Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
100s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
02/11/2023, 22:59
General
-
Target
NEAS.0a4dcbb112d11177dd5ed5b3df426660_JC.exe
-
Size
112KB
-
MD5
0a4dcbb112d11177dd5ed5b3df426660
-
SHA1
aa70d5e63c42977dfbee5bf97c7d959c4aa0d42b
-
SHA256
58e22fb4f00aac63cf6420156bef1ffc3267cd36f31a9a66ae64973cf5afaf99
-
SHA512
d06db176759e388ac026f86d36f81ca595691b203a131c9cea08e4c7e78a079e3e71cf7bf2deb086a3fb4c585ef4b584cae16848feac366d60894656191bb035
-
SSDEEP
3072:CNIzIWUX42eToJfHIMQH2qC7ZQOlzSLUK6MwGsGnDc9o:CNIzIkcJfHIMQWfdQOhwJ6MwGsw
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Malware Backdoor - Berbew 64 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.0a4dcbb112d11177dd5ed5b3df426660_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.0a4dcbb112d11177dd5ed5b3df426660_JC.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pcaepg32.exeC:\Windows\system32\Pcaepg32.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pafbadcm.exeC:\Windows\system32\Pafbadcm.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\Bhkeohhn.exeC:\Windows\system32\Bhkeohhn.exe3⤵
-
C:\Windows\SysWOW64\Bpbmqe32.exeC:\Windows\system32\Bpbmqe32.exe4⤵
-
C:\Windows\SysWOW64\Bfoeil32.exeC:\Windows\system32\Bfoeil32.exe5⤵
-
C:\Windows\SysWOW64\Blinefnd.exeC:\Windows\system32\Blinefnd.exe6⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bcbfbp32.exeC:\Windows\system32\Bcbfbp32.exe7⤵
-
C:\Windows\SysWOW64\Blkjkflb.exeC:\Windows\system32\Blkjkflb.exe8⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bbhccm32.exeC:\Windows\system32\Bbhccm32.exe9⤵
-
C:\Windows\SysWOW64\Cfckcoen.exeC:\Windows\system32\Cfckcoen.exe10⤵
-
C:\Windows\SysWOW64\Cmmcpi32.exeC:\Windows\system32\Cmmcpi32.exe11⤵
-
C:\Windows\SysWOW64\Cfehhn32.exeC:\Windows\system32\Cfehhn32.exe12⤵
-
C:\Windows\SysWOW64\Ckbpqe32.exeC:\Windows\system32\Ckbpqe32.exe13⤵
-
C:\Windows\SysWOW64\Dkdmfe32.exeC:\Windows\system32\Dkdmfe32.exe14⤵
-
C:\Windows\SysWOW64\Demaoj32.exeC:\Windows\system32\Demaoj32.exe15⤵
-
C:\Windows\SysWOW64\Djjjga32.exeC:\Windows\system32\Djjjga32.exe16⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Deondj32.exeC:\Windows\system32\Deondj32.exe17⤵
-
C:\Windows\SysWOW64\Dlifadkk.exeC:\Windows\system32\Dlifadkk.exe18⤵
-
C:\Windows\SysWOW64\Dafoikjb.exeC:\Windows\system32\Dafoikjb.exe19⤵
-
C:\Windows\SysWOW64\Dhpgfeao.exeC:\Windows\system32\Dhpgfeao.exe20⤵
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Lllihf32.exeC:\Windows\system32\Lllihf32.exe10⤵
-
C:\Windows\SysWOW64\Lahaqm32.exeC:\Windows\system32\Lahaqm32.exe11⤵
-
C:\Windows\SysWOW64\Lgejidgn.exeC:\Windows\system32\Lgejidgn.exe12⤵
-
C:\Windows\SysWOW64\Laknfmgd.exeC:\Windows\system32\Laknfmgd.exe13⤵
-
C:\Windows\SysWOW64\Lhegcg32.exeC:\Windows\system32\Lhegcg32.exe14⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Phpjnnki.exeC:\Windows\system32\Phpjnnki.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pojbkh32.exeC:\Windows\system32\Pojbkh32.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pdldnomh.exeC:\Windows\system32\Pdldnomh.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qmgibqjc.exeC:\Windows\system32\Qmgibqjc.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qfonkfqd.exeC:\Windows\system32\Qfonkfqd.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qqdbiopj.exeC:\Windows\system32\Qqdbiopj.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Afajafoa.exeC:\Windows\system32\Afajafoa.exe7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Afdgfelo.exeC:\Windows\system32\Afdgfelo.exe8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Affdle32.exeC:\Windows\system32\Affdle32.exe9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aoohekal.exeC:\Windows\system32\Aoohekal.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aigmnqgm.exeC:\Windows\system32\Aigmnqgm.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Akhfoldn.exeC:\Windows\system32\Akhfoldn.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
-
-
-
-
C:\Windows\SysWOW64\Folhgbid.exeC:\Windows\system32\Folhgbid.exe9⤵
-
C:\Windows\SysWOW64\Fefqdl32.exeC:\Windows\system32\Fefqdl32.exe10⤵
-
C:\Windows\SysWOW64\Fppaej32.exeC:\Windows\system32\Fppaej32.exe11⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fkefbcmf.exeC:\Windows\system32\Fkefbcmf.exe12⤵
-
C:\Windows\SysWOW64\Faonom32.exeC:\Windows\system32\Faonom32.exe13⤵
-
C:\Windows\SysWOW64\Fglfgd32.exeC:\Windows\system32\Fglfgd32.exe14⤵
-
C:\Windows\SysWOW64\Fpdkpiik.exeC:\Windows\system32\Fpdkpiik.exe15⤵
-
C:\Windows\SysWOW64\Fgocmc32.exeC:\Windows\system32\Fgocmc32.exe16⤵
-
C:\Windows\SysWOW64\Gojhafnb.exeC:\Windows\system32\Gojhafnb.exe17⤵
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Ljfckodo.exeC:\Windows\system32\Ljfckodo.exe11⤵
-
C:\Windows\SysWOW64\Lppkgi32.exeC:\Windows\system32\Lppkgi32.exe12⤵
-
C:\Windows\SysWOW64\Lgjcdc32.exeC:\Windows\system32\Lgjcdc32.exe13⤵
-
C:\Windows\SysWOW64\Lndlamke.exeC:\Windows\system32\Lndlamke.exe14⤵
-
C:\Windows\SysWOW64\Mglpjc32.exeC:\Windows\system32\Mglpjc32.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mnfhfmhc.exeC:\Windows\system32\Mnfhfmhc.exe16⤵
-
C:\Windows\SysWOW64\Mccaodgj.exeC:\Windows\system32\Mccaodgj.exe17⤵
-
C:\Windows\SysWOW64\Mjmiknng.exeC:\Windows\system32\Mjmiknng.exe18⤵
-
C:\Windows\SysWOW64\Mqgahh32.exeC:\Windows\system32\Mqgahh32.exe19⤵
-
C:\Windows\SysWOW64\Mbhnpplb.exeC:\Windows\system32\Mbhnpplb.exe20⤵
-
C:\Windows\SysWOW64\Mlnbmikh.exeC:\Windows\system32\Mlnbmikh.exe21⤵
-
C:\Windows\SysWOW64\Mbkkepio.exeC:\Windows\system32\Mbkkepio.exe22⤵
-
C:\Windows\SysWOW64\Mmpobi32.exeC:\Windows\system32\Mmpobi32.exe23⤵
-
C:\Windows\SysWOW64\Mbmgkp32.exeC:\Windows\system32\Mbmgkp32.exe24⤵
-
C:\Windows\SysWOW64\Mgjpcf32.exeC:\Windows\system32\Mgjpcf32.exe25⤵
-
C:\Windows\SysWOW64\Nndhpqma.exeC:\Windows\system32\Nndhpqma.exe26⤵
-
C:\Windows\SysWOW64\Ndnplk32.exeC:\Windows\system32\Ndnplk32.exe27⤵
-
C:\Windows\SysWOW64\Njjieace.exeC:\Windows\system32\Njjieace.exe28⤵
-
C:\Windows\SysWOW64\Nqdaal32.exeC:\Windows\system32\Nqdaal32.exe29⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Bccjdnbi.exeC:\Windows\system32\Bccjdnbi.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bnhoag32.exeC:\Windows\system32\Bnhoag32.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Bfccei32.exeC:\Windows\system32\Bfccei32.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Bigimdjh.exeC:\Windows\system32\Bigimdjh.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Bncaekhp.exeC:\Windows\system32\Bncaekhp.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Cpcnonob.exeC:\Windows\system32\Cpcnonob.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cepfgdnj.exeC:\Windows\system32\Cepfgdnj.exe7⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Cafgle32.exeC:\Windows\system32\Cafgle32.exe8⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Cedpbd32.exeC:\Windows\system32\Cedpbd32.exe9⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Comdkipe.exeC:\Windows\system32\Comdkipe.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Ddliip32.exeC:\Windows\system32\Ddliip32.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Diibag32.exeC:\Windows\system32\Diibag32.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Dbafjlaa.exeC:\Windows\system32\Dbafjlaa.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Dmgkgeah.exeC:\Windows\system32\Dmgkgeah.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Debplg32.exeC:\Windows\system32\Debplg32.exe15⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Dpgcip32.exeC:\Windows\system32\Dpgcip32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Diphbfdi.exeC:\Windows\system32\Diphbfdi.exe17⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Degiggjm.exeC:\Windows\system32\Degiggjm.exe18⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fchijone.exeC:\Windows\system32\Fchijone.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fqlicclo.exeC:\Windows\system32\Fqlicclo.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbmfkkbm.exeC:\Windows\system32\Fbmfkkbm.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fkejcq32.exeC:\Windows\system32\Fkejcq32.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fdnolfon.exeC:\Windows\system32\Fdnolfon.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fnfcel32.exeC:\Windows\system32\Fnfcel32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fgohna32.exeC:\Windows\system32\Fgohna32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fqglggcp.exeC:\Windows\system32\Fqglggcp.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Geeemeif.exeC:\Windows\system32\Geeemeif.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gkomjo32.exeC:\Windows\system32\Gkomjo32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gqlebf32.exeC:\Windows\system32\Gqlebf32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gjdjklek.exeC:\Windows\system32\Gjdjklek.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gcmoda32.exeC:\Windows\system32\Gcmoda32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gjfgqk32.exeC:\Windows\system32\Gjfgqk32.exe32⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gcokiaji.exeC:\Windows\system32\Gcokiaji.exe33⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gildahhp.exeC:\Windows\system32\Gildahhp.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hebdfind.exeC:\Windows\system32\Hebdfind.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hllmcc32.exeC:\Windows\system32\Hllmcc32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hipmmg32.exeC:\Windows\system32\Hipmmg32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hnmeen32.exeC:\Windows\system32\Hnmeen32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hnpbjnpo.exeC:\Windows\system32\Hnpbjnpo.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Heikgh32.exeC:\Windows\system32\Heikgh32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hmeolj32.exeC:\Windows\system32\Hmeolj32.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hfmddp32.exeC:\Windows\system32\Hfmddp32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iabhah32.exeC:\Windows\system32\Iabhah32.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ijklknbn.exeC:\Windows\system32\Ijklknbn.exe44⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Idcacc32.exeC:\Windows\system32\Idcacc32.exe45⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ifampo32.exeC:\Windows\system32\Ifampo32.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ipjahd32.exeC:\Windows\system32\Ipjahd32.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iibfajdc.exeC:\Windows\system32\Iibfajdc.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ioooiack.exeC:\Windows\system32\Ioooiack.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iiecgjba.exeC:\Windows\system32\Iiecgjba.exe50⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ibmgpoia.exeC:\Windows\system32\Ibmgpoia.exe51⤵
-
C:\Windows\SysWOW64\Jhjphfgi.exeC:\Windows\system32\Jhjphfgi.exe52⤵
-
C:\Windows\SysWOW64\Jbpdeogo.exeC:\Windows\system32\Jbpdeogo.exe53⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jkkija32.exeC:\Windows\system32\Jkkija32.exe54⤵
-
C:\Windows\SysWOW64\Jdcmbgkj.exeC:\Windows\system32\Jdcmbgkj.exe55⤵
-
C:\Windows\SysWOW64\Jkmeoa32.exeC:\Windows\system32\Jkmeoa32.exe56⤵
-
C:\Windows\SysWOW64\Jdejhfig.exeC:\Windows\system32\Jdejhfig.exe57⤵
-
C:\Windows\SysWOW64\Jnnnalph.exeC:\Windows\system32\Jnnnalph.exe58⤵
-
C:\Windows\SysWOW64\Jckgicnp.exeC:\Windows\system32\Jckgicnp.exe59⤵
-
C:\Windows\SysWOW64\Jjdofm32.exeC:\Windows\system32\Jjdofm32.exe60⤵
-
C:\Windows\SysWOW64\Kcmcoblm.exeC:\Windows\system32\Kcmcoblm.exe61⤵
-
C:\Windows\SysWOW64\Knbhlkkc.exeC:\Windows\system32\Knbhlkkc.exe62⤵
-
C:\Windows\SysWOW64\Kgkleabc.exeC:\Windows\system32\Kgkleabc.exe63⤵
-
C:\Windows\SysWOW64\Khlili32.exeC:\Windows\system32\Khlili32.exe64⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kbdmeoob.exeC:\Windows\system32\Kbdmeoob.exe65⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kkmand32.exeC:\Windows\system32\Kkmand32.exe66⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kdefgj32.exeC:\Windows\system32\Kdefgj32.exe67⤵
-
C:\Windows\SysWOW64\Kkoncdcp.exeC:\Windows\system32\Kkoncdcp.exe68⤵
-
C:\Windows\SysWOW64\Kdhcli32.exeC:\Windows\system32\Kdhcli32.exe69⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lkakicam.exeC:\Windows\system32\Lkakicam.exe70⤵
-
C:\Windows\SysWOW64\Ldjpbign.exeC:\Windows\system32\Ldjpbign.exe71⤵
-
C:\Windows\SysWOW64\Ljghjpfe.exeC:\Windows\system32\Ljghjpfe.exe72⤵
-
C:\Windows\SysWOW64\Lqqpgj32.exeC:\Windows\system32\Lqqpgj32.exe73⤵
-
C:\Windows\SysWOW64\Lkfddc32.exeC:\Windows\system32\Lkfddc32.exe74⤵
-
C:\Windows\SysWOW64\Ldoimh32.exeC:\Windows\system32\Ldoimh32.exe75⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ljkaeo32.exeC:\Windows\system32\Ljkaeo32.exe76⤵
-
C:\Windows\SysWOW64\Lcdfnehp.exeC:\Windows\system32\Lcdfnehp.exe77⤵
-
C:\Windows\SysWOW64\Lmljgj32.exeC:\Windows\system32\Lmljgj32.exe78⤵
-
C:\Windows\SysWOW64\Mjpkqonj.exeC:\Windows\system32\Mjpkqonj.exe79⤵
-
C:\Windows\SysWOW64\Mpmcielb.exeC:\Windows\system32\Mpmcielb.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Miehak32.exeC:\Windows\system32\Miehak32.exe81⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mpopnejo.exeC:\Windows\system32\Mpopnejo.exe82⤵
-
C:\Windows\SysWOW64\Mlfacfpc.exeC:\Windows\system32\Mlfacfpc.exe83⤵
-
C:\Windows\SysWOW64\Macilmnk.exeC:\Windows\system32\Macilmnk.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mlhnifmq.exeC:\Windows\system32\Mlhnifmq.exe85⤵
-
C:\Windows\SysWOW64\Mbbfep32.exeC:\Windows\system32\Mbbfep32.exe86⤵
-
C:\Windows\SysWOW64\Mhonngce.exeC:\Windows\system32\Mhonngce.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mnifja32.exeC:\Windows\system32\Mnifja32.exe88⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ncfoch32.exeC:\Windows\system32\Ncfoch32.exe89⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Njpgpbpf.exeC:\Windows\system32\Njpgpbpf.exe90⤵
-
C:\Windows\SysWOW64\Oiljam32.exeC:\Windows\system32\Oiljam32.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Oagoep32.exeC:\Windows\system32\Oagoep32.exe92⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Obgkpb32.exeC:\Windows\system32\Obgkpb32.exe93⤵
-
C:\Windows\SysWOW64\Odhhgkib.exeC:\Windows\system32\Odhhgkib.exe94⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oonldcih.exeC:\Windows\system32\Oonldcih.exe95⤵
-
C:\Windows\SysWOW64\Oehdan32.exeC:\Windows\system32\Oehdan32.exe96⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Omcifpnp.exeC:\Windows\system32\Omcifpnp.exe97⤵
-
C:\Windows\SysWOW64\Opaebkmc.exeC:\Windows\system32\Opaebkmc.exe98⤵
-
C:\Windows\SysWOW64\Ogknoe32.exeC:\Windows\system32\Ogknoe32.exe99⤵
-
C:\Windows\SysWOW64\Oaqbln32.exeC:\Windows\system32\Oaqbln32.exe100⤵
-
C:\Windows\SysWOW64\Pgnjde32.exeC:\Windows\system32\Pgnjde32.exe101⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pljcllqe.exeC:\Windows\system32\Pljcllqe.exe102⤵
-
C:\Windows\SysWOW64\Pgpgjepk.exeC:\Windows\system32\Pgpgjepk.exe103⤵
-
C:\Windows\SysWOW64\Plmpblnb.exeC:\Windows\system32\Plmpblnb.exe104⤵
-
C:\Windows\SysWOW64\Pcghof32.exeC:\Windows\system32\Pcghof32.exe105⤵
-
C:\Windows\SysWOW64\Phcpgm32.exeC:\Windows\system32\Phcpgm32.exe106⤵
-
C:\Windows\SysWOW64\Ppkhhjei.exeC:\Windows\system32\Ppkhhjei.exe107⤵
-
C:\Windows\SysWOW64\Pegqpacp.exeC:\Windows\system32\Pegqpacp.exe108⤵
-
C:\Windows\SysWOW64\Plaimk32.exeC:\Windows\system32\Plaimk32.exe109⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pckajebj.exeC:\Windows\system32\Pckajebj.exe110⤵
-
C:\Windows\SysWOW64\Pdmnam32.exeC:\Windows\system32\Pdmnam32.exe111⤵
-
C:\Windows\SysWOW64\Qobbofgn.exeC:\Windows\system32\Qobbofgn.exe112⤵
-
C:\Windows\SysWOW64\Qaqnkafa.exeC:\Windows\system32\Qaqnkafa.exe113⤵
-
C:\Windows\SysWOW64\Qhjfgl32.exeC:\Windows\system32\Qhjfgl32.exe114⤵
-
C:\Windows\SysWOW64\Qngopb32.exeC:\Windows\system32\Qngopb32.exe115⤵
-
C:\Windows\SysWOW64\Qdaglmcb.exeC:\Windows\system32\Qdaglmcb.exe116⤵
-
C:\Windows\SysWOW64\Anjlebjc.exeC:\Windows\system32\Anjlebjc.exe117⤵
-
C:\Windows\SysWOW64\Acfdnihk.exeC:\Windows\system32\Acfdnihk.exe118⤵
-
C:\Windows\SysWOW64\Anlhkbhq.exeC:\Windows\system32\Anlhkbhq.exe119⤵
-
C:\Windows\SysWOW64\Adfqgl32.exeC:\Windows\system32\Adfqgl32.exe120⤵
-
C:\Windows\SysWOW64\Anneqafn.exeC:\Windows\system32\Anneqafn.exe121⤵
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-