Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
20/04/2024, 04:40
General
-
Target
f11d1aa09a29121a85155b5bc9143e319e6790ab6c0d959937f6e69119b08073.exe
-
Size
163KB
-
MD5
d6891b608c4716c31359175499c61cce
-
SHA1
a1041a621b7d6aff7bfcf4e63276d563b9a7bfa1
-
SHA256
f11d1aa09a29121a85155b5bc9143e319e6790ab6c0d959937f6e69119b08073
-
SHA512
e4e15760bcaa5dd74eeb41f42337efb6eefee668ab55bada883adc0d937dadd2ec939a446759605e665928616aa6216ac806bf45a1da1491c1bcf3c9cdefea16
-
SSDEEP
1536:Pj8I75xda5BIYhQkILf2ECUZQ0ILlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:LxfZeaD2V7LltOrWKDBr+yJb
Malware Config
Extracted
gozi
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Detects executables built or packed with MPress PE compressor 47 IoCs
-
UPX dump on OEP (original entry point) 51 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f11d1aa09a29121a85155b5bc9143e319e6790ab6c0d959937f6e69119b08073.exe"C:\Users\Admin\AppData\Local\Temp\f11d1aa09a29121a85155b5bc9143e319e6790ab6c0d959937f6e69119b08073.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ljeafb32.exeC:\Windows\system32\Ljeafb32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mqdcnl32.exeC:\Windows\system32\Mqdcnl32.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mcelpggq.exeC:\Windows\system32\Mcelpggq.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mokmdh32.exeC:\Windows\system32\Mokmdh32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mjcngpjh.exeC:\Windows\system32\Mjcngpjh.exe6⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Npbceggm.exeC:\Windows\system32\Npbceggm.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nfohgqlg.exeC:\Windows\system32\Nfohgqlg.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ngndaccj.exeC:\Windows\system32\Ngndaccj.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oplfkeob.exeC:\Windows\system32\Oplfkeob.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oakbehfe.exeC:\Windows\system32\Oakbehfe.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ombcji32.exeC:\Windows\system32\Ombcji32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Onapdl32.exeC:\Windows\system32\Onapdl32.exe13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ocaebc32.exeC:\Windows\system32\Ocaebc32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ppgegd32.exeC:\Windows\system32\Ppgegd32.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pdenmbkk.exeC:\Windows\system32\Pdenmbkk.exe16⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Phfcipoo.exeC:\Windows\system32\Phfcipoo.exe17⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qhhpop32.exeC:\Windows\system32\Qhhpop32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qodeajbg.exeC:\Windows\system32\Qodeajbg.exe19⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Afpjel32.exeC:\Windows\system32\Afpjel32.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aaenbd32.exeC:\Windows\system32\Aaenbd32.exe21⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ahaceo32.exeC:\Windows\system32\Ahaceo32.exe22⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aajhndkb.exeC:\Windows\system32\Aajhndkb.exe23⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Apodoq32.exeC:\Windows\system32\Apodoq32.exe24⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Aopemh32.exeC:\Windows\system32\Aopemh32.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bphgeo32.exeC:\Windows\system32\Bphgeo32.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Cnaaib32.exeC:\Windows\system32\Cnaaib32.exe27⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dpiplm32.exeC:\Windows\system32\Dpiplm32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dahmfpap.exeC:\Windows\system32\Dahmfpap.exe29⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dndgfpbo.exeC:\Windows\system32\Dndgfpbo.exe30⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Egaejeej.exeC:\Windows\system32\Egaejeej.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fdlkdhnk.exeC:\Windows\system32\Fdlkdhnk.exe32⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fniihmpf.exeC:\Windows\system32\Fniihmpf.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gihpkd32.exeC:\Windows\system32\Gihpkd32.exe34⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gpaihooo.exeC:\Windows\system32\Gpaihooo.exe35⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hahokfag.exeC:\Windows\system32\Hahokfag.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hnbeeiji.exeC:\Windows\system32\Hnbeeiji.exe37⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Iafkld32.exeC:\Windows\system32\Iafkld32.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ilnlom32.exeC:\Windows\system32\Ilnlom32.exe39⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iamamcop.exeC:\Windows\system32\Iamamcop.exe40⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jpbjfjci.exeC:\Windows\system32\Jpbjfjci.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jpegkj32.exeC:\Windows\system32\Jpegkj32.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Koonge32.exeC:\Windows\system32\Koonge32.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lcfidb32.exeC:\Windows\system32\Lcfidb32.exe44⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lhgkgijg.exeC:\Windows\system32\Lhgkgijg.exe45⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mjidgkog.exeC:\Windows\system32\Mjidgkog.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mjlalkmd.exeC:\Windows\system32\Mjlalkmd.exe47⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nfgklkoc.exeC:\Windows\system32\Nfgklkoc.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nfqnbjfi.exeC:\Windows\system32\Nfqnbjfi.exe49⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Oqhoeb32.exeC:\Windows\system32\Oqhoeb32.exe50⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Omopjcjp.exeC:\Windows\system32\Omopjcjp.exe51⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ocihgnam.exeC:\Windows\system32\Ocihgnam.exe52⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Oihmedma.exeC:\Windows\system32\Oihmedma.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pfagighf.exeC:\Windows\system32\Pfagighf.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pciqnk32.exeC:\Windows\system32\Pciqnk32.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qjhbfd32.exeC:\Windows\system32\Qjhbfd32.exe56⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ajmladbl.exeC:\Windows\system32\Ajmladbl.exe57⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Adgmoigj.exeC:\Windows\system32\Adgmoigj.exe58⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bmggingc.exeC:\Windows\system32\Bmggingc.exe59⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bfolacnc.exeC:\Windows\system32\Bfolacnc.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bbfmgd32.exeC:\Windows\system32\Bbfmgd32.exe61⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bagmdllg.exeC:\Windows\system32\Bagmdllg.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ckpamabg.exeC:\Windows\system32\Ckpamabg.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cpljehpo.exeC:\Windows\system32\Cpljehpo.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ccmcgcmp.exeC:\Windows\system32\Ccmcgcmp.exe65⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cigkdmel.exeC:\Windows\system32\Cigkdmel.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Cildom32.exeC:\Windows\system32\Cildom32.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Dcibca32.exeC:\Windows\system32\Dcibca32.exe68⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dnqcfjae.exeC:\Windows\system32\Dnqcfjae.exe69⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ejlnfjbd.exeC:\Windows\system32\Ejlnfjbd.exe70⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ejagaj32.exeC:\Windows\system32\Ejagaj32.exe71⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fggdpnkf.exeC:\Windows\system32\Fggdpnkf.exe72⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fcekfnkb.exeC:\Windows\system32\Fcekfnkb.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gjcmngnj.exeC:\Windows\system32\Gjcmngnj.exe74⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gdiakp32.exeC:\Windows\system32\Gdiakp32.exe75⤵
-
C:\Windows\SysWOW64\Gbbkocid.exeC:\Windows\system32\Gbbkocid.exe76⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hebcao32.exeC:\Windows\system32\Hebcao32.exe77⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hbknebqi.exeC:\Windows\system32\Hbknebqi.exe78⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hkcbnh32.exeC:\Windows\system32\Hkcbnh32.exe79⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Iaedanal.exeC:\Windows\system32\Iaedanal.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jhfbog32.exeC:\Windows\system32\Jhfbog32.exe81⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Jblflp32.exeC:\Windows\system32\Jblflp32.exe82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jnedgq32.exeC:\Windows\system32\Jnedgq32.exe83⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jhoeef32.exeC:\Windows\system32\Jhoeef32.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kahinkaf.exeC:\Windows\system32\Kahinkaf.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Klmnkdal.exeC:\Windows\system32\Klmnkdal.exe86⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kefbdjgm.exeC:\Windows\system32\Kefbdjgm.exe87⤵
-
C:\Windows\SysWOW64\Klpjad32.exeC:\Windows\system32\Klpjad32.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kejloi32.exeC:\Windows\system32\Kejloi32.exe89⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kbnlim32.exeC:\Windows\system32\Kbnlim32.exe90⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Khkdad32.exeC:\Windows\system32\Khkdad32.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Leoejh32.exeC:\Windows\system32\Leoejh32.exe92⤵
-
C:\Windows\SysWOW64\Lbcedmnl.exeC:\Windows\system32\Lbcedmnl.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mkepineo.exeC:\Windows\system32\Mkepineo.exe94⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Mekdffee.exeC:\Windows\system32\Mekdffee.exe95⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mkgmoncl.exeC:\Windows\system32\Mkgmoncl.exe96⤵
-
C:\Windows\SysWOW64\Mkocol32.exeC:\Windows\system32\Mkocol32.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Nhbciqln.exeC:\Windows\system32\Nhbciqln.exe98⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ndidna32.exeC:\Windows\system32\Ndidna32.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nhgmcp32.exeC:\Windows\system32\Nhgmcp32.exe100⤵
-
C:\Windows\SysWOW64\Napameoi.exeC:\Windows\system32\Napameoi.exe101⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nkhfek32.exeC:\Windows\system32\Nkhfek32.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nhlfoodc.exeC:\Windows\system32\Nhlfoodc.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nbdkhe32.exeC:\Windows\system32\Nbdkhe32.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Oohkai32.exeC:\Windows\system32\Oohkai32.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ofbdncaj.exeC:\Windows\system32\Ofbdncaj.exe106⤵
-
C:\Windows\SysWOW64\Ookhfigk.exeC:\Windows\system32\Ookhfigk.exe107⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ochamg32.exeC:\Windows\system32\Ochamg32.exe108⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Odjmdocp.exeC:\Windows\system32\Odjmdocp.exe109⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Obnnnc32.exeC:\Windows\system32\Obnnnc32.exe110⤵
-
C:\Windows\SysWOW64\Okfbgiij.exeC:\Windows\system32\Okfbgiij.exe111⤵
-
C:\Windows\SysWOW64\Pijcpmhc.exeC:\Windows\system32\Pijcpmhc.exe112⤵
-
C:\Windows\SysWOW64\Pcpgmf32.exeC:\Windows\system32\Pcpgmf32.exe113⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pecpknke.exeC:\Windows\system32\Pecpknke.exe114⤵
-
C:\Windows\SysWOW64\Pbgqdb32.exeC:\Windows\system32\Pbgqdb32.exe115⤵
-
C:\Windows\SysWOW64\Pmmeak32.exeC:\Windows\system32\Pmmeak32.exe116⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Amhdmi32.exeC:\Windows\system32\Amhdmi32.exe117⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
163KB
MD58e9c83ef957b9942f4995e344a63699c
SHA10efc29be46c3f76134ca2969e532243408b67998
SHA256e3f02bd9630460ef8284c4310c0b0c90830c3ca138ff600b7ee46341b41f1af5
SHA51207c3cf4b1d5eeaa13126d63fc59243934e05a8f192d70618186408dba3af35df00df4bac5a2939b25df69d96a48d92b00d8a7ebdacb0ff0745ae4519e637d45a
-
Filesize
163KB
MD57d2e5ce3f4998c29748118f37143b750
SHA11c7b8ab18c440f2d95664877c246c486088e5739
SHA2569d90f8a514a3a5cc09485c1f593d55ca883403c82fac7e8d320485a7c1406338
SHA5128cbf99a7bbc8e5869ceb1375c2e000e89e2c93c2b75bc3b10df7d7e88825cf1d78725df57ce90aeac7c58889f23619abf8893cc3f06a786a70b9ecdcf57970f3
-
Filesize
163KB
MD5b7e62a07ba5ca0a02755cca1e47c94c2
SHA1308ea32c879176fa834ec5a25505e5ec9ed255e7
SHA25601096c027b3ed48182ae03750853d75d98e601109cd75b5cbf64571f67e07542
SHA5120de72f6a82921aab84273b9e3f2c4bda950e9760191d6bdda30146d85b0bc05b05eca411478cdc744353a68f09f4806d39bfb6769df7d7b2ae3260ba6c24dcfb
-
Filesize
163KB
MD58eb0cf166ef799544be9c1eb67756862
SHA186e3139873015cad001e81dd71f20613bb7ed1cb
SHA256d8a3d3dd76d654c057ebdc2618409ed37985658cfeb84b773a9c89f0bd75a65d
SHA512f8ce523a67ce38a4178e9c0d9853e7df3ed85528102bfe7c1df8a599a58e0bf13f9a6566f13a78de0db787d8f87306b78a939e38d9dccb681df0f59db8dd8ef9
-
Filesize
163KB
MD5e2317f814abec985581344176ab40af6
SHA1daf4cb3d9b6f5617586b71962d4325b392f2af17
SHA256b37c5ac0e6f8a6e560c2774783afb7b0889111457ab41573881034155bb26d07
SHA512b851451dd613d1c82e13711e58b1cb6d8d4837f613d5d5f5e7216ef7e2f965df25692a8991d7468362e271976b3fd5ada770438daa511af7dbaf47e5ed1f9253
-
Filesize
163KB
MD5e9b4eee39c5f375c26a639960f9439f9
SHA189c5234daea170e370c0cb006ba2ffa09d8e943b
SHA25679644d306ebb187896d56744122c2244a7965771c3c3a7351a873fab4cf28cad
SHA512d0eb5e5ef1d5b401fb8d537ffe5c3135898f4d32e1b29756fb4fc41b2a9cb550e9d47a141d1c188258582ea0441c21ecbf953e09bcb2edd5b5fb33f66e17cf7b
-
Filesize
163KB
MD5446efc33f046dc8e8ecceda1c319cc43
SHA1bb3e4c04a0d73ac876088702df12620a23569326
SHA256b9c98a580be255bb13ea124119fe63baf5b5441822fa923748df2d285dc338ad
SHA51240293040c221d24a16d2539b6102a33a5deaa77dd4d568f306e191cc6fea1ed0e14b5f33bfdcaf11dc85d02ca8f4b3ef5eca7aa5b558ca09eb66dabfada15b33
-
Filesize
163KB
MD55bb9b7bf8934c260ed01dc597ead430e
SHA10305756dfcbbf333eb08534e8897f593d8a86298
SHA25639becab92d1cc00f61af762ed4e30283026b21290b52352788e4ecf70ba11c0b
SHA51277c50c6f9a53258a4534d490c0722a2c84fa5e3ba72f3188f54792b3c47ae25b9206586b86c7fdcb771d4cc8b2ff68f0eb38adce8e50372f30f34033b4b81dbc
-
Filesize
163KB
MD5cdd75dfc98bdab241fcb7fde6adc98e9
SHA1c16a3e18a87d0572be38fb6cde50c78a13d004f7
SHA256e19c0ce4734d9739d103751dcdf5e06c0294f1ef491be6bff6d99aa1d3bc0c70
SHA512f6f8c108f990ec1a4fec4eb9988ffded6416ebade9430888bedf8501bc9aff2529d53c1713fe198e35ac6c056e2ae84eb01ee64ebd093708ba0f97989924bc97
-
Filesize
163KB
MD5d1e1ed6b518fbcc231151e89c9a370ea
SHA11723ac30cd73a20a21d818837ce00a66e4e1123b
SHA256f8adddc485e26c5d87ab9f9387de1df73673f92fc065b2772f7684d5877cb641
SHA512f2de13aaa5a28d6d80e395cefa3dd65281bc26c7436ba04119d1b57afa954a9c00a5b4be24710fbb012c53e716cd86ca450188fe2519af4030a61704c7f96b15
-
Filesize
163KB
MD524ff62fdeffb1ad55065ee2e0cbc6778
SHA1f827c57ae5156d0b48b5c8ec1c31b94494b7dd35
SHA2569ced99d2fda66b1c8041d892f294337a1cf2808398bdf4e21881caa305ff0595
SHA5123844d4b00568ee64aeb4376d7b9838e8bf7e6932aa22b29527f40a16dd15a200a000e3f7c38ad7baa2c4047a56427d0e0b6bfcda0f2885d0903aef3c0048d5bc
-
Filesize
163KB
MD557d11f7fb76aa223e34fe1ad5c6c6f99
SHA10613ac94ab77a4f392977779e915a5c75ed6696b
SHA256cb68f6d68ea749c7822ce2e21e20a8c00e5b1a9a69f2c82537c826f7308c5b6d
SHA5129cabeeec536f73532849599b08b88e5c365dc1ee06b0723dcda144a86d7c40c27a14f51c67385751a8218a23686659b9cf972792af157e641adb5b8b0e1292b5
-
Filesize
163KB
MD5ed7428e17566254ebbbb63f5ae32f5be
SHA13da0f6c2e397ce2b2a27fed2de8a6b7276a48713
SHA256df860b482179675feb21404e9813d16391ba55b06504b33eca7f1a6152b9f74c
SHA51284142d1636c464ef53dd8147593c0fd85cf9405d3c96c75e088fccfe7748aab64152c478c51fcdabe6a06092d41ba7a8bd8b3c6a7f4ec7536777dad7ef65c0be
-
Filesize
163KB
MD5eb2d5652cecb7f0446ad45da59ba23c7
SHA1538f64fba1b35a7bfd4fb317d2759ab3625f60b1
SHA256c87d7f7adceaf22aa7cee8f2ec56a157a62e1f48a68cd9d9bfcc761b874ac533
SHA512595e2d3df35d85fc5ed118d4e87ed03f962110d170fc7b5e784e2b7445f24d8bc204f0017461b19f58036a1b4cd638404b18b2ab1cf2acce639f52c88a882c24
-
Filesize
163KB
MD5b26eae29f88d9d57223542e85b1cde29
SHA17c88365a5aa46e5d16b1c37f58275f9cb0406170
SHA256dff874709d19ce18c419ab081ba8586fb516fbc70304fb465ed985f4a90c0237
SHA51276b45769bd3acf72f8eefdc6d4100306b78d25d1c0989e85f3607622aa88655cfd637cf21ad089f7f8f097a1f246bd9b76e341fd75e5a0ac2c9bc9d4bb12d134
-
Filesize
163KB
MD514103e37a276873c1f0f52a70a8610c9
SHA1dbf8cde2337de2c1838c010641a0f62fc7f886f9
SHA25615c71800f2a32a2ebe85e3403a6e8df7ac63f656f2e552da7c67bd307f50636c
SHA512d14c0cbf707357fd1aa9177ed93690c6d8aecb8e9f5611321935c26e8ab61b5281e700425b63d473cdbceb84a1dae3a069d26abbc0f80a759d71ecfb44a85522
-
Filesize
163KB
MD59c598c7b282585b24ef8b7a4db27c4a5
SHA132dd8e75a7253240e0c35b0c8ec26d58089210a6
SHA256b77c7ff52b7b533251e49d80241f83c4019911c19999f7b21d5a29f3a4dc857c
SHA5121efc1059cd08f0c9dca93525f6ad295c27918e6b9561646fbbf7335ae470f49f66212e5ec1e31fcdfe05469ffb7341135fc8bdaf5b175c2c4a1ea55bfd02bdd2
-
Filesize
163KB
MD58259d3cd02ba842eb4f1d20bd684107d
SHA1375894f25155c3b36a9b2d30c295c52dcb4609ca
SHA2563bb62bf6d9b3683fab921c28376e3968bb2ff0e7d82aed2c83eb20abce629e5e
SHA512232bbf6dd5153ccd3f4958d28f1af5b0635df07be022eb1c9f3ed18f4a50ac17d0a7241058294e87e97267c1e5d5a2da2453436a2dae4595ad1475a5f396a243
-
Filesize
163KB
MD54153a77130857371c6a0e9b801587273
SHA1a2ef4d20872b9bee354eee66182f85c96b1984b5
SHA256b8c72c4cfa6f56c0abcff2408fccfc34dcb5a22bc14f0a4e609a555f24ca991a
SHA512d2a617c16c86d7eb21642ac5e806323097862df95efa5307d5918003baf108bfff508ce56f7d47254b401fb5118e32cea2bfebdc77505542718f16dd41e18693
-
Filesize
163KB
MD534472cc32ac6b606fa142711e21e1cae
SHA13fb951518e65329ee926a1f20501744fbf88840d
SHA2561480b07c3b27d1325946c03a415f1c7095c33395ee8d4ee5e5cca7177bd313a5
SHA5126f2f160032f406b6d321c24f1e57bd855221c006a537a51cae195ec3b230e5c1ce55e1ea9c85dd42b3fe7c3ebc535ef34907e38ee03b1d575844832e6388bbbb
-
Filesize
163KB
MD5bae0440277022958838f86a0df388187
SHA1c890ac5ecf20f8c9984631d43049b2d8239be4f4
SHA256bf2043eac54d7435ea014ac59982b72e911ae2f2a852215b03b95b697dedb111
SHA512084a329a07b62630f2071795896cb78f7e5bfd30794adcecc9a911339fc3368921957422733f241aba28e38e22a5a2f294852fd9d6771dc6e2afe4928d527916
-
Filesize
163KB
MD588c2675c8f53d0c7e8182dd5f674ecae
SHA185918452dd2fd9b13f1995e0de0e17562c0a2a82
SHA256aa9e7f2de0cc9425bdd9e02b9f85bc05006b0ace541b37855708c0e5e456249a
SHA512caf9930ce8f5cc21d871df2c693c2a91c59ebae14b2d85cc98ceb45a705b8d1b8e2a0c85c81670db7b048884f66c2009465f7d84b76d5e10d1ba480ba16d28f2
-
Filesize
163KB
MD5da938493ad624110643d56e9786c16eb
SHA1c936fdd96d1568e812098d7c366d303a3e2f302d
SHA25629d23876f6b871ff1a70e636fad51797ba8660fa2ed81f5d6acbc87e26c683da
SHA5125dc74f3eb443602e8fc5ec9617f141e6abd7f471066f1c4fd7fe1438f5f5f8428c51422dfeee8d09bbc3eef6015735db8fbd99a75f21b07b343bdcf93b5bc3b7
-
Filesize
163KB
MD57ef07d2987ffa58d9f18ff52a3832e4e
SHA150a0ac2584de69d3b8c97cada8a59347f0e6fff0
SHA256148e3a0ebfc74e7ef353425607c9bb9802781b4f479465bf2c946d0cef91dcbb
SHA512fde9e8a143fc0e7caafd866424aed3233fbcef6cb0f8804c2803e68589e73cc750bfbc1422ae4e3d12f84910d883c34134ccf0bbd1725336051a43817eba87bf
-
Filesize
163KB
MD5ef63ad25a26e624ff780680b43d04980
SHA1a3cb2f604016af06b3b777fc1de2473522d2356f
SHA256fef8b4598381fa816523c0177ef9fef0d9ce32b996dee12f5bd2a778170a1c7b
SHA512cedc07de6f8300194a266b77ae74771c0bf8d1f56c89b6391883822cc2216cf170bb224d24c972f0fdb9131d1b1ca4b33d6c3a67510f79df997162923bd31ba8
-
Filesize
163KB
MD526da4509185633a94efdd12d6b5d0abd
SHA174adf361163d8757604f6e0e8102307ad3e2eb3f
SHA256eb9b22d19e6d532fd1b1c665fb6aa7f106baf51e2f7deb11bfa4ef7c1c1d74a3
SHA51253b8bb65a2212cba4d77acf6c05208ec972cbc966893c0961078c6f1b8a0fa0dcb6969c4bd04a25fa2e56ba2a10ecac817329fa9e3e3b7d18ea2aaf71caa677d
-
Filesize
163KB
MD5216b1b7b34c830c92440ee544c1fcc50
SHA1d0a069a03c41cf380c326f514397e1709cfb38a3
SHA2567744cccb7063ae51ed1843c40ea2c1fc56feeeb413a181b18496746082c86c39
SHA512071c83983efd4e027a0737f24e9a011ab3cfe82c4d7bdeba483b5497642fc4eeff151b3bce939490e479dd6b89fbb705c1b0560b681446da75ccae8a3f7d21af
-
Filesize
163KB
MD5add6f0e2e16406969b10547d696d80a5
SHA15c3d27dec0b4b93d58a01962fd05eb9a2ffe4a68
SHA256de160991147a7fb1b65b332927327858ecc755f28bb18dff042a56b56c23756b
SHA512d178f356558a0d803c38edfd50fd42609f7ce51c2f56dc3a8189b7f86e725c0267ea2410e604326fd22145305e316076b1b91774cbaa04aac9f39354163f0135
-
Filesize
163KB
MD597221f2729aa5ce989c831c3186a313a
SHA1df96db0b4f00ee85b10f90595a855cd271fca330
SHA25686c0e8bb3830ff62639192d33b78b99b1e64a653a2a416f9f75765f9aa08515c
SHA512ceab617875a953a49436a64b48723f4622c43eb622f272f6d140c122de60e7049587e2185dd2b4c23f37c17d6ef423efe215a32d2cfec54ef006c6e7e38b8758
-
Filesize
163KB
MD5edfc02587ad4ab94e1c3b66cab18af8b
SHA16e3e0f363682a64a0568dbf3ac27814f3944f0d2
SHA2567626fa0f83257e94812f3c0ab0b0d7c2a2de88ffaf64533ac0983efeba12ef9c
SHA512ec1b5ddc441ea486580bed42aad782e40031b622901a1209e9ef9e255ce9f5ba1468d2883a5c229d01454332a89a4054458f27b7ccedcbbf22e0725c1df36363
-
Filesize
163KB
MD5be1dc7829b077a01214b67d3cf813b13
SHA1b94491af6b909f9ce13748a4b0ce93af7ca275cf
SHA256d4fc25919e64ec31c12babd10b5bb98e430daf17ea9547cd46a6b596fd8b6ad5
SHA5121a8da4690b1bbe8febbaefc59b2bb20f90834e0ab5cb13bbb99a4d38db5cc6c51b382bb4ba4ad0a38d84b6a8ba4e48dbcf32f609ff895a7a7d35821ced761a80
-
Filesize
163KB
MD54cffaad91387755970de25465fb26131
SHA10e7609adb185f2613aac2de75b66d7d386752a31
SHA256bc21f4014172c0b3bd2a6019cfa6ece272e515a3fe820729a5c01bb7281a6e88
SHA5128aeb025996b80786e10da3eb84cd9e1492c487dfa040a332ffa45b26920b6761ab5310f0b24ba463822423eacf5beb5b2dfb813b150c9d54c2312e2647a4fa37
-
Filesize
163KB
MD520e7bcfa440686b1082553bdd85df5bb
SHA131c2823e5ee8cf2e42aa099ec90bcdce410fa15d
SHA2565ea2b4c6c1aeaec67fb8ba20491437d34e33360a770fd5cbf124b061a3ffebff
SHA512093feb60305f7be9862291cb0191d055526455af5854df76ad43ba31360af27cc55328796cac3f34f96c847a87ed636774f546d3f25519049f02894e76e7549e
-
Filesize
163KB
MD535f4b5ed42eeab5a47771bc548ff82c4
SHA112bf94b5d031cb0ecd7d6bf0f0dd43f1ec45ea32
SHA25680e5d73b46ed8eb84d2b0e7573f60dc5ad862e5e275b50406d7e52dcbcc2eff6
SHA512e05b43a64ff7023a6a95ca61aef8d546f0d5fd20697998d5be77b1cd63379a2cfb87e916c4fe70587a76d5409bf981e15c6d1a5fa06efe779d44678f205af181
-
Filesize
163KB
MD51f5da94976d2f09a38450fd8cbde3945
SHA159a30e30b9683970a9f52761431588e69c649579
SHA2569c15f037e641536d59bee8a6094a4440f2cac079bfa79846f05d408af50d5d48
SHA5127b71a0b5cc44b3f23b0707323880ca78f0a62d7e4ddec615f8fa893c0d7888c4c6e6f4fcd5bf53bbe8e47dfcd52270992bb46ad4726bb70522d05b7b9c21c251
-
Filesize
163KB
MD5b32f4d33649f9baf66a89f69b4011e29
SHA1fe9f6e12f7a30c8e505e88c306a10b48cfe777a4
SHA2562e318012508246ece57ca3553e0a949d9903b00d81d15fc86e596d26a0f4b21e
SHA512f6d84e84c4d2438c32bca2d398c6d6947b6c9fc06910543d1bf6e6f551e3e905bbe87ea2f3d266b7c0a971066c910cc0eb35a4f9a26ef2bf413db968c86b77a2
-
Filesize
163KB
MD5086c9df6fd3e7ad9d8ec9c0cae9be9a3
SHA10b2dd31e245a24ea563b538f5f68596f28f5aeed
SHA2565b145275788b483b74e05d1d4b73e108cce1cac7940492271076eb95a2d9c71f
SHA5127f48d646191dcf48fc45f29b07c13412e697c4ed8460303eeac07b1a60812f34d7e469eabcc6c80b83f374a96ce60a3d22fb01baac5d6675e53a897f8fd71de4
-
Filesize
163KB
MD521c9875b63abc7f5f58dc5fef1b56a2f
SHA10be2147fd7c6403f05b8b01909aea24d684296ed
SHA256882cbcdc21524e344601981aa802cc25421ee184ddaa91ceff24c0e199689ce0
SHA512c14a325d79fd1a2dce97b270f17d6ada432ad5855bfb307c41f3152d08610a61ea9cdba926106f28bde7027aeb4bdb68f127bbf00a647d7ee0af93ebdcbcc9ca
-
Filesize
163KB
MD591aa0331943f2f0e1920a8030e0d534e
SHA10cbb2845dbca8c219ce738e4f502ab470f8d9d87
SHA256b2ebccb2f7f4ee56e240b9b4ecb6e6ca4e795017e8a737808e89283e18d3d814
SHA5121f211edb492d2934db6c3cae43638e002e8e07c70e33934ae17c5ca8d130ded2f5cecf81c0bba086dd8d83eadecb65d092a5c447ad136e25d8e3596a0b1acb2c
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
332KB