Analysis
-
max time kernel
187s -
max time network
199s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
22/10/2023, 17:28
General
-
Target
NEAS.ce3f8d0d45397eec031f4faf5172e970.exe
-
Size
226KB
-
MD5
ce3f8d0d45397eec031f4faf5172e970
-
SHA1
d64dac5db1a5b4ef1e54c6431c638471819c0201
-
SHA256
e75efcc340bdf49b86ba491173ebe4ec2a97a3cfa2fc1934d59ee441478efbaa
-
SHA512
179ccea4ec0d955f90b7afbe53ea660fab9012fd8b746b01fed57fc8b243861affbe6ec5b44babb7d8bdb946389fd4c1bc78c68cdee3567500555e90060133d9
-
SSDEEP
6144:POhGIgw4dH4kXfxqySSKpRmSKeTk7eT5ABrnL8MdYg:PMuw4dJ5IKrEAlnLAg
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Malware Backdoor - Berbew 64 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.ce3f8d0d45397eec031f4faf5172e970.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.ce3f8d0d45397eec031f4faf5172e970.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bmkjig32.exeC:\Windows\system32\Bmkjig32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cdebfago.exeC:\Windows\system32\Cdebfago.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Clpgkcdj.exeC:\Windows\system32\Clpgkcdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cmgjee32.exeC:\Windows\system32\Cmgjee32.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dmifkecb.exeC:\Windows\system32\Dmifkecb.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dgfdojfm.exeC:\Windows\system32\Dgfdojfm.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Egmjpi32.exeC:\Windows\system32\Egmjpi32.exe8⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Egpgehnb.exeC:\Windows\system32\Egpgehnb.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ephlnn32.exeC:\Windows\system32\Ephlnn32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Edfddl32.exeC:\Windows\system32\Edfddl32.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fjeibc32.exeC:\Windows\system32\Fjeibc32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fneoma32.exeC:\Windows\system32\Fneoma32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fcbgfhii.exeC:\Windows\system32\Fcbgfhii.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fcddkggf.exeC:\Windows\system32\Fcddkggf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gnjhhpgl.exeC:\Windows\system32\Gnjhhpgl.exe16⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gfemmb32.exeC:\Windows\system32\Gfemmb32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gfgjbb32.exeC:\Windows\system32\Gfgjbb32.exe18⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gckjlf32.exeC:\Windows\system32\Gckjlf32.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gqokekph.exeC:\Windows\system32\Gqokekph.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gdmcki32.exeC:\Windows\system32\Gdmcki32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hnehdo32.exeC:\Windows\system32\Hnehdo32.exe22⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hfamia32.exeC:\Windows\system32\Hfamia32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hdbmfhbi.exeC:\Windows\system32\Hdbmfhbi.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hmmakk32.exeC:\Windows\system32\Hmmakk32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hjabdo32.exeC:\Windows\system32\Hjabdo32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hgebnc32.exeC:\Windows\system32\Hgebnc32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hdicggla.exeC:\Windows\system32\Hdicggla.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Inagpm32.exeC:\Windows\system32\Inagpm32.exe29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ienlbf32.exeC:\Windows\system32\Ienlbf32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iepihf32.exeC:\Windows\system32\Iepihf32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Icefib32.exeC:\Windows\system32\Icefib32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mdkabmjf.exeC:\Windows\system32\Mdkabmjf.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Phbolflm.exeC:\Windows\system32\Phbolflm.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fofdkcmd.exeC:\Windows\system32\Fofdkcmd.exe35⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Oknnanhj.exeC:\Windows\system32\Oknnanhj.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ijdnka32.exeC:\Windows\system32\Ijdnka32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Njceqili.exeC:\Windows\system32\Njceqili.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bnaolm32.exeC:\Windows\system32\Bnaolm32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmhglopl.exeC:\Windows\system32\Nmhglopl.exe40⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Cphgca32.exeC:\Windows\system32\Cphgca32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cgbppknb.exeC:\Windows\system32\Cgbppknb.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dcpffk32.exeC:\Windows\system32\Dcpffk32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Djjobedk.exeC:\Windows\system32\Djjobedk.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Enajobbf.exeC:\Windows\system32\Enajobbf.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Efolidno.exeC:\Windows\system32\Efolidno.exe6⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fceihh32.exeC:\Windows\system32\Fceihh32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Fcgemhic.exeC:\Windows\system32\Fcgemhic.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fmpjfn32.exeC:\Windows\system32\Fmpjfn32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fpnfbi32.exeC:\Windows\system32\Fpnfbi32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fmbflm32.exeC:\Windows\system32\Fmbflm32.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fclohg32.exeC:\Windows\system32\Fclohg32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fjfgealk.exeC:\Windows\system32\Fjfgealk.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gmfpgmil.exeC:\Windows\system32\Gmfpgmil.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gnfmapqo.exeC:\Windows\system32\Gnfmapqo.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gpgihh32.exeC:\Windows\system32\Gpgihh32.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gagebknp.exeC:\Windows\system32\Gagebknp.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ghanoeel.exeC:\Windows\system32\Ghanoeel.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gjojkpdp.exeC:\Windows\system32\Gjojkpdp.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gaibhj32.exeC:\Windows\system32\Gaibhj32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gjagapbn.exeC:\Windows\system32\Gjagapbn.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gpnoigpe.exeC:\Windows\system32\Gpnoigpe.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hhegjdag.exeC:\Windows\system32\Hhegjdag.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hpqlof32.exeC:\Windows\system32\Hpqlof32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iaqapggb.exeC:\Windows\system32\Iaqapggb.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ihkila32.exeC:\Windows\system32\Ihkila32.exe26⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jacnegep.exeC:\Windows\system32\Jacnegep.exe27⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jmnheggo.exeC:\Windows\system32\Jmnheggo.exe28⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jhfihp32.exeC:\Windows\system32\Jhfihp32.exe29⤵
-
C:\Windows\SysWOW64\Kdmjmqjf.exeC:\Windows\system32\Kdmjmqjf.exe30⤵
-
C:\Windows\SysWOW64\Knhkkfod.exeC:\Windows\system32\Knhkkfod.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Khplnn32.exeC:\Windows\system32\Khplnn32.exe32⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kpkqbq32.exeC:\Windows\system32\Kpkqbq32.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kgeiokao.exeC:\Windows\system32\Kgeiokao.exe34⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kolaqh32.exeC:\Windows\system32\Kolaqh32.exe35⤵
-
C:\Windows\SysWOW64\Lggeej32.exeC:\Windows\system32\Lggeej32.exe36⤵
-
C:\Windows\SysWOW64\Lhgbomfo.exeC:\Windows\system32\Lhgbomfo.exe37⤵
-
C:\Windows\SysWOW64\Lkenkhec.exeC:\Windows\system32\Lkenkhec.exe38⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Laofhbmp.exeC:\Windows\system32\Laofhbmp.exe39⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ldnbdnlc.exeC:\Windows\system32\Ldnbdnlc.exe40⤵
-
C:\Windows\SysWOW64\Lkgkqh32.exeC:\Windows\system32\Lkgkqh32.exe41⤵
-
C:\Windows\SysWOW64\Laacmbkm.exeC:\Windows\system32\Laacmbkm.exe42⤵
-
C:\Windows\SysWOW64\Lhkkjl32.exeC:\Windows\system32\Lhkkjl32.exe43⤵
-
C:\Windows\SysWOW64\Lnhdbc32.exeC:\Windows\system32\Lnhdbc32.exe44⤵
-
C:\Windows\SysWOW64\Lqfpoope.exeC:\Windows\system32\Lqfpoope.exe45⤵
-
C:\Windows\SysWOW64\Mnojcb32.exeC:\Windows\system32\Mnojcb32.exe46⤵
-
C:\Windows\SysWOW64\Mqnfon32.exeC:\Windows\system32\Mqnfon32.exe47⤵
-
C:\Windows\SysWOW64\Mhenpk32.exeC:\Windows\system32\Mhenpk32.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mnaghb32.exeC:\Windows\system32\Mnaghb32.exe49⤵
-
C:\Windows\SysWOW64\Mndcnafd.exeC:\Windows\system32\Mndcnafd.exe50⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mhihkjfj.exeC:\Windows\system32\Mhihkjfj.exe51⤵
-
C:\Windows\SysWOW64\Nicjaino.exeC:\Windows\system32\Nicjaino.exe52⤵
-
C:\Windows\SysWOW64\Nejkfj32.exeC:\Windows\system32\Nejkfj32.exe53⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Obphenpj.exeC:\Windows\system32\Obphenpj.exe54⤵
-
C:\Windows\SysWOW64\Opdiobod.exeC:\Windows\system32\Opdiobod.exe55⤵
-
C:\Windows\SysWOW64\Oaeegjeb.exeC:\Windows\system32\Oaeegjeb.exe56⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ogoncd32.exeC:\Windows\system32\Ogoncd32.exe57⤵
-
C:\Windows\SysWOW64\Oecnmi32.exeC:\Windows\system32\Oecnmi32.exe58⤵
-
C:\Windows\SysWOW64\Onkbenbi.exeC:\Windows\system32\Onkbenbi.exe59⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pgdgodhj.exeC:\Windows\system32\Pgdgodhj.exe60⤵
-
C:\Windows\SysWOW64\Pnnokn32.exeC:\Windows\system32\Pnnokn32.exe61⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ppmleagi.exeC:\Windows\system32\Ppmleagi.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Piepnfnj.exeC:\Windows\system32\Piepnfnj.exe63⤵
-
C:\Windows\SysWOW64\Ppphkq32.exeC:\Windows\system32\Ppphkq32.exe64⤵
-
C:\Windows\SysWOW64\Phkmoc32.exeC:\Windows\system32\Phkmoc32.exe65⤵
-
C:\Windows\SysWOW64\Peonhg32.exeC:\Windows\system32\Peonhg32.exe66⤵
-
C:\Windows\SysWOW64\Pbbnbkpe.exeC:\Windows\system32\Pbbnbkpe.exe67⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qlkbka32.exeC:\Windows\system32\Qlkbka32.exe68⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qbekgknb.exeC:\Windows\system32\Qbekgknb.exe69⤵
-
C:\Windows\SysWOW64\Qlmopqdc.exeC:\Windows\system32\Qlmopqdc.exe70⤵
-
C:\Windows\SysWOW64\Qbggmk32.exeC:\Windows\system32\Qbggmk32.exe71⤵
-
C:\Windows\SysWOW64\Ahdpea32.exeC:\Windows\system32\Ahdpea32.exe72⤵
-
C:\Windows\SysWOW64\Aonhblad.exeC:\Windows\system32\Aonhblad.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ablahjhj.exeC:\Windows\system32\Ablahjhj.exe74⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aldeap32.exeC:\Windows\system32\Aldeap32.exe75⤵
-
C:\Windows\SysWOW64\Aemjjeek.exeC:\Windows\system32\Aemjjeek.exe76⤵
-
C:\Windows\SysWOW64\Abqjci32.exeC:\Windows\system32\Abqjci32.exe77⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Aikbpckb.exeC:\Windows\system32\Aikbpckb.exe78⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Apdkmn32.exeC:\Windows\system32\Apdkmn32.exe79⤵
-
C:\Windows\SysWOW64\Bpggbm32.exeC:\Windows\system32\Bpggbm32.exe80⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Boldcj32.exeC:\Windows\system32\Boldcj32.exe81⤵
-
C:\Windows\SysWOW64\Bajqpe32.exeC:\Windows\system32\Bajqpe32.exe82⤵
-
C:\Windows\SysWOW64\Blpemn32.exeC:\Windows\system32\Blpemn32.exe83⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Behiec32.exeC:\Windows\system32\Behiec32.exe84⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Blbabnbk.exeC:\Windows\system32\Blbabnbk.exe85⤵
-
C:\Windows\SysWOW64\Bbljoh32.exeC:\Windows\system32\Bbljoh32.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bhibgo32.exeC:\Windows\system32\Bhibgo32.exe87⤵
-
C:\Windows\SysWOW64\Cbofdg32.exeC:\Windows\system32\Cbofdg32.exe88⤵
-
C:\Windows\SysWOW64\Ciioaa32.exeC:\Windows\system32\Ciioaa32.exe89⤵
-
C:\Windows\SysWOW64\Cadcfd32.exeC:\Windows\system32\Cadcfd32.exe90⤵
-
C:\Windows\SysWOW64\Chnlbndj.exeC:\Windows\system32\Chnlbndj.exe91⤵
-
C:\Windows\SysWOW64\Cohdoh32.exeC:\Windows\system32\Cohdoh32.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cimhlakl.exeC:\Windows\system32\Cimhlakl.exe93⤵
-
C:\Windows\SysWOW64\Ccfmef32.exeC:\Windows\system32\Ccfmef32.exe94⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cediab32.exeC:\Windows\system32\Cediab32.exe95⤵
-
C:\Windows\SysWOW64\Clnanlhn.exeC:\Windows\system32\Clnanlhn.exe96⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cchikf32.exeC:\Windows\system32\Cchikf32.exe97⤵
-
C:\Windows\SysWOW64\Djgkbp32.exeC:\Windows\system32\Djgkbp32.exe98⤵
-
C:\Windows\SysWOW64\Dpqcoj32.exeC:\Windows\system32\Dpqcoj32.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Djihhoao.exeC:\Windows\system32\Djihhoao.exe100⤵
-
C:\Windows\SysWOW64\Dpcpei32.exeC:\Windows\system32\Dpcpei32.exe101⤵
-
C:\Windows\SysWOW64\Dadlmanj.exeC:\Windows\system32\Dadlmanj.exe102⤵
-
C:\Windows\SysWOW64\Djkdnool.exeC:\Windows\system32\Djkdnool.exe103⤵
-
C:\Windows\SysWOW64\Dpemjifi.exeC:\Windows\system32\Dpemjifi.exe104⤵
-
C:\Windows\SysWOW64\Djnaco32.exeC:\Windows\system32\Djnaco32.exe105⤵
-
C:\Windows\SysWOW64\Eokjke32.exeC:\Windows\system32\Eokjke32.exe106⤵
-
C:\Windows\SysWOW64\Elojej32.exeC:\Windows\system32\Elojej32.exe107⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Eomfae32.exeC:\Windows\system32\Eomfae32.exe108⤵
-
C:\Windows\SysWOW64\Ebkbmqhb.exeC:\Windows\system32\Ebkbmqhb.exe109⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ehekjk32.exeC:\Windows\system32\Ehekjk32.exe110⤵
-
C:\Windows\SysWOW64\Eplckh32.exeC:\Windows\system32\Eplckh32.exe111⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Eckogc32.exeC:\Windows\system32\Eckogc32.exe112⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ejegdngb.exeC:\Windows\system32\Ejegdngb.exe113⤵
-
C:\Windows\SysWOW64\Eqopqh32.exeC:\Windows\system32\Eqopqh32.exe114⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ejgdim32.exeC:\Windows\system32\Ejgdim32.exe115⤵
-
C:\Windows\SysWOW64\Ecphbckp.exeC:\Windows\system32\Ecphbckp.exe116⤵
-
C:\Windows\SysWOW64\Fcbehbim.exeC:\Windows\system32\Fcbehbim.exe117⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fmjjqhpn.exeC:\Windows\system32\Fmjjqhpn.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Foifmcoa.exeC:\Windows\system32\Foifmcoa.exe119⤵
-
C:\Windows\SysWOW64\Fiajfi32.exeC:\Windows\system32\Fiajfi32.exe120⤵
-
C:\Windows\SysWOW64\Gmclgghc.exeC:\Windows\system32\Gmclgghc.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-