Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
167s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
11/11/2023, 05:00
General
-
Target
NEAS.3648de129b3b5bf389ca3bd333655110.exe
-
Size
109KB
-
MD5
3648de129b3b5bf389ca3bd333655110
-
SHA1
bc04de4f1d582ef8c69ac38f2cc7f19c8632cdf4
-
SHA256
91a6c510db0e99ce12c28e85573001684ec23c62aea18166b27ad56d075ac5c8
-
SHA512
52b0ecfc1bbd7074a52d8445f20cca470bd76b3e1593682b46a9bc6f8920b25d92ed9d3014019b1d64f68e2ba8255bbcdba2c283665aeae9aab94cd43387feac
-
SSDEEP
3072:axJQ7TWO+29ZskoJ9HLCqwzBu1DjHLMVDqqkSpR:VTWrCuJ97wtu1DjrFqhz
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Malware Backdoor - Berbew 64 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.3648de129b3b5bf389ca3bd333655110.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.3648de129b3b5bf389ca3bd333655110.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dbckcf32.exeC:\Windows\system32\Dbckcf32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gohapb32.exeC:\Windows\system32\Gohapb32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ginenk32.exeC:\Windows\system32\Ginenk32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hcaibo32.exeC:\Windows\system32\Hcaibo32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
C:\Windows\SysWOW64\Ijlkfg32.exeC:\Windows\system32\Ijlkfg32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Igpkok32.exeC:\Windows\system32\Igpkok32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jflnafno.exeC:\Windows\system32\Jflnafno.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kaflio32.exeC:\Windows\system32\Kaflio32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kggjghkd.exeC:\Windows\system32\Kggjghkd.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ldgnbg32.exeC:\Windows\system32\Ldgnbg32.exe6⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mdlgmgdh.exeC:\Windows\system32\Mdlgmgdh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Maeaajpl.exeC:\Windows\system32\Maeaajpl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nmbhgjoi.exeC:\Windows\system32\Nmbhgjoi.exe9⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Omlkmign.exeC:\Windows\system32\Omlkmign.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pdmikb32.exeC:\Windows\system32\Pdmikb32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Adpogp32.exeC:\Windows\system32\Adpogp32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ajaqjfbp.exeC:\Windows\system32\Ajaqjfbp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bgjjoi32.exeC:\Windows\system32\Bgjjoi32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cnmebblf.exeC:\Windows\system32\Cnmebblf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Djklgb32.exeC:\Windows\system32\Djklgb32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dgomaf32.exeC:\Windows\system32\Dgomaf32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dhcfleff.exeC:\Windows\system32\Dhcfleff.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Flmonbbp.exeC:\Windows\system32\Flmonbbp.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
-
-
-
C:\Windows\SysWOW64\Dabhomea.exeC:\Windows\system32\Dabhomea.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fongpm32.exeC:\Windows\system32\Fongpm32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fhflhcfa.exeC:\Windows\system32\Fhflhcfa.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gklnem32.exeC:\Windows\system32\Gklnem32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ghbkdald.exeC:\Windows\system32\Ghbkdald.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hcabhido.exeC:\Windows\system32\Hcabhido.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hklglk32.exeC:\Windows\system32\Hklglk32.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
-
-
-
-
-
C:\Windows\SysWOW64\Hebkid32.exeC:\Windows\system32\Hebkid32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hcflch32.exeC:\Windows\system32\Hcflch32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ioafchai.exeC:\Windows\system32\Ioafchai.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ihndgmdd.exeC:\Windows\system32\Ihndgmdd.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jbkbkbfo.exeC:\Windows\system32\Jbkbkbfo.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Joobdfei.exeC:\Windows\system32\Joobdfei.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kcbded32.exeC:\Windows\system32\Kcbded32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kmjinjnj.exeC:\Windows\system32\Kmjinjnj.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kbgafqla.exeC:\Windows\system32\Kbgafqla.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kfejmobh.exeC:\Windows\system32\Kfejmobh.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lkiiee32.exeC:\Windows\system32\Lkiiee32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Limioiia.exeC:\Windows\system32\Limioiia.exe12⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lfcfnm32.exeC:\Windows\system32\Lfcfnm32.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mpkkgbmi.exeC:\Windows\system32\Mpkkgbmi.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ncbfcp32.exeC:\Windows\system32\Ncbfcp32.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Npldnp32.exeC:\Windows\system32\Npldnp32.exe16⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qgdabflp.exeC:\Windows\system32\Qgdabflp.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fmejlcoj.exeC:\Windows\system32\Fmejlcoj.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Glkdejcd.exeC:\Windows\system32\Glkdejcd.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ghadjkhh.exeC:\Windows\system32\Ghadjkhh.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gdkbdllj.exeC:\Windows\system32\Gdkbdllj.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Heohinog.exeC:\Windows\system32\Heohinog.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hlmiagbo.exeC:\Windows\system32\Hlmiagbo.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iehkpmgl.exeC:\Windows\system32\Iehkpmgl.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iaokdn32.exeC:\Windows\system32\Iaokdn32.exe25⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Idpdfija.exeC:\Windows\system32\Idpdfija.exe26⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ieoapl32.exeC:\Windows\system32\Ieoapl32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jknfnbmi.exeC:\Windows\system32\Jknfnbmi.exe28⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jlnbhe32.exeC:\Windows\system32\Jlnbhe32.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jakkplbc.exeC:\Windows\system32\Jakkplbc.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jhdcmf32.exeC:\Windows\system32\Jhdcmf32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jamhflqq.exeC:\Windows\system32\Jamhflqq.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Klibdcjo.exeC:\Windows\system32\Klibdcjo.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Khbpndnp.exeC:\Windows\system32\Khbpndnp.exe34⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lnkgbibj.exeC:\Windows\system32\Lnkgbibj.exe35⤵
-
C:\Windows\SysWOW64\Niohap32.exeC:\Windows\system32\Niohap32.exe36⤵
-
C:\Windows\SysWOW64\Pekkhn32.exeC:\Windows\system32\Pekkhn32.exe37⤵
-
C:\Windows\SysWOW64\Pllieg32.exeC:\Windows\system32\Pllieg32.exe38⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Blnoad32.exeC:\Windows\system32\Blnoad32.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Eqpfknbj.exeC:\Windows\system32\Eqpfknbj.exe40⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Encgdbqd.exeC:\Windows\system32\Encgdbqd.exe41⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Efolidno.exeC:\Windows\system32\Efolidno.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fjoadbbc.exeC:\Windows\system32\Fjoadbbc.exe43⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oilmhhfd.exeC:\Windows\system32\Oilmhhfd.exe44⤵
-
C:\Windows\SysWOW64\Ppphkq32.exeC:\Windows\system32\Ppphkq32.exe45⤵
-
C:\Windows\SysWOW64\Qpikao32.exeC:\Windows\system32\Qpikao32.exe46⤵
-
C:\Windows\SysWOW64\Aaldngqg.exeC:\Windows\system32\Aaldngqg.exe47⤵
-
C:\Windows\SysWOW64\Blpemn32.exeC:\Windows\system32\Blpemn32.exe48⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bbjmih32.exeC:\Windows\system32\Bbjmih32.exe49⤵
-
C:\Windows\SysWOW64\Ceppfbef.exeC:\Windows\system32\Ceppfbef.exe50⤵
-
C:\Windows\SysWOW64\Clihcm32.exeC:\Windows\system32\Clihcm32.exe51⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dhgoimlo.exeC:\Windows\system32\Dhgoimlo.exe52⤵
-
C:\Windows\SysWOW64\Doageg32.exeC:\Windows\system32\Doageg32.exe53⤵
-
C:\Windows\SysWOW64\Dhjknljl.exeC:\Windows\system32\Dhjknljl.exe54⤵
-
C:\Windows\SysWOW64\Dphipidf.exeC:\Windows\system32\Dphipidf.exe55⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ejegdngb.exeC:\Windows\system32\Ejegdngb.exe56⤵
-
C:\Windows\SysWOW64\Ejgdim32.exeC:\Windows\system32\Ejgdim32.exe57⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Emhmkh32.exeC:\Windows\system32\Emhmkh32.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gfqjkljn.exeC:\Windows\system32\Gfqjkljn.exe59⤵
-
C:\Windows\SysWOW64\Ipckqnja.exeC:\Windows\system32\Ipckqnja.exe60⤵
-
C:\Windows\SysWOW64\Jkaadebl.exeC:\Windows\system32\Jkaadebl.exe61⤵
-
C:\Windows\SysWOW64\Kaemgn32.exeC:\Windows\system32\Kaemgn32.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kgbepdpf.exeC:\Windows\system32\Kgbepdpf.exe63⤵
-
C:\Windows\SysWOW64\Lgnekcei.exeC:\Windows\system32\Lgnekcei.exe64⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mdaedgdb.exeC:\Windows\system32\Mdaedgdb.exe65⤵
-
C:\Windows\SysWOW64\Mpkbohhd.exeC:\Windows\system32\Mpkbohhd.exe66⤵
-
C:\Windows\SysWOW64\Maohdj32.exeC:\Windows\system32\Maohdj32.exe67⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nqdeefpi.exeC:\Windows\system32\Nqdeefpi.exe68⤵
-
C:\Windows\SysWOW64\Nkijbooo.exeC:\Windows\system32\Nkijbooo.exe69⤵
-
C:\Windows\SysWOW64\Ndbnkefp.exeC:\Windows\system32\Ndbnkefp.exe70⤵
-
C:\Windows\SysWOW64\Ncgkma32.exeC:\Windows\system32\Ncgkma32.exe71⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nqklfe32.exeC:\Windows\system32\Nqklfe32.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nkqpcnig.exeC:\Windows\system32\Nkqpcnig.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Odidld32.exeC:\Windows\system32\Odidld32.exe74⤵
-
C:\Windows\SysWOW64\Ojfmdk32.exeC:\Windows\system32\Ojfmdk32.exe75⤵
-
C:\Windows\SysWOW64\Okgfdm32.exeC:\Windows\system32\Okgfdm32.exe76⤵
-
C:\Windows\SysWOW64\Ognginic.exeC:\Windows\system32\Ognginic.exe77⤵
-
C:\Windows\SysWOW64\Oqgkadod.exeC:\Windows\system32\Oqgkadod.exe78⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Okloomoj.exeC:\Windows\system32\Okloomoj.exe79⤵
-
C:\Windows\SysWOW64\Pqihgcma.exeC:\Windows\system32\Pqihgcma.exe80⤵
-
C:\Windows\SysWOW64\Pgcpdn32.exeC:\Windows\system32\Pgcpdn32.exe81⤵
-
C:\Windows\SysWOW64\Pbhdafdd.exeC:\Windows\system32\Pbhdafdd.exe82⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pgjfdm32.exeC:\Windows\system32\Pgjfdm32.exe83⤵
-
C:\Windows\SysWOW64\Ahjoljqc.exeC:\Windows\system32\Ahjoljqc.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bajjeo32.exeC:\Windows\system32\Bajjeo32.exe85⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bonjnc32.exeC:\Windows\system32\Bonjnc32.exe86⤵
-
C:\Windows\SysWOW64\Bdkbgj32.exeC:\Windows\system32\Bdkbgj32.exe87⤵
-
C:\Windows\SysWOW64\Bblcda32.exeC:\Windows\system32\Bblcda32.exe88⤵
-
C:\Windows\SysWOW64\Chhkmh32.exeC:\Windows\system32\Chhkmh32.exe89⤵
-
C:\Windows\SysWOW64\Cbnpja32.exeC:\Windows\system32\Cbnpja32.exe90⤵
-
C:\Windows\SysWOW64\Caeiam32.exeC:\Windows\system32\Caeiam32.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dkbgeb32.exeC:\Windows\system32\Dkbgeb32.exe92⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Daolgl32.exeC:\Windows\system32\Daolgl32.exe93⤵
-
C:\Windows\SysWOW64\Fhpckb32.exeC:\Windows\system32\Fhpckb32.exe94⤵
-
C:\Windows\SysWOW64\Fbihdhhf.exeC:\Windows\system32\Fbihdhhf.exe95⤵
-
C:\Windows\SysWOW64\Gokdoj32.exeC:\Windows\system32\Gokdoj32.exe96⤵
-
C:\Windows\SysWOW64\Ilpaei32.exeC:\Windows\system32\Ilpaei32.exe97⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jfaenqjm.exeC:\Windows\system32\Jfaenqjm.exe98⤵
-
C:\Windows\SysWOW64\Jmknkk32.exeC:\Windows\system32\Jmknkk32.exe99⤵
-
C:\Windows\SysWOW64\Jbgfca32.exeC:\Windows\system32\Jbgfca32.exe100⤵
-
C:\Windows\SysWOW64\Jianpl32.exeC:\Windows\system32\Jianpl32.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jcgbmd32.exeC:\Windows\system32\Jcgbmd32.exe102⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kboldq32.exeC:\Windows\system32\Kboldq32.exe103⤵
-
C:\Windows\SysWOW64\Kdnincal.exeC:\Windows\system32\Kdnincal.exe104⤵
-
C:\Windows\SysWOW64\Kikafjoc.exeC:\Windows\system32\Kikafjoc.exe105⤵
-
C:\Windows\SysWOW64\Kbceoped.exeC:\Windows\system32\Kbceoped.exe106⤵
-
C:\Windows\SysWOW64\Kimnlj32.exeC:\Windows\system32\Kimnlj32.exe107⤵
-
C:\Windows\SysWOW64\Kdcbic32.exeC:\Windows\system32\Kdcbic32.exe108⤵
-
C:\Windows\SysWOW64\Lmppmh32.exeC:\Windows\system32\Lmppmh32.exe109⤵
-
C:\Windows\SysWOW64\Lgmnqmam.exeC:\Windows\system32\Lgmnqmam.exe110⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mdanjaqf.exeC:\Windows\system32\Mdanjaqf.exe111⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mmiccf32.exeC:\Windows\system32\Mmiccf32.exe112⤵
-
C:\Windows\SysWOW64\Mdckpqod.exeC:\Windows\system32\Mdckpqod.exe113⤵
-
C:\Windows\SysWOW64\Mdjapphl.exeC:\Windows\system32\Mdjapphl.exe114⤵
-
C:\Windows\SysWOW64\Npabeq32.exeC:\Windows\system32\Npabeq32.exe115⤵
-
C:\Windows\SysWOW64\Ndagao32.exeC:\Windows\system32\Ndagao32.exe116⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ojjoedfn.exeC:\Windows\system32\Ojjoedfn.exe117⤵
-
C:\Windows\SysWOW64\Odocbmfd.exeC:\Windows\system32\Odocbmfd.exe118⤵
-
C:\Windows\SysWOW64\Pjaefc32.exeC:\Windows\system32\Pjaefc32.exe119⤵
-
C:\Windows\SysWOW64\Pdfjcl32.exeC:\Windows\system32\Pdfjcl32.exe120⤵
-
C:\Windows\SysWOW64\Pqbdclak.exeC:\Windows\system32\Pqbdclak.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-