Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
179s -
max time network
187s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
26/11/2023, 20:02
General
-
Target
069abf2de5f3be8977c4aa87ebd2e3a0.exe
-
Size
374KB
-
MD5
069abf2de5f3be8977c4aa87ebd2e3a0
-
SHA1
dd6505fd01569379c2f8af825956e8ef968a74dc
-
SHA256
b35038d24a471ccbf06e4bf213e39c2f7a534cee7893b8f17243b8a97b083297
-
SHA512
afb42453979640df04373389c771335af702068fed31f03a59cb5a474cca6ffbeb3eeb602f924d659641d34a1a6e652bec20f09ba172ea8796ac3a6f225a52df
-
SSDEEP
6144:A3Q0djMIb/XKP1zoQWixXwrw7+Eu6QnFw5+0pU8oStTf3runG/qoxfIkeI1SHkFl:UQEjMc/XSzoQBBjE6uidyzwr6AxfLeIR
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Malware Backdoor - Berbew 64 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\069abf2de5f3be8977c4aa87ebd2e3a0.exe"C:\Users\Admin\AppData\Local\Temp\069abf2de5f3be8977c4aa87ebd2e3a0.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Capkim32.exeC:\Windows\system32\Capkim32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ehmibdol.exeC:\Windows\system32\Ehmibdol.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Femigg32.exeC:\Windows\system32\Femigg32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Glbapoqh.exeC:\Windows\system32\Glbapoqh.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hocjaj32.exeC:\Windows\system32\Hocjaj32.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hahlnefd.exeC:\Windows\system32\Hahlnefd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pmpmnb32.exeC:\Windows\system32\Pmpmnb32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Acmomgoa.exeC:\Windows\system32\Acmomgoa.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ajggjq32.exeC:\Windows\system32\Ajggjq32.exe10⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bdfnmhnj.exeC:\Windows\system32\Bdfnmhnj.exe11⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dmphjfab.exeC:\Windows\system32\Dmphjfab.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fagcfc32.exeC:\Windows\system32\Fagcfc32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fhchhm32.exeC:\Windows\system32\Fhchhm32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fhfenmbe.exeC:\Windows\system32\Fhfenmbe.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Flcndk32.exeC:\Windows\system32\Flcndk32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gngckfdj.exeC:\Windows\system32\Gngckfdj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gdclcmba.exeC:\Windows\system32\Gdclcmba.exe18⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hkiclepa.exeC:\Windows\system32\Hkiclepa.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Heohinog.exeC:\Windows\system32\Heohinog.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Haeino32.exeC:\Windows\system32\Haeino32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hoiihcde.exeC:\Windows\system32\Hoiihcde.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hdfapjbl.exeC:\Windows\system32\Hdfapjbl.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ikbfbdgf.exeC:\Windows\system32\Ikbfbdgf.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iejgelej.exeC:\Windows\system32\Iejgelej.exe6⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ikgpmc32.exeC:\Windows\system32\Ikgpmc32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jhpjbgne.exeC:\Windows\system32\Jhpjbgne.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kaaaak32.exeC:\Windows\system32\Kaaaak32.exe9⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Khlinedh.exeC:\Windows\system32\Khlinedh.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lfnfhg32.exeC:\Windows\system32\Lfnfhg32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mnndhi32.exeC:\Windows\system32\Mnndhi32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bpjkbcbe.exeC:\Windows\system32\Bpjkbcbe.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dcpffk32.exeC:\Windows\system32\Dcpffk32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Enlqdc32.exeC:\Windows\system32\Enlqdc32.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Enomic32.exeC:\Windows\system32\Enomic32.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Egnhcgeb.exeC:\Windows\system32\Egnhcgeb.exe17⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fpimgjbm.exeC:\Windows\system32\Fpimgjbm.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ggoaje32.exeC:\Windows\system32\Ggoaje32.exe19⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gagebknp.exeC:\Windows\system32\Gagebknp.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ghcjedcj.exeC:\Windows\system32\Ghcjedcj.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hmginjki.exeC:\Windows\system32\Hmginjki.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hfonfp32.exeC:\Windows\system32\Hfonfp32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ifdgaond.exeC:\Windows\system32\Ifdgaond.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iffcgoka.exeC:\Windows\system32\Iffcgoka.exe25⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jdajabdc.exeC:\Windows\system32\Jdajabdc.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jolhjj32.exeC:\Windows\system32\Jolhjj32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jpmdabfb.exeC:\Windows\system32\Jpmdabfb.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ldiiio32.exeC:\Windows\system32\Ldiiio32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lamjbc32.exeC:\Windows\system32\Lamjbc32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lgibjj32.exeC:\Windows\system32\Lgibjj32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lnhdbc32.exeC:\Windows\system32\Lnhdbc32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mbkfcabb.exeC:\Windows\system32\Mbkfcabb.exe33⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mkcjlf32.exeC:\Windows\system32\Mkcjlf32.exe34⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mqpcdn32.exeC:\Windows\system32\Mqpcdn32.exe35⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nocphd32.exeC:\Windows\system32\Nocphd32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oelhljaq.exeC:\Windows\system32\Oelhljaq.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ooalibaf.exeC:\Windows\system32\Ooalibaf.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gimjag32.exeC:\Windows\system32\Gimjag32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iiblcdil.exeC:\Windows\system32\Iiblcdil.exe40⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iannpa32.exeC:\Windows\system32\Iannpa32.exe41⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ifjfhh32.exeC:\Windows\system32\Ifjfhh32.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Imdndbkn.exeC:\Windows\system32\Imdndbkn.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jabgkpad.exeC:\Windows\system32\Jabgkpad.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jmihpa32.exeC:\Windows\system32\Jmihpa32.exe45⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Libnapmg.exeC:\Windows\system32\Libnapmg.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lgikpc32.exeC:\Windows\system32\Lgikpc32.exe47⤵
-
C:\Windows\SysWOW64\Lcpledob.exeC:\Windows\system32\Lcpledob.exe48⤵
-
C:\Windows\SysWOW64\Mnapnl32.exeC:\Windows\system32\Mnapnl32.exe49⤵
-
C:\Windows\SysWOW64\Ndmepe32.exeC:\Windows\system32\Ndmepe32.exe50⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nkijbooo.exeC:\Windows\system32\Nkijbooo.exe51⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nkncno32.exeC:\Windows\system32\Nkncno32.exe52⤵
-
C:\Windows\SysWOW64\Nqklfe32.exeC:\Windows\system32\Nqklfe32.exe53⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Okeinn32.exeC:\Windows\system32\Okeinn32.exe54⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Okjbimal.exeC:\Windows\system32\Okjbimal.exe55⤵
-
C:\Windows\SysWOW64\Pglcjl32.exeC:\Windows\system32\Pglcjl32.exe56⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qnfkgfdp.exeC:\Windows\system32\Qnfkgfdp.exe57⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qcepem32.exeC:\Windows\system32\Qcepem32.exe58⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ajphagha.exeC:\Windows\system32\Ajphagha.exe59⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Abkjnd32.exeC:\Windows\system32\Abkjnd32.exe60⤵
-
C:\Windows\SysWOW64\Acmfel32.exeC:\Windows\system32\Acmfel32.exe61⤵
-
C:\Windows\SysWOW64\Bdcmfkde.exeC:\Windows\system32\Bdcmfkde.exe62⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Blkdgheg.exeC:\Windows\system32\Blkdgheg.exe63⤵
-
C:\Windows\SysWOW64\Ceaealoh.exeC:\Windows\system32\Ceaealoh.exe64⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cknnjcmo.exeC:\Windows\system32\Cknnjcmo.exe65⤵
-
C:\Windows\SysWOW64\Ddmhcg32.exeC:\Windows\system32\Ddmhcg32.exe66⤵
-
C:\Windows\SysWOW64\Dhkaif32.exeC:\Windows\system32\Dhkaif32.exe67⤵
-
C:\Windows\SysWOW64\Deanhj32.exeC:\Windows\system32\Deanhj32.exe68⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fcckcl32.exeC:\Windows\system32\Fcckcl32.exe69⤵
-
C:\Windows\SysWOW64\Lpqioclc.exeC:\Windows\system32\Lpqioclc.exe70⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mdckpqod.exeC:\Windows\system32\Mdckpqod.exe71⤵
-
C:\Windows\SysWOW64\Medggidb.exeC:\Windows\system32\Medggidb.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mdehep32.exeC:\Windows\system32\Mdehep32.exe73⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mibpng32.exeC:\Windows\system32\Mibpng32.exe74⤵
-
C:\Windows\SysWOW64\Nigjifgc.exeC:\Windows\system32\Nigjifgc.exe75⤵
-
C:\Windows\SysWOW64\Ndmnfofi.exeC:\Windows\system32\Ndmnfofi.exe76⤵
-
C:\Windows\SysWOW64\Ndcdfnpa.exeC:\Windows\system32\Ndcdfnpa.exe77⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Opmaaodc.exeC:\Windows\system32\Opmaaodc.exe78⤵
-
C:\Windows\SysWOW64\Pcgmiiii.exeC:\Windows\system32\Pcgmiiii.exe79⤵
-
C:\Windows\SysWOW64\Pmoabn32.exeC:\Windows\system32\Pmoabn32.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pgefogop.exeC:\Windows\system32\Pgefogop.exe81⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pnonla32.exeC:\Windows\system32\Pnonla32.exe82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pnakaa32.exeC:\Windows\system32\Pnakaa32.exe83⤵
-
C:\Windows\SysWOW64\Pdmpck32.exeC:\Windows\system32\Pdmpck32.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qmhdhm32.exeC:\Windows\system32\Qmhdhm32.exe85⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qjmeaafi.exeC:\Windows\system32\Qjmeaafi.exe86⤵
-
C:\Windows\SysWOW64\Adbiojfo.exeC:\Windows\system32\Adbiojfo.exe87⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ammnclcj.exeC:\Windows\system32\Ammnclcj.exe88⤵
-
C:\Windows\SysWOW64\Ajckbp32.exeC:\Windows\system32\Ajckbp32.exe89⤵
-
C:\Windows\SysWOW64\Bgoalc32.exeC:\Windows\system32\Bgoalc32.exe90⤵
-
C:\Windows\SysWOW64\Bchogd32.exeC:\Windows\system32\Bchogd32.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bnmcdm32.exeC:\Windows\system32\Bnmcdm32.exe92⤵
-
C:\Windows\SysWOW64\Cmdmki32.exeC:\Windows\system32\Cmdmki32.exe93⤵
-
C:\Windows\SysWOW64\Chokcakp.exeC:\Windows\system32\Chokcakp.exe94⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ddhhnana.exeC:\Windows\system32\Ddhhnana.exe95⤵
-
C:\Windows\SysWOW64\Dffdjmme.exeC:\Windows\system32\Dffdjmme.exe96⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Deokhc32.exeC:\Windows\system32\Deokhc32.exe97⤵
-
C:\Windows\SysWOW64\Egijfjmp.exeC:\Windows\system32\Egijfjmp.exe98⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Emcbcd32.exeC:\Windows\system32\Emcbcd32.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Fkgbli32.exeC:\Windows\system32\Fkgbli32.exe100⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Faakickc.exeC:\Windows\system32\Faakickc.exe101⤵
-
C:\Windows\SysWOW64\Fgeibicb.exeC:\Windows\system32\Fgeibicb.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ggnlhgkg.exeC:\Windows\system32\Ggnlhgkg.exe103⤵
-
C:\Windows\SysWOW64\Gnhdea32.exeC:\Windows\system32\Gnhdea32.exe104⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hdnlmj32.exeC:\Windows\system32\Hdnlmj32.exe105⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mlkldmjf.exeC:\Windows\system32\Mlkldmjf.exe106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Niklip32.exeC:\Windows\system32\Niklip32.exe107⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Npedfjfo.exeC:\Windows\system32\Npedfjfo.exe108⤵
-
C:\Windows\SysWOW64\Nimioo32.exeC:\Windows\system32\Nimioo32.exe109⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ncfmhecp.exeC:\Windows\system32\Ncfmhecp.exe110⤵
-
C:\Windows\SysWOW64\Opjnai32.exeC:\Windows\system32\Opjnai32.exe111⤵
-
C:\Windows\SysWOW64\Ogcfncjf.exeC:\Windows\system32\Ogcfncjf.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Olqofjhn.exeC:\Windows\system32\Olqofjhn.exe113⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Oiihkncb.exeC:\Windows\system32\Oiihkncb.exe114⤵
-
C:\Windows\SysWOW64\Ogmidbal.exeC:\Windows\system32\Ogmidbal.exe115⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qcpieamc.exeC:\Windows\system32\Qcpieamc.exe116⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qjiaak32.exeC:\Windows\system32\Qjiaak32.exe117⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aqoijcbo.exeC:\Windows\system32\Aqoijcbo.exe118⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Aflabj32.exeC:\Windows\system32\Aflabj32.exe119⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bodfkpfg.exeC:\Windows\system32\Bodfkpfg.exe120⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bfnnhj32.exeC:\Windows\system32\Bfnnhj32.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-