Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
06/03/2024, 20:30
General
-
Target
b81d31bf4baf7ab5f90f15a0632c6814.exe
-
Size
975KB
-
MD5
b81d31bf4baf7ab5f90f15a0632c6814
-
SHA1
a0cb5c8692cc0b69b1997da8bc4b6ca3dec7f807
-
SHA256
f5c0447663b7667c2106c72fdaf44055f25ce26d826b68198a666d8a10d979b3
-
SHA512
aa9e6d70662c89ffce9e0fbfe5190fd3ea23421c3fabc26240cdc693eba71ecdd4aa50e1f2c145cf205915c77a37a3db3442cb8be3b60a872a5f589e945f894f
-
SSDEEP
12288:Aw+bMncsUGXOuccWWPVycWsNOKpVNFLBhTmrps+3y:Aw5ncxhuccddycXbNVsBy
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Identifies Wine through registry keys 2 TTPs 64 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b81d31bf4baf7ab5f90f15a0632c6814.exe"C:\Users\Admin\AppData\Local\Temp\b81d31bf4baf7ab5f90f15a0632c6814.exe"1⤵
- Identifies Wine through registry keys
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\ccnsmdvxr.exeC:\Windows\system32\ccnsmdvxr.exe 656 "C:\Users\Admin\AppData\Local\Temp\b81d31bf4baf7ab5f90f15a0632c6814.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wtefjnunf.exeC:\Windows\system32\wtefjnunf.exe 616 "C:\Windows\SysWOW64\ccnsmdvxr.exe"3⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\smxcglqfz.exeC:\Windows\system32\smxcglqfz.exe 620 "C:\Windows\SysWOW64\wtefjnunf.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\uxqktuium.exeC:\Windows\system32\uxqktuium.exe 612 "C:\Windows\SysWOW64\smxcglqfz.exe"5⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\zqhydmxri.exeC:\Windows\system32\zqhydmxri.exe 628 "C:\Windows\SysWOW64\uxqktuium.exe"6⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\stjqdavjb.exeC:\Windows\system32\stjqdavjb.exe 624 "C:\Windows\SysWOW64\zqhydmxri.exe"7⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\hfhvgjhjv.exeC:\Windows\system32\hfhvgjhjv.exe 640 "C:\Windows\SysWOW64\stjqdavjb.exe"8⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cdxyjgojv.exeC:\Windows\system32\cdxyjgojv.exe 632 "C:\Windows\SysWOW64\hfhvgjhjv.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mcjvufwie.exeC:\Windows\system32\mcjvufwie.exe 724 "C:\Windows\SysWOW64\cdxyjgojv.exe"10⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\enygwpgyr.exeC:\Windows\system32\enygwpgyr.exe 644 "C:\Windows\SysWOW64\mcjvufwie.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\lvlyqeqqq.exeC:\Windows\system32\lvlyqeqqq.exe 728 "C:\Windows\SysWOW64\enygwpgyr.exe"12⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\qafgbouyk.exeC:\Windows\system32\qafgbouyk.exe 732 "C:\Windows\SysWOW64\lvlyqeqqq.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\psnydbehy.exeC:\Windows\system32\psnydbehy.exe 704 "C:\Windows\SysWOW64\qafgbouyk.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\uxirqxbgz.exeC:\Windows\system32\uxirqxbgz.exe 648 "C:\Windows\SysWOW64\psnydbehy.exe"15⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wllmfksyg.exeC:\Windows\system32\wllmfksyg.exe 660 "C:\Windows\SysWOW64\uxirqxbgz.exe"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\smezbvdzu.exeC:\Windows\system32\smezbvdzu.exe 692 "C:\Windows\SysWOW64\wllmfksyg.exe"17⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
-
C:\Windows\SysWOW64\fdybkvjgn.exeC:\Windows\system32\fdybkvjgn.exe 756 "C:\Windows\SysWOW64\smezbvdzu.exe"18⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\pclzcurgn.exeC:\Windows\system32\pclzcurgn.exe 752 "C:\Windows\SysWOW64\fdybkvjgn.exe"19⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\edvmygcpa.exeC:\Windows\system32\edvmygcpa.exe 716 "C:\Windows\SysWOW64\pclzcurgn.exe"20⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\bbcmzfhwb.exeC:\Windows\system32\bbcmzfhwb.exe 720 "C:\Windows\SysWOW64\edvmygcpa.exe"21⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\gfvmsomev.exeC:\Windows\system32\gfvmsomev.exe 764 "C:\Windows\SysWOW64\bbcmzfhwb.exe"22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\onjmeewwv.exeC:\Windows\system32\onjmeewwv.exe 776 "C:\Windows\SysWOW64\gfvmsomev.exe"23⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
-
C:\Windows\SysWOW64\sacuyniwp.exeC:\Windows\system32\sacuyniwp.exe 772 "C:\Windows\SysWOW64\onjmeewwv.exe"24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\pxjurmndq.exeC:\Windows\system32\pxjurmndq.exe 652 "C:\Windows\SysWOW64\sacuyniwp.exe"25⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\ksocrgwie.exeC:\Windows\system32\ksocrgwie.exe 668 "C:\Windows\SysWOW64\pxjurmndq.exe"26⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\uddmejccq.exeC:\Windows\system32\uddmejccq.exe 788 "C:\Windows\SysWOW64\ksocrgwie.exe"27⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
-
C:\Windows\SysWOW64\eyeftdlae.exeC:\Windows\system32\eyeftdlae.exe 696 "C:\Windows\SysWOW64\uddmejccq.exe"28⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\gpsuriydk.exeC:\Windows\system32\gpsuriydk.exe 800 "C:\Windows\SysWOW64\eyeftdlae.exe"29⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
-
C:\Windows\SysWOW64\djohikfhy.exeC:\Windows\system32\djohikfhy.exe 676 "C:\Windows\SysWOW64\gpsuriydk.exe"30⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
-
C:\Windows\SysWOW64\aojhosply.exeC:\Windows\system32\aojhosply.exe 636 "C:\Windows\SysWOW64\djohikfhy.exe"31⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\duqkekqpt.exeC:\Windows\system32\duqkekqpt.exe 664 "C:\Windows\SysWOW64\aojhosply.exe"32⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
-
C:\Windows\SysWOW64\gofaisgqa.exeC:\Windows\system32\gofaisgqa.exe 672 "C:\Windows\SysWOW64\duqkekqpt.exe"33⤵
- Executes dropped EXE
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\dmmajrtxb.exeC:\Windows\system32\dmmajrtxb.exe 792 "C:\Windows\SysWOW64\gofaisgqa.exe"34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\uhjvfvndc.exeC:\Windows\system32\uhjvfvndc.exe 680 "C:\Windows\SysWOW64\dmmajrtxb.exe"35⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wvmyawuww.exeC:\Windows\system32\wvmyawuww.exe 708 "C:\Windows\SysWOW64\uhjvfvndc.exe"36⤵
- Executes dropped EXE
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\huqvkubvw.exeC:\Windows\system32\huqvkubvw.exe 812 "C:\Windows\SysWOW64\wvmyawuww.exe"37⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\vrznqzugd.exeC:\Windows\system32\vrznqzugd.exe 784 "C:\Windows\SysWOW64\huqvkubvw.exe"38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\iiuqzhsne.exeC:\Windows\system32\iiuqzhsne.exe 836 "C:\Windows\SysWOW64\vrznqzugd.exe"39⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\iadibucek.exeC:\Windows\system32\iadibucek.exe 712 "C:\Windows\SysWOW64\iiuqzhsne.exe"40⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Drops file in System32 directory
-
C:\Windows\SysWOW64\khjlqmlam.exeC:\Windows\system32\khjlqmlam.exe 740 "C:\Windows\SysWOW64\iadibucek.exe"41⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Drops file in System32 directory
-
C:\Windows\SysWOW64\ptctcvpiy.exeC:\Windows\system32\ptctcvpiy.exe 736 "C:\Windows\SysWOW64\khjlqmlam.exe"42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\zendjofus.exeC:\Windows\system32\zendjofus.exe 684 "C:\Windows\SysWOW64\ptctcvpiy.exe"43⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\ywoolbplz.exeC:\Windows\system32\ywoolbplz.exe 828 "C:\Windows\SysWOW64\zendjofus.exe"44⤵
- Executes dropped EXE
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\ypxgfvzcn.exeC:\Windows\system32\ypxgfvzcn.exe 832 "C:\Windows\SysWOW64\ywoolbplz.exe"45⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\xpyqzijst.exeC:\Windows\system32\xpyqzijst.exe 868 "C:\Windows\SysWOW64\ypxgfvzcn.exe"46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\zdbtuiqlv.exeC:\Windows\system32\zdbtuiqlv.exe 688 "C:\Windows\SysWOW64\xpyqzijst.exe"47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mueoxdfjc.exeC:\Windows\system32\mueoxdfjc.exe 748 "C:\Windows\SysWOW64\zdbtuiqlv.exe"48⤵
- Executes dropped EXE
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\zkzrndlqu.exeC:\Windows\system32\zkzrndlqu.exe 700 "C:\Windows\SysWOW64\mueoxdfjc.exe"49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\burggztpj.exeC:\Windows\system32\burggztpj.exe 760 "C:\Windows\SysWOW64\zkzrndlqu.exe"50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\lfortczrw.exeC:\Windows\system32\lfortczrw.exe 852 "C:\Windows\SysWOW64\burggztpj.exe"51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\smcrfsijv.exeC:\Windows\system32\smcrfsijv.exe 768 "C:\Windows\SysWOW64\lfortczrw.exe"52⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Drops file in System32 directory
-
C:\Windows\SysWOW64\nksmippaw.exeC:\Windows\system32\nksmippaw.exe 820 "C:\Windows\SysWOW64\smcrfsijv.exe"53⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\axjcotwnk.exeC:\Windows\system32\axjcotwnk.exe 900 "C:\Windows\SysWOW64\nksmippaw.exe"54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\kizmjwchx.exeC:\Windows\system32\kizmjwchx.exe 840 "C:\Windows\SysWOW64\axjcotwnk.exe"55⤵
- Executes dropped EXE
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\hjjzfaoqk.exeC:\Windows\system32\hjjzfaoqk.exe 844 "C:\Windows\SysWOW64\kizmjwchx.exe"56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\xorujnllr.exeC:\Windows\system32\xorujnllr.exe 872 "C:\Windows\SysWOW64\hjjzfaoqk.exe"57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\evfmdcvvz.exeC:\Windows\system32\evfmdcvvz.exe 920 "C:\Windows\SysWOW64\xorujnllr.exe"58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mzpzmvxtl.exeC:\Windows\system32\mzpzmvxtl.exe 860 "C:\Windows\SysWOW64\evfmdcvvz.exe"59⤵
- Executes dropped EXE
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\apystaqvs.exeC:\Windows\system32\apystaqvs.exe 808 "C:\Windows\SysWOW64\mzpzmvxtl.exe"60⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\xmfsuhwct.exeC:\Windows\system32\xmfsuhwct.exe 816 "C:\Windows\SysWOW64\apystaqvs.exe"61⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\kdzuchbju.exeC:\Windows\system32\kdzuchbju.exe 864 "C:\Windows\SysWOW64\xmfsuhwct.exe"62⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\giefdkeda.exeC:\Windows\system32\giefdkeda.exe 744 "C:\Windows\SysWOW64\kdzuchbju.exe"63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\gtnhrrplv.exeC:\Windows\system32\gtnhrrplv.exe 804 "C:\Windows\SysWOW64\giefdkeda.exe"64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\paqdvlsqd.exeC:\Windows\system32\paqdvlsqd.exe 796 "C:\Windows\SysWOW64\gtnhrrplv.exe"65⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\psrnpxchj.exeC:\Windows\system32\psrnpxchj.exe 824 "C:\Windows\SysWOW64\paqdvlsqd.exe"66⤵
-
C:\Windows\SysWOW64\gsyvcnzdf.exeC:\Windows\system32\gsyvcnzdf.exe 848 "C:\Windows\SysWOW64\psrnpxchj.exe"67⤵
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\hqlilvzdt.exeC:\Windows\system32\hqlilvzdt.exe 876 "C:\Windows\SysWOW64\gsyvcnzdf.exe"68⤵
-
C:\Windows\SysWOW64\qubdakxou.exeC:\Windows\system32\qubdakxou.exe 780 "C:\Windows\SysWOW64\hqlilvzdt.exe"69⤵
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\ffhielkwg.exeC:\Windows\system32\ffhielkwg.exe 856 "C:\Windows\SysWOW64\qubdakxou.exe"70⤵
- Identifies Wine through registry keys
- Drops file in System32 directory
-
C:\Windows\SysWOW64\xbwlapech.exeC:\Windows\system32\xbwlapech.exe 884 "C:\Windows\SysWOW64\ffhielkwg.exe"71⤵
-
C:\Windows\SysWOW64\pmjeinebo.exeC:\Windows\system32\pmjeinebo.exe 964 "C:\Windows\SysWOW64\xbwlapech.exe"72⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wbdtnfbyd.exeC:\Windows\system32\wbdtnfbyd.exe 880 "C:\Windows\SysWOW64\pmjeinebo.exe"73⤵
- Identifies Wine through registry keys
- Drops file in System32 directory
-
C:\Windows\SysWOW64\ihnobomcd.exeC:\Windows\system32\ihnobomcd.exe 940 "C:\Windows\SysWOW64\wbdtnfbyd.exe"74⤵
-
C:\Windows\SysWOW64\zckjxsgif.exeC:\Windows\system32\zckjxsgif.exe 888 "C:\Windows\SysWOW64\ihnobomcd.exe"75⤵
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\pzsrklpux.exeC:\Windows\system32\pzsrklpux.exe 948 "C:\Windows\SysWOW64\zckjxsgif.exe"76⤵
-
C:\Windows\SysWOW64\voezpdmrf.exeC:\Windows\system32\voezpdmrf.exe 904 "C:\Windows\SysWOW64\pzsrklpux.exe"77⤵
-
C:\Windows\SysWOW64\ingcyljyf.exeC:\Windows\system32\ingcyljyf.exe 976 "C:\Windows\SysWOW64\voezpdmrf.exe"78⤵
-
C:\Windows\SysWOW64\ezarqwppn.exeC:\Windows\system32\ezarqwppn.exe 896 "C:\Windows\SysWOW64\ingcyljyf.exe"79⤵
-
C:\Windows\SysWOW64\gxnfhvxpb.exeC:\Windows\system32\gxnfhvxpb.exe 912 "C:\Windows\SysWOW64\ezarqwppn.exe"80⤵
- Identifies Wine through registry keys
- Drops file in System32 directory
-
C:\Windows\SysWOW64\shisqfjbr.exeC:\Windows\system32\shisqfjbr.exe 892 "C:\Windows\SysWOW64\gxnfhvxpb.exe"81⤵
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\kndngfkks.exeC:\Windows\system32\kndngfkks.exe 916 "C:\Windows\SysWOW64\shisqfjbr.exe"82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\icyvmtryb.exeC:\Windows\system32\icyvmtryb.exe 908 "C:\Windows\SysWOW64\kndngfkks.exe"83⤵
- Identifies Wine through registry keys
- Drops file in System32 directory
-
C:\Windows\SysWOW64\vnstcnqqx.exeC:\Windows\system32\vnstcnqqx.exe 924 "C:\Windows\SysWOW64\icyvmtryb.exe"84⤵
-
C:\Windows\SysWOW64\dfnjoaolg.exeC:\Windows\system32\dfnjoaolg.exe 928 "C:\Windows\SysWOW64\vnstcnqqx.exe"85⤵
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\iqqhfmvdb.exeC:\Windows\system32\iqqhfmvdb.exe 936 "C:\Windows\SysWOW64\dfnjoaolg.exe"86⤵
- Identifies Wine through registry keys
- Drops file in System32 directory
-
C:\Windows\SysWOW64\jlqpyfter.exeC:\Windows\system32\jlqpyfter.exe 932 "C:\Windows\SysWOW64\iqqhfmvdb.exe"87⤵
-
C:\Windows\SysWOW64\qkayxbxfh.exeC:\Windows\system32\qkayxbxfh.exe 944 "C:\Windows\SysWOW64\jlqpyfter.exe"88⤵
-
C:\Windows\SysWOW64\ynfifwphk.exeC:\Windows\system32\ynfifwphk.exe 952 "C:\Windows\SysWOW64\qkayxbxfh.exe"89⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\itsevfrql.exeC:\Windows\system32\itsevfrql.exe 960 "C:\Windows\SysWOW64\ynfifwphk.exe"90⤵
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\bzgeonqjq.exeC:\Windows\system32\bzgeonqjq.exe 956 "C:\Windows\SysWOW64\itsevfrql.exe"91⤵
- Identifies Wine through registry keys
- Drops file in System32 directory
-
C:\Windows\SysWOW64\ibbrqoalk.exeC:\Windows\system32\ibbrqoalk.exe 968 "C:\Windows\SysWOW64\bzgeonqjq.exe"92⤵
-
C:\Windows\SysWOW64\lzeklmwpv.exeC:\Windows\system32\lzeklmwpv.exe 980 "C:\Windows\SysWOW64\ibbrqoalk.exe"93⤵
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\jdlijddfp.exeC:\Windows\system32\jdlijddfp.exe 984 "C:\Windows\SysWOW64\lzeklmwpv.exe"94⤵
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\qsfgnjpmq.exeC:\Windows\system32\qsfgnjpmq.exe 972 "C:\Windows\SysWOW64\jdlijddfp.exe"95⤵
-
C:\Windows\SysWOW64\zvvicynxr.exeC:\Windows\system32\zvvicynxr.exe 992 "C:\Windows\SysWOW64\qsfgnjpmq.exe"96⤵
-
C:\Windows\SysWOW64\odpbdvtcz.exeC:\Windows\system32\odpbdvtcz.exe 988 "C:\Windows\SysWOW64\zvvicynxr.exe"97⤵
- Identifies Wine through registry keys
- Drops file in System32 directory
-
C:\Windows\SysWOW64\zmqzuvfbn.exeC:\Windows\system32\zmqzuvfbn.exe 1004 "C:\Windows\SysWOW64\odpbdvtcz.exe"98⤵
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\muiriceqx.exeC:\Windows\system32\muiriceqx.exe 996 "C:\Windows\SysWOW64\zmqzuvfbn.exe"99⤵
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\zrohnahbz.exeC:\Windows\system32\zrohnahbz.exe 1008 "C:\Windows\SysWOW64\muiriceqx.exe"100⤵
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\yihagrdkd.exeC:\Windows\system32\yihagrdkd.exe 1000 "C:\Windows\SysWOW64\zrohnahbz.exe"101⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\dxyizmmrm.exeC:\Windows\system32\dxyizmmrm.exe 1016 "C:\Windows\SysWOW64\yihagrdkd.exe"102⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\liujmuudj.exeC:\Windows\system32\liujmuudj.exe 1012 "C:\Windows\SysWOW64\dxyizmmrm.exe"103⤵
- Identifies Wine through registry keys
- Drops file in System32 directory
-
C:\Windows\SysWOW64\ihqrfvliy.exeC:\Windows\system32\ihqrfvliy.exe 1028 "C:\Windows\SysWOW64\liujmuudj.exe"104⤵
-
C:\Windows\SysWOW64\vuszeiyej.exeC:\Windows\system32\vuszeiyej.exe 1020 "C:\Windows\SysWOW64\ihqrfvliy.exe"105⤵
-
C:\Windows\SysWOW64\pycqdvkat.exeC:\Windows\system32\pycqdvkat.exe 1032 "C:\Windows\SysWOW64\vuszeiyej.exe"106⤵
-
C:\Windows\SysWOW64\dznlfhxkm.exeC:\Windows\system32\dznlfhxkm.exe 1036 "C:\Windows\SysWOW64\pycqdvkat.exe"107⤵
-
C:\Windows\SysWOW64\aafybsjta.exeC:\Windows\system32\aafybsjta.exe 1048 "C:\Windows\SysWOW64\dznlfhxkm.exe"108⤵
- Identifies Wine through registry keys
- Drops file in System32 directory
-
C:\Windows\SysWOW64\zhdouvwyh.exeC:\Windows\system32\zhdouvwyh.exe 1040 "C:\Windows\SysWOW64\aafybsjta.exe"109⤵
-
C:\Windows\SysWOW64\tjxvspkau.exeC:\Windows\system32\tjxvspkau.exe 1044 "C:\Windows\SysWOW64\zhdouvwyh.exe"110⤵
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\vmywgslye.exeC:\Windows\system32\vmywgslye.exe 1052 "C:\Windows\SysWOW64\tjxvspkau.exe"111⤵
- Identifies Wine through registry keys
- Drops file in System32 directory
-
C:\Windows\SysWOW64\faiyizwmx.exeC:\Windows\system32\faiyizwmx.exe 1072 "C:\Windows\SysWOW64\vmywgslye.exe"112⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\dsfbqwzmr.exeC:\Windows\system32\dsfbqwzmr.exe 1056 "C:\Windows\SysWOW64\faiyizwmx.exe"113⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\nksjdhrcg.exeC:\Windows\system32\nksjdhrcg.exe 1068 "C:\Windows\SysWOW64\dsfbqwzmr.exe"114⤵
- Identifies Wine through registry keys
- Drops file in System32 directory
-
C:\Windows\SysWOW64\rinukrpku.exeC:\Windows\system32\rinukrpku.exe 1064 "C:\Windows\SysWOW64\nksjdhrcg.exe"115⤵
-
C:\Windows\SysWOW64\aajcqxqrp.exeC:\Windows\system32\aajcqxqrp.exe 1128 "C:\Windows\SysWOW64\rinukrpku.exe"116⤵
-
C:\Windows\SysWOW64\kvzxgmhci.exeC:\Windows\system32\kvzxgmhci.exe 1080 "C:\Windows\SysWOW64\aajcqxqrp.exe"117⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\mnruyipaw.exeC:\Windows\system32\mnruyipaw.exe 1104 "C:\Windows\SysWOW64\kvzxgmhci.exe"118⤵
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\djopufjhy.exeC:\Windows\system32\djopufjhy.exe 1060 "C:\Windows\SysWOW64\mnruyipaw.exe"119⤵
-
C:\Windows\SysWOW64\yhekwdqgy.exeC:\Windows\system32\yhekwdqgy.exe 1084 "C:\Windows\SysWOW64\djopufjhy.exe"120⤵
- Identifies Wine through registry keys
-
C:\Windows\SysWOW64\hcdfynyif.exeC:\Windows\system32\hcdfynyif.exe 1116 "C:\Windows\SysWOW64\yhekwdqgy.exe"121⤵
- Identifies Wine through registry keys
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-