Analysis
-
max time kernel
103s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19-08-2024 02:03
General
-
Target
fd4f3c5d35b9401baf1e39fcb2084ff0N.exe
-
Size
207KB
-
MD5
fd4f3c5d35b9401baf1e39fcb2084ff0
-
SHA1
4af62b618a3bf806484b46c0026e8bb9de75f1b8
-
SHA256
8bd51985955de74fdebe10eff0995faa5c8ed9c96f9e2aa3691ce0abfd4e24da
-
SHA512
d5a238b15f2586e01a4c7f5b66094e93d785274848535bd73ae4dc5e8a98904946d66b89ad29aaf5e5a2f7297a061bbd3ebf1315ea6a1b9623b7cf4e6947482e
-
SSDEEP
6144:ho9iD30ZhIuzJ83VmtVjj+VPj92d62ASOwj:hoAkZyuz23V4pIPj92aSOc
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fd4f3c5d35b9401baf1e39fcb2084ff0N.exe"C:\Users\Admin\AppData\Local\Temp\fd4f3c5d35b9401baf1e39fcb2084ff0N.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bmocnb32.exeC:\Windows\system32\Bmocnb32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bchljlqk.exeC:\Windows\system32\Bchljlqk.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cjbdgf32.exeC:\Windows\system32\Cjbdgf32.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cmapca32.exeC:\Windows\system32\Cmapca32.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cpomom32.exeC:\Windows\system32\Cpomom32.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cjeamffe.exeC:\Windows\system32\Cjeamffe.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cmcmiaei.exeC:\Windows\system32\Cmcmiaei.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cpaiemdl.exeC:\Windows\system32\Cpaiemdl.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cflaag32.exeC:\Windows\system32\Cflaag32.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cijnnb32.exeC:\Windows\system32\Cijnnb32.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cmejnacf.exeC:\Windows\system32\Cmejnacf.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cfnngfjf.exeC:\Windows\system32\Cfnngfjf.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cmhfdq32.exeC:\Windows\system32\Cmhfdq32.exe14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ccboqkhp.exeC:\Windows\system32\Ccboqkhp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cjlgme32.exeC:\Windows\system32\Cjlgme32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cafojogj.exeC:\Windows\system32\Cafojogj.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cpipel32.exeC:\Windows\system32\Cpipel32.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Djnccdnj.exeC:\Windows\system32\Djnccdnj.exe19⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dmmpopmn.exeC:\Windows\system32\Dmmpopmn.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dgbdlimd.exeC:\Windows\system32\Dgbdlimd.exe21⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dicqda32.exeC:\Windows\system32\Dicqda32.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dajien32.exeC:\Windows\system32\Dajien32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dcieaj32.exeC:\Windows\system32\Dcieaj32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dhdabhka.exeC:\Windows\system32\Dhdabhka.exe25⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Diemiqqp.exeC:\Windows\system32\Diemiqqp.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dppefk32.exeC:\Windows\system32\Dppefk32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dhgngh32.exeC:\Windows\system32\Dhgngh32.exe28⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Dihjopom.exeC:\Windows\system32\Dihjopom.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dmcfpo32.exeC:\Windows\system32\Dmcfpo32.exe30⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Djgfic32.exeC:\Windows\system32\Djgfic32.exe31⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Dmfceoec.exeC:\Windows\system32\Dmfceoec.exe32⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ehkgbgdi.exeC:\Windows\system32\Ehkgbgdi.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Emhpkncq.exeC:\Windows\system32\Emhpkncq.exe34⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Epglgjbd.exeC:\Windows\system32\Epglgjbd.exe35⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ehnchgbf.exeC:\Windows\system32\Ehnchgbf.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Efqdcd32.exeC:\Windows\system32\Efqdcd32.exe37⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Emklpn32.exeC:\Windows\system32\Emklpn32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Epihli32.exeC:\Windows\system32\Epihli32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Efcqicgo.exeC:\Windows\system32\Efcqicgo.exe40⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Emmifn32.exeC:\Windows\system32\Emmifn32.exe41⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Epkebi32.exeC:\Windows\system32\Epkebi32.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ehbmcf32.exeC:\Windows\system32\Ehbmcf32.exe43⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ejaiob32.exeC:\Windows\system32\Ejaiob32.exe44⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eakall32.exeC:\Windows\system32\Eakall32.exe45⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Edinhg32.exeC:\Windows\system32\Edinhg32.exe46⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ekcfealb.exeC:\Windows\system32\Ekcfealb.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Eiffpn32.exeC:\Windows\system32\Eiffpn32.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fppomhjj.exeC:\Windows\system32\Fppomhjj.exe49⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Fhgfnfjl.exeC:\Windows\system32\Fhgfnfjl.exe50⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fkecjajp.exeC:\Windows\system32\Fkecjajp.exe51⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Fapkgk32.exeC:\Windows\system32\Fapkgk32.exe52⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Fdngcgpp.exeC:\Windows\system32\Fdngcgpp.exe53⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fflcobod.exeC:\Windows\system32\Fflcobod.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fikpknng.exeC:\Windows\system32\Fikpknng.exe55⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Fpehhh32.exeC:\Windows\system32\Fpehhh32.exe56⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fhlpie32.exeC:\Windows\system32\Fhlpie32.exe57⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Fmihal32.exeC:\Windows\system32\Fmihal32.exe58⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Faddbkmg.exeC:\Windows\system32\Faddbkmg.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Fhnmoedd.exeC:\Windows\system32\Fhnmoedd.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fgamja32.exeC:\Windows\system32\Fgamja32.exe61⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Fmkeglbk.exeC:\Windows\system32\Fmkeglbk.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fafahj32.exeC:\Windows\system32\Fafahj32.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fdemdf32.exeC:\Windows\system32\Fdemdf32.exe64⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Fkoeqpae.exeC:\Windows\system32\Fkoeqpae.exe65⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Fibflm32.exeC:\Windows\system32\Fibflm32.exe66⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gplnigpl.exeC:\Windows\system32\Gplnigpl.exe67⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ghcfjd32.exeC:\Windows\system32\Ghcfjd32.exe68⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Gakjcjgo.exeC:\Windows\system32\Gakjcjgo.exe69⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Ghecpd32.exeC:\Windows\system32\Ghecpd32.exe70⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gifogldj.exeC:\Windows\system32\Gifogldj.exe71⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gmbkhk32.exeC:\Windows\system32\Gmbkhk32.exe72⤵
-
C:\Windows\SysWOW64\Gdlcdedp.exeC:\Windows\system32\Gdlcdedp.exe73⤵
-
C:\Windows\SysWOW64\Ghgpec32.exeC:\Windows\system32\Ghgpec32.exe74⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Giilml32.exeC:\Windows\system32\Giilml32.exe75⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gndhmjjq.exeC:\Windows\system32\Gndhmjjq.exe76⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gpcdifjd.exeC:\Windows\system32\Gpcdifjd.exe77⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Gdnpjd32.exeC:\Windows\system32\Gdnpjd32.exe78⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ggmlfp32.exeC:\Windows\system32\Ggmlfp32.exe79⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gkhhgoij.exeC:\Windows\system32\Gkhhgoij.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gngdcjhn.exeC:\Windows\system32\Gngdcjhn.exe81⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Gpeaoeha.exeC:\Windows\system32\Gpeaoeha.exe82⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ghlipchd.exeC:\Windows\system32\Ghlipchd.exe83⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Hadmihod.exeC:\Windows\system32\Hadmihod.exe84⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hhoefb32.exeC:\Windows\system32\Hhoefb32.exe85⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hgafaoml.exeC:\Windows\system32\Hgafaoml.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hnknni32.exeC:\Windows\system32\Hnknni32.exe87⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Hhabkb32.exeC:\Windows\system32\Hhabkb32.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hjbocjjm.exeC:\Windows\system32\Hjbocjjm.exe89⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Hnnkcibf.exeC:\Windows\system32\Hnnkcibf.exe90⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Hhcoabbl.exeC:\Windows\system32\Hhcoabbl.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Hkakmmap.exeC:\Windows\system32\Hkakmmap.exe92⤵
-
C:\Windows\SysWOW64\Hnpgiipc.exeC:\Windows\system32\Hnpgiipc.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Halcjg32.exeC:\Windows\system32\Halcjg32.exe94⤵
-
C:\Windows\SysWOW64\Hpodedpg.exeC:\Windows\system32\Hpodedpg.exe95⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Hhelfapi.exeC:\Windows\system32\Hhelfapi.exe96⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hghlbn32.exeC:\Windows\system32\Hghlbn32.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Hnbdohnq.exeC:\Windows\system32\Hnbdohnq.exe98⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hpaqkd32.exeC:\Windows\system32\Hpaqkd32.exe99⤵
-
C:\Windows\SysWOW64\Hdllkbfm.exeC:\Windows\system32\Hdllkbfm.exe100⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hgkignea.exeC:\Windows\system32\Hgkignea.exe101⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hkfdhm32.exeC:\Windows\system32\Hkfdhm32.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ipcmpc32.exeC:\Windows\system32\Ipcmpc32.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ihjeaa32.exeC:\Windows\system32\Ihjeaa32.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Ikianl32.exeC:\Windows\system32\Ikianl32.exe105⤵
-
C:\Windows\SysWOW64\Ijlaiibb.exeC:\Windows\system32\Ijlaiibb.exe106⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Ingnjh32.exeC:\Windows\system32\Ingnjh32.exe107⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Iqejfc32.exeC:\Windows\system32\Iqejfc32.exe108⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Idaffb32.exeC:\Windows\system32\Idaffb32.exe109⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ihmbgqja.exeC:\Windows\system32\Ihmbgqja.exe110⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ijnnoi32.exeC:\Windows\system32\Ijnnoi32.exe111⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iqhfkcgl.exeC:\Windows\system32\Iqhfkcgl.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Idcbla32.exeC:\Windows\system32\Idcbla32.exe113⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Igbohm32.exeC:\Windows\system32\Igbohm32.exe114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ikmkilgb.exeC:\Windows\system32\Ikmkilgb.exe115⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ijpkdh32.exeC:\Windows\system32\Ijpkdh32.exe116⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ibgcef32.exeC:\Windows\system32\Ibgcef32.exe117⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Idfoaa32.exeC:\Windows\system32\Idfoaa32.exe118⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ihakbp32.exeC:\Windows\system32\Ihakbp32.exe119⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ikpgnk32.exeC:\Windows\system32\Ikpgnk32.exe120⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Inndjg32.exeC:\Windows\system32\Inndjg32.exe121⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-