Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
28/10/2023, 19:52
General
-
Target
NEAS.3c300f089788f5a76501c83ba32b3f70.exe
-
Size
123KB
-
MD5
3c300f089788f5a76501c83ba32b3f70
-
SHA1
6e25141c24f67cdceb5ea05a0e14baf3106583fa
-
SHA256
6c294c211510817a26e793c7368370ab1166a035b3097c278be1c5c8d52dcb66
-
SHA512
b1d209ddbb08b459116b19751a8b54bf406d2dc5cf0ef635f3e8c9f463c295e2415ec876f76b8ba6d899fb123ef37d1b3b8ecafb0f4e68924596791fa3a51b1f
-
SSDEEP
1536:FsuPZsq7KrrNWiC/xEzDJj7xaRMsGcjRYSw1mir8CAjXoiDEuGg0opGCR98:XberBoxITEjRYSa9rR85DEn5k7r8
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Malware Backdoor - Berbew 64 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.3c300f089788f5a76501c83ba32b3f70.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.3c300f089788f5a76501c83ba32b3f70.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hdmoohbo.exeC:\Windows\system32\Hdmoohbo.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iljpij32.exeC:\Windows\system32\Iljpij32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iinqbn32.exeC:\Windows\system32\Iinqbn32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Icfekc32.exeC:\Windows\system32\Icfekc32.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ilafiihp.exeC:\Windows\system32\Ilafiihp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ilccoh32.exeC:\Windows\system32\Ilccoh32.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jpaleglc.exeC:\Windows\system32\Jpaleglc.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jlhljhbg.exeC:\Windows\system32\Jlhljhbg.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jpfepf32.exeC:\Windows\system32\Jpfepf32.exe10⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jcgnbaeo.exeC:\Windows\system32\Jcgnbaeo.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kjccdkki.exeC:\Windows\system32\Kjccdkki.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Knalji32.exeC:\Windows\system32\Knalji32.exe13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kkeldnpi.exeC:\Windows\system32\Kkeldnpi.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Knfeeimj.exeC:\Windows\system32\Knfeeimj.exe15⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kkjeomld.exeC:\Windows\system32\Kkjeomld.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lnjnqh32.exeC:\Windows\system32\Lnjnqh32.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lnohlgep.exeC:\Windows\system32\Lnohlgep.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lgjijmin.exeC:\Windows\system32\Lgjijmin.exe19⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mminhceb.exeC:\Windows\system32\Mminhceb.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mmkkmc32.exeC:\Windows\system32\Mmkkmc32.exe21⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mgehfkop.exeC:\Windows\system32\Mgehfkop.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Neqopnhb.exeC:\Windows\system32\Neqopnhb.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nagpeo32.exeC:\Windows\system32\Nagpeo32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ojbacd32.exeC:\Windows\system32\Ojbacd32.exe25⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Odmbaj32.exeC:\Windows\system32\Odmbaj32.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Paelfmaf.exeC:\Windows\system32\Paelfmaf.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Poliea32.exeC:\Windows\system32\Poliea32.exe28⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pkegpb32.exeC:\Windows\system32\Pkegpb32.exe29⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pocpfphe.exeC:\Windows\system32\Pocpfphe.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qoelkp32.exeC:\Windows\system32\Qoelkp32.exe31⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Qhmqdemc.exeC:\Windows\system32\Qhmqdemc.exe32⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Aahbbkaq.exeC:\Windows\system32\Aahbbkaq.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Anobgl32.exeC:\Windows\system32\Anobgl32.exe2⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Aonoao32.exeC:\Windows\system32\Aonoao32.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aehgnied.exeC:\Windows\system32\Aehgnied.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aekddhcb.exeC:\Windows\system32\Aekddhcb.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Alelqb32.exeC:\Windows\system32\Alelqb32.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bllbaa32.exeC:\Windows\system32\Bllbaa32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bakgoh32.exeC:\Windows\system32\Bakgoh32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Chiigadc.exeC:\Windows\system32\Chiigadc.exe9⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cnindhpg.exeC:\Windows\system32\Cnindhpg.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cbfgkffn.exeC:\Windows\system32\Cbfgkffn.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dmlkhofd.exeC:\Windows\system32\Dmlkhofd.exe12⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Domdjj32.exeC:\Windows\system32\Domdjj32.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dndnpf32.exeC:\Windows\system32\Dndnpf32.exe14⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Deqcbpld.exeC:\Windows\system32\Deqcbpld.exe15⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eoideh32.exeC:\Windows\system32\Eoideh32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Emoadlfo.exeC:\Windows\system32\Emoadlfo.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eblimcdf.exeC:\Windows\system32\Eblimcdf.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fihnomjp.exeC:\Windows\system32\Fihnomjp.exe19⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fneggdhg.exeC:\Windows\system32\Fneggdhg.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fpdcag32.exeC:\Windows\system32\Fpdcag32.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fmkqpkla.exeC:\Windows\system32\Fmkqpkla.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fnlmhc32.exeC:\Windows\system32\Fnlmhc32.exe23⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fiaael32.exeC:\Windows\system32\Fiaael32.exe24⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fnnjmbpm.exeC:\Windows\system32\Fnnjmbpm.exe25⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gblbca32.exeC:\Windows\system32\Gblbca32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gbnoiqdq.exeC:\Windows\system32\Gbnoiqdq.exe27⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gmdcfidg.exeC:\Windows\system32\Gmdcfidg.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gbalopbn.exeC:\Windows\system32\Gbalopbn.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gimqajgh.exeC:\Windows\system32\Gimqajgh.exe30⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gpgind32.exeC:\Windows\system32\Gpgind32.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hpiecd32.exeC:\Windows\system32\Hpiecd32.exe32⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hlpfhe32.exeC:\Windows\system32\Hlpfhe32.exe33⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hehkajig.exeC:\Windows\system32\Hehkajig.exe34⤵
-
C:\Windows\SysWOW64\Hblkjo32.exeC:\Windows\system32\Hblkjo32.exe35⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hpqldc32.exeC:\Windows\system32\Hpqldc32.exe36⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ibaeen32.exeC:\Windows\system32\Ibaeen32.exe37⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Iliinc32.exeC:\Windows\system32\Iliinc32.exe38⤵
-
C:\Windows\SysWOW64\Iebngial.exeC:\Windows\system32\Iebngial.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Imkbnf32.exeC:\Windows\system32\Imkbnf32.exe40⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ickglm32.exeC:\Windows\system32\Ickglm32.exe41⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Impliekg.exeC:\Windows\system32\Impliekg.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ipoheakj.exeC:\Windows\system32\Ipoheakj.exe43⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jmbhoeid.exeC:\Windows\system32\Jmbhoeid.exe44⤵
-
C:\Windows\SysWOW64\Jcoaglhk.exeC:\Windows\system32\Jcoaglhk.exe45⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jokkgl32.exeC:\Windows\system32\Jokkgl32.exe46⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kgdpni32.exeC:\Windows\system32\Kgdpni32.exe47⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Knnhjcog.exeC:\Windows\system32\Knnhjcog.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Knqepc32.exeC:\Windows\system32\Knqepc32.exe49⤵
-
C:\Windows\SysWOW64\Kcmmhj32.exeC:\Windows\system32\Kcmmhj32.exe50⤵
-
C:\Windows\SysWOW64\Kfnfjehl.exeC:\Windows\system32\Kfnfjehl.exe51⤵
-
C:\Windows\SysWOW64\Kofkbk32.exeC:\Windows\system32\Kofkbk32.exe52⤵
-
C:\Windows\SysWOW64\Lljklo32.exeC:\Windows\system32\Lljklo32.exe53⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lcdciiec.exeC:\Windows\system32\Lcdciiec.exe54⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Llmhaold.exeC:\Windows\system32\Llmhaold.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lnoaaaad.exeC:\Windows\system32\Lnoaaaad.exe56⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ljeafb32.exeC:\Windows\system32\Ljeafb32.exe57⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ljhnlb32.exeC:\Windows\system32\Ljhnlb32.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Modgdicm.exeC:\Windows\system32\Modgdicm.exe59⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mnegbp32.exeC:\Windows\system32\Mnegbp32.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Moipoh32.exeC:\Windows\system32\Moipoh32.exe61⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mjodla32.exeC:\Windows\system32\Mjodla32.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mcgiefen.exeC:\Windows\system32\Mcgiefen.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mmpmnl32.exeC:\Windows\system32\Mmpmnl32.exe64⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Nqmfdj32.exeC:\Windows\system32\Nqmfdj32.exe65⤵
-
C:\Windows\SysWOW64\Njfkmphe.exeC:\Windows\system32\Njfkmphe.exe66⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Nqpcjj32.exeC:\Windows\system32\Nqpcjj32.exe67⤵
-
C:\Windows\SysWOW64\Njhgbp32.exeC:\Windows\system32\Njhgbp32.exe68⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ncqlkemc.exeC:\Windows\system32\Ncqlkemc.exe69⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nnfpinmi.exeC:\Windows\system32\Nnfpinmi.exe70⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ngndaccj.exeC:\Windows\system32\Ngndaccj.exe71⤵
-
C:\Windows\SysWOW64\Nagiji32.exeC:\Windows\system32\Nagiji32.exe72⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Onkidm32.exeC:\Windows\system32\Onkidm32.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Oakbehfe.exeC:\Windows\system32\Oakbehfe.exe74⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ogekbb32.exeC:\Windows\system32\Ogekbb32.exe75⤵
-
C:\Windows\SysWOW64\Opqofe32.exeC:\Windows\system32\Opqofe32.exe76⤵
-
C:\Windows\SysWOW64\Onapdl32.exeC:\Windows\system32\Onapdl32.exe77⤵
-
C:\Windows\SysWOW64\Omgmeigd.exeC:\Windows\system32\Omgmeigd.exe78⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Pnfiplog.exeC:\Windows\system32\Pnfiplog.exe79⤵
-
C:\Windows\SysWOW64\Pmlfqh32.exeC:\Windows\system32\Pmlfqh32.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pjpfjl32.exeC:\Windows\system32\Pjpfjl32.exe81⤵
-
C:\Windows\SysWOW64\Pmpolgoi.exeC:\Windows\system32\Pmpolgoi.exe82⤵
-
C:\Windows\SysWOW64\Pfiddm32.exeC:\Windows\system32\Pfiddm32.exe83⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qfkqjmdg.exeC:\Windows\system32\Qfkqjmdg.exe84⤵
-
C:\Windows\SysWOW64\Qaqegecm.exeC:\Windows\system32\Qaqegecm.exe85⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qacameaj.exeC:\Windows\system32\Qacameaj.exe86⤵
-
C:\Windows\SysWOW64\Afpjel32.exeC:\Windows\system32\Afpjel32.exe87⤵
-
C:\Windows\SysWOW64\Aphnnafb.exeC:\Windows\system32\Aphnnafb.exe88⤵
-
C:\Windows\SysWOW64\Aagkhd32.exeC:\Windows\system32\Aagkhd32.exe89⤵
-
C:\Windows\SysWOW64\Adfgdpmi.exeC:\Windows\system32\Adfgdpmi.exe90⤵
-
C:\Windows\SysWOW64\Aokkahlo.exeC:\Windows\system32\Aokkahlo.exe91⤵
-
C:\Windows\SysWOW64\Aggpfkjj.exeC:\Windows\system32\Aggpfkjj.exe92⤵
-
C:\Windows\SysWOW64\Adkqoohc.exeC:\Windows\system32\Adkqoohc.exe93⤵
-
C:\Windows\SysWOW64\Bdmmeo32.exeC:\Windows\system32\Bdmmeo32.exe94⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bdagpnbk.exeC:\Windows\system32\Bdagpnbk.exe95⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bogkmgba.exeC:\Windows\system32\Bogkmgba.exe96⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bahdob32.exeC:\Windows\system32\Bahdob32.exe97⤵
-
C:\Windows\SysWOW64\Bgelgi32.exeC:\Windows\system32\Bgelgi32.exe98⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cpmapodj.exeC:\Windows\system32\Cpmapodj.exe99⤵
-
C:\Windows\SysWOW64\Cammjakm.exeC:\Windows\system32\Cammjakm.exe100⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cgifbhid.exeC:\Windows\system32\Cgifbhid.exe101⤵
-
C:\Windows\SysWOW64\Cncnob32.exeC:\Windows\system32\Cncnob32.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cglbhhga.exeC:\Windows\system32\Cglbhhga.exe103⤵
-
C:\Windows\SysWOW64\Cdpcal32.exeC:\Windows\system32\Cdpcal32.exe104⤵
-
C:\Windows\SysWOW64\Cgqlcg32.exeC:\Windows\system32\Cgqlcg32.exe105⤵
-
C:\Windows\SysWOW64\Cnjdpaki.exeC:\Windows\system32\Cnjdpaki.exe106⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dgcihgaj.exeC:\Windows\system32\Dgcihgaj.exe107⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dgeenfog.exeC:\Windows\system32\Dgeenfog.exe108⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dqnjgl32.exeC:\Windows\system32\Dqnjgl32.exe109⤵
-
C:\Windows\SysWOW64\Dhdbhifj.exeC:\Windows\system32\Dhdbhifj.exe110⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Damfao32.exeC:\Windows\system32\Damfao32.exe111⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dkekjdck.exeC:\Windows\system32\Dkekjdck.exe112⤵
-
C:\Windows\SysWOW64\Ddnobj32.exeC:\Windows\system32\Ddnobj32.exe113⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eqdpgk32.exeC:\Windows\system32\Eqdpgk32.exe114⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Eoepebho.exeC:\Windows\system32\Eoepebho.exe115⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Eqgmmk32.exeC:\Windows\system32\Eqgmmk32.exe116⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Egaejeej.exeC:\Windows\system32\Egaejeej.exe117⤵
-
C:\Windows\SysWOW64\Eqlfhjig.exeC:\Windows\system32\Eqlfhjig.exe118⤵
-
C:\Windows\SysWOW64\Ebkbbmqj.exeC:\Windows\system32\Ebkbbmqj.exe119⤵
-
C:\Windows\SysWOW64\Fooclapd.exeC:\Windows\system32\Fooclapd.exe120⤵
-
C:\Windows\SysWOW64\Foapaa32.exeC:\Windows\system32\Foapaa32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-