Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
165s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
13/10/2023, 20:38
General
-
Target
NEAS.c08eaa4e142c624d76a5f10f28849560.exe
-
Size
459KB
-
MD5
c08eaa4e142c624d76a5f10f28849560
-
SHA1
5c5d1919910aaabc51e73e07c4cf6406b4ecde47
-
SHA256
d6e2c09c8162c270aae18ebf4e7dcf44e5a3b64f5aa47a77159f282b0183b82f
-
SHA512
2aeb43ac797f1097f6b1a3b457f7e25164098977424c3a60a1a2fa7c88494d02737e8eab0c9f77ce55c52a38f455783dbdf2ab3254e9e5b8808f9d508017440b
-
SSDEEP
12288:Oe6MuUo8MmmpNs/VXMmmg8MmmpNs/VXMmm:nuUqEdAgxEdA
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.c08eaa4e142c624d76a5f10f28849560.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.c08eaa4e142c624d76a5f10f28849560.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ejkenpnp.exeC:\Windows\system32\Ejkenpnp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Golcak32.exeC:\Windows\system32\Golcak32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Glpdjpbj.exeC:\Windows\system32\Glpdjpbj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hikkdc32.exeC:\Windows\system32\Hikkdc32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iheaqolo.exeC:\Windows\system32\Iheaqolo.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Komoed32.exeC:\Windows\system32\Komoed32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lpdefc32.exeC:\Windows\system32\Lpdefc32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mcicma32.exeC:\Windows\system32\Mcicma32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Njokei32.exeC:\Windows\system32\Njokei32.exe10⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Omgjhc32.exeC:\Windows\system32\Omgjhc32.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pmpmnb32.exeC:\Windows\system32\Pmpmnb32.exe12⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qmlmjq32.exeC:\Windows\system32\Qmlmjq32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ccigpbga.exeC:\Windows\system32\Ccigpbga.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Djoohk32.exeC:\Windows\system32\Djoohk32.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ekahhn32.exeC:\Windows\system32\Ekahhn32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fhalcm32.exeC:\Windows\system32\Fhalcm32.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gdfhil32.exeC:\Windows\system32\Gdfhil32.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Galfhpmf.exeC:\Windows\system32\Galfhpmf.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ihfglhfp.exeC:\Windows\system32\Ihfglhfp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jhpjbgne.exeC:\Windows\system32\Jhpjbgne.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Moajmk32.exeC:\Windows\system32\Moajmk32.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oefamoma.exeC:\Windows\system32\Oefamoma.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pikqcl32.exeC:\Windows\system32\Pikqcl32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qlpcpffl.exeC:\Windows\system32\Qlpcpffl.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Acaanp32.exeC:\Windows\system32\Acaanp32.exe26⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Blqlgdhi.exeC:\Windows\system32\Blqlgdhi.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Emhdeoel.exeC:\Windows\system32\Emhdeoel.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fnofpqff.exeC:\Windows\system32\Fnofpqff.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gcceifof.exeC:\Windows\system32\Gcceifof.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gmkibl32.exeC:\Windows\system32\Gmkibl32.exe31⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hnblmnfa.exeC:\Windows\system32\Hnblmnfa.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ikdlmmbh.exeC:\Windows\system32\Ikdlmmbh.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jddggb32.exeC:\Windows\system32\Jddggb32.exe34⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Joikdk32.exeC:\Windows\system32\Joikdk32.exe35⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Knenffqf.exeC:\Windows\system32\Knenffqf.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Knldfe32.exeC:\Windows\system32\Knldfe32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kgeiokao.exeC:\Windows\system32\Kgeiokao.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lggeej32.exeC:\Windows\system32\Lggeej32.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lqfpoope.exeC:\Windows\system32\Lqfpoope.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mnjqhcno.exeC:\Windows\system32\Mnjqhcno.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Moofmeal.exeC:\Windows\system32\Moofmeal.exe42⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mhgkfkhl.exeC:\Windows\system32\Mhgkfkhl.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nildajdg.exeC:\Windows\system32\Nildajdg.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nnkioq32.exeC:\Windows\system32\Nnkioq32.exe45⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Oendaipn.exeC:\Windows\system32\Oendaipn.exe46⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Qiocde32.exeC:\Windows\system32\Qiocde32.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qajhigcj.exeC:\Windows\system32\Qajhigcj.exe48⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aaldngqg.exeC:\Windows\system32\Aaldngqg.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Apbngn32.exeC:\Windows\system32\Apbngn32.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bhblfpng.exeC:\Windows\system32\Bhblfpng.exe51⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bajqpe32.exeC:\Windows\system32\Bajqpe32.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cbofdg32.exeC:\Windows\system32\Cbofdg32.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ceppfbef.exeC:\Windows\system32\Ceppfbef.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cchikf32.exeC:\Windows\system32\Cchikf32.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dlckik32.exeC:\Windows\system32\Dlckik32.exe56⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dadlmanj.exeC:\Windows\system32\Dadlmanj.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Djnaco32.exeC:\Windows\system32\Djnaco32.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Echbad32.exeC:\Windows\system32\Echbad32.exe59⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ebnocpfp.exeC:\Windows\system32\Ebnocpfp.exe60⤵
- Executes dropped EXE
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Eqalfgll.exeC:\Windows\system32\Eqalfgll.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ebbinp32.exeC:\Windows\system32\Ebbinp32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ffekom32.exeC:\Windows\system32\Ffekom32.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fqjolfda.exeC:\Windows\system32\Fqjolfda.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gflapl32.exeC:\Windows\system32\Gflapl32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gjjjfkdj.exeC:\Windows\system32\Gjjjfkdj.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jpjqaldi.exeC:\Windows\system32\Jpjqaldi.exe7⤵
-
C:\Windows\SysWOW64\Jfffcf32.exeC:\Windows\system32\Jfffcf32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jpojml32.exeC:\Windows\system32\Jpojml32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kfhbifgq.exeC:\Windows\system32\Kfhbifgq.exe10⤵
-
C:\Windows\SysWOW64\Kbocng32.exeC:\Windows\system32\Kbocng32.exe11⤵
-
C:\Windows\SysWOW64\Kapclned.exeC:\Windows\system32\Kapclned.exe12⤵
-
C:\Windows\SysWOW64\Ldhbnhlm.exeC:\Windows\system32\Ldhbnhlm.exe13⤵
-
C:\Windows\SysWOW64\Liekgo32.exeC:\Windows\system32\Liekgo32.exe14⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lkiqla32.exeC:\Windows\system32\Lkiqla32.exe15⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mgpaqbcf.exeC:\Windows\system32\Mgpaqbcf.exe16⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mkpglqgj.exeC:\Windows\system32\Mkpglqgj.exe17⤵
-
C:\Windows\SysWOW64\Mnapnl32.exeC:\Windows\system32\Mnapnl32.exe18⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nqdeefpi.exeC:\Windows\system32\Nqdeefpi.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ankdbf32.exeC:\Windows\system32\Ankdbf32.exe20⤵
-
C:\Windows\SysWOW64\Alaaajmb.exeC:\Windows\system32\Alaaajmb.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aaccdp32.exeC:\Windows\system32\Aaccdp32.exe22⤵
-
C:\Windows\SysWOW64\Boknic32.exeC:\Windows\system32\Boknic32.exe23⤵
-
C:\Windows\SysWOW64\Cldgmgml.exeC:\Windows\system32\Cldgmgml.exe24⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Clmjcfdb.exeC:\Windows\system32\Clmjcfdb.exe25⤵
-
C:\Windows\SysWOW64\Cdiohhbm.exeC:\Windows\system32\Cdiohhbm.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ddklnh32.exeC:\Windows\system32\Ddklnh32.exe27⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Doqpkq32.exeC:\Windows\system32\Doqpkq32.exe28⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dboiaoff.exeC:\Windows\system32\Dboiaoff.exe29⤵
-
C:\Windows\SysWOW64\Dcaefo32.exeC:\Windows\system32\Dcaefo32.exe30⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Dkljka32.exeC:\Windows\system32\Dkljka32.exe31⤵
-
C:\Windows\SysWOW64\Ednajepe.exeC:\Windows\system32\Ednajepe.exe32⤵
-
C:\Windows\SysWOW64\Fchdnkpi.exeC:\Windows\system32\Fchdnkpi.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fdiafc32.exeC:\Windows\system32\Fdiafc32.exe34⤵
-
C:\Windows\SysWOW64\Gdnjabab.exeC:\Windows\system32\Gdnjabab.exe35⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gdcdlb32.exeC:\Windows\system32\Gdcdlb32.exe36⤵
-
C:\Windows\SysWOW64\Gfbpfedp.exeC:\Windows\system32\Gfbpfedp.exe37⤵
-
C:\Windows\SysWOW64\Hicihp32.exeC:\Windows\system32\Hicihp32.exe38⤵
-
C:\Windows\SysWOW64\Hcimei32.exeC:\Windows\system32\Hcimei32.exe39⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Heapmp32.exeC:\Windows\system32\Heapmp32.exe40⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Icbpkg32.exeC:\Windows\system32\Icbpkg32.exe41⤵
-
C:\Windows\SysWOW64\Ilbnkiba.exeC:\Windows\system32\Ilbnkiba.exe42⤵
-
C:\Windows\SysWOW64\Jfaenqjm.exeC:\Windows\system32\Jfaenqjm.exe43⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kmfmfigl.exeC:\Windows\system32\Kmfmfigl.exe44⤵
-
C:\Windows\SysWOW64\Lbjlpo32.exeC:\Windows\system32\Lbjlpo32.exe45⤵
-
C:\Windows\SysWOW64\Lmppmh32.exeC:\Windows\system32\Lmppmh32.exe46⤵
-
C:\Windows\SysWOW64\Lboeknkf.exeC:\Windows\system32\Lboeknkf.exe47⤵
-
C:\Windows\SysWOW64\Ldoadabi.exeC:\Windows\system32\Ldoadabi.exe48⤵
-
C:\Windows\SysWOW64\Mdckpqod.exeC:\Windows\system32\Mdckpqod.exe49⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Medggidb.exeC:\Windows\system32\Medggidb.exe50⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mpoepa32.exeC:\Windows\system32\Mpoepa32.exe51⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nphhfp32.exeC:\Windows\system32\Nphhfp32.exe52⤵
-
C:\Windows\SysWOW64\Ncfdbk32.exeC:\Windows\system32\Ncfdbk32.exe53⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Onekeb32.exeC:\Windows\system32\Onekeb32.exe54⤵
-
C:\Windows\SysWOW64\Pqhammje.exeC:\Windows\system32\Pqhammje.exe55⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pqmjhm32.exeC:\Windows\system32\Pqmjhm32.exe56⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bepeph32.exeC:\Windows\system32\Bepeph32.exe57⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bcebadof.exeC:\Windows\system32\Bcebadof.exe58⤵
-
C:\Windows\SysWOW64\Bjokno32.exeC:\Windows\system32\Bjokno32.exe59⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cmiffhkj.exeC:\Windows\system32\Cmiffhkj.exe60⤵
-
C:\Windows\SysWOW64\Ceckleii.exeC:\Windows\system32\Ceckleii.exe61⤵
-
C:\Windows\SysWOW64\Edmjpoli.exeC:\Windows\system32\Edmjpoli.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fdijkmbl.exeC:\Windows\system32\Fdijkmbl.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gkglcfec.exeC:\Windows\system32\Gkglcfec.exe64⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gaadpqmp.exeC:\Windows\system32\Gaadpqmp.exe65⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Gkjhif32.exeC:\Windows\system32\Gkjhif32.exe66⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gadqepkn.exeC:\Windows\system32\Gadqepkn.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gnkajapa.exeC:\Windows\system32\Gnkajapa.exe68⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hfioln32.exeC:\Windows\system32\Hfioln32.exe69⤵
-
C:\Windows\SysWOW64\Hoadecal.exeC:\Windows\system32\Hoadecal.exe70⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ibffbnjh.exeC:\Windows\system32\Ibffbnjh.exe71⤵
-
C:\Windows\SysWOW64\Iiehjgnp.exeC:\Windows\system32\Iiehjgnp.exe72⤵
-
C:\Windows\SysWOW64\Ioopfa32.exeC:\Windows\system32\Ioopfa32.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jkkjfa32.exeC:\Windows\system32\Jkkjfa32.exe74⤵
-
C:\Windows\SysWOW64\Jlocaabf.exeC:\Windows\system32\Jlocaabf.exe75⤵
-
C:\Windows\SysWOW64\Klapgq32.exeC:\Windows\system32\Klapgq32.exe76⤵
-
C:\Windows\SysWOW64\Kbpboj32.exeC:\Windows\system32\Kbpboj32.exe77⤵
-
C:\Windows\SysWOW64\Lbekjipe.exeC:\Windows\system32\Lbekjipe.exe78⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lhbdbpnm.exeC:\Windows\system32\Lhbdbpnm.exe79⤵
-
C:\Windows\SysWOW64\Lpkiim32.exeC:\Windows\system32\Lpkiim32.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lpbojlfd.exeC:\Windows\system32\Lpbojlfd.exe81⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Mflgff32.exeC:\Windows\system32\Mflgff32.exe82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mhncnodp.exeC:\Windows\system32\Mhncnodp.exe83⤵
-
C:\Windows\SysWOW64\Miaica32.exeC:\Windows\system32\Miaica32.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Moobkh32.exeC:\Windows\system32\Moobkh32.exe85⤵
-
C:\Windows\SysWOW64\Mehjhbma.exeC:\Windows\system32\Mehjhbma.exe86⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mpnnek32.exeC:\Windows\system32\Mpnnek32.exe87⤵
-
C:\Windows\SysWOW64\Npedfjfo.exeC:\Windows\system32\Npedfjfo.exe88⤵
-
C:\Windows\SysWOW64\Ngombd32.exeC:\Windows\system32\Ngombd32.exe89⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oidopn32.exeC:\Windows\system32\Oidopn32.exe90⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ohnelj32.exeC:\Windows\system32\Ohnelj32.exe91⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Pcdjic32.exeC:\Windows\system32\Pcdjic32.exe92⤵
-
C:\Windows\SysWOW64\Pplcnf32.exeC:\Windows\system32\Pplcnf32.exe93⤵
-
C:\Windows\SysWOW64\Qqamieno.exeC:\Windows\system32\Qqamieno.exe94⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ajqgbjoh.exeC:\Windows\system32\Ajqgbjoh.exe95⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Amaqde32.exeC:\Windows\system32\Amaqde32.exe96⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bgknlmgi.exeC:\Windows\system32\Bgknlmgi.exe97⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bgbdml32.exeC:\Windows\system32\Bgbdml32.exe98⤵
-
C:\Windows\SysWOW64\Bpniaool.exeC:\Windows\system32\Bpniaool.exe99⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cifmjd32.exeC:\Windows\system32\Cifmjd32.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cfjnch32.exeC:\Windows\system32\Cfjnch32.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cimckcoe.exeC:\Windows\system32\Cimckcoe.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cfaddg32.exeC:\Windows\system32\Cfaddg32.exe103⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dmmifaci.exeC:\Windows\system32\Dmmifaci.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dffmogji.exeC:\Windows\system32\Dffmogji.exe105⤵
-
C:\Windows\SysWOW64\Dpnbhl32.exeC:\Windows\system32\Dpnbhl32.exe106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Djfckenm.exeC:\Windows\system32\Djfckenm.exe107⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dpckclld.exeC:\Windows\system32\Dpckclld.exe108⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Emkeho32.exeC:\Windows\system32\Emkeho32.exe109⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jqgldb32.exeC:\Windows\system32\Jqgldb32.exe110⤵
-
C:\Windows\SysWOW64\Jklpakam.exeC:\Windows\system32\Jklpakam.exe111⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Jdddjq32.exeC:\Windows\system32\Jdddjq32.exe112⤵
-
C:\Windows\SysWOW64\Kkomgkoj.exeC:\Windows\system32\Kkomgkoj.exe113⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kibmqond.exeC:\Windows\system32\Kibmqond.exe114⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kbkaiddd.exeC:\Windows\system32\Kbkaiddd.exe115⤵
-
C:\Windows\SysWOW64\Kjkpif32.exeC:\Windows\system32\Kjkpif32.exe116⤵
-
C:\Windows\SysWOW64\Kaehepeg.exeC:\Windows\system32\Kaehepeg.exe117⤵
-
C:\Windows\SysWOW64\Lkmihi32.exeC:\Windows\system32\Lkmihi32.exe118⤵
-
C:\Windows\SysWOW64\Lnmbjd32.exeC:\Windows\system32\Lnmbjd32.exe119⤵
-
C:\Windows\SysWOW64\Lnpopcni.exeC:\Windows\system32\Lnpopcni.exe120⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mjneec32.exeC:\Windows\system32\Mjneec32.exe121⤵
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-