Analysis
-
max time kernel
88s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
31/10/2023, 19:20
General
-
Target
NEAS.fd7116c1802b30143f4918d6197e18b0_JC.exe
-
Size
1.9MB
-
MD5
fd7116c1802b30143f4918d6197e18b0
-
SHA1
a31118855bec7a460c30b12171d368a2d54bd41c
-
SHA256
5c7f532a42f5a7e8952ead87f7fce5a24f194199e636807d87ff62afc9218282
-
SHA512
3a6c4eb79f1a822b89d21952d44f27c2e97d08a58f0dd52adaeb8fa5e03bbd15d071e9b45b43c5c77e1f53306a33cc4d8b24393a0cc0fdea3308f1bd601c3e0e
-
SSDEEP
49152:CaSHFaZRBEYyqmS2DiHPKQgmZUnaUgpC7jvha51N:CaSHFaZRBEYyqmS2DiHPKQgmZ0aUgUjY
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Malware Backdoor - Berbew 64 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.fd7116c1802b30143f4918d6197e18b0_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.fd7116c1802b30143f4918d6197e18b0_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nemmoe32.exeC:\Windows\system32\Nemmoe32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Neoieenp.exeC:\Windows\system32\Neoieenp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nognnj32.exeC:\Windows\system32\Nognnj32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ohiemobf.exeC:\Windows\system32\Ohiemobf.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pcepkfld.exeC:\Windows\system32\Pcepkfld.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Polppg32.exeC:\Windows\system32\Polppg32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qkjgegae.exeC:\Windows\system32\Qkjgegae.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Alqjpi32.exeC:\Windows\system32\Alqjpi32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Alcfei32.exeC:\Windows\system32\Alcfei32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bjlpjm32.exeC:\Windows\system32\Bjlpjm32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bbgeno32.exeC:\Windows\system32\Bbgeno32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bkafmd32.exeC:\Windows\system32\Bkafmd32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cijpahho.exeC:\Windows\system32\Cijpahho.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cjliajmo.exeC:\Windows\system32\Cjliajmo.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dmalne32.exeC:\Windows\system32\Dmalne32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Elnoopdj.exeC:\Windows\system32\Elnoopdj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ebommi32.exeC:\Windows\system32\Ebommi32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fpbmfn32.exeC:\Windows\system32\Fpbmfn32.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fjjnifbl.exeC:\Windows\system32\Fjjnifbl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gpnmbl32.exeC:\Windows\system32\Gpnmbl32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gfkbde32.exeC:\Windows\system32\Gfkbde32.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Glgjlm32.exeC:\Windows\system32\Glgjlm32.exe23⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gikkfqmf.exeC:\Windows\system32\Gikkfqmf.exe24⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Gbdoof32.exeC:\Windows\system32\Gbdoof32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Glldgljg.exeC:\Windows\system32\Glldgljg.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Hmnmgnoh.exeC:\Windows\system32\Hmnmgnoh.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hginecde.exeC:\Windows\system32\Hginecde.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hpabni32.exeC:\Windows\system32\Hpabni32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hkfglb32.exeC:\Windows\system32\Hkfglb32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
-
-
-
C:\Windows\SysWOW64\Hpcodihc.exeC:\Windows\system32\Hpcodihc.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ipflihfq.exeC:\Windows\system32\Ipflihfq.exe2⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kkgiimng.exeC:\Windows\system32\Kkgiimng.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lqkgbcff.exeC:\Windows\system32\Lqkgbcff.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lnohlgep.exeC:\Windows\system32\Lnohlgep.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lmgabcge.exeC:\Windows\system32\Lmgabcge.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mminhceb.exeC:\Windows\system32\Mminhceb.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mcecjmkl.exeC:\Windows\system32\Mcecjmkl.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mgclpkac.exeC:\Windows\system32\Mgclpkac.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Megljppl.exeC:\Windows\system32\Megljppl.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nclikl32.exeC:\Windows\system32\Nclikl32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ncofplba.exeC:\Windows\system32\Ncofplba.exe12⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ekmhejao.exeC:\Windows\system32\Ekmhejao.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fimhjl32.exeC:\Windows\system32\Fimhjl32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gemkelcd.exeC:\Windows\system32\Gemkelcd.exe15⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jlgepanl.exeC:\Windows\system32\Jlgepanl.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kngkqbgl.exeC:\Windows\system32\Kngkqbgl.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mfchlbfd.exeC:\Windows\system32\Mfchlbfd.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mgbefe32.exeC:\Windows\system32\Mgbefe32.exe19⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mqkiok32.exeC:\Windows\system32\Mqkiok32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mjcngpjh.exeC:\Windows\system32\Mjcngpjh.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nclbpf32.exeC:\Windows\system32\Nclbpf32.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmdgikhi.exeC:\Windows\system32\Nmdgikhi.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ncnofeof.exeC:\Windows\system32\Ncnofeof.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nncccnol.exeC:\Windows\system32\Nncccnol.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ncqlkemc.exeC:\Windows\system32\Ncqlkemc.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmipdk32.exeC:\Windows\system32\Nmipdk32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nfaemp32.exeC:\Windows\system32\Nfaemp32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nceefd32.exeC:\Windows\system32\Nceefd32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oaifpi32.exeC:\Windows\system32\Oaifpi32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pnplfj32.exeC:\Windows\system32\Pnplfj32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qjfmkk32.exeC:\Windows\system32\Qjfmkk32.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qfmmplad.exeC:\Windows\system32\Qfmmplad.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Amjbbfgo.exeC:\Windows\system32\Amjbbfgo.exe34⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aoioli32.exeC:\Windows\system32\Aoioli32.exe35⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Agdcpkll.exeC:\Windows\system32\Agdcpkll.exe36⤵
-
C:\Windows\SysWOW64\Ahdpjn32.exeC:\Windows\system32\Ahdpjn32.exe37⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aaldccip.exeC:\Windows\system32\Aaldccip.exe38⤵
-
C:\Windows\SysWOW64\Agimkk32.exeC:\Windows\system32\Agimkk32.exe39⤵
-
C:\Windows\SysWOW64\Bdmmeo32.exeC:\Windows\system32\Bdmmeo32.exe40⤵
-
C:\Windows\SysWOW64\Bgkiaj32.exeC:\Windows\system32\Bgkiaj32.exe41⤵
-
C:\Windows\SysWOW64\Baannc32.exeC:\Windows\system32\Baannc32.exe42⤵
-
C:\Windows\SysWOW64\Bkibgh32.exeC:\Windows\system32\Bkibgh32.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bahdob32.exeC:\Windows\system32\Bahdob32.exe44⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bkphhgfc.exeC:\Windows\system32\Bkphhgfc.exe45⤵
-
C:\Windows\SysWOW64\Chdialdl.exeC:\Windows\system32\Chdialdl.exe46⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Chfegk32.exeC:\Windows\system32\Chfegk32.exe47⤵
-
C:\Windows\SysWOW64\Coqncejg.exeC:\Windows\system32\Coqncejg.exe48⤵
-
C:\Windows\SysWOW64\Cgnomg32.exeC:\Windows\system32\Cgnomg32.exe49⤵
-
C:\Windows\SysWOW64\Dddllkbf.exeC:\Windows\system32\Dddllkbf.exe50⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kedlip32.exeC:\Windows\system32\Kedlip32.exe51⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kofdhd32.exeC:\Windows\system32\Kofdhd32.exe52⤵
-
C:\Windows\SysWOW64\Lebijnak.exeC:\Windows\system32\Lebijnak.exe53⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Njedbjej.exeC:\Windows\system32\Njedbjej.exe54⤵
-
C:\Windows\SysWOW64\Nofefp32.exeC:\Windows\system32\Nofefp32.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oqklkbbi.exeC:\Windows\system32\Oqklkbbi.exe56⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ojcpdg32.exeC:\Windows\system32\Ojcpdg32.exe57⤵
-
C:\Windows\SysWOW64\Oqoefand.exeC:\Windows\system32\Oqoefand.exe58⤵
-
C:\Windows\SysWOW64\Padnaq32.exeC:\Windows\system32\Padnaq32.exe59⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pcegclgp.exeC:\Windows\system32\Pcegclgp.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pplhhm32.exeC:\Windows\system32\Pplhhm32.exe61⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pciqnk32.exeC:\Windows\system32\Pciqnk32.exe62⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qfjjpf32.exeC:\Windows\system32\Qfjjpf32.exe63⤵
-
C:\Windows\SysWOW64\Bgdemb32.exeC:\Windows\system32\Bgdemb32.exe64⤵
-
C:\Windows\SysWOW64\Ekngemhd.exeC:\Windows\system32\Ekngemhd.exe65⤵
-
C:\Windows\SysWOW64\Fcneeo32.exeC:\Windows\system32\Fcneeo32.exe66⤵
-
C:\Windows\SysWOW64\Fqfojblo.exeC:\Windows\system32\Fqfojblo.exe67⤵
-
C:\Windows\SysWOW64\Infhebbh.exeC:\Windows\system32\Infhebbh.exe68⤵
-
C:\Windows\SysWOW64\Ldfoad32.exeC:\Windows\system32\Ldfoad32.exe69⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mddkbbfg.exeC:\Windows\system32\Mddkbbfg.exe70⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oheienli.exeC:\Windows\system32\Oheienli.exe71⤵
-
C:\Windows\SysWOW64\Pkholi32.exeC:\Windows\system32\Pkholi32.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Amfhgj32.exeC:\Windows\system32\Amfhgj32.exe73⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aehbmk32.exeC:\Windows\system32\Aehbmk32.exe74⤵
-
C:\Windows\SysWOW64\Bcpika32.exeC:\Windows\system32\Bcpika32.exe75⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cpqlfa32.exeC:\Windows\system32\Cpqlfa32.exe76⤵
-
C:\Windows\SysWOW64\Ddqbbo32.exeC:\Windows\system32\Ddqbbo32.exe77⤵
-
C:\Windows\SysWOW64\Dpgbgpbe.exeC:\Windows\system32\Dpgbgpbe.exe78⤵
-
C:\Windows\SysWOW64\Dbhlikpf.exeC:\Windows\system32\Dbhlikpf.exe79⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dekapfke.exeC:\Windows\system32\Dekapfke.exe80⤵
-
C:\Windows\SysWOW64\Ellpmolj.exeC:\Windows\system32\Ellpmolj.exe81⤵
-
C:\Windows\SysWOW64\Fcmnkh32.exeC:\Windows\system32\Fcmnkh32.exe82⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Flfbcndo.exeC:\Windows\system32\Flfbcndo.exe83⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fcpkph32.exeC:\Windows\system32\Fcpkph32.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fneoma32.exeC:\Windows\system32\Fneoma32.exe85⤵
-
C:\Windows\SysWOW64\Gloejmld.exeC:\Windows\system32\Gloejmld.exe86⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gnanioad.exeC:\Windows\system32\Gnanioad.exe87⤵
-
C:\Windows\SysWOW64\Hjlhipbc.exeC:\Windows\system32\Hjlhipbc.exe88⤵
-
C:\Windows\SysWOW64\Hfcinq32.exeC:\Windows\system32\Hfcinq32.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hfhbipdb.exeC:\Windows\system32\Hfhbipdb.exe90⤵
-
C:\Windows\SysWOW64\Igjlibib.exeC:\Windows\system32\Igjlibib.exe91⤵
-
C:\Windows\SysWOW64\Ifoijonj.exeC:\Windows\system32\Ifoijonj.exe92⤵
-
C:\Windows\SysWOW64\Jjfdfl32.exeC:\Windows\system32\Jjfdfl32.exe93⤵
-
C:\Windows\SysWOW64\Kfanflne.exeC:\Windows\system32\Kfanflne.exe94⤵
-
C:\Windows\SysWOW64\Kebodc32.exeC:\Windows\system32\Kebodc32.exe95⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Knkcmild.exeC:\Windows\system32\Knkcmild.exe96⤵
-
C:\Windows\SysWOW64\Kdhlepkl.exeC:\Windows\system32\Kdhlepkl.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kmppneal.exeC:\Windows\system32\Kmppneal.exe98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Laglkb32.exeC:\Windows\system32\Laglkb32.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ldhdlnli.exeC:\Windows\system32\Ldhdlnli.exe100⤵
-
C:\Windows\SysWOW64\Loniiflo.exeC:\Windows\system32\Loniiflo.exe101⤵
-
C:\Windows\SysWOW64\Mdkabmjf.exeC:\Windows\system32\Mdkabmjf.exe102⤵
-
C:\Windows\SysWOW64\Mhhjhlqm.exeC:\Windows\system32\Mhhjhlqm.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mmebpbod.exeC:\Windows\system32\Mmebpbod.exe104⤵
-
C:\Windows\SysWOW64\Mgngih32.exeC:\Windows\system32\Mgngih32.exe105⤵
-
C:\Windows\SysWOW64\Mdagbl32.exeC:\Windows\system32\Mdagbl32.exe106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Moglpedd.exeC:\Windows\system32\Moglpedd.exe107⤵
-
C:\Windows\SysWOW64\Mdddhlbl.exeC:\Windows\system32\Mdddhlbl.exe108⤵
-
C:\Windows\SysWOW64\Nmlhaa32.exeC:\Windows\system32\Nmlhaa32.exe109⤵
-
C:\Windows\SysWOW64\Nhbmnj32.exeC:\Windows\system32\Nhbmnj32.exe110⤵
-
C:\Windows\SysWOW64\Najagp32.exeC:\Windows\system32\Najagp32.exe111⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nkbfpeec.exeC:\Windows\system32\Nkbfpeec.exe112⤵
-
C:\Windows\SysWOW64\Ndkjik32.exeC:\Windows\system32\Ndkjik32.exe113⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nncoaq32.exeC:\Windows\system32\Nncoaq32.exe114⤵
-
C:\Windows\SysWOW64\Nhicoi32.exeC:\Windows\system32\Nhicoi32.exe115⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ndpcdjho.exeC:\Windows\system32\Ndpcdjho.exe116⤵
-
C:\Windows\SysWOW64\Oeopnmoa.exeC:\Windows\system32\Oeopnmoa.exe117⤵
-
C:\Windows\SysWOW64\Onjebpml.exeC:\Windows\system32\Onjebpml.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Okneldkf.exeC:\Windows\system32\Okneldkf.exe119⤵
-
C:\Windows\SysWOW64\Oediim32.exeC:\Windows\system32\Oediim32.exe120⤵
-
C:\Windows\SysWOW64\Odifjipd.exeC:\Windows\system32\Odifjipd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-