Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
22/12/2023, 14:04
General
-
Target
b610e8a6234d9f1460a40252805544a0.exe
-
Size
145KB
-
MD5
b610e8a6234d9f1460a40252805544a0
-
SHA1
40632798890567233793d121e9a01e84ff79c55f
-
SHA256
bf222aec4a8b7ac161871472643969d7bf39b71530bbc8ce95770e8b9b25bfbd
-
SHA512
ac8bf0bac64c959789b8d27648abb7051adec1328af4663480f5e0a68a29e9aada6d73a1206a60d14a16b90d936aa2e1438065c23d6947d3ee7c8ddf8ad1fb49
-
SSDEEP
3072:2FM29piZpFcLg7Ma4U/S2ZfVQfsMPqqcVA:yM8papFlDHS2ZU/PqqmA
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b610e8a6234d9f1460a40252805544a0.exe"C:\Users\Admin\AppData\Local\Temp\b610e8a6234d9f1460a40252805544a0.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Deanodkh.exeC:\Windows\system32\Deanodkh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dllfkn32.exeC:\Windows\system32\Dllfkn32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dojcgi32.exeC:\Windows\system32\Dojcgi32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dedkdcie.exeC:\Windows\system32\Dedkdcie.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dhbgqohi.exeC:\Windows\system32\Dhbgqohi.exe6⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ekacmjgl.exeC:\Windows\system32\Ekacmjgl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eaklidoi.exeC:\Windows\system32\Eaklidoi.exe8⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Edihepnm.exeC:\Windows\system32\Edihepnm.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Elppfmoo.exeC:\Windows\system32\Elppfmoo.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Eocenh32.exeC:\Windows\system32\Eocenh32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eabbjc32.exeC:\Windows\system32\Eabbjc32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\Edpnfo32.exeC:\Windows\system32\Edpnfo32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ekjfcipa.exeC:\Windows\system32\Ekjfcipa.exe2⤵
- Executes dropped EXE
- Modifies registry class
-
-
C:\Windows\SysWOW64\Fkmchi32.exeC:\Windows\system32\Fkmchi32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fcckif32.exeC:\Windows\system32\Fcckif32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Febgea32.exeC:\Windows\system32\Febgea32.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Fhqcam32.exeC:\Windows\system32\Fhqcam32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fllpbldb.exeC:\Windows\system32\Fllpbldb.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\Faihkbci.exeC:\Windows\system32\Faihkbci.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fdgdgnbm.exeC:\Windows\system32\Fdgdgnbm.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fhcpgmjf.exeC:\Windows\system32\Fhcpgmjf.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fomhdg32.exeC:\Windows\system32\Fomhdg32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fchddejl.exeC:\Windows\system32\Fchddejl.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
-
-
-
-
C:\Windows\SysWOW64\Ffgqqaip.exeC:\Windows\system32\Ffgqqaip.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Fhemmlhc.exeC:\Windows\system32\Fhemmlhc.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Fkciihgg.exeC:\Windows\system32\Fkciihgg.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fooeif32.exeC:\Windows\system32\Fooeif32.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Fdlnbm32.exeC:\Windows\system32\Fdlnbm32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fhgjblfq.exeC:\Windows\system32\Fhgjblfq.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Foabofnn.exeC:\Windows\system32\Foabofnn.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fcmnpe32.exeC:\Windows\system32\Fcmnpe32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ffkjlp32.exeC:\Windows\system32\Ffkjlp32.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Fkffog32.exeC:\Windows\system32\Fkffog32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gcojed32.exeC:\Windows\system32\Gcojed32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gbbkaako.exeC:\Windows\system32\Gbbkaako.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\Ghlcnk32.exeC:\Windows\system32\Ghlcnk32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gkkojgao.exeC:\Windows\system32\Gkkojgao.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Gbdgfa32.exeC:\Windows\system32\Gbdgfa32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gfpcgpae.exeC:\Windows\system32\Gfpcgpae.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Gohhpe32.exeC:\Windows\system32\Gohhpe32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gcddpdpo.exeC:\Windows\system32\Gcddpdpo.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
C:\Windows\SysWOW64\Gbgdlq32.exeC:\Windows\system32\Gbgdlq32.exe1⤵
-
C:\Windows\SysWOW64\Gdeqhl32.exeC:\Windows\system32\Gdeqhl32.exe2⤵
-
-
C:\Windows\SysWOW64\Ghaliknf.exeC:\Windows\system32\Ghaliknf.exe1⤵
-
C:\Windows\SysWOW64\Gkoiefmj.exeC:\Windows\system32\Gkoiefmj.exe2⤵
-
-
C:\Windows\SysWOW64\Gfembo32.exeC:\Windows\system32\Gfembo32.exe1⤵
-
C:\Windows\SysWOW64\Gicinj32.exeC:\Windows\system32\Gicinj32.exe2⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\Gmoeoidl.exeC:\Windows\system32\Gmoeoidl.exe1⤵
-
C:\Windows\SysWOW64\Gomakdcp.exeC:\Windows\system32\Gomakdcp.exe2⤵
-
-
C:\Windows\SysWOW64\Gcimkc32.exeC:\Windows\system32\Gcimkc32.exe1⤵
-
C:\Windows\SysWOW64\Gfgjgo32.exeC:\Windows\system32\Gfgjgo32.exe2⤵
-
C:\Windows\SysWOW64\Gdjjckag.exeC:\Windows\system32\Gdjjckag.exe3⤵
-
C:\Windows\SysWOW64\Hiefcj32.exeC:\Windows\system32\Hiefcj32.exe4⤵
-
-
-
-
C:\Windows\SysWOW64\Hkdbpe32.exeC:\Windows\system32\Hkdbpe32.exe1⤵
-
C:\Windows\SysWOW64\Hopnqdan.exeC:\Windows\system32\Hopnqdan.exe2⤵
-
-
C:\Windows\SysWOW64\Hfifmnij.exeC:\Windows\system32\Hfifmnij.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hihbijhn.exeC:\Windows\system32\Hihbijhn.exe2⤵
-
-
C:\Windows\SysWOW64\Hmcojh32.exeC:\Windows\system32\Hmcojh32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hobkfd32.exeC:\Windows\system32\Hobkfd32.exe2⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\Hcmgfbhd.exeC:\Windows\system32\Hcmgfbhd.exe1⤵
-
C:\Windows\SysWOW64\Hflcbngh.exeC:\Windows\system32\Hflcbngh.exe2⤵
-
-
C:\Windows\SysWOW64\Heocnk32.exeC:\Windows\system32\Heocnk32.exe1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hmfkoh32.exeC:\Windows\system32\Hmfkoh32.exe2⤵
-
-
C:\Windows\SysWOW64\Hkikkeeo.exeC:\Windows\system32\Hkikkeeo.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Hcpclbfa.exeC:\Windows\system32\Hcpclbfa.exe2⤵
-
C:\Windows\SysWOW64\Hmhhehlb.exeC:\Windows\system32\Hmhhehlb.exe3⤵
-
-
-
C:\Windows\SysWOW64\Hofdacke.exeC:\Windows\system32\Hofdacke.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hcbpab32.exeC:\Windows\system32\Hcbpab32.exe2⤵
-
C:\Windows\SysWOW64\Hfqlnm32.exeC:\Windows\system32\Hfqlnm32.exe3⤵
-
-
-
C:\Windows\SysWOW64\Hioiji32.exeC:\Windows\system32\Hioiji32.exe1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hkmefd32.exeC:\Windows\system32\Hkmefd32.exe2⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hcdmga32.exeC:\Windows\system32\Hcdmga32.exe3⤵
-
-
-
C:\Windows\SysWOW64\Iefioj32.exeC:\Windows\system32\Iefioj32.exe1⤵
-
C:\Windows\SysWOW64\Immapg32.exeC:\Windows\system32\Immapg32.exe2⤵
-
C:\Windows\SysWOW64\Ikpaldog.exeC:\Windows\system32\Ikpaldog.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
C:\Windows\SysWOW64\Icgjmapi.exeC:\Windows\system32\Icgjmapi.exe1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ibjjhn32.exeC:\Windows\system32\Ibjjhn32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
C:\Windows\SysWOW64\Ifefimom.exeC:\Windows\system32\Ifefimom.exe1⤵
-
C:\Windows\SysWOW64\Iicbehnq.exeC:\Windows\system32\Iicbehnq.exe2⤵
-
C:\Windows\SysWOW64\Ikbnacmd.exeC:\Windows\system32\Ikbnacmd.exe3⤵
-
-
-
C:\Windows\SysWOW64\Icifbang.exeC:\Windows\system32\Icifbang.exe1⤵
-
C:\Windows\SysWOW64\Iblfnn32.exeC:\Windows\system32\Iblfnn32.exe2⤵
-
C:\Windows\SysWOW64\Iejcji32.exeC:\Windows\system32\Iejcji32.exe3⤵
-
C:\Windows\SysWOW64\Imakkfdg.exeC:\Windows\system32\Imakkfdg.exe4⤵
-
C:\Windows\SysWOW64\Ildkgc32.exeC:\Windows\system32\Ildkgc32.exe5⤵
-
-
-
-
-
C:\Windows\SysWOW64\Ickchq32.exeC:\Windows\system32\Ickchq32.exe1⤵
-
C:\Windows\SysWOW64\Ibnccmbo.exeC:\Windows\system32\Ibnccmbo.exe2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\Ifjodl32.exeC:\Windows\system32\Ifjodl32.exe1⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Iihkpg32.exeC:\Windows\system32\Iihkpg32.exe2⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Imdgqfbd.exeC:\Windows\system32\Imdgqfbd.exe3⤵
-
C:\Windows\SysWOW64\Ipbdmaah.exeC:\Windows\system32\Ipbdmaah.exe4⤵
-
C:\Windows\SysWOW64\Icnpmp32.exeC:\Windows\system32\Icnpmp32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
C:\Windows\SysWOW64\Ibqpimpl.exeC:\Windows\system32\Ibqpimpl.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ieolehop.exeC:\Windows\system32\Ieolehop.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
-
C:\Windows\SysWOW64\Iikhfg32.exeC:\Windows\system32\Iikhfg32.exe1⤵
-
C:\Windows\SysWOW64\Imfdff32.exeC:\Windows\system32\Imfdff32.exe2⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ilidbbgl.exeC:\Windows\system32\Ilidbbgl.exe3⤵
-
C:\Windows\SysWOW64\Ipdqba32.exeC:\Windows\system32\Ipdqba32.exe4⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jmhale32.exeC:\Windows\system32\Jmhale32.exe5⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jlkagbej.exeC:\Windows\system32\Jlkagbej.exe6⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jbeidl32.exeC:\Windows\system32\Jbeidl32.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jedeph32.exeC:\Windows\system32\Jedeph32.exe8⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jioaqfcc.exeC:\Windows\system32\Jioaqfcc.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Jlnnmb32.exeC:\Windows\system32\Jlnnmb32.exe10⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jcefno32.exeC:\Windows\system32\Jcefno32.exe11⤵
-
C:\Windows\SysWOW64\Jefbfgig.exeC:\Windows\system32\Jefbfgig.exe12⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jlpkba32.exeC:\Windows\system32\Jlpkba32.exe13⤵
-
C:\Windows\SysWOW64\Jcgbco32.exeC:\Windows\system32\Jcgbco32.exe14⤵
-
C:\Windows\SysWOW64\Jfeopj32.exeC:\Windows\system32\Jfeopj32.exe15⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jidklf32.exeC:\Windows\system32\Jidklf32.exe16⤵
-
C:\Windows\SysWOW64\Jlbgha32.exeC:\Windows\system32\Jlbgha32.exe17⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jcioiood.exeC:\Windows\system32\Jcioiood.exe18⤵
-
C:\Windows\SysWOW64\Jmbdbd32.exeC:\Windows\system32\Jmbdbd32.exe19⤵
-
C:\Windows\SysWOW64\Kboljk32.exeC:\Windows\system32\Kboljk32.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kemhff32.exeC:\Windows\system32\Kemhff32.exe21⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kmdqgd32.exeC:\Windows\system32\Kmdqgd32.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kpbmco32.exeC:\Windows\system32\Kpbmco32.exe23⤵
-
C:\Windows\SysWOW64\Kbaipkbi.exeC:\Windows\system32\Kbaipkbi.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kepelfam.exeC:\Windows\system32\Kepelfam.exe25⤵
-
C:\Windows\SysWOW64\Kpeiioac.exeC:\Windows\system32\Kpeiioac.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kbceejpf.exeC:\Windows\system32\Kbceejpf.exe27⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kimnbd32.exeC:\Windows\system32\Kimnbd32.exe28⤵
-
C:\Windows\SysWOW64\Klljnp32.exeC:\Windows\system32\Klljnp32.exe29⤵
-
C:\Windows\SysWOW64\Kbfbkj32.exeC:\Windows\system32\Kbfbkj32.exe30⤵
-
C:\Windows\SysWOW64\Kfankifm.exeC:\Windows\system32\Kfankifm.exe31⤵
-
C:\Windows\SysWOW64\Kipkhdeq.exeC:\Windows\system32\Kipkhdeq.exe32⤵
-
C:\Windows\SysWOW64\Kpjcdn32.exeC:\Windows\system32\Kpjcdn32.exe33⤵
-
C:\Windows\SysWOW64\Kdeoemeg.exeC:\Windows\system32\Kdeoemeg.exe34⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kfckahdj.exeC:\Windows\system32\Kfckahdj.exe35⤵
-
C:\Windows\SysWOW64\Kmncnb32.exeC:\Windows\system32\Kmncnb32.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kdgljmcd.exeC:\Windows\system32\Kdgljmcd.exe37⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lffhfh32.exeC:\Windows\system32\Lffhfh32.exe38⤵
-
C:\Windows\SysWOW64\Liddbc32.exeC:\Windows\system32\Liddbc32.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lmppcbjd.exeC:\Windows\system32\Lmppcbjd.exe40⤵
-
C:\Windows\SysWOW64\Lpnlpnih.exeC:\Windows\system32\Lpnlpnih.exe41⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lbmhlihl.exeC:\Windows\system32\Lbmhlihl.exe42⤵
-
C:\Windows\SysWOW64\Lekehdgp.exeC:\Windows\system32\Lekehdgp.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lmbmibhb.exeC:\Windows\system32\Lmbmibhb.exe44⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lpqiemge.exeC:\Windows\system32\Lpqiemge.exe45⤵
-
C:\Windows\SysWOW64\Lboeaifi.exeC:\Windows\system32\Lboeaifi.exe46⤵
-
C:\Windows\SysWOW64\Lenamdem.exeC:\Windows\system32\Lenamdem.exe47⤵
-
C:\Windows\SysWOW64\Lmdina32.exeC:\Windows\system32\Lmdina32.exe48⤵
-
C:\Windows\SysWOW64\Lpcfkm32.exeC:\Windows\system32\Lpcfkm32.exe49⤵
-
C:\Windows\SysWOW64\Lgmngglp.exeC:\Windows\system32\Lgmngglp.exe50⤵
-
C:\Windows\SysWOW64\Lepncd32.exeC:\Windows\system32\Lepncd32.exe51⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lbdolh32.exeC:\Windows\system32\Lbdolh32.exe52⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lebkhc32.exeC:\Windows\system32\Lebkhc32.exe53⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lmiciaaj.exeC:\Windows\system32\Lmiciaaj.exe54⤵
-
C:\Windows\SysWOW64\Lphoelqn.exeC:\Windows\system32\Lphoelqn.exe55⤵
-
C:\Windows\SysWOW64\Mbfkbhpa.exeC:\Windows\system32\Mbfkbhpa.exe56⤵
-
C:\Windows\SysWOW64\Mpjlklok.exeC:\Windows\system32\Mpjlklok.exe57⤵
-
C:\Windows\SysWOW64\Mgddhf32.exeC:\Windows\system32\Mgddhf32.exe58⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mibpda32.exeC:\Windows\system32\Mibpda32.exe59⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mlampmdo.exeC:\Windows\system32\Mlampmdo.exe60⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mdhdajea.exeC:\Windows\system32\Mdhdajea.exe61⤵
-
C:\Windows\SysWOW64\Mckemg32.exeC:\Windows\system32\Mckemg32.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Meiaib32.exeC:\Windows\system32\Meiaib32.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Mmpijp32.exeC:\Windows\system32\Mmpijp32.exe64⤵
-
C:\Windows\SysWOW64\Mlcifmbl.exeC:\Windows\system32\Mlcifmbl.exe65⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mpoefk32.exeC:\Windows\system32\Mpoefk32.exe66⤵
-
C:\Windows\SysWOW64\Mcmabg32.exeC:\Windows\system32\Mcmabg32.exe67⤵
-
C:\Windows\SysWOW64\Mgimcebb.exeC:\Windows\system32\Mgimcebb.exe68⤵
-
C:\Windows\SysWOW64\Migjoaaf.exeC:\Windows\system32\Migjoaaf.exe69⤵
-
C:\Windows\SysWOW64\Mlefklpj.exeC:\Windows\system32\Mlefklpj.exe70⤵
-
C:\Windows\SysWOW64\Mdmnlj32.exeC:\Windows\system32\Mdmnlj32.exe71⤵
-
C:\Windows\SysWOW64\Miifeq32.exeC:\Windows\system32\Miifeq32.exe72⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mlhbal32.exeC:\Windows\system32\Mlhbal32.exe73⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ndokbi32.exeC:\Windows\system32\Ndokbi32.exe74⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ngmgne32.exeC:\Windows\system32\Ngmgne32.exe75⤵
-
C:\Windows\SysWOW64\Nilcjp32.exeC:\Windows\system32\Nilcjp32.exe76⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Npfkgjdn.exeC:\Windows\system32\Npfkgjdn.exe77⤵
-
C:\Windows\SysWOW64\Ndaggimg.exeC:\Windows\system32\Ndaggimg.exe78⤵
-
C:\Windows\SysWOW64\Ngpccdlj.exeC:\Windows\system32\Ngpccdlj.exe79⤵
-
C:\Windows\SysWOW64\Njnpppkn.exeC:\Windows\system32\Njnpppkn.exe80⤵
-
C:\Windows\SysWOW64\Nnjlpo32.exeC:\Windows\system32\Nnjlpo32.exe81⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nphhmj32.exeC:\Windows\system32\Nphhmj32.exe82⤵
-
C:\Windows\SysWOW64\Ncfdie32.exeC:\Windows\system32\Ncfdie32.exe83⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Neeqea32.exeC:\Windows\system32\Neeqea32.exe84⤵
-
C:\Windows\SysWOW64\Nnlhfn32.exeC:\Windows\system32\Nnlhfn32.exe85⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ndfqbhia.exeC:\Windows\system32\Ndfqbhia.exe86⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ncianepl.exeC:\Windows\system32\Ncianepl.exe87⤵
-
C:\Windows\SysWOW64\Ngdmod32.exeC:\Windows\system32\Ngdmod32.exe88⤵
-
C:\Windows\SysWOW64\Njciko32.exeC:\Windows\system32\Njciko32.exe89⤵
-
C:\Windows\SysWOW64\Nnneknob.exeC:\Windows\system32\Nnneknob.exe90⤵
-
C:\Windows\SysWOW64\Nlaegk32.exeC:\Windows\system32\Nlaegk32.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ndhmhh32.exeC:\Windows\system32\Ndhmhh32.exe92⤵
-
C:\Windows\SysWOW64\Nckndeni.exeC:\Windows\system32\Nckndeni.exe93⤵
-
C:\Windows\SysWOW64\Nfjjppmm.exeC:\Windows\system32\Nfjjppmm.exe94⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Njefqo32.exeC:\Windows\system32\Njefqo32.exe95⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nnqbanmo.exeC:\Windows\system32\Nnqbanmo.exe96⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oponmilc.exeC:\Windows\system32\Oponmilc.exe97⤵
-
C:\Windows\SysWOW64\Oflgep32.exeC:\Windows\system32\Oflgep32.exe98⤵
-
C:\Windows\SysWOW64\Olfobjbg.exeC:\Windows\system32\Olfobjbg.exe99⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Odmgcgbi.exeC:\Windows\system32\Odmgcgbi.exe100⤵
-
C:\Windows\SysWOW64\Ogkcpbam.exeC:\Windows\system32\Ogkcpbam.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ojjolnaq.exeC:\Windows\system32\Ojjolnaq.exe102⤵
-
C:\Windows\SysWOW64\Olhlhjpd.exeC:\Windows\system32\Olhlhjpd.exe103⤵
-
C:\Windows\SysWOW64\Opdghh32.exeC:\Windows\system32\Opdghh32.exe104⤵
-
C:\Windows\SysWOW64\Odocigqg.exeC:\Windows\system32\Odocigqg.exe105⤵
-
C:\Windows\SysWOW64\Ocbddc32.exeC:\Windows\system32\Ocbddc32.exe106⤵
-
C:\Windows\SysWOW64\Ofqpqo32.exeC:\Windows\system32\Ofqpqo32.exe107⤵
-
C:\Windows\SysWOW64\Onhhamgg.exeC:\Windows\system32\Onhhamgg.exe108⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oqfdnhfk.exeC:\Windows\system32\Oqfdnhfk.exe109⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Odapnf32.exeC:\Windows\system32\Odapnf32.exe110⤵
-
C:\Windows\SysWOW64\Ofcmfodb.exeC:\Windows\system32\Ofcmfodb.exe111⤵
-
C:\Windows\SysWOW64\Onjegled.exeC:\Windows\system32\Onjegled.exe112⤵
-
C:\Windows\SysWOW64\Oqhacgdh.exeC:\Windows\system32\Oqhacgdh.exe113⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oddmdf32.exeC:\Windows\system32\Oddmdf32.exe114⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ogbipa32.exeC:\Windows\system32\Ogbipa32.exe115⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Pnlaml32.exeC:\Windows\system32\Pnlaml32.exe116⤵
-
C:\Windows\SysWOW64\Pqknig32.exeC:\Windows\system32\Pqknig32.exe117⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pcijeb32.exeC:\Windows\system32\Pcijeb32.exe118⤵
-
C:\Windows\SysWOW64\Pfhfan32.exeC:\Windows\system32\Pfhfan32.exe119⤵
-
C:\Windows\SysWOW64\Pmannhhj.exeC:\Windows\system32\Pmannhhj.exe120⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pdifoehl.exeC:\Windows\system32\Pdifoehl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-