Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
02/11/2023, 22:35
General
-
Target
NEAS.e0f1392d65de25b93cc5913ee1e34e50_JC.exe
-
Size
407KB
-
MD5
e0f1392d65de25b93cc5913ee1e34e50
-
SHA1
3b451d087b52b04b0677edc36742f5072e179b12
-
SHA256
7c4bdf4aa174337af7225b2e38fa965c84da06ef92c62be757de9ed8ab15a1a1
-
SHA512
8309e0a2ee73b9352f319f6dcf38ab654218b50240ea492bb607832092d53b7ba8a41e04e2a0036a4eec4b7559de71bfcd61a2c4a08e8197158994c0a333760b
-
SSDEEP
6144:AaM+qZDfGBgpui6yYPaIGckfru5xyDpui6yYPaIGckSU05836pui6yYPaIGckN:lsZDbpV6yYP4rbpV6yYPg058KpV6yYPS
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.e0f1392d65de25b93cc5913ee1e34e50_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.e0f1392d65de25b93cc5913ee1e34e50_JC.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iahlcaol.exeC:\Windows\system32\Iahlcaol.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ihgnkkbd.exeC:\Windows\system32\Ihgnkkbd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
C:\Windows\SysWOW64\Jkhgmf32.exeC:\Windows\system32\Jkhgmf32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jdpkflfe.exeC:\Windows\system32\Jdpkflfe.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jnhpoamf.exeC:\Windows\system32\Jnhpoamf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jibmgi32.exeC:\Windows\system32\Jibmgi32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
C:\Windows\SysWOW64\Kiggbhda.exeC:\Windows\system32\Kiggbhda.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kndojobi.exeC:\Windows\system32\Kndojobi.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\Knkekn32.exeC:\Windows\system32\Knkekn32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lkofdbkj.exeC:\Windows\system32\Lkofdbkj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ljdceo32.exeC:\Windows\system32\Ljdceo32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lieccf32.exeC:\Windows\system32\Lieccf32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
C:\Windows\SysWOW64\Lelchgne.exeC:\Windows\system32\Lelchgne.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lbpdblmo.exeC:\Windows\system32\Lbpdblmo.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ljkifn32.exeC:\Windows\system32\Ljkifn32.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Milidebi.exeC:\Windows\system32\Milidebi.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mniallpq.exeC:\Windows\system32\Mniallpq.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Miofjepg.exeC:\Windows\system32\Miofjepg.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Mehcdfch.exeC:\Windows\system32\Mehcdfch.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Njghbl32.exeC:\Windows\system32\Njghbl32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Neoieenp.exeC:\Windows\system32\Neoieenp.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mqjbddpl.exeC:\Windows\system32\Mqjbddpl.exe2⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pjcikejg.exeC:\Windows\system32\Pjcikejg.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Nlfelogp.exeC:\Windows\system32\Nlfelogp.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mnnkgl32.exeC:\Windows\system32\Mnnkgl32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lnbklm32.exeC:\Windows\system32\Lnbklm32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kbddfmgl.exeC:\Windows\system32\Kbddfmgl.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Keqdmihc.exeC:\Windows\system32\Keqdmihc.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kgmcce32.exeC:\Windows\system32\Kgmcce32.exe1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kjffdalb.exeC:\Windows\system32\Kjffdalb.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kdinljnk.exeC:\Windows\system32\Kdinljnk.exe1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iqbbpm32.exeC:\Windows\system32\Iqbbpm32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bigbmpco.exeC:\Windows\system32\Bigbmpco.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Babcil32.exeC:\Windows\system32\Babcil32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bfolacnc.exeC:\Windows\system32\Bfolacnc.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bmidnm32.exeC:\Windows\system32\Bmidnm32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bdcmkgmm.exeC:\Windows\system32\Bdcmkgmm.exe5⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bipecnkd.exeC:\Windows\system32\Bipecnkd.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cdhffg32.exeC:\Windows\system32\Cdhffg32.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckbncapd.exeC:\Windows\system32\Ckbncapd.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cpogkhnl.exeC:\Windows\system32\Cpogkhnl.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ccmcgcmp.exeC:\Windows\system32\Ccmcgcmp.exe10⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Cancekeo.exeC:\Windows\system32\Cancekeo.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ccppmc32.exeC:\Windows\system32\Ccppmc32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ciihjmcj.exeC:\Windows\system32\Ciihjmcj.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cdolgfbp.exeC:\Windows\system32\Cdolgfbp.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cpfmlghd.exeC:\Windows\system32\Cpfmlghd.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ccdihbgg.exeC:\Windows\system32\Ccdihbgg.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dphiaffa.exeC:\Windows\system32\Dphiaffa.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dgbanq32.exeC:\Windows\system32\Dgbanq32.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mehafq32.exeC:\Windows\system32\Mehafq32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mhfmbl32.exeC:\Windows\system32\Mhfmbl32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Maoakaip.exeC:\Windows\system32\Maoakaip.exe21⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mhhjhlqm.exeC:\Windows\system32\Mhhjhlqm.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Meljappg.exeC:\Windows\system32\Meljappg.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Moeoje32.exeC:\Windows\system32\Moeoje32.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mklpof32.exeC:\Windows\system32\Mklpof32.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bfieagka.exeC:\Windows\system32\Bfieagka.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bgkaip32.exeC:\Windows\system32\Bgkaip32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Beobcdoi.exeC:\Windows\system32\Beobcdoi.exe28⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bkhjpn32.exeC:\Windows\system32\Bkhjpn32.exe29⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Beaohcmf.exeC:\Windows\system32\Beaohcmf.exe30⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Becknc32.exeC:\Windows\system32\Becknc32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cfbhhfbg.exeC:\Windows\system32\Cfbhhfbg.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cnnllhpa.exeC:\Windows\system32\Cnnllhpa.exe33⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Chfaenfb.exeC:\Windows\system32\Chfaenfb.exe34⤵
-
C:\Windows\SysWOW64\Cejaobel.exeC:\Windows\system32\Cejaobel.exe35⤵
-
C:\Windows\SysWOW64\Cbnbhfde.exeC:\Windows\system32\Cbnbhfde.exe36⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Clffalkf.exeC:\Windows\system32\Clffalkf.exe37⤵
-
C:\Windows\SysWOW64\Cnebmgjj.exeC:\Windows\system32\Cnebmgjj.exe38⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dijgjpip.exeC:\Windows\system32\Dijgjpip.exe39⤵
-
C:\Windows\SysWOW64\Dpdogj32.exeC:\Windows\system32\Dpdogj32.exe40⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dpglmjoj.exeC:\Windows\system32\Dpglmjoj.exe41⤵
-
C:\Windows\SysWOW64\Decdeama.exeC:\Windows\system32\Decdeama.exe42⤵
-
C:\Windows\SysWOW64\Dpihbjmg.exeC:\Windows\system32\Dpihbjmg.exe43⤵
-
C:\Windows\SysWOW64\Dbjade32.exeC:\Windows\system32\Dbjade32.exe44⤵
-
C:\Windows\SysWOW64\Dpnbmi32.exeC:\Windows\system32\Dpnbmi32.exe45⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Efhjjcpo.exeC:\Windows\system32\Efhjjcpo.exe46⤵
-
C:\Windows\SysWOW64\Eldbbjof.exeC:\Windows\system32\Eldbbjof.exe47⤵
-
C:\Windows\SysWOW64\Ehkcgkdj.exeC:\Windows\system32\Ehkcgkdj.exe48⤵
-
C:\Windows\SysWOW64\Ehnpmkbg.exeC:\Windows\system32\Ehnpmkbg.exe49⤵
-
C:\Windows\SysWOW64\Ebcdjc32.exeC:\Windows\system32\Ebcdjc32.exe50⤵
-
C:\Windows\SysWOW64\Eimlgnij.exeC:\Windows\system32\Eimlgnij.exe51⤵
-
C:\Windows\SysWOW64\Eojeodga.exeC:\Windows\system32\Eojeodga.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Elnehifk.exeC:\Windows\system32\Elnehifk.exe53⤵
-
C:\Windows\SysWOW64\Fgcjea32.exeC:\Windows\system32\Fgcjea32.exe54⤵
-
C:\Windows\SysWOW64\Flpbnh32.exeC:\Windows\system32\Flpbnh32.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fbjjkble.exeC:\Windows\system32\Fbjjkble.exe56⤵
-
C:\Windows\SysWOW64\Fidbgm32.exeC:\Windows\system32\Fidbgm32.exe57⤵
-
C:\Windows\SysWOW64\Fekclnif.exeC:\Windows\system32\Fekclnif.exe58⤵
-
C:\Windows\SysWOW64\Fgjpfqpi.exeC:\Windows\system32\Fgjpfqpi.exe59⤵
-
C:\Windows\SysWOW64\Flghognq.exeC:\Windows\system32\Flghognq.exe60⤵
-
C:\Windows\SysWOW64\Fofdkcmd.exeC:\Windows\system32\Fofdkcmd.exe61⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fljedg32.exeC:\Windows\system32\Fljedg32.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ggoiap32.exeC:\Windows\system32\Ggoiap32.exe63⤵
-
C:\Windows\SysWOW64\Gllajf32.exeC:\Windows\system32\Gllajf32.exe64⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gipbck32.exeC:\Windows\system32\Gipbck32.exe65⤵
-
C:\Windows\SysWOW64\Gpjjpe32.exeC:\Windows\system32\Gpjjpe32.exe66⤵
-
C:\Windows\SysWOW64\Gchflq32.exeC:\Windows\system32\Gchflq32.exe67⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gplged32.exeC:\Windows\system32\Gplged32.exe68⤵
-
C:\Windows\SysWOW64\Geipnl32.exeC:\Windows\system32\Geipnl32.exe69⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Goadfa32.exeC:\Windows\system32\Goadfa32.exe70⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gjghdj32.exeC:\Windows\system32\Gjghdj32.exe71⤵
-
C:\Windows\SysWOW64\Hodqlq32.exeC:\Windows\system32\Hodqlq32.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hhleefhe.exeC:\Windows\system32\Hhleefhe.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hofmaq32.exeC:\Windows\system32\Hofmaq32.exe74⤵
-
C:\Windows\SysWOW64\Hjlaoioh.exeC:\Windows\system32\Hjlaoioh.exe75⤵
-
C:\Windows\SysWOW64\Hpejlc32.exeC:\Windows\system32\Hpejlc32.exe76⤵
-
C:\Windows\SysWOW64\Hjnndime.exeC:\Windows\system32\Hjnndime.exe77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hokgmpkl.exeC:\Windows\system32\Hokgmpkl.exe78⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hhckeeam.exeC:\Windows\system32\Hhckeeam.exe79⤵
-
C:\Windows\SysWOW64\Homcbo32.exeC:\Windows\system32\Homcbo32.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hfgloiqf.exeC:\Windows\system32\Hfgloiqf.exe81⤵
-
C:\Windows\SysWOW64\Ioppho32.exeC:\Windows\system32\Ioppho32.exe82⤵
-
C:\Windows\SysWOW64\Ihheqd32.exeC:\Windows\system32\Ihheqd32.exe83⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ijgakgej.exeC:\Windows\system32\Ijgakgej.exe84⤵
-
C:\Windows\SysWOW64\Iqaiga32.exeC:\Windows\system32\Iqaiga32.exe85⤵
-
C:\Windows\SysWOW64\Igkadlcd.exeC:\Windows\system32\Igkadlcd.exe86⤵
-
C:\Windows\SysWOW64\Iqdfmajd.exeC:\Windows\system32\Iqdfmajd.exe87⤵
-
C:\Windows\SysWOW64\Icbbimih.exeC:\Windows\system32\Icbbimih.exe88⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iiokacgp.exeC:\Windows\system32\Iiokacgp.exe89⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ioicnn32.exeC:\Windows\system32\Ioicnn32.exe90⤵
-
C:\Windows\SysWOW64\Ijngkf32.exeC:\Windows\system32\Ijngkf32.exe91⤵
-
C:\Windows\SysWOW64\Jqhphq32.exeC:\Windows\system32\Jqhphq32.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jgbhdkml.exeC:\Windows\system32\Jgbhdkml.exe93⤵
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Jaddpppa.exeC:\Windows\system32\Jaddpppa.exe87⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jbfphh32.exeC:\Windows\system32\Jbfphh32.exe88⤵
-
C:\Windows\SysWOW64\Jiphebml.exeC:\Windows\system32\Jiphebml.exe89⤵
-
C:\Windows\SysWOW64\Jagqfp32.exeC:\Windows\system32\Jagqfp32.exe90⤵
-
C:\Windows\SysWOW64\Kpagbk32.exeC:\Windows\system32\Kpagbk32.exe91⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kgkooeen.exeC:\Windows\system32\Kgkooeen.exe92⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kpccgk32.exeC:\Windows\system32\Kpccgk32.exe93⤵
-
C:\Windows\SysWOW64\Kilhqq32.exeC:\Windows\system32\Kilhqq32.exe94⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kinefp32.exeC:\Windows\system32\Kinefp32.exe95⤵
-
C:\Windows\SysWOW64\Kphmbjhi.exeC:\Windows\system32\Kphmbjhi.exe96⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lmnjan32.exeC:\Windows\system32\Lmnjan32.exe97⤵
-
C:\Windows\SysWOW64\Ldhbnhlm.exeC:\Windows\system32\Ldhbnhlm.exe98⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lnccmnak.exeC:\Windows\system32\Lnccmnak.exe99⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lkiqla32.exeC:\Windows\system32\Lkiqla32.exe100⤵
-
C:\Windows\SysWOW64\Mdaedgdb.exeC:\Windows\system32\Mdaedgdb.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Mdhkefnj.exeC:\Windows\system32\Mdhkefnj.exe102⤵
-
C:\Windows\SysWOW64\Mcnhfb32.exeC:\Windows\system32\Mcnhfb32.exe103⤵
-
C:\Windows\SysWOW64\Ncbaabom.exeC:\Windows\system32\Ncbaabom.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nklfho32.exeC:\Windows\system32\Nklfho32.exe105⤵
-
C:\Windows\SysWOW64\Ngbgmpcq.exeC:\Windows\system32\Ngbgmpcq.exe106⤵
-
C:\Windows\SysWOW64\Nqklfe32.exeC:\Windows\system32\Nqklfe32.exe107⤵
-
C:\Windows\SysWOW64\Onaieifh.exeC:\Windows\system32\Onaieifh.exe108⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Okeinn32.exeC:\Windows\system32\Okeinn32.exe109⤵
-
C:\Windows\SysWOW64\Oqgkadod.exeC:\Windows\system32\Oqgkadod.exe110⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pndoagfc.exeC:\Windows\system32\Pndoagfc.exe111⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ankdbf32.exeC:\Windows\system32\Ankdbf32.exe112⤵
-
C:\Windows\SysWOW64\Aegidp32.exeC:\Windows\system32\Aegidp32.exe113⤵
-
C:\Windows\SysWOW64\Alcofi32.exeC:\Windows\system32\Alcofi32.exe114⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Adockl32.exeC:\Windows\system32\Adockl32.exe115⤵
-
C:\Windows\SysWOW64\Ajikhfpg.exeC:\Windows\system32\Ajikhfpg.exe116⤵
-
C:\Windows\SysWOW64\Bjkhme32.exeC:\Windows\system32\Bjkhme32.exe117⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Beqljn32.exeC:\Windows\system32\Beqljn32.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Becipn32.exeC:\Windows\system32\Becipn32.exe119⤵
-
C:\Windows\SysWOW64\Bjpaheio.exeC:\Windows\system32\Bjpaheio.exe120⤵
-
C:\Windows\SysWOW64\Blonbh32.exeC:\Windows\system32\Blonbh32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-