Analysis
-
max time kernel
129s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
28/10/2023, 20:18
General
-
Target
NEAS.ef42a349950a77b7a3333bc217b83650.exe
-
Size
398KB
-
MD5
ef42a349950a77b7a3333bc217b83650
-
SHA1
3e2dcbabcecbb696fab292c1d7930d672caee7b7
-
SHA256
927430e305698e1bb9246eb542c0ac23e34162d7bc665b1a4bb51880ee46b34c
-
SHA512
4043b320214520c3bbea3cfdc48d5e319b4ec256072b1d0b9ac5a827c98a44d23543e3cd22ee16cae4bd0861bb4c842f47b396e96e31b4d127098cbb01f5e207
-
SSDEEP
12288:XBhxL6t3XGCByvNv54B9f01ZmHByvNv5imipWf0Aq:X5L6t3XGpvr4B9f01ZmQvrimipWf0Aq
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Malware Backdoor - Berbew 64 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.ef42a349950a77b7a3333bc217b83650.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.ef42a349950a77b7a3333bc217b83650.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dqbadf32.exeC:\Windows\system32\Dqbadf32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gjkgkg32.exeC:\Windows\system32\Gjkgkg32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hdmojkjg.exeC:\Windows\system32\Hdmojkjg.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hlipfh32.exeC:\Windows\system32\Hlipfh32.exe5⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Incpdodg.exeC:\Windows\system32\Incpdodg.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iemdkl32.exeC:\Windows\system32\Iemdkl32.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jklihbol.exeC:\Windows\system32\Jklihbol.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jehcfj32.exeC:\Windows\system32\Jehcfj32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kdeghfhj.exeC:\Windows\system32\Kdeghfhj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lkchpoka.exeC:\Windows\system32\Lkchpoka.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Meepoc32.exeC:\Windows\system32\Meepoc32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nnlqig32.exeC:\Windows\system32\Nnlqig32.exe13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nmajbnha.exeC:\Windows\system32\Nmajbnha.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pbjbfclk.exeC:\Windows\system32\Pbjbfclk.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ppblkffp.exeC:\Windows\system32\Ppblkffp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qpibke32.exeC:\Windows\system32\Qpibke32.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Apqhldjp.exeC:\Windows\system32\Apqhldjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Amibqhed.exeC:\Windows\system32\Amibqhed.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ccdgjm32.exeC:\Windows\system32\Ccdgjm32.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dgkbfjeg.exeC:\Windows\system32\Dgkbfjeg.exe21⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eflocepa.exeC:\Windows\system32\Eflocepa.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Epgpajdp.exeC:\Windows\system32\Epgpajdp.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gfmhjb32.exeC:\Windows\system32\Gfmhjb32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gnfmapqo.exeC:\Windows\system32\Gnfmapqo.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gceaofmc.exeC:\Windows\system32\Gceaofmc.exe26⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Hmdlhk32.exeC:\Windows\system32\Hmdlhk32.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hfmqapcl.exeC:\Windows\system32\Hfmqapcl.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hhmmkcko.exeC:\Windows\system32\Hhmmkcko.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Hoibmmpi.exeC:\Windows\system32\Hoibmmpi.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iplkje32.exeC:\Windows\system32\Iplkje32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Imeeohoi.exeC:\Windows\system32\Imeeohoi.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Jognokdi.exeC:\Windows\system32\Jognokdi.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jmlkpgia.exeC:\Windows\system32\Jmlkpgia.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jkeedk32.exeC:\Windows\system32\Jkeedk32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kpanmb32.exeC:\Windows\system32\Kpanmb32.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kkqepi32.exeC:\Windows\system32\Kkqepi32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lamjbc32.exeC:\Windows\system32\Lamjbc32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lglopjkg.exeC:\Windows\system32\Lglopjkg.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mddidm32.exeC:\Windows\system32\Mddidm32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Moofmeal.exeC:\Windows\system32\Moofmeal.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mbpoop32.exeC:\Windows\system32\Mbpoop32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nnimia32.exeC:\Windows\system32\Nnimia32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nnpcjplf.exeC:\Windows\system32\Nnpcjplf.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oghgbe32.exeC:\Windows\system32\Oghgbe32.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ogajid32.exeC:\Windows\system32\Ogajid32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Onkbenbi.exeC:\Windows\system32\Onkbenbi.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ppmleagi.exeC:\Windows\system32\Ppmleagi.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pejdmh32.exeC:\Windows\system32\Pejdmh32.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pihmcflg.exeC:\Windows\system32\Pihmcflg.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qlkbka32.exeC:\Windows\system32\Qlkbka32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qajhigcj.exeC:\Windows\system32\Qajhigcj.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ahdpea32.exeC:\Windows\system32\Ahdpea32.exe21⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Abjdbj32.exeC:\Windows\system32\Abjdbj32.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Albikp32.exeC:\Windows\system32\Albikp32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aejmdegn.exeC:\Windows\system32\Aejmdegn.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aldeap32.exeC:\Windows\system32\Aldeap32.exe25⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Bimoecio.exeC:\Windows\system32\Bimoecio.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bojhnjgf.exeC:\Windows\system32\Bojhnjgf.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bpnncl32.exeC:\Windows\system32\Bpnncl32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Blenhmph.exeC:\Windows\system32\Blenhmph.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Caagpdop.exeC:\Windows\system32\Caagpdop.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cadcfd32.exeC:\Windows\system32\Cadcfd32.exe6⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Clihcm32.exeC:\Windows\system32\Clihcm32.exe7⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cibagpgg.exeC:\Windows\system32\Cibagpgg.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dpemjifi.exeC:\Windows\system32\Dpemjifi.exe9⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Elojej32.exeC:\Windows\system32\Elojej32.exe10⤵
-
C:\Windows\SysWOW64\Ebkbmqhb.exeC:\Windows\system32\Ebkbmqhb.exe11⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ehlakjig.exeC:\Windows\system32\Ehlakjig.exe12⤵
-
C:\Windows\SysWOW64\Fqhbgf32.exeC:\Windows\system32\Fqhbgf32.exe13⤵
-
C:\Windows\SysWOW64\Ficgkico.exeC:\Windows\system32\Ficgkico.exe14⤵
-
C:\Windows\SysWOW64\Fcikhace.exeC:\Windows\system32\Fcikhace.exe15⤵
-
C:\Windows\SysWOW64\Fckhnaab.exeC:\Windows\system32\Fckhnaab.exe16⤵
-
C:\Windows\SysWOW64\Gmfilfep.exeC:\Windows\system32\Gmfilfep.exe17⤵
-
C:\Windows\SysWOW64\Gqdbbelf.exeC:\Windows\system32\Gqdbbelf.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Hcpjpn32.exeC:\Windows\system32\Hcpjpn32.exe19⤵
-
C:\Windows\SysWOW64\Iffmmihf.exeC:\Windows\system32\Iffmmihf.exe20⤵
-
C:\Windows\SysWOW64\Ifhibhfc.exeC:\Windows\system32\Ifhibhfc.exe21⤵
-
C:\Windows\SysWOW64\Jpegfm32.exeC:\Windows\system32\Jpegfm32.exe22⤵
-
C:\Windows\SysWOW64\Jmnakqcc.exeC:\Windows\system32\Jmnakqcc.exe23⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kdophj32.exeC:\Windows\system32\Kdophj32.exe24⤵
-
C:\Windows\SysWOW64\Kmgdaokh.exeC:\Windows\system32\Kmgdaokh.exe25⤵
-
C:\Windows\SysWOW64\Kgphje32.exeC:\Windows\system32\Kgphje32.exe26⤵
-
C:\Windows\SysWOW64\Kgbepdpf.exeC:\Windows\system32\Kgbepdpf.exe27⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lmnjan32.exeC:\Windows\system32\Lmnjan32.exe28⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Lckbje32.exeC:\Windows\system32\Lckbje32.exe29⤵
-
C:\Windows\SysWOW64\Lalchm32.exeC:\Windows\system32\Lalchm32.exe30⤵
-
C:\Windows\SysWOW64\Lanpml32.exeC:\Windows\system32\Lanpml32.exe31⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lpcmoi32.exeC:\Windows\system32\Lpcmoi32.exe32⤵
-
C:\Windows\SysWOW64\Mdaedgdb.exeC:\Windows\system32\Mdaedgdb.exe33⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Maefnk32.exeC:\Windows\system32\Maefnk32.exe34⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mcklac32.exeC:\Windows\system32\Mcklac32.exe35⤵
-
C:\Windows\SysWOW64\Mallojmd.exeC:\Windows\system32\Mallojmd.exe36⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mgidgakk.exeC:\Windows\system32\Mgidgakk.exe37⤵
-
C:\Windows\SysWOW64\Nglala32.exeC:\Windows\system32\Nglala32.exe38⤵
-
C:\Windows\SysWOW64\Ncbaabom.exeC:\Windows\system32\Ncbaabom.exe39⤵
-
C:\Windows\SysWOW64\Nqfbkf32.exeC:\Windows\system32\Nqfbkf32.exe40⤵
-
C:\Windows\SysWOW64\Nqioqf32.exeC:\Windows\system32\Nqioqf32.exe41⤵
-
C:\Windows\SysWOW64\Nqklfe32.exeC:\Windows\system32\Nqklfe32.exe42⤵
-
C:\Windows\SysWOW64\Nkqpcnig.exeC:\Windows\system32\Nkqpcnig.exe43⤵
-
C:\Windows\SysWOW64\Ocldhqgb.exeC:\Windows\system32\Ocldhqgb.exe44⤵
-
C:\Windows\SysWOW64\Onaieifh.exeC:\Windows\system32\Onaieifh.exe45⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Okeinn32.exeC:\Windows\system32\Okeinn32.exe46⤵
-
C:\Windows\SysWOW64\Odnngclb.exeC:\Windows\system32\Odnngclb.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Oqdnld32.exeC:\Windows\system32\Oqdnld32.exe48⤵
-
C:\Windows\SysWOW64\Pgemimck.exeC:\Windows\system32\Pgemimck.exe49⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Pghiomqi.exeC:\Windows\system32\Pghiomqi.exe50⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Papnhbgi.exeC:\Windows\system32\Papnhbgi.exe51⤵
-
C:\Windows\SysWOW64\Qbddmejf.exeC:\Windows\system32\Qbddmejf.exe52⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qgalelin.exeC:\Windows\system32\Qgalelin.exe53⤵
-
C:\Windows\SysWOW64\Acjjpllp.exeC:\Windows\system32\Acjjpllp.exe54⤵
-
C:\Windows\SysWOW64\Anpnmele.exeC:\Windows\system32\Anpnmele.exe55⤵
-
C:\Windows\SysWOW64\Acmfel32.exeC:\Windows\system32\Acmfel32.exe56⤵
-
C:\Windows\SysWOW64\Anbkbe32.exeC:\Windows\system32\Anbkbe32.exe57⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Aelcooap.exeC:\Windows\system32\Aelcooap.exe58⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ajikhfpg.exeC:\Windows\system32\Ajikhfpg.exe59⤵
-
C:\Windows\SysWOW64\Aenpeoom.exeC:\Windows\system32\Aenpeoom.exe60⤵
-
C:\Windows\SysWOW64\Bbbpnc32.exeC:\Windows\system32\Bbbpnc32.exe61⤵
-
C:\Windows\SysWOW64\Bdcmfkde.exeC:\Windows\system32\Bdcmfkde.exe62⤵
-
C:\Windows\SysWOW64\Bbemdb32.exeC:\Windows\system32\Bbemdb32.exe63⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bhaeli32.exeC:\Windows\system32\Bhaeli32.exe64⤵
-
C:\Windows\SysWOW64\Bbgiibja.exeC:\Windows\system32\Bbgiibja.exe65⤵
-
C:\Windows\SysWOW64\Bjbnndgl.exeC:\Windows\system32\Bjbnndgl.exe66⤵
-
C:\Windows\SysWOW64\Bdkbgj32.exeC:\Windows\system32\Bdkbgj32.exe67⤵
-
C:\Windows\SysWOW64\Bejoqm32.exeC:\Windows\system32\Bejoqm32.exe68⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cbnpja32.exeC:\Windows\system32\Cbnpja32.exe69⤵
-
C:\Windows\SysWOW64\Cdolbijg.exeC:\Windows\system32\Cdolbijg.exe70⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cahffmel.exeC:\Windows\system32\Cahffmel.exe71⤵
-
C:\Windows\SysWOW64\Chbncg32.exeC:\Windows\system32\Chbncg32.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ekngqqol.exeC:\Windows\system32\Ekngqqol.exe73⤵
-
C:\Windows\SysWOW64\Edgkif32.exeC:\Windows\system32\Edgkif32.exe74⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Elbmebbj.exeC:\Windows\system32\Elbmebbj.exe75⤵
-
C:\Windows\SysWOW64\Fohobmke.exeC:\Windows\system32\Fohobmke.exe76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hfiffd32.exeC:\Windows\system32\Hfiffd32.exe77⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ickcaf32.exeC:\Windows\system32\Ickcaf32.exe78⤵
-
C:\Windows\SysWOW64\Kbebdpca.exeC:\Windows\system32\Kbebdpca.exe79⤵
-
C:\Windows\SysWOW64\Llngmeja.exeC:\Windows\system32\Llngmeja.exe80⤵
-
C:\Windows\SysWOW64\Lbhojo32.exeC:\Windows\system32\Lbhojo32.exe81⤵
-
C:\Windows\SysWOW64\Lbabpn32.exeC:\Windows\system32\Lbabpn32.exe82⤵
-
C:\Windows\SysWOW64\Mdckpqod.exeC:\Windows\system32\Mdckpqod.exe83⤵
-
C:\Windows\SysWOW64\Ocdqcikl.exeC:\Windows\system32\Ocdqcikl.exe84⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pcgmiiii.exeC:\Windows\system32\Pcgmiiii.exe85⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Pgefogop.exeC:\Windows\system32\Pgefogop.exe86⤵
-
C:\Windows\SysWOW64\Pqmjhm32.exeC:\Windows\system32\Pqmjhm32.exe87⤵
-
C:\Windows\SysWOW64\Pjeoablq.exeC:\Windows\system32\Pjeoablq.exe88⤵
-
C:\Windows\SysWOW64\Pqbdclak.exeC:\Windows\system32\Pqbdclak.exe89⤵
-
C:\Windows\SysWOW64\Qmhdhm32.exeC:\Windows\system32\Qmhdhm32.exe90⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qgnief32.exeC:\Windows\system32\Qgnief32.exe91⤵
-
C:\Windows\SysWOW64\Ajfhhp32.exeC:\Windows\system32\Ajfhhp32.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Acnlqe32.exeC:\Windows\system32\Acnlqe32.exe93⤵
-
C:\Windows\SysWOW64\Ajhdmplk.exeC:\Windows\system32\Ajhdmplk.exe94⤵
-
C:\Windows\SysWOW64\Babmjj32.exeC:\Windows\system32\Babmjj32.exe95⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bglefdke.exeC:\Windows\system32\Bglefdke.exe96⤵
-
C:\Windows\SysWOW64\Bccfleqi.exeC:\Windows\system32\Bccfleqi.exe97⤵
-
C:\Windows\SysWOW64\Chhdbb32.exeC:\Windows\system32\Chhdbb32.exe98⤵
-
C:\Windows\SysWOW64\Celelf32.exeC:\Windows\system32\Celelf32.exe99⤵
-
C:\Windows\SysWOW64\Cmgjpi32.exeC:\Windows\system32\Cmgjpi32.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Cfonin32.exeC:\Windows\system32\Cfonin32.exe101⤵
-
C:\Windows\SysWOW64\Cfakon32.exeC:\Windows\system32\Cfakon32.exe102⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ceckleii.exeC:\Windows\system32\Ceckleii.exe103⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cokpekpj.exeC:\Windows\system32\Cokpekpj.exe104⤵
-
C:\Windows\SysWOW64\Dhcdnq32.exeC:\Windows\system32\Dhcdnq32.exe105⤵
-
C:\Windows\SysWOW64\Ddjecalo.exeC:\Windows\system32\Ddjecalo.exe106⤵
-
C:\Windows\SysWOW64\Dopiqj32.exeC:\Windows\system32\Dopiqj32.exe107⤵
-
C:\Windows\SysWOW64\Dfknem32.exeC:\Windows\system32\Dfknem32.exe108⤵
-
C:\Windows\SysWOW64\Daqbbe32.exeC:\Windows\system32\Daqbbe32.exe109⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dkifkkpf.exeC:\Windows\system32\Dkifkkpf.exe110⤵
-
C:\Windows\SysWOW64\Dkkcqj32.exeC:\Windows\system32\Dkkcqj32.exe111⤵
-
C:\Windows\SysWOW64\Eecdcckf.exeC:\Windows\system32\Eecdcckf.exe112⤵
-
C:\Windows\SysWOW64\Emniheha.exeC:\Windows\system32\Emniheha.exe113⤵
-
C:\Windows\SysWOW64\Ehdmenhh.exeC:\Windows\system32\Ehdmenhh.exe114⤵
-
C:\Windows\SysWOW64\Eoneah32.exeC:\Windows\system32\Eoneah32.exe115⤵
-
C:\Windows\SysWOW64\Ehfjkn32.exeC:\Windows\system32\Ehfjkn32.exe116⤵
-
C:\Windows\SysWOW64\Egkgljkm.exeC:\Windows\system32\Egkgljkm.exe117⤵
-
C:\Windows\SysWOW64\Femgia32.exeC:\Windows\system32\Femgia32.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fojenfeg.exeC:\Windows\system32\Fojenfeg.exe119⤵
-
C:\Windows\SysWOW64\Gnckjbfj.exeC:\Windows\system32\Gnckjbfj.exe120⤵
-
C:\Windows\SysWOW64\Hfdfanoa.exeC:\Windows\system32\Hfdfanoa.exe121⤵
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-