Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
175s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
03/01/2024, 15:41
General
-
Target
83ccf0608059602b88e3268e43db30a1.exe
-
Size
255KB
-
MD5
83ccf0608059602b88e3268e43db30a1
-
SHA1
f1fe080283062fe360e39f4407fbcd50c65683eb
-
SHA256
73184ad74d91a1803ce9589837dfd4514a2cbbafc84a13c19328dc4488ae1538
-
SHA512
983d6d60006edf568e5a96546dfdcb83a03cc49bbc0e2725da840983ac0e35dafbcb733d39fe192d88437d9e305650005266e718440db5a0c791dc0ed57d0137
-
SSDEEP
3072:/H6JQrfoku8w8asCHNhMXi6Y0HYSx9m9jqLsFmsdYXmAMS3KUUibN8ohXiHm9Ne0:/aJYVu82xUS6UJjwszeXmDZUH8aiGaEP
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\83ccf0608059602b88e3268e43db30a1.exe"C:\Users\Admin\AppData\Local\Temp\83ccf0608059602b88e3268e43db30a1.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cbglgg32.exeC:\Windows\system32\Cbglgg32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dhbqalle.exeC:\Windows\system32\Dhbqalle.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gjdknjep.exeC:\Windows\system32\Gjdknjep.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gledpe32.exeC:\Windows\system32\Gledpe32.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lpbokjho.exeC:\Windows\system32\Lpbokjho.exe6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nmbhgjoi.exeC:\Windows\system32\Nmbhgjoi.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pdofpb32.exeC:\Windows\system32\Pdofpb32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cnboma32.exeC:\Windows\system32\Cnboma32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jjgcgo32.exeC:\Windows\system32\Jjgcgo32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mpbaga32.exeC:\Windows\system32\Mpbaga32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pkigbfja.exeC:\Windows\system32\Pkigbfja.exe12⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Adadbi32.exeC:\Windows\system32\Adadbi32.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eabjkdcc.exeC:\Windows\system32\Eabjkdcc.exe14⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mbkmngfn.exeC:\Windows\system32\Mbkmngfn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Poqckdap.exeC:\Windows\system32\Poqckdap.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pldcdhpi.exeC:\Windows\system32\Pldcdhpi.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qfanbpjg.exeC:\Windows\system32\Qfanbpjg.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qlnfkgho.exeC:\Windows\system32\Qlnfkgho.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bllble32.exeC:\Windows\system32\Bllble32.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cfeplh32.exeC:\Windows\system32\Cfeplh32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dqfceoje.exeC:\Windows\system32\Dqfceoje.exe22⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dqhpjohb.exeC:\Windows\system32\Dqhpjohb.exe23⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Efgehe32.exeC:\Windows\system32\Efgehe32.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Enajobbf.exeC:\Windows\system32\Enajobbf.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fnjmea32.exeC:\Windows\system32\Fnjmea32.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fcnlng32.exeC:\Windows\system32\Fcnlng32.exe27⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Galonj32.exeC:\Windows\system32\Galonj32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jacnegep.exeC:\Windows\system32\Jacnegep.exe29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jalakeme.exeC:\Windows\system32\Jalakeme.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kknhjj32.exeC:\Windows\system32\Kknhjj32.exe31⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lncjgddf.exeC:\Windows\system32\Lncjgddf.exe32⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mggolhaj.exeC:\Windows\system32\Mggolhaj.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nkhdgfen.exeC:\Windows\system32\Nkhdgfen.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nicjaino.exeC:\Windows\system32\Nicjaino.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Opfedb32.exeC:\Windows\system32\Opfedb32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Phmjdbpo.exeC:\Windows\system32\Phmjdbpo.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ahfmka32.exeC:\Windows\system32\Ahfmka32.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Apbngn32.exeC:\Windows\system32\Apbngn32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Blnhgn32.exeC:\Windows\system32\Blnhgn32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cbofdg32.exeC:\Windows\system32\Cbofdg32.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dlegokbe.exeC:\Windows\system32\Dlegokbe.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eoocfegl.exeC:\Windows\system32\Eoocfegl.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eflhiolf.exeC:\Windows\system32\Eflhiolf.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eqalfgll.exeC:\Windows\system32\Eqalfgll.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gcbnopkj.exeC:\Windows\system32\Gcbnopkj.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hbldkllm.exeC:\Windows\system32\Hbldkllm.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hfjmajbc.exeC:\Windows\system32\Hfjmajbc.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hjjbmhfg.exeC:\Windows\system32\Hjjbmhfg.exe49⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hcbgen32.exeC:\Windows\system32\Hcbgen32.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ibmmbj32.exeC:\Windows\system32\Ibmmbj32.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ifmcmg32.exeC:\Windows\system32\Ifmcmg32.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jmgkja32.exeC:\Windows\system32\Jmgkja32.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jaimko32.exeC:\Windows\system32\Jaimko32.exe54⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Maohdj32.exeC:\Windows\system32\Maohdj32.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nqioqf32.exeC:\Windows\system32\Nqioqf32.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pcgdcome.exeC:\Windows\system32\Pcgdcome.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pgjfdm32.exeC:\Windows\system32\Pgjfdm32.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Becipn32.exeC:\Windows\system32\Becipn32.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cobciblp.exeC:\Windows\system32\Cobciblp.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Deoabj32.exeC:\Windows\system32\Deoabj32.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eefhcimp.exeC:\Windows\system32\Eefhcimp.exe62⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eehdii32.exeC:\Windows\system32\Eehdii32.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Elbmebbj.exeC:\Windows\system32\Elbmebbj.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eoaianan.exeC:\Windows\system32\Eoaianan.exe65⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eekanh32.exeC:\Windows\system32\Eekanh32.exe66⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eleikb32.exeC:\Windows\system32\Eleikb32.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Femndhgh.exeC:\Windows\system32\Femndhgh.exe68⤵
-
C:\Windows\SysWOW64\Fomhnmgp.exeC:\Windows\system32\Fomhnmgp.exe69⤵
-
C:\Windows\SysWOW64\Hfgjad32.exeC:\Windows\system32\Hfgjad32.exe70⤵
-
C:\Windows\SysWOW64\Hmabnnhg.exeC:\Windows\system32\Hmabnnhg.exe71⤵
-
C:\Windows\SysWOW64\Hckjjh32.exeC:\Windows\system32\Hckjjh32.exe72⤵
-
C:\Windows\SysWOW64\Iehfno32.exeC:\Windows\system32\Iehfno32.exe73⤵
-
C:\Windows\SysWOW64\Ipmjkh32.exeC:\Windows\system32\Ipmjkh32.exe74⤵
-
C:\Windows\SysWOW64\Ippgqg32.exeC:\Windows\system32\Ippgqg32.exe75⤵
-
C:\Windows\SysWOW64\Jmknkk32.exeC:\Windows\system32\Jmknkk32.exe76⤵
-
C:\Windows\SysWOW64\Kmfmfigl.exeC:\Windows\system32\Kmfmfigl.exe77⤵
-
C:\Windows\SysWOW64\Lpjcnd32.exeC:\Windows\system32\Lpjcnd32.exe78⤵
-
C:\Windows\SysWOW64\Libggiik.exeC:\Windows\system32\Libggiik.exe79⤵
-
C:\Windows\SysWOW64\Ldjhib32.exeC:\Windows\system32\Ldjhib32.exe80⤵
-
C:\Windows\SysWOW64\Lekeajmm.exeC:\Windows\system32\Lekeajmm.exe81⤵
-
C:\Windows\SysWOW64\Lpqioclc.exeC:\Windows\system32\Lpqioclc.exe82⤵
-
C:\Windows\SysWOW64\Lemagjjj.exeC:\Windows\system32\Lemagjjj.exe83⤵
-
C:\Windows\SysWOW64\Mphoob32.exeC:\Windows\system32\Mphoob32.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mipchg32.exeC:\Windows\system32\Mipchg32.exe85⤵
-
C:\Windows\SysWOW64\Mpjleadh.exeC:\Windows\system32\Mpjleadh.exe86⤵
-
C:\Windows\SysWOW64\Meiabh32.exeC:\Windows\system32\Meiabh32.exe87⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mlciobhj.exeC:\Windows\system32\Mlciobhj.exe88⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mcmall32.exeC:\Windows\system32\Mcmall32.exe89⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Npabeq32.exeC:\Windows\system32\Npabeq32.exe90⤵
-
C:\Windows\SysWOW64\Ncfdbk32.exeC:\Windows\system32\Ncfdbk32.exe91⤵
-
C:\Windows\SysWOW64\Njploeoi.exeC:\Windows\system32\Njploeoi.exe92⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Npjelo32.exeC:\Windows\system32\Npjelo32.exe93⤵
-
C:\Windows\SysWOW64\Ngdmhimb.exeC:\Windows\system32\Ngdmhimb.exe94⤵
-
C:\Windows\SysWOW64\Chmnnamb.exeC:\Windows\system32\Chmnnamb.exe95⤵
-
C:\Windows\SysWOW64\Ehocjo32.exeC:\Windows\system32\Ehocjo32.exe96⤵
-
C:\Windows\SysWOW64\Fgeibicb.exeC:\Windows\system32\Fgeibicb.exe97⤵
-
C:\Windows\SysWOW64\Gkcbhgii.exeC:\Windows\system32\Gkcbhgii.exe98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gaadpqmp.exeC:\Windows\system32\Gaadpqmp.exe99⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hbmclobc.exeC:\Windows\system32\Hbmclobc.exe100⤵
-
C:\Windows\SysWOW64\Hhglhi32.exeC:\Windows\system32\Hhglhi32.exe101⤵
-
C:\Windows\SysWOW64\Inpclnnj.exeC:\Windows\system32\Inpclnnj.exe102⤵
-
C:\Windows\SysWOW64\Jodiaqag.exeC:\Windows\system32\Jodiaqag.exe103⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Klapgq32.exeC:\Windows\system32\Klapgq32.exe104⤵
-
C:\Windows\SysWOW64\Lbekjipe.exeC:\Windows\system32\Lbekjipe.exe105⤵
-
C:\Windows\SysWOW64\Llmpco32.exeC:\Windows\system32\Llmpco32.exe106⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lbghpinc.exeC:\Windows\system32\Lbghpinc.exe107⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Liaqlcep.exeC:\Windows\system32\Liaqlcep.exe108⤵
-
C:\Windows\SysWOW64\Lpneom32.exeC:\Windows\system32\Lpneom32.exe109⤵
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Jdkkjl32.exeC:\Windows\system32\Jdkkjl32.exe68⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jjgcbb32.exeC:\Windows\system32\Jjgcbb32.exe69⤵
-
C:\Windows\SysWOW64\Jpalomaq.exeC:\Windows\system32\Jpalomaq.exe70⤵
-
C:\Windows\SysWOW64\Jgkdkg32.exeC:\Windows\system32\Jgkdkg32.exe71⤵
-
C:\Windows\SysWOW64\Jnelha32.exeC:\Windows\system32\Jnelha32.exe72⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jcbdph32.exeC:\Windows\system32\Jcbdph32.exe73⤵
-
C:\Windows\SysWOW64\Jnhinq32.exeC:\Windows\system32\Jnhinq32.exe74⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jgpmffeh.exeC:\Windows\system32\Jgpmffeh.exe75⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jlmfomcp.exeC:\Windows\system32\Jlmfomcp.exe76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kgbjlf32.exeC:\Windows\system32\Kgbjlf32.exe77⤵
-
C:\Windows\SysWOW64\Kmobdm32.exeC:\Windows\system32\Kmobdm32.exe78⤵
-
C:\Windows\SysWOW64\Kcikagij.exeC:\Windows\system32\Kcikagij.exe79⤵
-
C:\Windows\SysWOW64\Kglmbd32.exeC:\Windows\system32\Kglmbd32.exe80⤵
-
C:\Windows\SysWOW64\Knfeoobh.exeC:\Windows\system32\Knfeoobh.exe81⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lgnihd32.exeC:\Windows\system32\Lgnihd32.exe82⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lmkbpk32.exeC:\Windows\system32\Lmkbpk32.exe83⤵
-
C:\Windows\SysWOW64\Lgqfmcge.exeC:\Windows\system32\Lgqfmcge.exe84⤵
-
C:\Windows\SysWOW64\Lqikfi32.exeC:\Windows\system32\Lqikfi32.exe85⤵
-
C:\Windows\SysWOW64\Ljaooodf.exeC:\Windows\system32\Ljaooodf.exe86⤵
-
C:\Windows\SysWOW64\Lcjchd32.exeC:\Windows\system32\Lcjchd32.exe87⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lnohemjm.exeC:\Windows\system32\Lnohemjm.exe88⤵
-
C:\Windows\SysWOW64\Lclpmdhd.exeC:\Windows\system32\Lclpmdhd.exe89⤵
-
C:\Windows\SysWOW64\Mmdefi32.exeC:\Windows\system32\Mmdefi32.exe90⤵
-
C:\Windows\SysWOW64\Mkeeda32.exeC:\Windows\system32\Mkeeda32.exe91⤵
-
C:\Windows\SysWOW64\Menimfnd.exeC:\Windows\system32\Menimfnd.exe92⤵
-
C:\Windows\SysWOW64\Mjkbemll.exeC:\Windows\system32\Mjkbemll.exe93⤵
-
C:\Windows\SysWOW64\Neglceej.exeC:\Windows\system32\Neglceej.exe94⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nmbaggce.exeC:\Windows\system32\Nmbaggce.exe95⤵
-
C:\Windows\SysWOW64\Nhheepbk.exeC:\Windows\system32\Nhheepbk.exe96⤵
-
C:\Windows\SysWOW64\Nmenmgab.exeC:\Windows\system32\Nmenmgab.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nhjbjp32.exeC:\Windows\system32\Nhjbjp32.exe98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nabfcegi.exeC:\Windows\system32\Nabfcegi.exe99⤵
-
C:\Windows\SysWOW64\Njkklk32.exeC:\Windows\system32\Njkklk32.exe100⤵
-
C:\Windows\SysWOW64\Naecieef.exeC:\Windows\system32\Naecieef.exe101⤵
-
C:\Windows\SysWOW64\Nhokeolc.exeC:\Windows\system32\Nhokeolc.exe102⤵
-
C:\Windows\SysWOW64\Oeclockl.exeC:\Windows\system32\Oeclockl.exe103⤵
-
C:\Windows\SysWOW64\Odhipp32.exeC:\Windows\system32\Odhipp32.exe104⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oaliidon.exeC:\Windows\system32\Oaliidon.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ojdnbj32.exeC:\Windows\system32\Ojdnbj32.exe106⤵
-
C:\Windows\SysWOW64\Oejbpb32.exeC:\Windows\system32\Oejbpb32.exe107⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ojgjhicl.exeC:\Windows\system32\Ojgjhicl.exe108⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Odooqo32.exeC:\Windows\system32\Odooqo32.exe109⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Podcnh32.exeC:\Windows\system32\Podcnh32.exe110⤵
-
C:\Windows\SysWOW64\Pdalfo32.exeC:\Windows\system32\Pdalfo32.exe111⤵
-
C:\Windows\SysWOW64\Pmjpod32.exeC:\Windows\system32\Pmjpod32.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pddhlnfg.exeC:\Windows\system32\Pddhlnfg.exe113⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pmlmdd32.exeC:\Windows\system32\Pmlmdd32.exe114⤵
-
C:\Windows\SysWOW64\Plmmbkdf.exeC:\Windows\system32\Plmmbkdf.exe115⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pdhbgn32.exeC:\Windows\system32\Pdhbgn32.exe116⤵
-
C:\Windows\SysWOW64\Phfjmlhh.exeC:\Windows\system32\Phfjmlhh.exe117⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qaoofaoi.exeC:\Windows\system32\Qaoofaoi.exe118⤵
-
C:\Windows\SysWOW64\Qoboofnb.exeC:\Windows\system32\Qoboofnb.exe119⤵
-
C:\Windows\SysWOW64\Alfpijll.exeC:\Windows\system32\Alfpijll.exe120⤵
-
C:\Windows\SysWOW64\Aklmjfad.exeC:\Windows\system32\Aklmjfad.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-