Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
163s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
28/10/2023, 17:52
General
-
Target
NEAS.36c76bcf296f33c0bb53e1299a83c45f.exe
-
Size
459KB
-
MD5
36c76bcf296f33c0bb53e1299a83c45f
-
SHA1
ac61edca618b4ecb972581dcc915a6834bc1b55e
-
SHA256
8703666294f3a61e665016204dca4a15c9ac716b69d6d94d843052bade9758ec
-
SHA512
439df38bd9d4b5869a0de8144a5e0343099db8b4748c9ca128adb9baf5e4923ce0417d1373659634153657c863e62f1c6b13df1311f897e667230c96beb835e7
-
SSDEEP
6144:4vNvFQ/MwGsmLrZNs/VKi/MwGsmLr5+Nod/MwGsmLrZNs/VKi/MwGsmLrRo68lS:4vqMmmpNs/VXMmmg8MmmpNs/VXMmm
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.36c76bcf296f33c0bb53e1299a83c45f.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.36c76bcf296f33c0bb53e1299a83c45f.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cmflbf32.exeC:\Windows\system32\Cmflbf32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dmoohe32.exeC:\Windows\system32\Dmoohe32.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dfgcakon.exeC:\Windows\system32\Dfgcakon.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
C:\Windows\SysWOW64\Dkdliame.exeC:\Windows\system32\Dkdliame.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dbqqkkbo.exeC:\Windows\system32\Dbqqkkbo.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dbcmakpl.exeC:\Windows\system32\Dbcmakpl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Emkndc32.exeC:\Windows\system32\Emkndc32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eplgeokq.exeC:\Windows\system32\Eplgeokq.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Epndknin.exeC:\Windows\system32\Epndknin.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eppqqn32.exeC:\Windows\system32\Eppqqn32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Emdajb32.exeC:\Windows\system32\Emdajb32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Flinkojm.exeC:\Windows\system32\Flinkojm.exe9⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fmikeaap.exeC:\Windows\system32\Fmikeaap.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fjmkoeqi.exeC:\Windows\system32\Fjmkoeqi.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fibhpbea.exeC:\Windows\system32\Fibhpbea.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fjadje32.exeC:\Windows\system32\Fjadje32.exe13⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gjdaodja.exeC:\Windows\system32\Gjdaodja.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gmdjapgb.exeC:\Windows\system32\Gmdjapgb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gbabigfj.exeC:\Windows\system32\Gbabigfj.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gdaociml.exeC:\Windows\system32\Gdaociml.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gphphj32.exeC:\Windows\system32\Gphphj32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gipdap32.exeC:\Windows\system32\Gipdap32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hkbmqb32.exeC:\Windows\system32\Hkbmqb32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hdjbiheb.exeC:\Windows\system32\Hdjbiheb.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hpabni32.exeC:\Windows\system32\Hpabni32.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bkaobnio.exeC:\Windows\system32\Bkaobnio.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mqimikfj.exeC:\Windows\system32\Mqimikfj.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mmpmnl32.exeC:\Windows\system32\Mmpmnl32.exe25⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Mfhbga32.exeC:\Windows\system32\Mfhbga32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nnojho32.exeC:\Windows\system32\Nnojho32.exe2⤵
-
C:\Windows\SysWOW64\Nclbpf32.exeC:\Windows\system32\Nclbpf32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nqpcjj32.exeC:\Windows\system32\Nqpcjj32.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nncccnol.exeC:\Windows\system32\Nncccnol.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
-
-
-
-
-
C:\Windows\SysWOW64\Npepkf32.exeC:\Windows\system32\Npepkf32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Njmqnobn.exeC:\Windows\system32\Njmqnobn.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ocjoadei.exeC:\Windows\system32\Ocjoadei.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ofhknodl.exeC:\Windows\system32\Ofhknodl.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ombcji32.exeC:\Windows\system32\Ombcji32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oghghb32.exeC:\Windows\system32\Oghghb32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Afhfaddk.exeC:\Windows\system32\Afhfaddk.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bfmolc32.exeC:\Windows\system32\Bfmolc32.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kkgdhp32.exeC:\Windows\system32\Kkgdhp32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nofoki32.exeC:\Windows\system32\Nofoki32.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bflham32.exeC:\Windows\system32\Bflham32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gnanioad.exeC:\Windows\system32\Gnanioad.exe12⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kaqejcep.exeC:\Windows\system32\Kaqejcep.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fochecog.exeC:\Windows\system32\Fochecog.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kiodha32.exeC:\Windows\system32\Kiodha32.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lfcmhc32.exeC:\Windows\system32\Lfcmhc32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Laiafl32.exeC:\Windows\system32\Laiafl32.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Migcpneb.exeC:\Windows\system32\Migcpneb.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mfmpob32.exeC:\Windows\system32\Mfmpob32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mabdlk32.exeC:\Windows\system32\Mabdlk32.exe20⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mmiealgc.exeC:\Windows\system32\Mmiealgc.exe21⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Npjnbg32.exeC:\Windows\system32\Npjnbg32.exe22⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nplkhf32.exeC:\Windows\system32\Nplkhf32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ngipjp32.exeC:\Windows\system32\Ngipjp32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nandhi32.exeC:\Windows\system32\Nandhi32.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nkghqo32.exeC:\Windows\system32\Nkghqo32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Onqdhh32.exeC:\Windows\system32\Onqdhh32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Opopdd32.exeC:\Windows\system32\Opopdd32.exe28⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pgihanii.exeC:\Windows\system32\Pgihanii.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pkgaglpp.exeC:\Windows\system32\Pkgaglpp.exe30⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pnenchoc.exeC:\Windows\system32\Pnenchoc.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Phkaqqoi.exeC:\Windows\system32\Phkaqqoi.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pacfjfej.exeC:\Windows\system32\Pacfjfej.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pknghk32.exeC:\Windows\system32\Pknghk32.exe34⤵
-
C:\Windows\SysWOW64\Pahpee32.exeC:\Windows\system32\Pahpee32.exe35⤵
-
C:\Windows\SysWOW64\Qdihfq32.exeC:\Windows\system32\Qdihfq32.exe36⤵
-
C:\Windows\SysWOW64\Aqpika32.exeC:\Windows\system32\Aqpika32.exe37⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ahinbo32.exeC:\Windows\system32\Ahinbo32.exe38⤵
-
C:\Windows\SysWOW64\Bhbahm32.exeC:\Windows\system32\Bhbahm32.exe39⤵
-
C:\Windows\SysWOW64\Bjcmpepm.exeC:\Windows\system32\Bjcmpepm.exe40⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bggnijof.exeC:\Windows\system32\Bggnijof.exe41⤵
-
C:\Windows\SysWOW64\Bilcol32.exeC:\Windows\system32\Bilcol32.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cnmebblf.exeC:\Windows\system32\Cnmebblf.exe43⤵
-
C:\Windows\SysWOW64\Cicjokll.exeC:\Windows\system32\Cicjokll.exe44⤵
-
C:\Windows\SysWOW64\Cjdfgc32.exeC:\Windows\system32\Cjdfgc32.exe45⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cejjdlap.exeC:\Windows\system32\Cejjdlap.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Capkim32.exeC:\Windows\system32\Capkim32.exe47⤵
-
C:\Windows\SysWOW64\Djipbbne.exeC:\Windows\system32\Djipbbne.exe48⤵
-
C:\Windows\SysWOW64\Dabhomea.exeC:\Windows\system32\Dabhomea.exe49⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Daeddlco.exeC:\Windows\system32\Daeddlco.exe50⤵
-
C:\Windows\SysWOW64\Djmima32.exeC:\Windows\system32\Djmima32.exe51⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dgaiffii.exeC:\Windows\system32\Dgaiffii.exe52⤵
-
C:\Windows\SysWOW64\Dbgndoho.exeC:\Windows\system32\Dbgndoho.exe53⤵
-
C:\Windows\SysWOW64\Dhcfleff.exeC:\Windows\system32\Dhcfleff.exe54⤵
-
C:\Windows\SysWOW64\Dnnoip32.exeC:\Windows\system32\Dnnoip32.exe55⤵
-
C:\Windows\SysWOW64\Dicbfhni.exeC:\Windows\system32\Dicbfhni.exe56⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ejdonq32.exeC:\Windows\system32\Ejdonq32.exe57⤵
-
C:\Windows\SysWOW64\Ejglcq32.exeC:\Windows\system32\Ejglcq32.exe58⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ejiiippb.exeC:\Windows\system32\Ejiiippb.exe59⤵
-
C:\Windows\SysWOW64\Eijigg32.exeC:\Windows\system32\Eijigg32.exe60⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ebbmpmnb.exeC:\Windows\system32\Ebbmpmnb.exe61⤵
-
C:\Windows\SysWOW64\Elkbhbeb.exeC:\Windows\system32\Elkbhbeb.exe62⤵
-
C:\Windows\SysWOW64\Eahjqicj.exeC:\Windows\system32\Eahjqicj.exe63⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Flmonbbp.exeC:\Windows\system32\Flmonbbp.exe64⤵
-
C:\Windows\SysWOW64\Fhdocc32.exeC:\Windows\system32\Fhdocc32.exe65⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fbjcplhj.exeC:\Windows\system32\Fbjcplhj.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Foqdem32.exeC:\Windows\system32\Foqdem32.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fifhbf32.exeC:\Windows\system32\Fifhbf32.exe68⤵
-
C:\Windows\SysWOW64\Fbnmkk32.exeC:\Windows\system32\Fbnmkk32.exe69⤵
-
C:\Windows\SysWOW64\Fhkecb32.exeC:\Windows\system32\Fhkecb32.exe70⤵
-
C:\Windows\SysWOW64\Fbqiak32.exeC:\Windows\system32\Fbqiak32.exe71⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gikbneio.exeC:\Windows\system32\Gikbneio.exe72⤵
-
C:\Windows\SysWOW64\Gimoce32.exeC:\Windows\system32\Gimoce32.exe73⤵
-
C:\Windows\SysWOW64\Gahcgg32.exeC:\Windows\system32\Gahcgg32.exe74⤵
-
C:\Windows\SysWOW64\Glngep32.exeC:\Windows\system32\Glngep32.exe75⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Giahndcf.exeC:\Windows\system32\Giahndcf.exe76⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gammbfqa.exeC:\Windows\system32\Gammbfqa.exe77⤵
-
C:\Windows\SysWOW64\Giddddad.exeC:\Windows\system32\Giddddad.exe78⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gaoihfoo.exeC:\Windows\system32\Gaoihfoo.exe79⤵
-
C:\Windows\SysWOW64\Hkggfe32.exeC:\Windows\system32\Hkggfe32.exe80⤵
-
C:\Windows\SysWOW64\Lkhbko32.exeC:\Windows\system32\Lkhbko32.exe81⤵
-
C:\Windows\SysWOW64\Oflkqc32.exeC:\Windows\system32\Oflkqc32.exe82⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Comddn32.exeC:\Windows\system32\Comddn32.exe83⤵
-
C:\Windows\SysWOW64\Gplbcgbg.exeC:\Windows\system32\Gplbcgbg.exe84⤵
-
C:\Windows\SysWOW64\Ghcjedcj.exeC:\Windows\system32\Ghcjedcj.exe85⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Gjagapbn.exeC:\Windows\system32\Gjagapbn.exe86⤵
-
C:\Windows\SysWOW64\Gmpcmkaa.exeC:\Windows\system32\Gmpcmkaa.exe87⤵
-
C:\Windows\SysWOW64\Gpnoigpe.exeC:\Windows\system32\Gpnoigpe.exe88⤵
-
C:\Windows\SysWOW64\Hhegjdag.exeC:\Windows\system32\Hhegjdag.exe89⤵
-
C:\Windows\SysWOW64\Hjdcfp32.exeC:\Windows\system32\Hjdcfp32.exe90⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hpqlof32.exeC:\Windows\system32\Hpqlof32.exe91⤵
-
C:\Windows\SysWOW64\Hhhdpd32.exeC:\Windows\system32\Hhhdpd32.exe92⤵
-
C:\Windows\SysWOW64\Hjfplo32.exeC:\Windows\system32\Hjfplo32.exe93⤵
-
C:\Windows\SysWOW64\Haphiiee.exeC:\Windows\system32\Haphiiee.exe94⤵
-
C:\Windows\SysWOW64\Bidefbcg.exeC:\Windows\system32\Bidefbcg.exe95⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bbljoh32.exeC:\Windows\system32\Bbljoh32.exe96⤵
-
C:\Windows\SysWOW64\Bhibgo32.exeC:\Windows\system32\Bhibgo32.exe97⤵
-
C:\Windows\SysWOW64\Clgkmm32.exeC:\Windows\system32\Clgkmm32.exe98⤵
-
C:\Windows\SysWOW64\Coegih32.exeC:\Windows\system32\Coegih32.exe99⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Caimachg.exeC:\Windows\system32\Caimachg.exe100⤵
-
C:\Windows\SysWOW64\Cipebqij.exeC:\Windows\system32\Cipebqij.exe101⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Clnanlhn.exeC:\Windows\system32\Clnanlhn.exe102⤵
-
C:\Windows\SysWOW64\Cakjfcfe.exeC:\Windows\system32\Cakjfcfe.exe103⤵
-
C:\Windows\SysWOW64\Cibagpgg.exeC:\Windows\system32\Cibagpgg.exe104⤵
-
C:\Windows\SysWOW64\Clqncl32.exeC:\Windows\system32\Clqncl32.exe105⤵
-
C:\Windows\SysWOW64\Damflb32.exeC:\Windows\system32\Damflb32.exe106⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Doageg32.exeC:\Windows\system32\Doageg32.exe107⤵
-
C:\Windows\SysWOW64\Dekobaki.exeC:\Windows\system32\Dekobaki.exe108⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dlegokbe.exeC:\Windows\system32\Dlegokbe.exe109⤵
-
C:\Windows\SysWOW64\Dcopke32.exeC:\Windows\system32\Dcopke32.exe110⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Denlgq32.exeC:\Windows\system32\Denlgq32.exe111⤵
-
C:\Windows\SysWOW64\Dlgddkpc.exeC:\Windows\system32\Dlgddkpc.exe112⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dcalae32.exeC:\Windows\system32\Dcalae32.exe113⤵
-
C:\Windows\SysWOW64\Dfphmp32.exeC:\Windows\system32\Dfphmp32.exe114⤵
-
C:\Windows\SysWOW64\Dohmff32.exeC:\Windows\system32\Dohmff32.exe115⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Djnaco32.exeC:\Windows\system32\Djnaco32.exe116⤵
-
C:\Windows\SysWOW64\Dphipidf.exeC:\Windows\system32\Dphipidf.exe117⤵
-
C:\Windows\SysWOW64\Efdbhpbn.exeC:\Windows\system32\Efdbhpbn.exe118⤵
-
C:\Windows\SysWOW64\Echbad32.exeC:\Windows\system32\Echbad32.exe119⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ehekjk32.exeC:\Windows\system32\Ehekjk32.exe120⤵
-
C:\Windows\SysWOW64\Eplckh32.exeC:\Windows\system32\Eplckh32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-