Analysis
-
max time kernel
115s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
31/10/2023, 17:12
General
-
Target
NEAS.740eb6dbc1d051c7c0ec53c07ed91900_JC.exe
-
Size
99KB
-
MD5
740eb6dbc1d051c7c0ec53c07ed91900
-
SHA1
4f7c65258f2fa2a7b82d87ceb36c21f9629666ef
-
SHA256
61137f55b1baf4434a8e09279a30b2aeff2785e8872a8ba68249d98690d49cf3
-
SHA512
7b06d226b1cec552d032cff4723f3f65cdaf8a44700ed829515e7afe4df8e76aae9ff7ca6861294f6bc0d0bacef9cddaecd58c14cbd793b0d09d36b0d373cf42
-
SSDEEP
1536:D0oDbmX1PMS0WfJoPdpCIEjdCRgwHtdMErzhSltgtESU0yFY/zblXRvRQynRvwty:53aoV5ewl/ZRveynpwoTRBmDRGGurhUI
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.740eb6dbc1d051c7c0ec53c07ed91900_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.740eb6dbc1d051c7c0ec53c07ed91900_JC.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Noehac32.exeC:\Windows\system32\Noehac32.exe2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oogdfc32.exeC:\Windows\system32\Oogdfc32.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ogcike32.exeC:\Windows\system32\Ogcike32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oediim32.exeC:\Windows\system32\Oediim32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ononmo32.exeC:\Windows\system32\Ononmo32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Okcogc32.exeC:\Windows\system32\Okcogc32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ofhcdlgg.exeC:\Windows\system32\Ofhcdlgg.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Poagma32.exeC:\Windows\system32\Poagma32.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pocdba32.exeC:\Windows\system32\Pocdba32.exe10⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Poeahaib.exeC:\Windows\system32\Poeahaib.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Phneqf32.exeC:\Windows\system32\Phneqf32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pbfjjlgc.exeC:\Windows\system32\Pbfjjlgc.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pgcbbc32.exeC:\Windows\system32\Pgcbbc32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qhekaejj.exeC:\Windows\system32\Qhekaejj.exe15⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Agjhbbob.exeC:\Windows\system32\Agjhbbob.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Andqol32.exeC:\Windows\system32\Andqol32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Anfmeldl.exeC:\Windows\system32\Anfmeldl.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Afnefieo.exeC:\Windows\system32\Afnefieo.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Agobna32.exeC:\Windows\system32\Agobna32.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Akmjdpac.exeC:\Windows\system32\Akmjdpac.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Afboah32.exeC:\Windows\system32\Afboah32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Akogio32.exeC:\Windows\system32\Akogio32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Afdkfh32.exeC:\Windows\system32\Afdkfh32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bpaikm32.exeC:\Windows\system32\Bpaikm32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Biljib32.exeC:\Windows\system32\Biljib32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bnicai32.exeC:\Windows\system32\Bnicai32.exe6⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cpipkl32.exeC:\Windows\system32\Cpipkl32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ceehcc32.exeC:\Windows\system32\Ceehcc32.exe8⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Cnnllhpa.exeC:\Windows\system32\Cnnllhpa.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Cpmifkgd.exeC:\Windows\system32\Cpmifkgd.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cbnbhfde.exeC:\Windows\system32\Cbnbhfde.exe3⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cnebmgjj.exeC:\Windows\system32\Cnebmgjj.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Deokja32.exeC:\Windows\system32\Deokja32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eimlgnij.exeC:\Windows\system32\Eimlgnij.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eipilmgh.exeC:\Windows\system32\Eipilmgh.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fbhnec32.exeC:\Windows\system32\Fbhnec32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fhefmjlp.exeC:\Windows\system32\Fhefmjlp.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fgffka32.exeC:\Windows\system32\Fgffka32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Fpnkdfko.exeC:\Windows\system32\Fpnkdfko.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fghcqq32.exeC:\Windows\system32\Fghcqq32.exe12⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fpqgjf32.exeC:\Windows\system32\Fpqgjf32.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fempbm32.exeC:\Windows\system32\Fempbm32.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Fofdkcmd.exeC:\Windows\system32\Fofdkcmd.exe15⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fepmgm32.exeC:\Windows\system32\Fepmgm32.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gccmaack.exeC:\Windows\system32\Gccmaack.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ginenk32.exeC:\Windows\system32\Ginenk32.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gpgnjebd.exeC:\Windows\system32\Gpgnjebd.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ggafgo32.exeC:\Windows\system32\Ggafgo32.exe20⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ghcbohpp.exeC:\Windows\system32\Ghcbohpp.exe21⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gomkkagl.exeC:\Windows\system32\Gomkkagl.exe22⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ggdbmoho.exeC:\Windows\system32\Ggdbmoho.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gheodg32.exeC:\Windows\system32\Gheodg32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gckcap32.exeC:\Windows\system32\Gckcap32.exe25⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gjdknjep.exeC:\Windows\system32\Gjdknjep.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Goadfa32.exeC:\Windows\system32\Goadfa32.exe27⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Geklckkd.exeC:\Windows\system32\Geklckkd.exe28⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hpaqqdjj.exeC:\Windows\system32\Hpaqqdjj.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hjieii32.exeC:\Windows\system32\Hjieii32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hgmebnpd.exeC:\Windows\system32\Hgmebnpd.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hhobjf32.exeC:\Windows\system32\Hhobjf32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hohjgpmo.exeC:\Windows\system32\Hohjgpmo.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hgpbhmna.exeC:\Windows\system32\Hgpbhmna.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hhaope32.exeC:\Windows\system32\Hhaope32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hcfcmnce.exeC:\Windows\system32\Hcfcmnce.exe36⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hhckeeam.exeC:\Windows\system32\Hhckeeam.exe37⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hgdlcm32.exeC:\Windows\system32\Hgdlcm32.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hhehkepj.exeC:\Windows\system32\Hhehkepj.exe39⤵
-
C:\Windows\SysWOW64\Ioppho32.exeC:\Windows\system32\Ioppho32.exe40⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ifihdi32.exeC:\Windows\system32\Ifihdi32.exe41⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Imcqacfq.exeC:\Windows\system32\Imcqacfq.exe42⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ifleji32.exeC:\Windows\system32\Ifleji32.exe43⤵
-
C:\Windows\SysWOW64\Ihjafd32.exeC:\Windows\system32\Ihjafd32.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Iodjcnca.exeC:\Windows\system32\Iodjcnca.exe45⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ifnbph32.exeC:\Windows\system32\Ifnbph32.exe46⤵
-
C:\Windows\SysWOW64\Ihmnldib.exeC:\Windows\system32\Ihmnldib.exe47⤵
-
C:\Windows\SysWOW64\Icbbimih.exeC:\Windows\system32\Icbbimih.exe48⤵
-
C:\Windows\SysWOW64\Iiokacgp.exeC:\Windows\system32\Iiokacgp.exe49⤵
-
C:\Windows\SysWOW64\Ioicnn32.exeC:\Windows\system32\Ioicnn32.exe50⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Iiaggc32.exeC:\Windows\system32\Iiaggc32.exe51⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jcgldl32.exeC:\Windows\system32\Jcgldl32.exe52⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jmdjha32.exeC:\Windows\system32\Jmdjha32.exe53⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jginej32.exeC:\Windows\system32\Jginej32.exe54⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jmffnq32.exeC:\Windows\system32\Jmffnq32.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jcpojk32.exeC:\Windows\system32\Jcpojk32.exe56⤵
-
C:\Windows\SysWOW64\Kimgba32.exeC:\Windows\system32\Kimgba32.exe57⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kcbkpj32.exeC:\Windows\system32\Kcbkpj32.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Kfaglf32.exeC:\Windows\system32\Kfaglf32.exe59⤵
-
C:\Windows\SysWOW64\Kmkpipaf.exeC:\Windows\system32\Kmkpipaf.exe60⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kgqdfi32.exeC:\Windows\system32\Kgqdfi32.exe61⤵
-
C:\Windows\SysWOW64\Kgemahmg.exeC:\Windows\system32\Kgemahmg.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kifjip32.exeC:\Windows\system32\Kifjip32.exe63⤵
-
C:\Windows\SysWOW64\Kppbejka.exeC:\Windows\system32\Kppbejka.exe64⤵
-
C:\Windows\SysWOW64\Kfjjbd32.exeC:\Windows\system32\Kfjjbd32.exe65⤵
-
C:\Windows\SysWOW64\Lapopm32.exeC:\Windows\system32\Lapopm32.exe66⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Likcdpop.exeC:\Windows\system32\Likcdpop.exe67⤵
-
C:\Windows\SysWOW64\Lpelqj32.exeC:\Windows\system32\Lpelqj32.exe68⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lfodmdni.exeC:\Windows\system32\Lfodmdni.exe69⤵
-
C:\Windows\SysWOW64\Ladhkmno.exeC:\Windows\system32\Ladhkmno.exe70⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lhopgg32.exeC:\Windows\system32\Lhopgg32.exe71⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lipmoo32.exeC:\Windows\system32\Lipmoo32.exe72⤵
-
C:\Windows\SysWOW64\Lcealh32.exeC:\Windows\system32\Lcealh32.exe73⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Laiafl32.exeC:\Windows\system32\Laiafl32.exe74⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lhcjbfag.exeC:\Windows\system32\Lhcjbfag.exe75⤵
-
C:\Windows\SysWOW64\Mmpbkm32.exeC:\Windows\system32\Mmpbkm32.exe76⤵
-
C:\Windows\SysWOW64\Mhefhf32.exeC:\Windows\system32\Mhefhf32.exe77⤵
-
C:\Windows\SysWOW64\Migcpneb.exeC:\Windows\system32\Migcpneb.exe78⤵
-
C:\Windows\SysWOW64\Mpqklh32.exeC:\Windows\system32\Mpqklh32.exe79⤵
-
C:\Windows\SysWOW64\Mfkcibdl.exeC:\Windows\system32\Mfkcibdl.exe80⤵
-
C:\Windows\SysWOW64\Mapgfk32.exeC:\Windows\system32\Mapgfk32.exe81⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mdodbf32.exeC:\Windows\system32\Mdodbf32.exe82⤵
-
C:\Windows\SysWOW64\Miklkm32.exeC:\Windows\system32\Miklkm32.exe83⤵
-
C:\Windows\SysWOW64\Mjkiephp.exeC:\Windows\system32\Mjkiephp.exe84⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Maeaajpl.exeC:\Windows\system32\Maeaajpl.exe85⤵
-
C:\Windows\SysWOW64\Njmejp32.exeC:\Windows\system32\Njmejp32.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nmlafk32.exeC:\Windows\system32\Nmlafk32.exe87⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ndejcemn.exeC:\Windows\system32\Ndejcemn.exe88⤵
-
C:\Windows\SysWOW64\Nkpbpp32.exeC:\Windows\system32\Nkpbpp32.exe89⤵
-
C:\Windows\SysWOW64\Nplkhf32.exeC:\Windows\system32\Nplkhf32.exe90⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nhcbidcd.exeC:\Windows\system32\Nhcbidcd.exe91⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Nieoal32.exeC:\Windows\system32\Nieoal32.exe92⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nalgbi32.exeC:\Windows\system32\Nalgbi32.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Nhfoocaa.exeC:\Windows\system32\Nhfoocaa.exe94⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Niglfl32.exeC:\Windows\system32\Niglfl32.exe95⤵
-
C:\Windows\SysWOW64\Ndmpddfe.exeC:\Windows\system32\Ndmpddfe.exe96⤵
-
C:\Windows\SysWOW64\Nmedmj32.exeC:\Windows\system32\Nmedmj32.exe97⤵
-
C:\Windows\SysWOW64\Ndomiddc.exeC:\Windows\system32\Ndomiddc.exe98⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ogmiepcf.exeC:\Windows\system32\Ogmiepcf.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Oacmchcl.exeC:\Windows\system32\Oacmchcl.exe100⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ohobebig.exeC:\Windows\system32\Ohobebig.exe101⤵
-
C:\Windows\SysWOW64\Omlkmign.exeC:\Windows\system32\Omlkmign.exe102⤵
-
C:\Windows\SysWOW64\Odfcjc32.exeC:\Windows\system32\Odfcjc32.exe103⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oickbjmb.exeC:\Windows\system32\Oickbjmb.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Oajccgmd.exeC:\Windows\system32\Oajccgmd.exe105⤵
-
C:\Windows\SysWOW64\Oggllnkl.exeC:\Windows\system32\Oggllnkl.exe106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Onqdhh32.exeC:\Windows\system32\Onqdhh32.exe107⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pdklebje.exeC:\Windows\system32\Pdklebje.exe108⤵
-
C:\Windows\SysWOW64\Pncanhaf.exeC:\Windows\system32\Pncanhaf.exe109⤵
-
C:\Windows\SysWOW64\Pgkegn32.exeC:\Windows\system32\Pgkegn32.exe110⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Pdofpb32.exeC:\Windows\system32\Pdofpb32.exe111⤵
-
C:\Windows\SysWOW64\Pacfjfej.exeC:\Windows\system32\Pacfjfej.exe112⤵
-
C:\Windows\SysWOW64\Pgpobmca.exeC:\Windows\system32\Pgpobmca.exe113⤵
-
C:\Windows\SysWOW64\Pafcofcg.exeC:\Windows\system32\Pafcofcg.exe114⤵
-
C:\Windows\SysWOW64\Pknghk32.exeC:\Windows\system32\Pknghk32.exe115⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qpkppbho.exeC:\Windows\system32\Qpkppbho.exe116⤵
-
C:\Windows\SysWOW64\Qdihfq32.exeC:\Windows\system32\Qdihfq32.exe117⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qkcackeb.exeC:\Windows\system32\Qkcackeb.exe118⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aqpika32.exeC:\Windows\system32\Aqpika32.exe119⤵
-
C:\Windows\SysWOW64\Ancjef32.exeC:\Windows\system32\Ancjef32.exe120⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ahinbo32.exeC:\Windows\system32\Ahinbo32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-