmagine.exeC:\Windows\system32\Npmagine.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Olcbmj32.exeC:\Windows\system32\Olcbmj32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oflgep32.exeC:\Windows\system32\Oflgep32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Opakbi32.exeC:\Windows\system32\Opakbi32.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ofnckp32.exeC:\Windows\system32\Ofnckp32.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Opdghh32.exeC:\Windows\system32\Opdghh32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Ofqpqo32.exeC:\Windows\system32\Ofqpqo32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oqhacgdh.exeC:\Windows\system32\Oqhacgdh.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pnlaml32.exeC:\Windows\system32\Pnlaml32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pfhfan32.exeC:\Windows\system32\Pfhfan32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pggbkagp.exeC:\Windows\system32\Pggbkagp.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdkcde32.exeC:\Windows\system32\Pdkcde32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmfhig32.exeC:\Windows\system32\Pmfhig32.exe7⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gjfnedho.exeC:\Windows\system32\Gjfnedho.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gpcfmkff.exeC:\Windows\system32\Gpcfmkff.exe9⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mgclpkac.exeC:\Windows\system32\Mgclpkac.exe10⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Mnpabe32.exeC:\Windows\system32\Mnpabe32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nclikl32.exeC:\Windows\system32\Nclikl32.exe2⤵
- Executes dropped EXE
- Modifies registry class
-
-
C:\Windows\SysWOW64\Nnbnhedj.exeC:\Windows\system32\Nnbnhedj.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ncofplba.exeC:\Windows\system32\Ncofplba.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nndjndbh.exeC:\Windows\system32\Nndjndbh.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ennqfenp.exeC:\Windows\system32\Ennqfenp.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eehicoel.exeC:\Windows\system32\Eehicoel.exe5⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Epmmqheb.exeC:\Windows\system32\Epmmqheb.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eblimcdf.exeC:\Windows\system32\Eblimcdf.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eifaim32.exeC:\Windows\system32\Eifaim32.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ekdnei32.exeC:\Windows\system32\Ekdnei32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fihnomjp.exeC:\Windows\system32\Fihnomjp.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nggnadib.exeC:\Windows\system32\Nggnadib.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmdgikhi.exeC:\Windows\system32\Nmdgikhi.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nflkbanj.exeC:\Windows\system32\Nflkbanj.exe13⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nmfcok32.exeC:\Windows\system32\Nmfcok32.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nnfpinmi.exeC:\Windows\system32\Nnfpinmi.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ojajin32.exeC:\Windows\system32\Ojajin32.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Edbiniff.exeC:\Windows\system32\Edbiniff.exe17⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eklajcmc.exeC:\Windows\system32\Eklajcmc.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ebfign32.exeC:\Windows\system32\Ebfign32.exe19⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ehpadhll.exeC:\Windows\system32\Ehpadhll.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbmohmoh.exeC:\Windows\system32\Fbmohmoh.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fdlkdhnk.exeC:\Windows\system32\Fdlkdhnk.exe22⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fkfcqb32.exeC:\Windows\system32\Fkfcqb32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fqbliicp.exeC:\Windows\system32\Fqbliicp.exe24⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fgmdec32.exeC:\Windows\system32\Fgmdec32.exe25⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fqeioiam.exeC:\Windows\system32\Fqeioiam.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fofilp32.exeC:\Windows\system32\Fofilp32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fqgedh32.exeC:\Windows\system32\Fqgedh32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fkmjaa32.exeC:\Windows\system32\Fkmjaa32.exe29⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fajbjh32.exeC:\Windows\system32\Fajbjh32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gegkpf32.exeC:\Windows\system32\Gegkpf32.exe31⤵
-
C:\Windows\SysWOW64\Gpmomo32.exeC:\Windows\system32\Gpmomo32.exe32⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gbkkik32.exeC:\Windows\system32\Gbkkik32.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gghdaa32.exeC:\Windows\system32\Gghdaa32.exe34⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gaqhjggp.exeC:\Windows\system32\Gaqhjggp.exe35⤵
-
C:\Windows\SysWOW64\Glfmgp32.exeC:\Windows\system32\Glfmgp32.exe36⤵
-
C:\Windows\SysWOW64\Gacepg32.exeC:\Windows\system32\Gacepg32.exe37⤵
-
C:\Windows\SysWOW64\Gpdennml.exeC:\Windows\system32\Gpdennml.exe38⤵
-
C:\Windows\SysWOW64\Giljfddl.exeC:\Windows\system32\Giljfddl.exe39⤵
-
C:\Windows\SysWOW64\Hlkfbocp.exeC:\Windows\system32\Hlkfbocp.exe40⤵
-
C:\Windows\SysWOW64\Hecjke32.exeC:\Windows\system32\Hecjke32.exe41⤵
-
C:\Windows\SysWOW64\Hlmchoan.exeC:\Windows\system32\Hlmchoan.exe42⤵
-
C:\Windows\SysWOW64\Hajkqfoe.exeC:\Windows\system32\Hajkqfoe.exe43⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hpkknmgd.exeC:\Windows\system32\Hpkknmgd.exe44⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hpmhdmea.exeC:\Windows\system32\Hpmhdmea.exe45⤵
-
C:\Windows\SysWOW64\Hppeim32.exeC:\Windows\system32\Hppeim32.exe46⤵
-
C:\Windows\SysWOW64\Iijfhbhl.exeC:\Windows\system32\Iijfhbhl.exe47⤵
-
C:\Windows\SysWOW64\Iogopi32.exeC:\Windows\system32\Iogopi32.exe48⤵
-
C:\Windows\SysWOW64\Iimcma32.exeC:\Windows\system32\Iimcma32.exe49⤵
-
C:\Windows\SysWOW64\Ilkoim32.exeC:\Windows\system32\Ilkoim32.exe50⤵
-
C:\Windows\SysWOW64\Iahgad32.exeC:\Windows\system32\Iahgad32.exe51⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iehmmb32.exeC:\Windows\system32\Iehmmb32.exe52⤵
-
C:\Windows\SysWOW64\Jaonbc32.exeC:\Windows\system32\Jaonbc32.exe53⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jppnpjel.exeC:\Windows\system32\Jppnpjel.exe54⤵
-
C:\Windows\SysWOW64\Jaajhb32.exeC:\Windows\system32\Jaajhb32.exe55⤵
-
C:\Windows\SysWOW64\Jlgoek32.exeC:\Windows\system32\Jlgoek32.exe56⤵
-
C:\Windows\SysWOW64\Jadgnb32.exeC:\Windows\system32\Jadgnb32.exe57⤵
-
C:\Windows\SysWOW64\Ibbcfa32.exeC:\Windows\system32\Ibbcfa32.exe58⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ilkhog32.exeC:\Windows\system32\Ilkhog32.exe59⤵
-
C:\Windows\SysWOW64\Iagqgn32.exeC:\Windows\system32\Iagqgn32.exe60⤵
-
C:\Windows\SysWOW64\Iajmmm32.exeC:\Windows\system32\Iajmmm32.exe61⤵
-
C:\Windows\SysWOW64\Jnpjlajn.exeC:\Windows\system32\Jnpjlajn.exe62⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jblflp32.exeC:\Windows\system32\Jblflp32.exe63⤵
-
C:\Windows\SysWOW64\Jldkeeig.exeC:\Windows\system32\Jldkeeig.exe64⤵
-
C:\Windows\SysWOW64\Jelonkph.exeC:\Windows\system32\Jelonkph.exe65⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jbppgona.exeC:\Windows\system32\Jbppgona.exe66⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jdalog32.exeC:\Windows\system32\Jdalog32.exe67⤵
-
C:\Windows\SysWOW64\Jjkdlall.exeC:\Windows\system32\Jjkdlall.exe68⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jddiegbm.exeC:\Windows\system32\Jddiegbm.exe69⤵
-
C:\Windows\SysWOW64\Kahinkaf.exeC:\Windows\system32\Kahinkaf.exe70⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Khabke32.exeC:\Windows\system32\Khabke32.exe71⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kajfdk32.exeC:\Windows\system32\Kajfdk32.exe72⤵
-
C:\Windows\SysWOW64\Kefbdjgm.exeC:\Windows\system32\Kefbdjgm.exe73⤵
-
C:\Windows\SysWOW64\Kkbkmqed.exeC:\Windows\system32\Kkbkmqed.exe74⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kehojiej.exeC:\Windows\system32\Kehojiej.exe75⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Kkegbpca.exeC:\Windows\system32\Kkegbpca.exe76⤵
-
C:\Windows\SysWOW64\Kblpcndd.exeC:\Windows\system32\Kblpcndd.exe77⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kocphojh.exeC:\Windows\system32\Kocphojh.exe78⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Khkdad32.exeC:\Windows\system32\Khkdad32.exe79⤵
-
C:\Windows\SysWOW64\Lbqinm32.exeC:\Windows\system32\Lbqinm32.exe80⤵
-
C:\Windows\SysWOW64\Logicn32.exeC:\Windows\system32\Logicn32.exe81⤵
-
C:\Windows\SysWOW64\Leabphmp.exeC:\Windows\system32\Leabphmp.exe82⤵
-
C:\Windows\SysWOW64\Llkjmb32.exeC:\Windows\system32\Llkjmb32.exe83⤵
-
C:\Windows\SysWOW64\Lbebilli.exeC:\Windows\system32\Lbebilli.exe84⤵
-
C:\Windows\SysWOW64\Lhbkac32.exeC:\Windows\system32\Lhbkac32.exe85⤵
-
C:\Windows\SysWOW64\Lkqgno32.exeC:\Windows\system32\Lkqgno32.exe86⤵
-
C:\Windows\SysWOW64\Lefkkg32.exeC:\Windows\system32\Lefkkg32.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Lamlphoo.exeC:\Windows\system32\Lamlphoo.exe88⤵
-
C:\Windows\SysWOW64\Mkepineo.exeC:\Windows\system32\Mkepineo.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Maoifh32.exeC:\Windows\system32\Maoifh32.exe90⤵
-
C:\Windows\SysWOW64\Mhiabbdi.exeC:\Windows\system32\Mhiabbdi.exe91⤵
-
C:\Windows\SysWOW64\Mociol32.exeC:\Windows\system32\Mociol32.exe92⤵
-
C:\Windows\SysWOW64\Mhknhabf.exeC:\Windows\system32\Mhknhabf.exe93⤵
-
C:\Windows\SysWOW64\Moefdljc.exeC:\Windows\system32\Moefdljc.exe94⤵
-
C:\Windows\SysWOW64\Mhnjna32.exeC:\Windows\system32\Mhnjna32.exe95⤵
-
C:\Windows\SysWOW64\Mccokj32.exeC:\Windows\system32\Mccokj32.exe96⤵
-
C:\Windows\SysWOW64\Mddkbbfg.exeC:\Windows\system32\Mddkbbfg.exe97⤵
-
C:\Windows\SysWOW64\Mkocol32.exeC:\Windows\system32\Mkocol32.exe98⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mahklf32.exeC:\Windows\system32\Mahklf32.exe99⤵
-
C:\Windows\SysWOW64\Nhbciqln.exeC:\Windows\system32\Nhbciqln.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nomlek32.exeC:\Windows\system32\Nomlek32.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nefdbekh.exeC:\Windows\system32\Nefdbekh.exe102⤵
-
C:\Windows\SysWOW64\Ncjdki32.exeC:\Windows\system32\Ncjdki32.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ndnnianm.exeC:\Windows\system32\Ndnnianm.exe104⤵
-
C:\Windows\SysWOW64\Nkhfek32.exeC:\Windows\system32\Nkhfek32.exe105⤵
-
C:\Windows\SysWOW64\Nfnjbdep.exeC:\Windows\system32\Nfnjbdep.exe106⤵
-
C:\Windows\SysWOW64\Nbdkhe32.exeC:\Windows\system32\Nbdkhe32.exe107⤵
-
C:\Windows\SysWOW64\Oljoen32.exeC:\Windows\system32\Oljoen32.exe108⤵
-
C:\Windows\SysWOW64\Ofbdncaj.exeC:\Windows\system32\Ofbdncaj.exe109⤵
-
C:\Windows\SysWOW64\Ohqpjo32.exeC:\Windows\system32\Ohqpjo32.exe110⤵
-
C:\Windows\SysWOW64\Ocfdgg32.exeC:\Windows\system32\Ocfdgg32.exe111⤵
-
C:\Windows\SysWOW64\Odgqopeb.exeC:\Windows\system32\Odgqopeb.exe112⤵
-
C:\Windows\SysWOW64\Okailj32.exeC:\Windows\system32\Okailj32.exe113⤵
-
C:\Windows\SysWOW64\Ofgmib32.exeC:\Windows\system32\Ofgmib32.exe114⤵
-
C:\Windows\SysWOW64\Oheienli.exeC:\Windows\system32\Oheienli.exe115⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ocknbglo.exeC:\Windows\system32\Ocknbglo.exe116⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pkholi32.exeC:\Windows\system32\Pkholi32.exe117⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pilpfm32.exeC:\Windows\system32\Pilpfm32.exe118⤵
-
C:\Windows\SysWOW64\Pbddobla.exeC:\Windows\system32\Pbddobla.exe119⤵
-
C:\Windows\SysWOW64\Pmjhlklg.exeC:\Windows\system32\Pmjhlklg.exe120⤵
-
C:\Windows\SysWOW64\Pkabbgol.exeC:\Windows\system32\Pkabbgol.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-