Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
158s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
08/10/2023, 15:08
General
-
Target
NEAS.c5bb1419d3e744e7826edc8ed42e8520_JC.exe
-
Size
1.5MB
-
MD5
c5bb1419d3e744e7826edc8ed42e8520
-
SHA1
4fc2fc041ced41c7d94406377a286b97bcccade0
-
SHA256
cdb67655e22aba0d9b65d9de2da42d273fc9098cd6501c6d0c8e9309bacb968c
-
SHA512
d88f2674b7e69509d79197ad9060c872de48f93f30a1344f2cade458e7f549ae0d07db524c460757c197f63a40a9fdf80a7f75f95e59e63b8e5a305caef05348
-
SSDEEP
24576:j0T4Ph2kkkkK4kXkkkkkkkkhLX3a20R0v50+YNpsKv2EvZHp3oWtec+fwv4cXcyx:jtbazR0vKLXZnec+Yv4cXcy6l6mFndwn
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.c5bb1419d3e744e7826edc8ed42e8520_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.c5bb1419d3e744e7826edc8ed42e8520_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bggnof32.exeC:\Windows\system32\Bggnof32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cabomkll.exeC:\Windows\system32\Cabomkll.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
C:\Windows\SysWOW64\Cjjcfabm.exeC:\Windows\system32\Cjjcfabm.exe1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ccgajfeh.exeC:\Windows\system32\Ccgajfeh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Diffglam.exeC:\Windows\system32\Diffglam.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dmdonkgc.exeC:\Windows\system32\Dmdonkgc.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dfmcfp32.exeC:\Windows\system32\Dfmcfp32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dpehof32.exeC:\Windows\system32\Dpehof32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dmihij32.exeC:\Windows\system32\Dmihij32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Edopabqn.exeC:\Windows\system32\Edopabqn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Filiii32.exeC:\Windows\system32\Filiii32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fdhcgaic.exeC:\Windows\system32\Fdhcgaic.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fpodlbng.exeC:\Windows\system32\Fpodlbng.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gmcdffmq.exeC:\Windows\system32\Gmcdffmq.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ggkiol32.exeC:\Windows\system32\Ggkiol32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ginnfgop.exeC:\Windows\system32\Ginnfgop.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Gnlgleef.exeC:\Windows\system32\Gnlgleef.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hdpbon32.exeC:\Windows\system32\Hdpbon32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Idbodn32.exeC:\Windows\system32\Idbodn32.exe3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ijcahd32.exeC:\Windows\system32\Ijcahd32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ibmeoq32.exeC:\Windows\system32\Ibmeoq32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jqdoem32.exeC:\Windows\system32\Jqdoem32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jnhpoamf.exeC:\Windows\system32\Jnhpoamf.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jnkldqkc.exeC:\Windows\system32\Jnkldqkc.exe8⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jdedak32.exeC:\Windows\system32\Jdedak32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jjamia32.exeC:\Windows\system32\Jjamia32.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jdgafjpn.exeC:\Windows\system32\Jdgafjpn.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jnpfop32.exeC:\Windows\system32\Jnpfop32.exe12⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kqnbkl32.exeC:\Windows\system32\Kqnbkl32.exe13⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Kiggbhda.exeC:\Windows\system32\Kiggbhda.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kbpkkn32.exeC:\Windows\system32\Kbpkkn32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kijchhbo.exeC:\Windows\system32\Kijchhbo.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Kjkpoq32.exeC:\Windows\system32\Kjkpoq32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kaehljpj.exeC:\Windows\system32\Kaehljpj.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kgopidgf.exeC:\Windows\system32\Kgopidgf.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kbddfmgl.exeC:\Windows\system32\Kbddfmgl.exe4⤵
- Executes dropped EXE
-
-
-
-
C:\Windows\SysWOW64\Kinmcg32.exeC:\Windows\system32\Kinmcg32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kjpijpdg.exeC:\Windows\system32\Kjpijpdg.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Lajagj32.exeC:\Windows\system32\Lajagj32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lgcjdd32.exeC:\Windows\system32\Lgcjdd32.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Lnnbqnjn.exeC:\Windows\system32\Lnnbqnjn.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Legjmh32.exeC:\Windows\system32\Legjmh32.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Lkabjbih.exeC:\Windows\system32\Lkabjbih.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lankbigo.exeC:\Windows\system32\Lankbigo.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lghcocol.exeC:\Windows\system32\Lghcocol.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lbngllob.exeC:\Windows\system32\Lbngllob.exe4⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lihpif32.exeC:\Windows\system32\Lihpif32.exe5⤵
- Executes dropped EXE
-
-
-
-
-
C:\Windows\SysWOW64\Ljilqnlm.exeC:\Windows\system32\Ljilqnlm.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lbpdblmo.exeC:\Windows\system32\Lbpdblmo.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ljkifn32.exeC:\Windows\system32\Ljkifn32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Maeachag.exeC:\Windows\system32\Maeachag.exe4⤵
- Executes dropped EXE
-
-
-
-
C:\Windows\SysWOW64\Mhoipb32.exeC:\Windows\system32\Mhoipb32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mbenmk32.exeC:\Windows\system32\Mbenmk32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Miofjepg.exeC:\Windows\system32\Miofjepg.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mjpbam32.exeC:\Windows\system32\Mjpbam32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Majjng32.exeC:\Windows\system32\Majjng32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mlpokp32.exeC:\Windows\system32\Mlpokp32.exe6⤵
- Executes dropped EXE
-
-
-
-
-
-
C:\Windows\SysWOW64\Mnphmkji.exeC:\Windows\system32\Mnphmkji.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nobdbkhf.exeC:\Windows\system32\Nobdbkhf.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nbqmiinl.exeC:\Windows\system32\Nbqmiinl.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nliaao32.exeC:\Windows\system32\Nliaao32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nhpbfpka.exeC:\Windows\system32\Nhpbfpka.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nahgoe32.exeC:\Windows\system32\Nahgoe32.exe6⤵
-
C:\Windows\SysWOW64\Nolgijpk.exeC:\Windows\system32\Nolgijpk.exe7⤵
-
C:\Windows\SysWOW64\Oogpjbbb.exeC:\Windows\system32\Oogpjbbb.exe8⤵
-
C:\Windows\SysWOW64\Qlgpod32.exeC:\Windows\system32\Qlgpod32.exe9⤵
-
C:\Windows\SysWOW64\Qachgk32.exeC:\Windows\system32\Qachgk32.exe10⤵
-
C:\Windows\SysWOW64\Qklmpalf.exeC:\Windows\system32\Qklmpalf.exe11⤵
-
C:\Windows\SysWOW64\Aafemk32.exeC:\Windows\system32\Aafemk32.exe12⤵
-
C:\Windows\SysWOW64\Aojefobm.exeC:\Windows\system32\Aojefobm.exe13⤵
-
C:\Windows\SysWOW64\Akqfkp32.exeC:\Windows\system32\Akqfkp32.exe14⤵
-
C:\Windows\SysWOW64\Aajohjon.exeC:\Windows\system32\Aajohjon.exe15⤵
-
C:\Windows\SysWOW64\Alpbecod.exeC:\Windows\system32\Alpbecod.exe16⤵
-
C:\Windows\SysWOW64\Aekddhcb.exeC:\Windows\system32\Aekddhcb.exe17⤵
-
C:\Windows\SysWOW64\Alelqb32.exeC:\Windows\system32\Alelqb32.exe18⤵
-
C:\Windows\SysWOW64\Fngcmcfe.exeC:\Windows\system32\Fngcmcfe.exe19⤵
-
C:\Windows\SysWOW64\Hoobdp32.exeC:\Windows\system32\Hoobdp32.exe20⤵
-
C:\Windows\SysWOW64\Kpcjgnhb.exeC:\Windows\system32\Kpcjgnhb.exe21⤵
-
C:\Windows\SysWOW64\Lljklo32.exeC:\Windows\system32\Lljklo32.exe22⤵
-
C:\Windows\SysWOW64\Lqojclne.exeC:\Windows\system32\Lqojclne.exe23⤵
-
C:\Windows\SysWOW64\Ljhnlb32.exeC:\Windows\system32\Ljhnlb32.exe24⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Modgdicm.exeC:\Windows\system32\Modgdicm.exe25⤵
-
C:\Windows\SysWOW64\Mnegbp32.exeC:\Windows\system32\Mnegbp32.exe26⤵
-
C:\Windows\SysWOW64\Mnhdgpii.exeC:\Windows\system32\Mnhdgpii.exe27⤵
-
C:\Windows\SysWOW64\Mmmqhl32.exeC:\Windows\system32\Mmmqhl32.exe28⤵
-
C:\Windows\SysWOW64\Mcgiefen.exeC:\Windows\system32\Mcgiefen.exe29⤵
-
C:\Windows\SysWOW64\Mjaabq32.exeC:\Windows\system32\Mjaabq32.exe30⤵
-
C:\Windows\SysWOW64\Mgeakekd.exeC:\Windows\system32\Mgeakekd.exe31⤵
-
C:\Windows\SysWOW64\Nmdgikhi.exeC:\Windows\system32\Nmdgikhi.exe32⤵
-
C:\Windows\SysWOW64\Nflkbanj.exeC:\Windows\system32\Nflkbanj.exe33⤵
-
C:\Windows\SysWOW64\Ncqlkemc.exeC:\Windows\system32\Ncqlkemc.exe34⤵
-
C:\Windows\SysWOW64\Nadleilm.exeC:\Windows\system32\Nadleilm.exe35⤵
-
C:\Windows\SysWOW64\Nmkmjjaa.exeC:\Windows\system32\Nmkmjjaa.exe36⤵
-
C:\Windows\SysWOW64\Ngqagcag.exeC:\Windows\system32\Ngqagcag.exe37⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Omnjojpo.exeC:\Windows\system32\Omnjojpo.exe38⤵
-
C:\Windows\SysWOW64\Fecadghc.exeC:\Windows\system32\Fecadghc.exe39⤵
-
C:\Windows\SysWOW64\Fbgbnkfm.exeC:\Windows\system32\Fbgbnkfm.exe40⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Feenjgfq.exeC:\Windows\system32\Feenjgfq.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fgcjfbed.exeC:\Windows\system32\Fgcjfbed.exe42⤵
-
C:\Windows\SysWOW64\Gegkpf32.exeC:\Windows\system32\Gegkpf32.exe43⤵
-
C:\Windows\SysWOW64\Ggfglb32.exeC:\Windows\system32\Ggfglb32.exe44⤵
-
C:\Windows\SysWOW64\Gghdaa32.exeC:\Windows\system32\Gghdaa32.exe45⤵
-
C:\Windows\SysWOW64\Inebjihf.exeC:\Windows\system32\Inebjihf.exe46⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ipdndloi.exeC:\Windows\system32\Ipdndloi.exe47⤵
-
C:\Windows\SysWOW64\Ihpcinld.exeC:\Windows\system32\Ihpcinld.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ibegfglj.exeC:\Windows\system32\Ibegfglj.exe49⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ilnlom32.exeC:\Windows\system32\Ilnlom32.exe50⤵
-
C:\Windows\SysWOW64\Ihdldn32.exeC:\Windows\system32\Ihdldn32.exe51⤵
-
C:\Windows\SysWOW64\Ibjqaf32.exeC:\Windows\system32\Ibjqaf32.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jidinqpb.exeC:\Windows\system32\Jidinqpb.exe53⤵
-
C:\Windows\SysWOW64\Joqafgni.exeC:\Windows\system32\Joqafgni.exe54⤵
-
C:\Windows\SysWOW64\Jekjcaef.exeC:\Windows\system32\Jekjcaef.exe55⤵
-
C:\Windows\SysWOW64\Jppnpjel.exeC:\Windows\system32\Jppnpjel.exe56⤵
-
C:\Windows\SysWOW64\Jihbip32.exeC:\Windows\system32\Jihbip32.exe57⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jpbjfjci.exeC:\Windows\system32\Jpbjfjci.exe58⤵
-
C:\Windows\SysWOW64\Jadgnb32.exeC:\Windows\system32\Jadgnb32.exe59⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jbepme32.exeC:\Windows\system32\Jbepme32.exe60⤵
-
C:\Windows\SysWOW64\Khbiello.exeC:\Windows\system32\Khbiello.exe61⤵
-
C:\Windows\SysWOW64\Kbhmbdle.exeC:\Windows\system32\Kbhmbdle.exe62⤵
-
C:\Windows\SysWOW64\Kefiopki.exeC:\Windows\system32\Kefiopki.exe63⤵
-
C:\Windows\SysWOW64\Kplmliko.exeC:\Windows\system32\Kplmliko.exe64⤵
-
C:\Windows\SysWOW64\Kekbjo32.exeC:\Windows\system32\Kekbjo32.exe65⤵
-
C:\Windows\SysWOW64\Kpqggh32.exeC:\Windows\system32\Kpqggh32.exe66⤵
-
C:\Windows\SysWOW64\Kabcopmg.exeC:\Windows\system32\Kabcopmg.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Khlklj32.exeC:\Windows\system32\Khlklj32.exe68⤵
-
C:\Windows\SysWOW64\Kadpdp32.exeC:\Windows\system32\Kadpdp32.exe69⤵
-
C:\Windows\SysWOW64\Lljdai32.exeC:\Windows\system32\Lljdai32.exe70⤵
-
C:\Windows\SysWOW64\Llnnmhfe.exeC:\Windows\system32\Llnnmhfe.exe71⤵
-
C:\Windows\SysWOW64\Lchfib32.exeC:\Windows\system32\Lchfib32.exe72⤵
-
C:\Windows\SysWOW64\Lhenai32.exeC:\Windows\system32\Lhenai32.exe73⤵
-
C:\Windows\SysWOW64\Loofnccf.exeC:\Windows\system32\Loofnccf.exe74⤵
-
C:\Windows\SysWOW64\Lancko32.exeC:\Windows\system32\Lancko32.exe75⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lhgkgijg.exeC:\Windows\system32\Lhgkgijg.exe76⤵
-
C:\Windows\SysWOW64\Loacdc32.exeC:\Windows\system32\Loacdc32.exe77⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mfkkqmiq.exeC:\Windows\system32\Mfkkqmiq.exe78⤵
-
C:\Windows\SysWOW64\Mofmobmo.exeC:\Windows\system32\Mofmobmo.exe79⤵
-
C:\Windows\SysWOW64\Mhoahh32.exeC:\Windows\system32\Mhoahh32.exe80⤵
-
C:\Windows\SysWOW64\Mpeiie32.exeC:\Windows\system32\Mpeiie32.exe81⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mbgeqmjp.exeC:\Windows\system32\Mbgeqmjp.exe82⤵
-
C:\Windows\SysWOW64\Mjnnbk32.exeC:\Windows\system32\Mjnnbk32.exe83⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mqhfoebo.exeC:\Windows\system32\Mqhfoebo.exe84⤵
-
C:\Windows\SysWOW64\Mfenglqf.exeC:\Windows\system32\Mfenglqf.exe85⤵
-
C:\Windows\SysWOW64\Mhckcgpj.exeC:\Windows\system32\Mhckcgpj.exe86⤵
-
C:\Windows\SysWOW64\Momcpa32.exeC:\Windows\system32\Momcpa32.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Njbgmjgl.exeC:\Windows\system32\Njbgmjgl.exe88⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nqmojd32.exeC:\Windows\system32\Nqmojd32.exe89⤵
-
C:\Windows\SysWOW64\Nbphglbe.exeC:\Windows\system32\Nbphglbe.exe90⤵
-
C:\Windows\SysWOW64\Nqaiecjd.exeC:\Windows\system32\Nqaiecjd.exe91⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Nofefp32.exeC:\Windows\system32\Nofefp32.exe92⤵
-
C:\Windows\SysWOW64\Ocdnln32.exeC:\Windows\system32\Ocdnln32.exe93⤵
-
C:\Windows\SysWOW64\Oiagde32.exeC:\Windows\system32\Oiagde32.exe94⤵
-
C:\Windows\SysWOW64\Ookoaokf.exeC:\Windows\system32\Ookoaokf.exe95⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Omopjcjp.exeC:\Windows\system32\Omopjcjp.exe96⤵
-
C:\Windows\SysWOW64\Oblhcj32.exeC:\Windows\system32\Oblhcj32.exe97⤵
-
C:\Windows\SysWOW64\Omalpc32.exeC:\Windows\system32\Omalpc32.exe98⤵
-
C:\Windows\SysWOW64\Ockdmmoj.exeC:\Windows\system32\Ockdmmoj.exe99⤵
-
C:\Windows\SysWOW64\Ojemig32.exeC:\Windows\system32\Ojemig32.exe100⤵
-
C:\Windows\SysWOW64\Opbean32.exeC:\Windows\system32\Opbean32.exe101⤵
-
C:\Windows\SysWOW64\Oflmnh32.exeC:\Windows\system32\Oflmnh32.exe102⤵
-
C:\Windows\SysWOW64\Pqbala32.exeC:\Windows\system32\Pqbala32.exe103⤵
-
C:\Windows\SysWOW64\Pfojdh32.exeC:\Windows\system32\Pfojdh32.exe104⤵
-
C:\Windows\SysWOW64\Pmhbqbae.exeC:\Windows\system32\Pmhbqbae.exe105⤵
-
C:\Windows\SysWOW64\Pbekii32.exeC:\Windows\system32\Pbekii32.exe106⤵
-
C:\Windows\SysWOW64\Pcbdcf32.exeC:\Windows\system32\Pcbdcf32.exe107⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Clpgkcdj.exeC:\Windows\system32\Clpgkcdj.exe108⤵
-
C:\Windows\SysWOW64\Ddcogo32.exeC:\Windows\system32\Ddcogo32.exe109⤵
-
C:\Windows\SysWOW64\Fnqebaog.exeC:\Windows\system32\Fnqebaog.exe110⤵
-
C:\Windows\SysWOW64\Jegohe32.exeC:\Windows\system32\Jegohe32.exe111⤵
-
C:\Windows\SysWOW64\Najagp32.exeC:\Windows\system32\Najagp32.exe112⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Belemd32.exeC:\Windows\system32\Belemd32.exe113⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Chinkndp.exeC:\Windows\system32\Chinkndp.exe114⤵
-
C:\Windows\SysWOW64\Dlicflic.exeC:\Windows\system32\Dlicflic.exe115⤵
-
C:\Windows\SysWOW64\Dlkplk32.exeC:\Windows\system32\Dlkplk32.exe116⤵
-
C:\Windows\SysWOW64\Dfqdid32.exeC:\Windows\system32\Dfqdid32.exe117⤵
-
C:\Windows\SysWOW64\Dpihbjmg.exeC:\Windows\system32\Dpihbjmg.exe118⤵
-
C:\Windows\SysWOW64\Dfcqod32.exeC:\Windows\system32\Dfcqod32.exe119⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dpnbmi32.exeC:\Windows\system32\Dpnbmi32.exe120⤵
-
C:\Windows\SysWOW64\Ehkcgkdj.exeC:\Windows\system32\Ehkcgkdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-