Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
22/10/2023, 17:24
General
-
Target
NEAS.93a60d14d21733dde4545dc57dbad350.exe
-
Size
227KB
-
MD5
93a60d14d21733dde4545dc57dbad350
-
SHA1
3ee0a40e781a1124e0b622a30aba8d46054cfe8d
-
SHA256
b153e3f722cbff0d81fb6f47edcb1ec688e239fd87963033bd76024353abf8f7
-
SHA512
f7799098ce85886869dbc92abf83c03907f37d992fa6609233d8935a09beb10b68b669291d0a5fe94a4eac1ca87f0db91dc7fff6ed2b9c41837b836b90ba51c2
-
SSDEEP
3072:KcUdnQWOH2OSEbHm9jqLsFmsdYXmLlcJVIZen+Vcv2JBwwRBkBnReP2+x7zqg8Kb:RUdQWOHtVbqjwszeXmr8SeNpgdyuH1l
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.93a60d14d21733dde4545dc57dbad350.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.93a60d14d21733dde4545dc57dbad350.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Boipmj32.exeC:\Windows\system32\Boipmj32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bqilgmdg.exeC:\Windows\system32\Bqilgmdg.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bcghch32.exeC:\Windows\system32\Bcghch32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bgeaifia.exeC:\Windows\system32\Bgeaifia.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cmdfgm32.exeC:\Windows\system32\Cmdfgm32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cikglnkj.exeC:\Windows\system32\Cikglnkj.exe7⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ccqkigkp.exeC:\Windows\system32\Ccqkigkp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cjjcfabm.exeC:\Windows\system32\Cjjcfabm.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cpglnhad.exeC:\Windows\system32\Cpglnhad.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Caghhk32.exeC:\Windows\system32\Caghhk32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cgcmjd32.exeC:\Windows\system32\Cgcmjd32.exe12⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dcjnoece.exeC:\Windows\system32\Dcjnoece.exe13⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Djhpgofm.exeC:\Windows\system32\Djhpgofm.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dhlpqc32.exeC:\Windows\system32\Dhlpqc32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dpgeee32.exeC:\Windows\system32\Dpgeee32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Edemkd32.exeC:\Windows\system32\Edemkd32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ehcfaboo.exeC:\Windows\system32\Ehcfaboo.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ehfcfb32.exeC:\Windows\system32\Ehfcfb32.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Afkknogn.exeC:\Windows\system32\Afkknogn.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Glldgljg.exeC:\Windows\system32\Glldgljg.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Chiigadc.exeC:\Windows\system32\Chiigadc.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gldglf32.exeC:\Windows\system32\Gldglf32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmdgikhi.exeC:\Windows\system32\Nmdgikhi.exe24⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cggimh32.exeC:\Windows\system32\Cggimh32.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Chfegk32.exeC:\Windows\system32\Chfegk32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cncnob32.exeC:\Windows\system32\Cncnob32.exe27⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Chiblk32.exeC:\Windows\system32\Chiblk32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cpdgqmnb.exeC:\Windows\system32\Cpdgqmnb.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckjknfnh.exeC:\Windows\system32\Ckjknfnh.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cogddd32.exeC:\Windows\system32\Cogddd32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dhbebj32.exeC:\Windows\system32\Dhbebj32.exe5⤵
- Executes dropped EXE
-
-
-
-
-
C:\Windows\SysWOW64\Ddifgk32.exeC:\Windows\system32\Ddifgk32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dhgonidg.exeC:\Windows\system32\Dhgonidg.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ddnobj32.exeC:\Windows\system32\Ddnobj32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ebaplnie.exeC:\Windows\system32\Ebaplnie.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ehlhih32.exeC:\Windows\system32\Ehlhih32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Edionhpn.exeC:\Windows\system32\Edionhpn.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fnbcgn32.exeC:\Windows\system32\Fnbcgn32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fgjhpcmo.exeC:\Windows\system32\Fgjhpcmo.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbplml32.exeC:\Windows\system32\Fbplml32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fgoakc32.exeC:\Windows\system32\Fgoakc32.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbdehlip.exeC:\Windows\system32\Fbdehlip.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fajbjh32.exeC:\Windows\system32\Fajbjh32.exe12⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fgcjfbed.exeC:\Windows\system32\Fgcjfbed.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ggfglb32.exeC:\Windows\system32\Ggfglb32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gnpphljo.exeC:\Windows\system32\Gnpphljo.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gghdaa32.exeC:\Windows\system32\Gghdaa32.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mjpjgj32.exeC:\Windows\system32\Mjpjgj32.exe17⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Njbgmjgl.exeC:\Windows\system32\Njbgmjgl.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Njedbjej.exeC:\Windows\system32\Njedbjej.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Noblkqca.exeC:\Windows\system32\Noblkqca.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ncpeaoih.exeC:\Windows\system32\Ncpeaoih.exe21⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nmhijd32.exeC:\Windows\system32\Nmhijd32.exe22⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Njljch32.exeC:\Windows\system32\Njljch32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ocdnln32.exeC:\Windows\system32\Ocdnln32.exe24⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Oiagde32.exeC:\Windows\system32\Oiagde32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ocgkan32.exeC:\Windows\system32\Ocgkan32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oonlfo32.exeC:\Windows\system32\Oonlfo32.exe27⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ofjqihnn.exeC:\Windows\system32\Ofjqihnn.exe28⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Opbean32.exeC:\Windows\system32\Opbean32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Omfekbdh.exeC:\Windows\system32\Omfekbdh.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Padnaq32.exeC:\Windows\system32\Padnaq32.exe31⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pfagighf.exeC:\Windows\system32\Pfagighf.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pafkgphl.exeC:\Windows\system32\Pafkgphl.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmmlla32.exeC:\Windows\system32\Pmmlla32.exe34⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pcgdhkem.exeC:\Windows\system32\Pcgdhkem.exe35⤵
-
C:\Windows\SysWOW64\Pmphaaln.exeC:\Windows\system32\Pmphaaln.exe36⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pfhmjf32.exeC:\Windows\system32\Pfhmjf32.exe37⤵
-
C:\Windows\SysWOW64\Qppaclio.exeC:\Windows\system32\Qppaclio.exe38⤵
-
C:\Windows\SysWOW64\Qjffpe32.exeC:\Windows\system32\Qjffpe32.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qapnmopa.exeC:\Windows\system32\Qapnmopa.exe40⤵
-
C:\Windows\SysWOW64\Qfmfefni.exeC:\Windows\system32\Qfmfefni.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Amfobp32.exeC:\Windows\system32\Amfobp32.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Amikgpcc.exeC:\Windows\system32\Amikgpcc.exe43⤵
-
C:\Windows\SysWOW64\Abfdpfaj.exeC:\Windows\system32\Abfdpfaj.exe44⤵
-
C:\Windows\SysWOW64\Amkhmoap.exeC:\Windows\system32\Amkhmoap.exe45⤵
-
C:\Windows\SysWOW64\Adepji32.exeC:\Windows\system32\Adepji32.exe46⤵
-
C:\Windows\SysWOW64\Aaiqcnhg.exeC:\Windows\system32\Aaiqcnhg.exe47⤵
-
C:\Windows\SysWOW64\Abjmkf32.exeC:\Windows\system32\Abjmkf32.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ampaho32.exeC:\Windows\system32\Ampaho32.exe49⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bmbnnn32.exeC:\Windows\system32\Bmbnnn32.exe50⤵
-
C:\Windows\SysWOW64\Iqgjmg32.exeC:\Windows\system32\Iqgjmg32.exe51⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Igqbiacj.exeC:\Windows\system32\Igqbiacj.exe52⤵
-
C:\Windows\SysWOW64\Ijonfmbn.exeC:\Windows\system32\Ijonfmbn.exe53⤵
-
C:\Windows\SysWOW64\Iedbcebd.exeC:\Windows\system32\Iedbcebd.exe54⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jmpgghoo.exeC:\Windows\system32\Jmpgghoo.exe55⤵
-
C:\Windows\SysWOW64\Jegohe32.exeC:\Windows\system32\Jegohe32.exe56⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jfhlpnfp.exeC:\Windows\system32\Jfhlpnfp.exe57⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jmbdmg32.exeC:\Windows\system32\Jmbdmg32.exe58⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jghhjq32.exeC:\Windows\system32\Jghhjq32.exe59⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jjfdfl32.exeC:\Windows\system32\Jjfdfl32.exe60⤵
-
C:\Windows\SysWOW64\Jelhcd32.exeC:\Windows\system32\Jelhcd32.exe61⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jndmlj32.exeC:\Windows\system32\Jndmlj32.exe62⤵
-
C:\Windows\SysWOW64\Knifging.exeC:\Windows\system32\Knifging.exe63⤵
-
C:\Windows\SysWOW64\Kceoppmo.exeC:\Windows\system32\Kceoppmo.exe64⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kmncif32.exeC:\Windows\system32\Kmncif32.exe65⤵
-
C:\Windows\SysWOW64\Khcgfo32.exeC:\Windows\system32\Khcgfo32.exe66⤵
-
C:\Windows\SysWOW64\Knmpbi32.exeC:\Windows\system32\Knmpbi32.exe67⤵
-
C:\Windows\SysWOW64\Kallod32.exeC:\Windows\system32\Kallod32.exe68⤵
-
C:\Windows\SysWOW64\Khfdlnab.exeC:\Windows\system32\Khfdlnab.exe69⤵
-
C:\Windows\SysWOW64\Kfidgk32.exeC:\Windows\system32\Kfidgk32.exe70⤵
-
C:\Windows\SysWOW64\Kmbmdeoj.exeC:\Windows\system32\Kmbmdeoj.exe71⤵
-
C:\Windows\SysWOW64\Khhaanop.exeC:\Windows\system32\Khhaanop.exe72⤵
-
C:\Windows\SysWOW64\Kjfmminc.exeC:\Windows\system32\Kjfmminc.exe73⤵
-
C:\Windows\SysWOW64\Kmeiie32.exeC:\Windows\system32\Kmeiie32.exe74⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lelajb32.exeC:\Windows\system32\Lelajb32.exe75⤵
-
C:\Windows\SysWOW64\Lfmnbjcg.exeC:\Windows\system32\Lfmnbjcg.exe76⤵
-
C:\Windows\SysWOW64\Lndfchdj.exeC:\Windows\system32\Lndfchdj.exe77⤵
-
C:\Windows\SysWOW64\Lennpb32.exeC:\Windows\system32\Lennpb32.exe78⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ljkghi32.exeC:\Windows\system32\Ljkghi32.exe79⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Laeoec32.exeC:\Windows\system32\Laeoec32.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ldckan32.exeC:\Windows\system32\Ldckan32.exe81⤵
-
C:\Windows\SysWOW64\Laglkb32.exeC:\Windows\system32\Laglkb32.exe82⤵
-
C:\Windows\SysWOW64\Lhadgmge.exeC:\Windows\system32\Lhadgmge.exe83⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lokldg32.exeC:\Windows\system32\Lokldg32.exe84⤵
-
C:\Windows\SysWOW64\Lajhpbme.exeC:\Windows\system32\Lajhpbme.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ldhdlnli.exeC:\Windows\system32\Ldhdlnli.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lkbmih32.exeC:\Windows\system32\Lkbmih32.exe87⤵
-
C:\Windows\SysWOW64\Maoakaip.exeC:\Windows\system32\Maoakaip.exe88⤵
-
C:\Windows\SysWOW64\Mgkjch32.exeC:\Windows\system32\Mgkjch32.exe89⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Maaoaa32.exeC:\Windows\system32\Maaoaa32.exe90⤵
-
C:\Windows\SysWOW64\Meoggpmd.exeC:\Windows\system32\Meoggpmd.exe91⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mdddhlbl.exeC:\Windows\system32\Mdddhlbl.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nmlhaa32.exeC:\Windows\system32\Nmlhaa32.exe93⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Necqbo32.exeC:\Windows\system32\Necqbo32.exe94⤵
-
C:\Windows\SysWOW64\Nhbmnj32.exeC:\Windows\system32\Nhbmnj32.exe95⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Najagp32.exeC:\Windows\system32\Najagp32.exe96⤵
-
C:\Windows\SysWOW64\Ndinck32.exeC:\Windows\system32\Ndinck32.exe97⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Nggjog32.exeC:\Windows\system32\Nggjog32.exe98⤵
-
C:\Windows\SysWOW64\Nonbqd32.exeC:\Windows\system32\Nonbqd32.exe99⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ndkjik32.exeC:\Windows\system32\Ndkjik32.exe100⤵
-
C:\Windows\SysWOW64\Nkebee32.exeC:\Windows\system32\Nkebee32.exe101⤵
-
C:\Windows\SysWOW64\Nncoaq32.exeC:\Windows\system32\Nncoaq32.exe102⤵
-
C:\Windows\SysWOW64\Nejgbn32.exeC:\Windows\system32\Nejgbn32.exe103⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nglcjfie.exeC:\Windows\system32\Nglcjfie.exe104⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ndpcdjho.exeC:\Windows\system32\Ndpcdjho.exe105⤵
-
C:\Windows\SysWOW64\Nkjlqd32.exeC:\Windows\system32\Nkjlqd32.exe106⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Onhhmpoo.exeC:\Windows\system32\Onhhmpoo.exe107⤵
-
C:\Windows\SysWOW64\Odbpij32.exeC:\Windows\system32\Odbpij32.exe108⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oklifdmi.exeC:\Windows\system32\Oklifdmi.exe109⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Okneldkf.exeC:\Windows\system32\Okneldkf.exe110⤵
-
C:\Windows\SysWOW64\Oahnhncc.exeC:\Windows\system32\Oahnhncc.exe111⤵
-
C:\Windows\SysWOW64\Odgjdibf.exeC:\Windows\system32\Odgjdibf.exe112⤵
-
C:\Windows\SysWOW64\Ogefqeaj.exeC:\Windows\system32\Ogefqeaj.exe113⤵
-
C:\Windows\SysWOW64\Oakjnnap.exeC:\Windows\system32\Oakjnnap.exe114⤵
-
C:\Windows\SysWOW64\Odifjipd.exeC:\Windows\system32\Odifjipd.exe115⤵
-
C:\Windows\SysWOW64\Okcogc32.exeC:\Windows\system32\Okcogc32.exe116⤵
-
C:\Windows\SysWOW64\Oamgcm32.exeC:\Windows\system32\Oamgcm32.exe117⤵
-
C:\Windows\SysWOW64\Ogjpld32.exeC:\Windows\system32\Ogjpld32.exe118⤵
-
C:\Windows\SysWOW64\Pndhhnda.exeC:\Windows\system32\Pndhhnda.exe119⤵
-
C:\Windows\SysWOW64\Pfkpiled.exeC:\Windows\system32\Pfkpiled.exe120⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pgllad32.exeC:\Windows\system32\Pgllad32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-