Analysis
-
max time kernel
117s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
06-11-2024 18:15
General
-
Target
8f24c5e4ec287f69235007b87cd825dd5123a4f75cfe659d3b71fc101943807dN.exe
-
Size
96KB
-
MD5
506a14609961695889bb98bbb0037c80
-
SHA1
f3eb0c29102e33c972ca7d6ecfeaa5515791ef35
-
SHA256
8f24c5e4ec287f69235007b87cd825dd5123a4f75cfe659d3b71fc101943807d
-
SHA512
82a179238995ceea721aa23e446c5d8e6591f7c2e1ef0c2201361e7e1209c1cd45f60f22953a2ec6ccc846fed95d74f21197f586e1bf983078909137ea1d2146
-
SSDEEP
1536:7GvKG2w3qMz14Ke/A666Rlt2Lpz7RZObZUUWaegPYA:qvTrqMzhezJl+1ClUUWae
Score
10/10
Malware Config
Extracted
Family
berbew
C2
http://crutop.nu/index.php
http://crutop.ru/index.php
http://mazafaka.ru/index.php
http://color-bank.ru/index.php
http://asechka.ru/index.php
http://trojan.ru/index.php
http://fuck.ru/index.php
http://goldensand.ru/index.php
http://filesearch.ru/index.php
http://devx.nm.ru/index.php
http://ros-neftbank.ru/index.php
http://lovingod.host.sk/index.php
http://www.redline.ru/index.php
http://cvv.ru/index.php
http://hackers.lv/index.php
http://fethard.biz/index.php
http://ldark.nm.ru/index.htm
http://gaz-prom.ru/index.htm
http://promo.ru/index.htm
http://potleaf.chat.ru/index.htm
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Berbew
Berbew is a backdoor written in C++.
-
Berbew family
-
Brute Ratel C4
A customized command and control framework for red teaming and adversary simulation.
-
Bruteratel family
-
Detect BruteRatel badger 2 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8f24c5e4ec287f69235007b87cd825dd5123a4f75cfe659d3b71fc101943807dN.exe"C:\Users\Admin\AppData\Local\Temp\8f24c5e4ec287f69235007b87cd825dd5123a4f75cfe659d3b71fc101943807dN.exe"1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qcogbdkg.exeC:\Windows\system32\Qcogbdkg.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qndkpmkm.exeC:\Windows\system32\Qndkpmkm.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aohdmdoh.exeC:\Windows\system32\Aohdmdoh.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aomnhd32.exeC:\Windows\system32\Aomnhd32.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ahgofi32.exeC:\Windows\system32\Ahgofi32.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bhjlli32.exeC:\Windows\system32\Bhjlli32.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bnknoogp.exeC:\Windows\system32\Bnknoogp.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Boogmgkl.exeC:\Windows\system32\Boogmgkl.exe9⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cenljmgq.exeC:\Windows\system32\Cenljmgq.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cnimiblo.exeC:\Windows\system32\Cnimiblo.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cchbgi32.exeC:\Windows\system32\Cchbgi32.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cgfkmgnj.exeC:\Windows\system32\Cgfkmgnj.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dfmeccao.exeC:\Windows\system32\Dfmeccao.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dlljaj32.exeC:\Windows\system32\Dlljaj32.exe15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Deenjpcd.exeC:\Windows\system32\Deenjpcd.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ehhdaj32.exeC:\Windows\system32\Ehhdaj32.exe17⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Edaalk32.exeC:\Windows\system32\Edaalk32.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eaebeoan.exeC:\Windows\system32\Eaebeoan.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Flocfmnl.exeC:\Windows\system32\Flocfmnl.exe20⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fmnopp32.exeC:\Windows\system32\Fmnopp32.exe21⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Feiddbbj.exeC:\Windows\system32\Feiddbbj.exe22⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Foahmh32.exeC:\Windows\system32\Foahmh32.exe23⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fleifl32.exeC:\Windows\system32\Fleifl32.exe24⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fabaocfl.exeC:\Windows\system32\Fabaocfl.exe25⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Fofbhgde.exeC:\Windows\system32\Fofbhgde.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ghofam32.exeC:\Windows\system32\Ghofam32.exe27⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Gnnlocgk.exeC:\Windows\system32\Gnnlocgk.exe28⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Gckdgjeb.exeC:\Windows\system32\Gckdgjeb.exe29⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Gdjqamme.exeC:\Windows\system32\Gdjqamme.exe30⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ggkibhjf.exeC:\Windows\system32\Ggkibhjf.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Hohkmj32.exeC:\Windows\system32\Hohkmj32.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hgflflqg.exeC:\Windows\system32\Hgflflqg.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hnpdcf32.exeC:\Windows\system32\Hnpdcf32.exe34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Hgkfal32.exeC:\Windows\system32\Hgkfal32.exe35⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Igmbgk32.exeC:\Windows\system32\Igmbgk32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Icdcllpc.exeC:\Windows\system32\Icdcllpc.exe37⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Iahceq32.exeC:\Windows\system32\Iahceq32.exe38⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Imodkadq.exeC:\Windows\system32\Imodkadq.exe39⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jigbebhb.exeC:\Windows\system32\Jigbebhb.exe40⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jpajbl32.exeC:\Windows\system32\Jpajbl32.exe41⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Jijokbfp.exeC:\Windows\system32\Jijokbfp.exe42⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jfdhmk32.exeC:\Windows\system32\Jfdhmk32.exe43⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Kfibhjlj.exeC:\Windows\system32\Kfibhjlj.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kdmban32.exeC:\Windows\system32\Kdmban32.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kijkje32.exeC:\Windows\system32\Kijkje32.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kljdkpfl.exeC:\Windows\system32\Kljdkpfl.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kkpqlm32.exeC:\Windows\system32\Kkpqlm32.exe48⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Keeeje32.exeC:\Windows\system32\Keeeje32.exe49⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Lkbmbl32.exeC:\Windows\system32\Lkbmbl32.exe50⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Laleof32.exeC:\Windows\system32\Laleof32.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhfnkqgk.exeC:\Windows\system32\Lhfnkqgk.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lncfcgeb.exeC:\Windows\system32\Lncfcgeb.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhhkapeh.exeC:\Windows\system32\Lhhkapeh.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Lnecigcp.exeC:\Windows\system32\Lnecigcp.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Lgngbmjp.exeC:\Windows\system32\Lgngbmjp.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lngpog32.exeC:\Windows\system32\Lngpog32.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ldahkaij.exeC:\Windows\system32\Ldahkaij.exe58⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lfbdci32.exeC:\Windows\system32\Lfbdci32.exe59⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Llmmpcfe.exeC:\Windows\system32\Llmmpcfe.exe60⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mhcmedli.exeC:\Windows\system32\Mhcmedli.exe61⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Mblbnj32.exeC:\Windows\system32\Mblbnj32.exe62⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mhfjjdjf.exeC:\Windows\system32\Mhfjjdjf.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mcknhm32.exeC:\Windows\system32\Mcknhm32.exe64⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Mhhgpc32.exeC:\Windows\system32\Mhhgpc32.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mneohj32.exeC:\Windows\system32\Mneohj32.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Mdogedmh.exeC:\Windows\system32\Mdogedmh.exe67⤵
-
C:\Windows\SysWOW64\Modlbmmn.exeC:\Windows\system32\Modlbmmn.exe68⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Mdadjd32.exeC:\Windows\system32\Mdadjd32.exe69⤵
-
C:\Windows\SysWOW64\Njnmbk32.exeC:\Windows\system32\Njnmbk32.exe70⤵
-
C:\Windows\SysWOW64\Ndcapd32.exeC:\Windows\system32\Ndcapd32.exe71⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Nknimnap.exeC:\Windows\system32\Nknimnap.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nmofdf32.exeC:\Windows\system32\Nmofdf32.exe73⤵
-
C:\Windows\SysWOW64\Ncinap32.exeC:\Windows\system32\Ncinap32.exe74⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Nmabjfek.exeC:\Windows\system32\Nmabjfek.exe75⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nckkgp32.exeC:\Windows\system32\Nckkgp32.exe76⤵
-
C:\Windows\SysWOW64\Nmcopebh.exeC:\Windows\system32\Nmcopebh.exe77⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nflchkii.exeC:\Windows\system32\Nflchkii.exe78⤵
-
C:\Windows\SysWOW64\Nmflee32.exeC:\Windows\system32\Nmflee32.exe79⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Oimmjffj.exeC:\Windows\system32\Oimmjffj.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Obeacl32.exeC:\Windows\system32\Obeacl32.exe81⤵
-
C:\Windows\SysWOW64\Oioipf32.exeC:\Windows\system32\Oioipf32.exe82⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Opialpld.exeC:\Windows\system32\Opialpld.exe83⤵
-
C:\Windows\SysWOW64\Oajndh32.exeC:\Windows\system32\Oajndh32.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ojbbmnhc.exeC:\Windows\system32\Ojbbmnhc.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oalkih32.exeC:\Windows\system32\Oalkih32.exe86⤵
-
C:\Windows\SysWOW64\Ojeobm32.exeC:\Windows\system32\Ojeobm32.exe87⤵
-
C:\Windows\SysWOW64\Omckoi32.exeC:\Windows\system32\Omckoi32.exe88⤵
-
C:\Windows\SysWOW64\Ohipla32.exeC:\Windows\system32\Ohipla32.exe89⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pnchhllf.exeC:\Windows\system32\Pnchhllf.exe90⤵
-
C:\Windows\SysWOW64\Phklaacg.exeC:\Windows\system32\Phklaacg.exe91⤵
-
C:\Windows\SysWOW64\Pjihmmbk.exeC:\Windows\system32\Pjihmmbk.exe92⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Pdbmfb32.exeC:\Windows\system32\Pdbmfb32.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pjleclph.exeC:\Windows\system32\Pjleclph.exe94⤵
-
C:\Windows\SysWOW64\Ppinkcnp.exeC:\Windows\system32\Ppinkcnp.exe95⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Pfbfhm32.exeC:\Windows\system32\Pfbfhm32.exe96⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pmmneg32.exeC:\Windows\system32\Pmmneg32.exe97⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Ppkjac32.exeC:\Windows\system32\Ppkjac32.exe98⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Pehcij32.exeC:\Windows\system32\Pehcij32.exe99⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ppmgfb32.exeC:\Windows\system32\Ppmgfb32.exe100⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qhilkege.exeC:\Windows\system32\Qhilkege.exe101⤵
-
C:\Windows\SysWOW64\Qdompf32.exeC:\Windows\system32\Qdompf32.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Qoeamo32.exeC:\Windows\system32\Qoeamo32.exe103⤵
-
C:\Windows\SysWOW64\Adaiee32.exeC:\Windows\system32\Adaiee32.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Agpeaa32.exeC:\Windows\system32\Agpeaa32.exe105⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Aaejojjq.exeC:\Windows\system32\Aaejojjq.exe106⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ahpbkd32.exeC:\Windows\system32\Ahpbkd32.exe107⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Aknngo32.exeC:\Windows\system32\Aknngo32.exe108⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Aahfdihn.exeC:\Windows\system32\Aahfdihn.exe109⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ageompfe.exeC:\Windows\system32\Ageompfe.exe110⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ajckilei.exeC:\Windows\system32\Ajckilei.exe111⤵
-
C:\Windows\SysWOW64\Alageg32.exeC:\Windows\system32\Alageg32.exe112⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Aclpaali.exeC:\Windows\system32\Aclpaali.exe113⤵
-
C:\Windows\SysWOW64\Apppkekc.exeC:\Windows\system32\Apppkekc.exe114⤵
-
C:\Windows\SysWOW64\Afliclij.exeC:\Windows\system32\Afliclij.exe115⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Blfapfpg.exeC:\Windows\system32\Blfapfpg.exe116⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Bacihmoo.exeC:\Windows\system32\Bacihmoo.exe117⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Bjjaikoa.exeC:\Windows\system32\Bjjaikoa.exe118⤵
-
C:\Windows\SysWOW64\Bogjaamh.exeC:\Windows\system32\Bogjaamh.exe119⤵
-
C:\Windows\SysWOW64\Bfabnl32.exeC:\Windows\system32\Bfabnl32.exe120⤵
-
C:\Windows\SysWOW64\Bknjfb32.exeC:\Windows\system32\Bknjfb32.exe121⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-