Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
14/10/2023, 09:40
General
-
Target
NEAS.023d8b6306decc6440acf860d62521d0_JC.exe
-
Size
1.7MB
-
MD5
023d8b6306decc6440acf860d62521d0
-
SHA1
981898a228bd1c40df4815135a3f533670345faf
-
SHA256
10fcae65109a1c6c680c4781f2fb0b11a9309e6ac7063ec1b3601464c8aafa39
-
SHA512
209e7feda69f331d772df626b0062ee70fbb428e0b1a07950a0532b9fb90b0355febbe77b1d20c3e7693c275cd74189d25c23027a805511a922adf76343baf9a
-
SSDEEP
24576:UXq5h3q5hL6X1q5h3q5hipq5h3q5hL6X1q5h3q5h:+60d6
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.023d8b6306decc6440acf860d62521d0_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.023d8b6306decc6440acf860d62521d0_JC.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kdkdgchl.exeC:\Windows\system32\Kdkdgchl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kmfhkf32.exeC:\Windows\system32\Kmfhkf32.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kkjeomld.exeC:\Windows\system32\Kkjeomld.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kcejco32.exeC:\Windows\system32\Kcejco32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lkchelci.exeC:\Windows\system32\Lkchelci.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lkeekk32.exeC:\Windows\system32\Lkeekk32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mnkggfkb.exeC:\Windows\system32\Mnkggfkb.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mgclpkac.exeC:\Windows\system32\Mgclpkac.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mcjmel32.exeC:\Windows\system32\Mcjmel32.exe10⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nabfjpak.exeC:\Windows\system32\Nabfjpak.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nlhkgi32.exeC:\Windows\system32\Nlhkgi32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Neqopnhb.exeC:\Windows\system32\Neqopnhb.exe13⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nnicid32.exeC:\Windows\system32\Nnicid32.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nmnqjp32.exeC:\Windows\system32\Nmnqjp32.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Ohcegi32.exeC:\Windows\system32\Ohcegi32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Onnmdcjm.exeC:\Windows\system32\Onnmdcjm.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oeheqm32.exeC:\Windows\system32\Oeheqm32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
C:\Windows\SysWOW64\Ojdnid32.exeC:\Windows\system32\Ojdnid32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oejbfmpg.exeC:\Windows\system32\Oejbfmpg.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\Oogpjbbb.exeC:\Windows\system32\Oogpjbbb.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Peahgl32.exeC:\Windows\system32\Peahgl32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Phaahggp.exeC:\Windows\system32\Phaahggp.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pajeam32.exeC:\Windows\system32\Pajeam32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Pdmkhgho.exeC:\Windows\system32\Pdmkhgho.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pkgcea32.exeC:\Windows\system32\Pkgcea32.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Qeodhjmo.exeC:\Windows\system32\Qeodhjmo.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Qklmpalf.exeC:\Windows\system32\Qklmpalf.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\Alkijdci.exeC:\Windows\system32\Alkijdci.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aahbbkaq.exeC:\Windows\system32\Aahbbkaq.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\Albpkc32.exeC:\Windows\system32\Albpkc32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Aaohcj32.exeC:\Windows\system32\Aaohcj32.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Ahippdbe.exeC:\Windows\system32\Ahippdbe.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Baadiiif.exeC:\Windows\system32\Baadiiif.exe2⤵
- Executes dropped EXE
- Modifies registry class
-
-
C:\Windows\SysWOW64\Bepmoh32.exeC:\Windows\system32\Bepmoh32.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bklfgo32.exeC:\Windows\system32\Bklfgo32.exe2⤵
- Executes dropped EXE
- Modifies registry class
-
-
C:\Windows\SysWOW64\Bnmoijje.exeC:\Windows\system32\Bnmoijje.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bdgged32.exeC:\Windows\system32\Bdgged32.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Bakgoh32.exeC:\Windows\system32\Bakgoh32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bheplb32.exeC:\Windows\system32\Bheplb32.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Coohhlpe.exeC:\Windows\system32\Coohhlpe.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Chglab32.exeC:\Windows\system32\Chglab32.exe2⤵
- Executes dropped EXE
- Modifies registry class
-
-
C:\Windows\SysWOW64\Bkaobnio.exeC:\Windows\system32\Bkaobnio.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bllbaa32.exeC:\Windows\system32\Bllbaa32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bafndi32.exeC:\Windows\system32\Bafndi32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bkjiao32.exeC:\Windows\system32\Bkjiao32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aamknj32.exeC:\Windows\system32\Aamknj32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Alpbecod.exeC:\Windows\system32\Alpbecod.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Anobgl32.exeC:\Windows\system32\Anobgl32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Alnfpcag.exeC:\Windows\system32\Alnfpcag.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aeaanjkl.exeC:\Windows\system32\Aeaanjkl.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qkipkani.exeC:\Windows\system32\Qkipkani.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qaalblgi.exeC:\Windows\system32\Qaalblgi.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmcclm32.exeC:\Windows\system32\Pmcclm32.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Palbgl32.exeC:\Windows\system32\Palbgl32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Plpjoe32.exeC:\Windows\system32\Plpjoe32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pknqoc32.exeC:\Windows\system32\Pknqoc32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oeokal32.exeC:\Windows\system32\Oeokal32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ojigdcll.exeC:\Windows\system32\Ojigdcll.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oelolmnd.exeC:\Windows\system32\Oelolmnd.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ojgjndno.exeC:\Windows\system32\Ojgjndno.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ehifak32.exeC:\Windows\system32\Ehifak32.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eoconenj.exeC:\Windows\system32\Eoconenj.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Elgohj32.exeC:\Windows\system32\Elgohj32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eflceb32.exeC:\Windows\system32\Eflceb32.exe4⤵
-
C:\Windows\SysWOW64\Ehnpmkbg.exeC:\Windows\system32\Ehnpmkbg.exe5⤵
-
C:\Windows\SysWOW64\Eohhie32.exeC:\Windows\system32\Eohhie32.exe6⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Eimlgnij.exeC:\Windows\system32\Eimlgnij.exe7⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Odcfdc32.exeC:\Windows\system32\Odcfdc32.exe8⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Omlkmign.exeC:\Windows\system32\Omlkmign.exe9⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oickbjmb.exeC:\Windows\system32\Oickbjmb.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ohdlpa32.exeC:\Windows\system32\Ohdlpa32.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pdofpb32.exeC:\Windows\system32\Pdofpb32.exe12⤵
-
C:\Windows\SysWOW64\Pjlnhi32.exeC:\Windows\system32\Pjlnhi32.exe13⤵
-
C:\Windows\SysWOW64\Pdbbfadn.exeC:\Windows\system32\Pdbbfadn.exe14⤵
-
C:\Windows\SysWOW64\Pjoknhbe.exeC:\Windows\system32\Pjoknhbe.exe15⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pphckb32.exeC:\Windows\system32\Pphckb32.exe16⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pknghk32.exeC:\Windows\system32\Pknghk32.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pahpee32.exeC:\Windows\system32\Pahpee32.exe18⤵
-
C:\Windows\SysWOW64\Qdflaa32.exeC:\Windows\system32\Qdflaa32.exe19⤵
-
C:\Windows\SysWOW64\Adpogp32.exeC:\Windows\system32\Adpogp32.exe20⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Anhcpeon.exeC:\Windows\system32\Anhcpeon.exe21⤵
-
C:\Windows\SysWOW64\Agqhik32.exeC:\Windows\system32\Agqhik32.exe22⤵
-
C:\Windows\SysWOW64\Dnienqbi.exeC:\Windows\system32\Dnienqbi.exe23⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dioiki32.exeC:\Windows\system32\Dioiki32.exe24⤵
-
C:\Windows\SysWOW64\Deejpjgc.exeC:\Windows\system32\Deejpjgc.exe25⤵
-
C:\Windows\SysWOW64\Djbbhafj.exeC:\Windows\system32\Djbbhafj.exe26⤵
-
C:\Windows\SysWOW64\Dehgejep.exeC:\Windows\system32\Dehgejep.exe27⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Elaobdmm.exeC:\Windows\system32\Elaobdmm.exe28⤵
-
C:\Windows\SysWOW64\Eieplhlf.exeC:\Windows\system32\Eieplhlf.exe29⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Eihlahjd.exeC:\Windows\system32\Eihlahjd.exe30⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Enedio32.exeC:\Windows\system32\Enedio32.exe31⤵
-
C:\Windows\SysWOW64\Eeomfioh.exeC:\Windows\system32\Eeomfioh.exe32⤵
-
C:\Windows\SysWOW64\Ejkenpnp.exeC:\Windows\system32\Ejkenpnp.exe33⤵
-
C:\Windows\SysWOW64\Eimelg32.exeC:\Windows\system32\Eimelg32.exe34⤵
-
C:\Windows\SysWOW64\Eahjqicj.exeC:\Windows\system32\Eahjqicj.exe35⤵
-
C:\Windows\SysWOW64\Fbggkl32.exeC:\Windows\system32\Fbggkl32.exe36⤵
-
C:\Windows\SysWOW64\Fiaogfai.exeC:\Windows\system32\Fiaogfai.exe37⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fbjcplhj.exeC:\Windows\system32\Fbjcplhj.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Foqdem32.exeC:\Windows\system32\Foqdem32.exe39⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fkgejncb.exeC:\Windows\system32\Fkgejncb.exe40⤵
-
C:\Windows\SysWOW64\Flgadake.exeC:\Windows\system32\Flgadake.exe41⤵
-
C:\Windows\SysWOW64\Feofmf32.exeC:\Windows\system32\Feofmf32.exe42⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gbcffk32.exeC:\Windows\system32\Gbcffk32.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gknkkmmj.exeC:\Windows\system32\Gknkkmmj.exe44⤵
-
C:\Windows\SysWOW64\Gedohfmp.exeC:\Windows\system32\Gedohfmp.exe45⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gbhpajlj.exeC:\Windows\system32\Gbhpajlj.exe46⤵
-
C:\Windows\SysWOW64\Ghdhja32.exeC:\Windows\system32\Ghdhja32.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Gammbfqa.exeC:\Windows\system32\Gammbfqa.exe48⤵
-
C:\Windows\SysWOW64\Goamlkpk.exeC:\Windows\system32\Goamlkpk.exe49⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hkgnalep.exeC:\Windows\system32\Hkgnalep.exe50⤵
-
C:\Windows\SysWOW64\Hhbdko32.exeC:\Windows\system32\Hhbdko32.exe51⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ieiajckh.exeC:\Windows\system32\Ieiajckh.exe52⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ioafchai.exeC:\Windows\system32\Ioafchai.exe53⤵
-
C:\Windows\SysWOW64\Ijgjpaao.exeC:\Windows\system32\Ijgjpaao.exe54⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Iocchhof.exeC:\Windows\system32\Iocchhof.exe55⤵
-
C:\Windows\SysWOW64\Ihlgan32.exeC:\Windows\system32\Ihlgan32.exe56⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Iadljc32.exeC:\Windows\system32\Iadljc32.exe57⤵
-
C:\Windows\SysWOW64\Ikmpcicg.exeC:\Windows\system32\Ikmpcicg.exe58⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jcfejfag.exeC:\Windows\system32\Jcfejfag.exe59⤵
-
C:\Windows\SysWOW64\Jloibkhh.exeC:\Windows\system32\Jloibkhh.exe60⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Joobdfei.exeC:\Windows\system32\Joobdfei.exe61⤵
-
C:\Windows\SysWOW64\Jcmkjeko.exeC:\Windows\system32\Jcmkjeko.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kfndlphp.exeC:\Windows\system32\Kfndlphp.exe63⤵
-
C:\Windows\SysWOW64\Kmhlijpm.exeC:\Windows\system32\Kmhlijpm.exe64⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kfpqap32.exeC:\Windows\system32\Kfpqap32.exe65⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kbgafqla.exeC:\Windows\system32\Kbgafqla.exe66⤵
-
C:\Windows\SysWOW64\Kcikfcab.exeC:\Windows\system32\Kcikfcab.exe67⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kifcnjpi.exeC:\Windows\system32\Kifcnjpi.exe68⤵
-
C:\Windows\SysWOW64\Lfjchn32.exeC:\Windows\system32\Lfjchn32.exe69⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lflpmn32.exeC:\Windows\system32\Lflpmn32.exe70⤵
-
C:\Windows\SysWOW64\Lkiiee32.exeC:\Windows\system32\Lkiiee32.exe71⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lfnmcnjn.exeC:\Windows\system32\Lfnmcnjn.exe72⤵
-
C:\Windows\SysWOW64\Lfqjhmhk.exeC:\Windows\system32\Lfqjhmhk.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ljoboloa.exeC:\Windows\system32\Ljoboloa.exe74⤵
-
C:\Windows\SysWOW64\Nlnkgbhp.exeC:\Windows\system32\Nlnkgbhp.exe75⤵
-
C:\Windows\SysWOW64\Njokei32.exeC:\Windows\system32\Njokei32.exe76⤵
-
C:\Windows\SysWOW64\Npldnp32.exeC:\Windows\system32\Npldnp32.exe77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nlbdba32.exeC:\Windows\system32\Nlbdba32.exe78⤵
-
C:\Windows\SysWOW64\Njceqili.exeC:\Windows\system32\Njceqili.exe79⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Npqmipjq.exeC:\Windows\system32\Npqmipjq.exe80⤵
-
C:\Windows\SysWOW64\Odnfonag.exeC:\Windows\system32\Odnfonag.exe81⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ajlpepbi.exeC:\Windows\system32\Ajlpepbi.exe82⤵
-
C:\Windows\SysWOW64\Bglpjb32.exeC:\Windows\system32\Bglpjb32.exe83⤵
-
C:\Windows\SysWOW64\Dqbadf32.exeC:\Windows\system32\Dqbadf32.exe84⤵
-
C:\Windows\SysWOW64\Geqlhp32.exeC:\Windows\system32\Geqlhp32.exe85⤵
-
C:\Windows\SysWOW64\Jahnkl32.exeC:\Windows\system32\Jahnkl32.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fmkqknci.exeC:\Windows\system32\Fmkqknci.exe87⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fgcang32.exeC:\Windows\system32\Fgcang32.exe88⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Fakfglhm.exeC:\Windows\system32\Fakfglhm.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fnofpqff.exeC:\Windows\system32\Fnofpqff.exe90⤵
-
C:\Windows\SysWOW64\Fclohg32.exeC:\Windows\system32\Fclohg32.exe91⤵
-
C:\Windows\SysWOW64\Fmdcamko.exeC:\Windows\system32\Fmdcamko.exe92⤵
-
C:\Windows\SysWOW64\Ggjgofkd.exeC:\Windows\system32\Ggjgofkd.exe93⤵
-
C:\Windows\SysWOW64\Gndpkp32.exeC:\Windows\system32\Gndpkp32.exe94⤵
-
C:\Windows\SysWOW64\Gcqhcgqi.exeC:\Windows\system32\Gcqhcgqi.exe95⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gjojkpdp.exeC:\Windows\system32\Gjojkpdp.exe96⤵
-
C:\Windows\SysWOW64\Gplbcgbg.exeC:\Windows\system32\Gplbcgbg.exe97⤵
-
C:\Windows\SysWOW64\Gffkpa32.exeC:\Windows\system32\Gffkpa32.exe98⤵
-
C:\Windows\SysWOW64\Gmpcmkaa.exeC:\Windows\system32\Gmpcmkaa.exe99⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hhhdpd32.exeC:\Windows\system32\Hhhdpd32.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hpeejfjm.exeC:\Windows\system32\Hpeejfjm.exe101⤵
-
C:\Windows\SysWOW64\Hfonfp32.exeC:\Windows\system32\Hfonfp32.exe102⤵
-
C:\Windows\SysWOW64\Hmifcjif.exeC:\Windows\system32\Hmifcjif.exe103⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hmlbij32.exeC:\Windows\system32\Hmlbij32.exe104⤵
-
C:\Windows\SysWOW64\Idfkednq.exeC:\Windows\system32\Idfkednq.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jgpfmncg.exeC:\Windows\system32\Jgpfmncg.exe106⤵
-
C:\Windows\SysWOW64\Jmjojh32.exeC:\Windows\system32\Jmjojh32.exe107⤵
-
C:\Windows\SysWOW64\Jhocgqjj.exeC:\Windows\system32\Jhocgqjj.exe108⤵
-
C:\Windows\SysWOW64\Jknocljn.exeC:\Windows\system32\Jknocljn.exe109⤵
-
C:\Windows\SysWOW64\Jahgpf32.exeC:\Windows\system32\Jahgpf32.exe110⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jhapmphg.exeC:\Windows\system32\Jhapmphg.exe111⤵
-
C:\Windows\SysWOW64\Nklfho32.exeC:\Windows\system32\Nklfho32.exe112⤵
-
C:\Windows\SysWOW64\Hbknqeha.exeC:\Windows\system32\Hbknqeha.exe113⤵
-
C:\Windows\SysWOW64\Hcmgphma.exeC:\Windows\system32\Hcmgphma.exe114⤵
-
C:\Windows\SysWOW64\Icbpkg32.exeC:\Windows\system32\Icbpkg32.exe115⤵
-
C:\Windows\SysWOW64\Imjddmpl.exeC:\Windows\system32\Imjddmpl.exe116⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ilpaei32.exeC:\Windows\system32\Ilpaei32.exe117⤵
-
C:\Windows\SysWOW64\Iicboncn.exeC:\Windows\system32\Iicboncn.exe118⤵
-
C:\Windows\SysWOW64\Ipmjkh32.exeC:\Windows\system32\Ipmjkh32.exe119⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Imdgjlgb.exeC:\Windows\system32\Imdgjlgb.exe120⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Jpdqlgdc.exeC:\Windows\system32\Jpdqlgdc.exe121⤵
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-