Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
46s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
16/03/2024, 07:53
General
-
Target
cd849346a352a38feb22d8941d2068d8.exe
-
Size
49KB
-
MD5
cd849346a352a38feb22d8941d2068d8
-
SHA1
9eb6a524d9185af11be1189bf583abde194dd35d
-
SHA256
a49d6efa641852bd8bf501ee0aa414626c334af6f707ab8a04cf16b8957e13aa
-
SHA512
bb940cecbc923f8e691fe077bc255bbc78e2ee3142eba9e698be6f6597c37f61b395188016db1b6b38f632f9ab7b47ecd79c062a2bf14fd1ad3a2a716ea4b7be
-
SSDEEP
768:0kv2vcaKsl+ZcUEsOLSQ/tWZqkPoK7UZbwHZe4inoejTGt2Caou33CbFrl2xy:0kv2XslyktwZUHZknoejT9IcCbFrIY
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cd849346a352a38feb22d8941d2068d8.exe"C:\Users\Admin\AppData\Local\Temp\cd849346a352a38feb22d8941d2068d8.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"17⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"18⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"19⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"20⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"21⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"22⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"23⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"24⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"25⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"26⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"27⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"28⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"29⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"30⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"31⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"32⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"33⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"34⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"35⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"36⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"37⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"38⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"39⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"40⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"41⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"42⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"43⤵
- Executes dropped EXE
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"44⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"45⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"46⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"47⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"48⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"49⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"50⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"51⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"52⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"53⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"54⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"55⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"56⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"57⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"58⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"59⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"60⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"61⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"62⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"63⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"64⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"65⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"66⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"67⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"68⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"69⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"70⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"71⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"72⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"73⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"74⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"75⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"76⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"77⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"78⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"79⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"80⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"81⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"82⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"83⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"84⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"85⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"86⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"87⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"88⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"89⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"90⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"91⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"92⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"93⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"94⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"95⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"96⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"97⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"98⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"99⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"100⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"101⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"102⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"103⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"104⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"105⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"106⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"107⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"108⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"109⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"110⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"111⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"112⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"113⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"114⤵
- Drops file in System32 directory
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"115⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"116⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"117⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"118⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"119⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"120⤵
-
C:\WINDOWS\SysWOW64\SOUNDMAN.EXE"C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-