Analysis
-
max time kernel
175s -
max time network
204s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
01-11-2023 14:22
General
-
Target
NEAS.de9ad5e1642e59b113bf16365ac69e30.exe
-
Size
1.9MB
-
MD5
de9ad5e1642e59b113bf16365ac69e30
-
SHA1
4483f4d9bfe412d616c01bb82e4324fb9fa3fde4
-
SHA256
cc404c085825f51ecdb2f4829221ad025e8ab576c4d1e45be8d75f52484aa84a
-
SHA512
0ba162c8a07aebdc02e8fe81f607a8dc38a26e4ba55583c7883b985916032b82c51ccd297b41e53471cb2e512840afd13d6168ac69043e1ca8ac4b9be20f029b
-
SSDEEP
24576:PF0NIVyeNIVy2jUxJm3mF7gN0ggggbzNIVyeNIVy2jsyNIVyeNIVy2jUxJm3mF7X:Nryj2KyjCyj2Kyjx
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.de9ad5e1642e59b113bf16365ac69e30.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.de9ad5e1642e59b113bf16365ac69e30.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lkqgno32.exeC:\Windows\system32\Lkqgno32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mlbpma32.exeC:\Windows\system32\Mlbpma32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mociol32.exeC:\Windows\system32\Mociol32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mhnjna32.exeC:\Windows\system32\Mhnjna32.exe5⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mahklf32.exeC:\Windows\system32\Mahklf32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nlqloo32.exeC:\Windows\system32\Nlqloo32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nlcidopb.exeC:\Windows\system32\Nlcidopb.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nbdkhe32.exeC:\Windows\system32\Nbdkhe32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Obfhmd32.exeC:\Windows\system32\Obfhmd32.exe10⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Obkahddl.exeC:\Windows\system32\Obkahddl.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pilpfm32.exeC:\Windows\system32\Pilpfm32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pecpknke.exeC:\Windows\system32\Pecpknke.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Pbgqdb32.exeC:\Windows\system32\Pbgqdb32.exe1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qejfkmem.exeC:\Windows\system32\Qejfkmem.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ghqeihbb.exeC:\Windows\system32\Ghqeihbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ggfobofl.exeC:\Windows\system32\Ggfobofl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Goadfa32.exeC:\Windows\system32\Goadfa32.exe5⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
-
-
-
-
C:\Windows\SysWOW64\Hgkimn32.exeC:\Windows\system32\Hgkimn32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hofmaq32.exeC:\Windows\system32\Hofmaq32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hjlaoioh.exeC:\Windows\system32\Hjlaoioh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ioppho32.exeC:\Windows\system32\Ioppho32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
C:\Windows\SysWOW64\Ihjafd32.exeC:\Windows\system32\Ihjafd32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Igkadlcd.exeC:\Windows\system32\Igkadlcd.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Ioicnn32.exeC:\Windows\system32\Ioicnn32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jokpcmmj.exeC:\Windows\system32\Jokpcmmj.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jqklnp32.exeC:\Windows\system32\Jqklnp32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kfaglf32.exeC:\Windows\system32\Kfaglf32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kjopbd32.exeC:\Windows\system32\Kjopbd32.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kciaqi32.exeC:\Windows\system32\Kciaqi32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmdbooik.exeC:\Windows\system32\Lmdbooik.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmfodn32.exeC:\Windows\system32\Lmfodn32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ljmmcbdp.exeC:\Windows\system32\Ljmmcbdp.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Midfjnge.exeC:\Windows\system32\Midfjnge.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mfkcibdl.exeC:\Windows\system32\Mfkcibdl.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mpchbhjl.exeC:\Windows\system32\Mpchbhjl.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Miklkm32.exeC:\Windows\system32\Miklkm32.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mfomda32.exeC:\Windows\system32\Mfomda32.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mphamg32.exeC:\Windows\system32\Mphamg32.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ndejcemn.exeC:\Windows\system32\Ndejcemn.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nmnnlk32.exeC:\Windows\system32\Nmnnlk32.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nalgbi32.exeC:\Windows\system32\Nalgbi32.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nkdlkope.exeC:\Windows\system32\Nkdlkope.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ndomiddc.exeC:\Windows\system32\Ndomiddc.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Opfnne32.exeC:\Windows\system32\Opfnne32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ophjdehd.exeC:\Windows\system32\Ophjdehd.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oknnanhj.exeC:\Windows\system32\Oknnanhj.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ohaokbfd.exeC:\Windows\system32\Ohaokbfd.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Onngci32.exeC:\Windows\system32\Onngci32.exe25⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Ifqoehhl.exeC:\Windows\system32\Ifqoehhl.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ihheqd32.exeC:\Windows\system32\Ihheqd32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oggllnkl.exeC:\Windows\system32\Oggllnkl.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Opopdd32.exeC:\Windows\system32\Opopdd32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pncanhaf.exeC:\Windows\system32\Pncanhaf.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pknghk32.exeC:\Windows\system32\Pknghk32.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qdflaa32.exeC:\Windows\system32\Qdflaa32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Adpogp32.exeC:\Windows\system32\Adpogp32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Agqhik32.exeC:\Windows\system32\Agqhik32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bdlncn32.exeC:\Windows\system32\Bdlncn32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cnhlgc32.exeC:\Windows\system32\Cnhlgc32.exe9⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cinpdl32.exeC:\Windows\system32\Cinpdl32.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cnkilbni.exeC:\Windows\system32\Cnkilbni.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cgcmeh32.exeC:\Windows\system32\Cgcmeh32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cbiabq32.exeC:\Windows\system32\Cbiabq32.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cgejkh32.exeC:\Windows\system32\Cgejkh32.exe14⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cnpbgajc.exeC:\Windows\system32\Cnpbgajc.exe15⤵
-
C:\Windows\SysWOW64\Ckcbaf32.exeC:\Windows\system32\Ckcbaf32.exe16⤵
-
C:\Windows\SysWOW64\Cbnknpqj.exeC:\Windows\system32\Cbnknpqj.exe17⤵
-
C:\Windows\SysWOW64\Cgjcfgoa.exeC:\Windows\system32\Cgjcfgoa.exe18⤵
-
C:\Windows\SysWOW64\Dbphcpog.exeC:\Windows\system32\Dbphcpog.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dgmpkg32.exeC:\Windows\system32\Dgmpkg32.exe20⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dbbdip32.exeC:\Windows\system32\Dbbdip32.exe21⤵
-
C:\Windows\SysWOW64\Dgomaf32.exeC:\Windows\system32\Dgomaf32.exe22⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dbdano32.exeC:\Windows\system32\Dbdano32.exe23⤵
-
C:\Windows\SysWOW64\Dgaiffii.exeC:\Windows\system32\Dgaiffii.exe24⤵
-
C:\Windows\SysWOW64\Dbgndoho.exeC:\Windows\system32\Dbgndoho.exe25⤵
-
C:\Windows\SysWOW64\Dhcfleff.exeC:\Windows\system32\Dhcfleff.exe26⤵
-
C:\Windows\SysWOW64\Dbijinfl.exeC:\Windows\system32\Dbijinfl.exe27⤵
-
C:\Windows\SysWOW64\Dhfcae32.exeC:\Windows\system32\Dhfcae32.exe28⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Eblgon32.exeC:\Windows\system32\Eblgon32.exe29⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Eieplhlf.exeC:\Windows\system32\Eieplhlf.exe30⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ejglcq32.exeC:\Windows\system32\Ejglcq32.exe31⤵
-
C:\Windows\SysWOW64\Eelpqi32.exeC:\Windows\system32\Eelpqi32.exe32⤵
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Ejiiippb.exeC:\Windows\system32\Ejiiippb.exe1⤵
-
C:\Windows\SysWOW64\Eliecc32.exeC:\Windows\system32\Eliecc32.exe2⤵
-
C:\Windows\SysWOW64\Eaenkj32.exeC:\Windows\system32\Eaenkj32.exe3⤵
-
C:\Windows\SysWOW64\Elkbhbeb.exeC:\Windows\system32\Elkbhbeb.exe4⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Eahjqicj.exeC:\Windows\system32\Eahjqicj.exe5⤵
-
C:\Windows\SysWOW64\Fhbbmc32.exeC:\Windows\system32\Fhbbmc32.exe6⤵
-
C:\Windows\SysWOW64\Fbggkl32.exeC:\Windows\system32\Fbggkl32.exe7⤵
-
C:\Windows\SysWOW64\Flpkcbqm.exeC:\Windows\system32\Flpkcbqm.exe8⤵
-
C:\Windows\SysWOW64\Fbjcplhj.exeC:\Windows\system32\Fbjcplhj.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Flbhia32.exeC:\Windows\system32\Flbhia32.exe10⤵
-
C:\Windows\SysWOW64\Gknkkmmj.exeC:\Windows\system32\Gknkkmmj.exe11⤵
-
C:\Windows\SysWOW64\Golcak32.exeC:\Windows\system32\Golcak32.exe12⤵
-
C:\Windows\SysWOW64\Giahndcf.exeC:\Windows\system32\Giahndcf.exe13⤵
-
C:\Windows\SysWOW64\Gehice32.exeC:\Windows\system32\Gehice32.exe14⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gkeakl32.exeC:\Windows\system32\Gkeakl32.exe15⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gaoihfoo.exeC:\Windows\system32\Gaoihfoo.exe16⤵
-
C:\Windows\SysWOW64\Hleneo32.exeC:\Windows\system32\Hleneo32.exe17⤵
-
C:\Windows\SysWOW64\Haafnf32.exeC:\Windows\system32\Haafnf32.exe18⤵
-
C:\Windows\SysWOW64\Hlgjko32.exeC:\Windows\system32\Hlgjko32.exe19⤵
-
C:\Windows\SysWOW64\Hcabhido.exeC:\Windows\system32\Hcabhido.exe20⤵
-
C:\Windows\SysWOW64\Hhnkppbf.exeC:\Windows\system32\Hhnkppbf.exe21⤵
-
C:\Windows\SysWOW64\Hafpiehg.exeC:\Windows\system32\Hafpiehg.exe22⤵
-
C:\Windows\SysWOW64\Hkodak32.exeC:\Windows\system32\Hkodak32.exe23⤵
-
C:\Windows\SysWOW64\Hedhoc32.exeC:\Windows\system32\Hedhoc32.exe24⤵
-
C:\Windows\SysWOW64\Jllmml32.exeC:\Windows\system32\Jllmml32.exe25⤵
-
C:\Windows\SysWOW64\Jbieebha.exeC:\Windows\system32\Jbieebha.exe26⤵
-
C:\Windows\SysWOW64\Jhcmbm32.exeC:\Windows\system32\Jhcmbm32.exe27⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Joobdfei.exeC:\Windows\system32\Joobdfei.exe28⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jhhgmlli.exeC:\Windows\system32\Jhhgmlli.exe29⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jcmkjeko.exeC:\Windows\system32\Jcmkjeko.exe30⤵
-
C:\Windows\SysWOW64\Jjgcgo32.exeC:\Windows\system32\Jjgcgo32.exe31⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kbbhka32.exeC:\Windows\system32\Kbbhka32.exe32⤵
-
C:\Windows\SysWOW64\Kmhlijpm.exeC:\Windows\system32\Kmhlijpm.exe33⤵
-
C:\Windows\SysWOW64\Kbedaand.exeC:\Windows\system32\Kbedaand.exe34⤵
-
C:\Windows\SysWOW64\Kiomnk32.exeC:\Windows\system32\Kiomnk32.exe35⤵
-
C:\Windows\SysWOW64\Koiejemn.exeC:\Windows\system32\Koiejemn.exe36⤵
-
C:\Windows\SysWOW64\Kfbmgo32.exeC:\Windows\system32\Kfbmgo32.exe37⤵
-
C:\Windows\SysWOW64\Kokbpe32.exeC:\Windows\system32\Kokbpe32.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kjqfmn32.exeC:\Windows\system32\Kjqfmn32.exe39⤵
-
C:\Windows\SysWOW64\Ljephmgl.exeC:\Windows\system32\Ljephmgl.exe40⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lflpmn32.exeC:\Windows\system32\Lflpmn32.exe41⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Limioiia.exeC:\Windows\system32\Limioiia.exe42⤵
-
C:\Windows\SysWOW64\Liofdigo.exeC:\Windows\system32\Liofdigo.exe43⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Liabjh32.exeC:\Windows\system32\Liabjh32.exe44⤵
-
C:\Windows\SysWOW64\Mpkkgbmi.exeC:\Windows\system32\Mpkkgbmi.exe45⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Midoph32.exeC:\Windows\system32\Midoph32.exe46⤵
-
C:\Windows\SysWOW64\Mfhpilbc.exeC:\Windows\system32\Mfhpilbc.exe47⤵
-
C:\Windows\SysWOW64\Mclpbqal.exeC:\Windows\system32\Mclpbqal.exe48⤵
-
C:\Windows\SysWOW64\Mihikgod.exeC:\Windows\system32\Mihikgod.exe49⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mbamcm32.exeC:\Windows\system32\Mbamcm32.exe50⤵
-
C:\Windows\SysWOW64\Mmfaafej.exeC:\Windows\system32\Mmfaafej.exe51⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mfofjk32.exeC:\Windows\system32\Mfofjk32.exe52⤵
-
C:\Windows\SysWOW64\Niiaae32.exeC:\Windows\system32\Niiaae32.exe53⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pcfhlh32.exeC:\Windows\system32\Pcfhlh32.exe54⤵
-
C:\Windows\SysWOW64\Qipqibmf.exeC:\Windows\system32\Qipqibmf.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qdfefkll.exeC:\Windows\system32\Qdfefkll.exe56⤵
-
C:\Windows\SysWOW64\Qibmoa32.exeC:\Windows\system32\Qibmoa32.exe57⤵
-
C:\Windows\SysWOW64\Qckbggad.exeC:\Windows\system32\Qckbggad.exe58⤵
-
C:\Windows\SysWOW64\Anqfepaj.exeC:\Windows\system32\Anqfepaj.exe59⤵
-
C:\Windows\SysWOW64\Acmomgoa.exeC:\Windows\system32\Acmomgoa.exe60⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ajggjq32.exeC:\Windows\system32\Ajggjq32.exe61⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Admkgifd.exeC:\Windows\system32\Admkgifd.exe62⤵
-
C:\Windows\SysWOW64\Aneppo32.exeC:\Windows\system32\Aneppo32.exe63⤵
-
C:\Windows\SysWOW64\Adohmidb.exeC:\Windows\system32\Adohmidb.exe64⤵
-
C:\Windows\SysWOW64\Ajlpepbi.exeC:\Windows\system32\Ajlpepbi.exe65⤵
-
C:\Windows\SysWOW64\Adadbi32.exeC:\Windows\system32\Adadbi32.exe66⤵
-
C:\Windows\SysWOW64\Aphegjhc.exeC:\Windows\system32\Aphegjhc.exe67⤵
-
C:\Windows\SysWOW64\Bgbmdd32.exeC:\Windows\system32\Bgbmdd32.exe68⤵
-
C:\Windows\SysWOW64\Bpkbmi32.exeC:\Windows\system32\Bpkbmi32.exe69⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bjcfeola.exeC:\Windows\system32\Bjcfeola.exe70⤵
-
C:\Windows\SysWOW64\Bgggockk.exeC:\Windows\system32\Bgggockk.exe71⤵
-
C:\Windows\SysWOW64\Bqokhi32.exeC:\Windows\system32\Bqokhi32.exe72⤵
-
C:\Windows\SysWOW64\Bqahmhpi.exeC:\Windows\system32\Bqahmhpi.exe73⤵
-
C:\Windows\SysWOW64\Bjjmfn32.exeC:\Windows\system32\Bjjmfn32.exe74⤵
-
C:\Windows\SysWOW64\Bdpqcg32.exeC:\Windows\system32\Bdpqcg32.exe75⤵
-
C:\Windows\SysWOW64\Ccendc32.exeC:\Windows\system32\Ccendc32.exe76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cjofambd.exeC:\Windows\system32\Cjofambd.exe77⤵
-
C:\Windows\SysWOW64\Ccgjjc32.exeC:\Windows\system32\Ccgjjc32.exe78⤵
-
C:\Windows\SysWOW64\Cnmoglij.exeC:\Windows\system32\Cnmoglij.exe79⤵
-
C:\Windows\SysWOW64\Ccigpbga.exeC:\Windows\system32\Ccigpbga.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cnokmkfh.exeC:\Windows\system32\Cnokmkfh.exe81⤵
-
C:\Windows\SysWOW64\Cdicje32.exeC:\Windows\system32\Cdicje32.exe82⤵
-
C:\Windows\SysWOW64\Cmdhnhkp.exeC:\Windows\system32\Cmdhnhkp.exe83⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dgjmkqke.exeC:\Windows\system32\Dgjmkqke.exe84⤵
-
C:\Windows\SysWOW64\Ddnmeejo.exeC:\Windows\system32\Ddnmeejo.exe85⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dcegkamd.exeC:\Windows\system32\Dcegkamd.exe86⤵
-
C:\Windows\SysWOW64\Dnkkij32.exeC:\Windows\system32\Dnkkij32.exe87⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dcgcaq32.exeC:\Windows\system32\Dcgcaq32.exe88⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Djalnkbo.exeC:\Windows\system32\Djalnkbo.exe89⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Eegpkcbd.exeC:\Windows\system32\Eegpkcbd.exe90⤵
-
C:\Windows\SysWOW64\Enoddi32.exeC:\Windows\system32\Enoddi32.exe91⤵
-
C:\Windows\SysWOW64\Eghimo32.exeC:\Windows\system32\Eghimo32.exe92⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Emdaee32.exeC:\Windows\system32\Emdaee32.exe93⤵
-
C:\Windows\SysWOW64\Ejhanj32.exeC:\Windows\system32\Ejhanj32.exe94⤵
-
C:\Windows\SysWOW64\Ecafgo32.exeC:\Windows\system32\Ecafgo32.exe95⤵
-
C:\Windows\SysWOW64\Emikpeig.exeC:\Windows\system32\Emikpeig.exe96⤵
-
C:\Windows\SysWOW64\Fmndkd32.exeC:\Windows\system32\Fmndkd32.exe97⤵
-
C:\Windows\SysWOW64\Flodilma.exeC:\Windows\system32\Flodilma.exe98⤵
-
C:\Windows\SysWOW64\Fhfenmbe.exeC:\Windows\system32\Fhfenmbe.exe99⤵
-
C:\Windows\SysWOW64\Fmbnfcam.exeC:\Windows\system32\Fmbnfcam.exe100⤵
-
C:\Windows\SysWOW64\Fhhaclqc.exeC:\Windows\system32\Fhhaclqc.exe101⤵
-
C:\Windows\SysWOW64\Faqflb32.exeC:\Windows\system32\Faqflb32.exe102⤵
-
C:\Windows\SysWOW64\Gmggac32.exeC:\Windows\system32\Gmggac32.exe103⤵
-
C:\Windows\SysWOW64\Hldgkiki.exeC:\Windows\system32\Hldgkiki.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Haaocp32.exeC:\Windows\system32\Haaocp32.exe105⤵
-
C:\Windows\SysWOW64\Hlfcqh32.exeC:\Windows\system32\Hlfcqh32.exe106⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Haclio32.exeC:\Windows\system32\Haclio32.exe107⤵
-
C:\Windows\SysWOW64\Hklpaeno.exeC:\Windows\system32\Hklpaeno.exe108⤵
-
C:\Windows\SysWOW64\Hddejjdo.exeC:\Windows\system32\Hddejjdo.exe109⤵
-
C:\Windows\SysWOW64\Idkkki32.exeC:\Windows\system32\Idkkki32.exe110⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ikechced.exeC:\Windows\system32\Ikechced.exe111⤵
-
C:\Windows\SysWOW64\Ldiiio32.exeC:\Windows\system32\Ldiiio32.exe112⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lgibjj32.exeC:\Windows\system32\Lgibjj32.exe113⤵
-
C:\Windows\SysWOW64\Laofhbmp.exeC:\Windows\system32\Laofhbmp.exe114⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lkgkqh32.exeC:\Windows\system32\Lkgkqh32.exe115⤵
-
C:\Windows\SysWOW64\Laacmbkm.exeC:\Windows\system32\Laacmbkm.exe116⤵
-
C:\Windows\SysWOW64\Lgnleiid.exeC:\Windows\system32\Lgnleiid.exe117⤵
-
C:\Windows\SysWOW64\Ladpcb32.exeC:\Windows\system32\Ladpcb32.exe118⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lkldlgok.exeC:\Windows\system32\Lkldlgok.exe119⤵
-
C:\Windows\SysWOW64\Mbfmha32.exeC:\Windows\system32\Mbfmha32.exe120⤵
-
C:\Windows\SysWOW64\Mqkijnkp.exeC:\Windows\system32\Mqkijnkp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-