Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
164s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
16/11/2023, 16:58
General
-
Target
NEAS.aecf072e7766e27a1591703fcdd7d7f0.exe
-
Size
346KB
-
MD5
aecf072e7766e27a1591703fcdd7d7f0
-
SHA1
598c438cd54e91134d1dd2789192275c5dc4be44
-
SHA256
1162f7ebbe806004a321d6ae4c85152db0d8cbb37510a7405775e85bf213b753
-
SHA512
6afa738e45f2d0f1fd49e9c477649fb0ff996031978333e66b187f03bcf56392db0bffcbdeacafcc910a83ef61ba3ad58513b0b1c3e5aef013be6ded8bef78b3
-
SSDEEP
6144:lRqreT4I5hdsFj5t13LJhrmMsFj5tzOvfFOM6:/Bxhds15tFrls15tz4FT6
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Malware Backdoor - Berbew 64 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.aecf072e7766e27a1591703fcdd7d7f0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.aecf072e7766e27a1591703fcdd7d7f0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Onjmjegg.exeC:\Windows\system32\Onjmjegg.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Plimpg32.exeC:\Windows\system32\Plimpg32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pmiijjcf.exeC:\Windows\system32\Pmiijjcf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Apcead32.exeC:\Windows\system32\Apcead32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bgimjmfl.exeC:\Windows\system32\Bgimjmfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cckmklac.exeC:\Windows\system32\Cckmklac.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Enajobbf.exeC:\Windows\system32\Enajobbf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fqfmlm32.exeC:\Windows\system32\Fqfmlm32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hhhdpd32.exeC:\Windows\system32\Hhhdpd32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Idfkednq.exeC:\Windows\system32\Idfkednq.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lncjgddf.exeC:\Windows\system32\Lncjgddf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Moofmeal.exeC:\Windows\system32\Moofmeal.exe13⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Mglhgg32.exeC:\Windows\system32\Mglhgg32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ndbefkjk.exeC:\Windows\system32\Ndbefkjk.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Biaiqb32.exeC:\Windows\system32\Biaiqb32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Doageg32.exeC:\Windows\system32\Doageg32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ffjdjmpf.exeC:\Windows\system32\Ffjdjmpf.exe5⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hbldkllm.exeC:\Windows\system32\Hbldkllm.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hbegakcb.exeC:\Windows\system32\Hbegakcb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Idjmfmgp.exeC:\Windows\system32\Idjmfmgp.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iiibdc32.exeC:\Windows\system32\Iiibdc32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\Jbkjcgaj.exeC:\Windows\system32\Jbkjcgaj.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jbmfig32.exeC:\Windows\system32\Jbmfig32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kabpan32.exeC:\Windows\system32\Kabpan32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kinefp32.exeC:\Windows\system32\Kinefp32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kcfiof32.exeC:\Windows\system32\Kcfiof32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Liekgo32.exeC:\Windows\system32\Liekgo32.exe6⤵
- Executes dropped EXE
-
-
-
-
-
-
C:\Windows\SysWOW64\Mgpaqbcf.exeC:\Windows\system32\Mgpaqbcf.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mddbjg32.exeC:\Windows\system32\Mddbjg32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nkgmmpab.exeC:\Windows\system32\Nkgmmpab.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ojjfpjjj.exeC:\Windows\system32\Ojjfpjjj.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oqdnld32.exeC:\Windows\system32\Oqdnld32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qepccqlm.exeC:\Windows\system32\Qepccqlm.exe6⤵
- Executes dropped EXE
-
-
-
-
-
-
C:\Windows\SysWOW64\Acmfel32.exeC:\Windows\system32\Acmfel32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Anbkbe32.exeC:\Windows\system32\Anbkbe32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bngdndfn.exeC:\Windows\system32\Bngdndfn.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bdhfaj32.exeC:\Windows\system32\Bdhfaj32.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bonjnc32.exeC:\Windows\system32\Bonjnc32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Chhkmh32.exeC:\Windows\system32\Chhkmh32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hkhkdjkl.exeC:\Windows\system32\Hkhkdjkl.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Heapmp32.exeC:\Windows\system32\Heapmp32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hpfdkiac.exeC:\Windows\system32\Hpfdkiac.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iicboncn.exeC:\Windows\system32\Iicboncn.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jeaidn32.exeC:\Windows\system32\Jeaidn32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jcbibeki.exeC:\Windows\system32\Jcbibeki.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jidkek32.exeC:\Windows\system32\Jidkek32.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kfoapo32.exeC:\Windows\system32\Kfoapo32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmkfah32.exeC:\Windows\system32\Lmkfah32.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ldgkdbia.exeC:\Windows\system32\Ldgkdbia.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mljficpd.exeC:\Windows\system32\Mljficpd.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mdhdkp32.exeC:\Windows\system32\Mdhdkp32.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mnpice32.exeC:\Windows\system32\Mnpice32.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ngpcmj32.exeC:\Windows\system32\Ngpcmj32.exe20⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Oqdgan32.exeC:\Windows\system32\Oqdgan32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pgefogop.exeC:\Windows\system32\Pgefogop.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmangnmg.exeC:\Windows\system32\Pmangnmg.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pggbdgmm.exeC:\Windows\system32\Pggbdgmm.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmdkmnkd.exeC:\Windows\system32\Pmdkmnkd.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pcncjh32.exeC:\Windows\system32\Pcncjh32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pqbdclak.exeC:\Windows\system32\Pqbdclak.exe27⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qgllpf32.exeC:\Windows\system32\Qgllpf32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Anjngp32.exeC:\Windows\system32\Anjngp32.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Afeblb32.exeC:\Windows\system32\Afeblb32.exe30⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Anogbohj.exeC:\Windows\system32\Anogbohj.exe31⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Anadho32.exeC:\Windows\system32\Anadho32.exe32⤵
-
C:\Windows\SysWOW64\Cdoegcfl.exeC:\Windows\system32\Cdoegcfl.exe33⤵
-
C:\Windows\SysWOW64\Cndidlfb.exeC:\Windows\system32\Cndidlfb.exe34⤵
-
C:\Windows\SysWOW64\Dajlafon.exeC:\Windows\system32\Dajlafon.exe35⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dmcilgco.exeC:\Windows\system32\Dmcilgco.exe36⤵
-
C:\Windows\SysWOW64\Delnbdao.exeC:\Windows\system32\Delnbdao.exe37⤵
-
C:\Windows\SysWOW64\Dfmjjl32.exeC:\Windows\system32\Dfmjjl32.exe38⤵
-
C:\Windows\SysWOW64\Dmgbgf32.exeC:\Windows\system32\Dmgbgf32.exe39⤵
-
C:\Windows\SysWOW64\Ehifpm32.exeC:\Windows\system32\Ehifpm32.exe40⤵
-
C:\Windows\SysWOW64\Fneohd32.exeC:\Windows\system32\Fneohd32.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fgppgi32.exeC:\Windows\system32\Fgppgi32.exe42⤵
-
C:\Windows\SysWOW64\Fafddb32.exeC:\Windows\system32\Fafddb32.exe43⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fgbmliee.exeC:\Windows\system32\Fgbmliee.exe44⤵
-
C:\Windows\SysWOW64\Fnmeic32.exeC:\Windows\system32\Fnmeic32.exe45⤵
-
C:\Windows\SysWOW64\Fecmjq32.exeC:\Windows\system32\Fecmjq32.exe46⤵
-
C:\Windows\SysWOW64\Fgeibicb.exeC:\Windows\system32\Fgeibicb.exe47⤵
-
C:\Windows\SysWOW64\Fajnoabh.exeC:\Windows\system32\Fajnoabh.exe48⤵
-
C:\Windows\SysWOW64\Fhdfll32.exeC:\Windows\system32\Fhdfll32.exe49⤵
-
C:\Windows\SysWOW64\Gonnhf32.exeC:\Windows\system32\Gonnhf32.exe50⤵
-
C:\Windows\SysWOW64\Gdkgam32.exeC:\Windows\system32\Gdkgam32.exe51⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kehhjfif.exeC:\Windows\system32\Kehhjfif.exe52⤵
-
C:\Windows\SysWOW64\Lpilcnoo.exeC:\Windows\system32\Lpilcnoo.exe53⤵
-
C:\Windows\SysWOW64\Mikcbb32.exeC:\Windows\system32\Mikcbb32.exe54⤵
-
C:\Windows\SysWOW64\Mfaqafjl.exeC:\Windows\system32\Mfaqafjl.exe55⤵
-
C:\Windows\SysWOW64\Mhbmin32.exeC:\Windows\system32\Mhbmin32.exe56⤵
-
C:\Windows\SysWOW64\Mfcmge32.exeC:\Windows\system32\Mfcmge32.exe57⤵
-
C:\Windows\SysWOW64\Mlpeol32.exeC:\Windows\system32\Mlpeol32.exe58⤵
-
C:\Windows\SysWOW64\Mfejme32.exeC:\Windows\system32\Mfejme32.exe59⤵
-
C:\Windows\SysWOW64\Mhgfdmle.exeC:\Windows\system32\Mhgfdmle.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Noaoagca.exeC:\Windows\system32\Noaoagca.exe61⤵
-
C:\Windows\SysWOW64\Nekgna32.exeC:\Windows\system32\Nekgna32.exe62⤵
-
C:\Windows\SysWOW64\Nppkkj32.exeC:\Windows\system32\Nppkkj32.exe63⤵
-
C:\Windows\SysWOW64\Nemcca32.exeC:\Windows\system32\Nemcca32.exe64⤵
-
C:\Windows\SysWOW64\Nbadmege.exeC:\Windows\system32\Nbadmege.exe65⤵
-
C:\Windows\SysWOW64\Niklip32.exeC:\Windows\system32\Niklip32.exe66⤵
-
C:\Windows\SysWOW64\Npedfjfo.exeC:\Windows\system32\Npedfjfo.exe67⤵
-
C:\Windows\SysWOW64\Ngombd32.exeC:\Windows\system32\Ngombd32.exe68⤵
-
C:\Windows\SysWOW64\Nllekk32.exeC:\Windows\system32\Nllekk32.exe69⤵
-
C:\Windows\SysWOW64\Opjnai32.exeC:\Windows\system32\Opjnai32.exe70⤵
-
C:\Windows\SysWOW64\Oidopn32.exeC:\Windows\system32\Oidopn32.exe71⤵
-
C:\Windows\SysWOW64\Ooaghe32.exeC:\Windows\system32\Ooaghe32.exe72⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ohjlqklp.exeC:\Windows\system32\Ohjlqklp.exe73⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ocopncke.exeC:\Windows\system32\Ocopncke.exe74⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oofacdaj.exeC:\Windows\system32\Oofacdaj.exe75⤵
-
C:\Windows\SysWOW64\Pohnhdog.exeC:\Windows\system32\Pohnhdog.exe76⤵
-
C:\Windows\SysWOW64\Phqbaj32.exeC:\Windows\system32\Phqbaj32.exe77⤵
-
C:\Windows\SysWOW64\Pfdbknda.exeC:\Windows\system32\Pfdbknda.exe78⤵
-
C:\Windows\SysWOW64\Pomgcc32.exeC:\Windows\system32\Pomgcc32.exe79⤵
-
C:\Windows\SysWOW64\Pckpja32.exeC:\Windows\system32\Pckpja32.exe80⤵
-
C:\Windows\SysWOW64\Phhhbi32.exeC:\Windows\system32\Phhhbi32.exe81⤵
-
C:\Windows\SysWOW64\Pcmloa32.exeC:\Windows\system32\Pcmloa32.exe82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qhjegh32.exeC:\Windows\system32\Qhjegh32.exe83⤵
-
C:\Windows\SysWOW64\Qcpieamc.exeC:\Windows\system32\Qcpieamc.exe84⤵
-
C:\Windows\SysWOW64\Qlhnng32.exeC:\Windows\system32\Qlhnng32.exe85⤵
-
C:\Windows\SysWOW64\Qgmbkp32.exeC:\Windows\system32\Qgmbkp32.exe86⤵
-
C:\Windows\SysWOW64\Aoifoa32.exeC:\Windows\system32\Aoifoa32.exe87⤵
-
C:\Windows\SysWOW64\Afghgkdl.exeC:\Windows\system32\Afghgkdl.exe88⤵
-
C:\Windows\SysWOW64\Aqmldddb.exeC:\Windows\system32\Aqmldddb.exe89⤵
-
C:\Windows\SysWOW64\Acnefoac.exeC:\Windows\system32\Acnefoac.exe90⤵
-
C:\Windows\SysWOW64\Bqafpc32.exeC:\Windows\system32\Bqafpc32.exe91⤵
-
C:\Windows\SysWOW64\Bfnnhj32.exeC:\Windows\system32\Bfnnhj32.exe92⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bqdbec32.exeC:\Windows\system32\Bqdbec32.exe93⤵
-
C:\Windows\SysWOW64\Bjodch32.exeC:\Windows\system32\Bjodch32.exe94⤵
-
C:\Windows\SysWOW64\Bpkllo32.exeC:\Windows\system32\Bpkllo32.exe95⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bidqddgp.exeC:\Windows\system32\Bidqddgp.exe96⤵
-
C:\Windows\SysWOW64\Bciebm32.exeC:\Windows\system32\Bciebm32.exe97⤵
-
C:\Windows\SysWOW64\Cjcmognb.exeC:\Windows\system32\Cjcmognb.exe98⤵
-
C:\Windows\SysWOW64\Cameka32.exeC:\Windows\system32\Cameka32.exe99⤵
-
C:\Windows\SysWOW64\Cfjnch32.exeC:\Windows\system32\Cfjnch32.exe100⤵
-
C:\Windows\SysWOW64\Cmdfpbkc.exeC:\Windows\system32\Cmdfpbkc.exe101⤵
-
C:\Windows\SysWOW64\Ccnnmmbp.exeC:\Windows\system32\Ccnnmmbp.exe102⤵
-
C:\Windows\SysWOW64\Cikgecag.exeC:\Windows\system32\Cikgecag.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cglgck32.exeC:\Windows\system32\Cglgck32.exe104⤵
-
C:\Windows\SysWOW64\Cmipkb32.exeC:\Windows\system32\Cmipkb32.exe105⤵
-
C:\Windows\SysWOW64\Ccbhhl32.exeC:\Windows\system32\Ccbhhl32.exe106⤵
-
C:\Windows\SysWOW64\Cmklaaek.exeC:\Windows\system32\Cmklaaek.exe107⤵
-
C:\Windows\SysWOW64\Dgqqnjea.exeC:\Windows\system32\Dgqqnjea.exe108⤵
-
C:\Windows\SysWOW64\Dibmfb32.exeC:\Windows\system32\Dibmfb32.exe109⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dplebmbl.exeC:\Windows\system32\Dplebmbl.exe110⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Didjkbim.exeC:\Windows\system32\Didjkbim.exe111⤵
-
C:\Windows\SysWOW64\Dcjnikhc.exeC:\Windows\system32\Dcjnikhc.exe112⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Diffabgj.exeC:\Windows\system32\Diffabgj.exe113⤵
-
C:\Windows\SysWOW64\Dhgfoioi.exeC:\Windows\system32\Dhgfoioi.exe114⤵
-
C:\Windows\SysWOW64\Dabhmo32.exeC:\Windows\system32\Dabhmo32.exe115⤵
-
C:\Windows\SysWOW64\Edcqojqh.exeC:\Windows\system32\Edcqojqh.exe116⤵
-
C:\Windows\SysWOW64\Edemdine.exeC:\Windows\system32\Edemdine.exe117⤵
-
C:\Windows\SysWOW64\Eidbbp32.exeC:\Windows\system32\Eidbbp32.exe118⤵
-
C:\Windows\SysWOW64\Ehecpgbi.exeC:\Windows\system32\Ehecpgbi.exe119⤵
-
C:\Windows\SysWOW64\Eangimij.exeC:\Windows\system32\Eangimij.exe120⤵
-
C:\Windows\SysWOW64\Fkihgb32.exeC:\Windows\system32\Fkihgb32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-