Analysis
-
max time kernel
166s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
02-11-2023 16:48
General
-
Target
NEAS.bf9a39efc4cc06e7b89f738057955690.exe
-
Size
4.5MB
-
MD5
bf9a39efc4cc06e7b89f738057955690
-
SHA1
b77d12b5652b2d06d4d114bdbdd002746907e517
-
SHA256
42db8c7cb60092093d48c5173a0e0511197f3ed0fcb1fa57c34bf3b94111f347
-
SHA512
599a64cb62e54e23a0bd1daabeb1b8a6b3d7f7e0b9cd27c8dcf73fe0b29cc60dafb6ccfa00b9c7d6b1419ecfd7a2acc380a451c52c997000a44dbdad032504fe
-
SSDEEP
49152:1CkB9f0VwEIV0MVp5fbVvOB9f0eB9f0S/B9f0HdVAVkB9f0VZHJVkB9f0TTVfdg:1CVG0uptJvlyVVHTBlg
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.bf9a39efc4cc06e7b89f738057955690.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.bf9a39efc4cc06e7b89f738057955690.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lakfeodm.exeC:\Windows\system32\Lakfeodm.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mjnnbk32.exeC:\Windows\system32\Mjnnbk32.exe3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pfagighf.exeC:\Windows\system32\Pfagighf.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Acqgojmb.exeC:\Windows\system32\Acqgojmb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bkkhbb32.exeC:\Windows\system32\Bkkhbb32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cgklmacf.exeC:\Windows\system32\Cgklmacf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ekgqennl.exeC:\Windows\system32\Ekgqennl.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hqdkkp32.exeC:\Windows\system32\Hqdkkp32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ilfodgeg.exeC:\Windows\system32\Ilfodgeg.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jlfhke32.exeC:\Windows\system32\Jlfhke32.exe11⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kbnlim32.exeC:\Windows\system32\Kbnlim32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nfknmd32.exeC:\Windows\system32\Nfknmd32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ofijnbkb.exeC:\Windows\system32\Ofijnbkb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Abemep32.exeC:\Windows\system32\Abemep32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Blknpdho.exeC:\Windows\system32\Blknpdho.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cffkhl32.exeC:\Windows\system32\Cffkhl32.exe17⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dfonnk32.exeC:\Windows\system32\Dfonnk32.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dmbiackg.exeC:\Windows\system32\Dmbiackg.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eepkkefp.exeC:\Windows\system32\Eepkkefp.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ecidpiad.exeC:\Windows\system32\Ecidpiad.exe21⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fgijkgeh.exeC:\Windows\system32\Fgijkgeh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fneoma32.exeC:\Windows\system32\Fneoma32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fnglcqio.exeC:\Windows\system32\Fnglcqio.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gjnlha32.exeC:\Windows\system32\Gjnlha32.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gnlenp32.exeC:\Windows\system32\Gnlenp32.exe26⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gjcfcakn.exeC:\Windows\system32\Gjcfcakn.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gfjfhbpb.exeC:\Windows\system32\Gfjfhbpb.exe28⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gflcnanp.exeC:\Windows\system32\Gflcnanp.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hnhdjn32.exeC:\Windows\system32\Hnhdjn32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hnjaonij.exeC:\Windows\system32\Hnjaonij.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hmpnqj32.exeC:\Windows\system32\Hmpnqj32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hqmggi32.exeC:\Windows\system32\Hqmggi32.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Igjlibib.exeC:\Windows\system32\Igjlibib.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Icqmncof.exeC:\Windows\system32\Icqmncof.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Imnjbhaa.exeC:\Windows\system32\Imnjbhaa.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jnmglk32.exeC:\Windows\system32\Jnmglk32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
-
-
-
C:\Windows\SysWOW64\Janpnfee.exeC:\Windows\system32\Janpnfee.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Japmcfcc.exeC:\Windows\system32\Japmcfcc.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jndmlj32.exeC:\Windows\system32\Jndmlj32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jmijnfgd.exeC:\Windows\system32\Jmijnfgd.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Knifging.exeC:\Windows\system32\Knifging.exe5⤵
- Executes dropped EXE
-
-
-
-
-
C:\Windows\SysWOW64\Kjpgmj32.exeC:\Windows\system32\Kjpgmj32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Khcgfo32.exeC:\Windows\system32\Khcgfo32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kfidgk32.exeC:\Windows\system32\Kfidgk32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Khhaanop.exeC:\Windows\system32\Khhaanop.exe4⤵
- Executes dropped EXE
-
-
-
-
C:\Windows\SysWOW64\Ldanloba.exeC:\Windows\system32\Ldanloba.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Leqkeajd.exeC:\Windows\system32\Leqkeajd.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Laglkb32.exeC:\Windows\system32\Laglkb32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmnlpcel.exeC:\Windows\system32\Lmnlpcel.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Malefbkc.exeC:\Windows\system32\Malefbkc.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Maoakaip.exeC:\Windows\system32\Maoakaip.exe4⤵
- Executes dropped EXE
- Modifies registry class
-
-
-
-
C:\Windows\SysWOW64\Mmebpbod.exeC:\Windows\system32\Mmebpbod.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mackfa32.exeC:\Windows\system32\Mackfa32.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Mhppik32.exeC:\Windows\system32\Mhppik32.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ndfanlpi.exeC:\Windows\system32\Ndfanlpi.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nehjmnei.exeC:\Windows\system32\Nehjmnei.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nejgbn32.exeC:\Windows\system32\Nejgbn32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
-
-
-
C:\Windows\SysWOW64\Nemchn32.exeC:\Windows\system32\Nemchn32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oacdmo32.exeC:\Windows\system32\Oacdmo32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oeamcmmo.exeC:\Windows\system32\Oeamcmmo.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Odgjdibf.exeC:\Windows\system32\Odgjdibf.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oeffnl32.exeC:\Windows\system32\Oeffnl32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ogjpld32.exeC:\Windows\system32\Ogjpld32.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Pgllad32.exeC:\Windows\system32\Pgllad32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Phlikg32.exeC:\Windows\system32\Phlikg32.exe2⤵
-
-
C:\Windows\SysWOW64\Pdbiphhi.exeC:\Windows\system32\Pdbiphhi.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pdeffgff.exeC:\Windows\system32\Pdeffgff.exe2⤵
-
C:\Windows\SysWOW64\Phbolflm.exeC:\Windows\system32\Phbolflm.exe3⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qhekaejj.exeC:\Windows\system32\Qhekaejj.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qhghge32.exeC:\Windows\system32\Qhghge32.exe5⤵
-
-
-
-
-
C:\Windows\SysWOW64\Agmehamp.exeC:\Windows\system32\Agmehamp.exe1⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ailabddb.exeC:\Windows\system32\Ailabddb.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aecbge32.exeC:\Windows\system32\Aecbge32.exe3⤵
-
C:\Windows\SysWOW64\Abgcqjhp.exeC:\Windows\system32\Abgcqjhp.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Afdkfh32.exeC:\Windows\system32\Afdkfh32.exe5⤵
-
C:\Windows\SysWOW64\Bejhhd32.exeC:\Windows\system32\Bejhhd32.exe6⤵
-
C:\Windows\SysWOW64\Bkfmjnii.exeC:\Windows\system32\Bkfmjnii.exe7⤵
-
C:\Windows\SysWOW64\Blkgen32.exeC:\Windows\system32\Blkgen32.exe8⤵
-
C:\Windows\SysWOW64\Clmckmcq.exeC:\Windows\system32\Clmckmcq.exe9⤵
-
C:\Windows\SysWOW64\Cpklql32.exeC:\Windows\system32\Cpklql32.exe10⤵
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Cpmifkgd.exeC:\Windows\system32\Cpmifkgd.exe1⤵
-
C:\Windows\SysWOW64\Cbnbhfde.exeC:\Windows\system32\Cbnbhfde.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cnebmgjj.exeC:\Windows\system32\Cnebmgjj.exe3⤵
-
C:\Windows\SysWOW64\Dbckcf32.exeC:\Windows\system32\Dbckcf32.exe4⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dfqdid32.exeC:\Windows\system32\Dfqdid32.exe5⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Defajqko.exeC:\Windows\system32\Defajqko.exe6⤵
-
C:\Windows\SysWOW64\Dhgjll32.exeC:\Windows\system32\Dhgjll32.exe7⤵
-
C:\Windows\SysWOW64\Ehifak32.exeC:\Windows\system32\Ehifak32.exe8⤵
-
C:\Windows\SysWOW64\Ebagdddp.exeC:\Windows\system32\Ebagdddp.exe9⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ebcdjc32.exeC:\Windows\system32\Ebcdjc32.exe10⤵
-
C:\Windows\SysWOW64\Eojeodga.exeC:\Windows\system32\Eojeodga.exe11⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fgcjea32.exeC:\Windows\system32\Fgcjea32.exe12⤵
-
C:\Windows\SysWOW64\Fidbgm32.exeC:\Windows\system32\Fidbgm32.exe13⤵
-
C:\Windows\SysWOW64\Fhiphi32.exeC:\Windows\system32\Fhiphi32.exe14⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fhllni32.exeC:\Windows\system32\Fhllni32.exe15⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fljedg32.exeC:\Windows\system32\Fljedg32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gllajf32.exeC:\Windows\system32\Gllajf32.exe17⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Ghcbohpp.exeC:\Windows\system32\Ghcbohpp.exe1⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Glqkefff.exeC:\Windows\system32\Glqkefff.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Glchjedc.exeC:\Windows\system32\Glchjedc.exe3⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hpaqqdjj.exeC:\Windows\system32\Hpaqqdjj.exe4⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hlhaee32.exeC:\Windows\system32\Hlhaee32.exe5⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hljnkdnk.exeC:\Windows\system32\Hljnkdnk.exe6⤵
-
C:\Windows\SysWOW64\Hjnndime.exeC:\Windows\system32\Hjnndime.exe7⤵
-
C:\Windows\SysWOW64\Hfeoijbi.exeC:\Windows\system32\Hfeoijbi.exe8⤵
-
C:\Windows\SysWOW64\Cgcmeh32.exeC:\Windows\system32\Cgcmeh32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Decmjjie.exeC:\Windows\system32\Decmjjie.exe10⤵
-
C:\Windows\SysWOW64\Djbbhafj.exeC:\Windows\system32\Djbbhafj.exe11⤵
-
C:\Windows\SysWOW64\Eaqdpjia.exeC:\Windows\system32\Eaqdpjia.exe12⤵
-
C:\Windows\SysWOW64\Ebbmpmnb.exeC:\Windows\system32\Ebbmpmnb.exe13⤵
-
C:\Windows\SysWOW64\Eahjqicj.exeC:\Windows\system32\Eahjqicj.exe14⤵
-
C:\Windows\SysWOW64\Fajgfiag.exeC:\Windows\system32\Fajgfiag.exe15⤵
-
C:\Windows\SysWOW64\Fongpm32.exeC:\Windows\system32\Fongpm32.exe16⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fkehdnee.exeC:\Windows\system32\Fkehdnee.exe17⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Flddoa32.exeC:\Windows\system32\Flddoa32.exe18⤵
-
C:\Windows\SysWOW64\Fiheheka.exeC:\Windows\system32\Fiheheka.exe19⤵
-
C:\Windows\SysWOW64\Feofmf32.exeC:\Windows\system32\Feofmf32.exe20⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gaffbg32.exeC:\Windows\system32\Gaffbg32.exe21⤵
-
C:\Windows\SysWOW64\Golcak32.exeC:\Windows\system32\Golcak32.exe22⤵
-
C:\Windows\SysWOW64\Gooqfkan.exeC:\Windows\system32\Gooqfkan.exe23⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gekeie32.exeC:\Windows\system32\Gekeie32.exe24⤵
-
C:\Windows\SysWOW64\Hahlnefd.exeC:\Windows\system32\Hahlnefd.exe25⤵
-
C:\Windows\SysWOW64\Hakidd32.exeC:\Windows\system32\Hakidd32.exe26⤵
-
C:\Windows\SysWOW64\Iameid32.exeC:\Windows\system32\Iameid32.exe27⤵
-
C:\Windows\SysWOW64\Ieknpb32.exeC:\Windows\system32\Ieknpb32.exe28⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ilgcblnp.exeC:\Windows\system32\Ilgcblnp.exe29⤵
-
C:\Windows\SysWOW64\Jbghpc32.exeC:\Windows\system32\Jbghpc32.exe30⤵
-
C:\Windows\SysWOW64\Jchaoe32.exeC:\Windows\system32\Jchaoe32.exe31⤵
-
C:\Windows\SysWOW64\Jhhgmlli.exeC:\Windows\system32\Jhhgmlli.exe32⤵
-
C:\Windows\SysWOW64\Jhjcbljf.exeC:\Windows\system32\Jhjcbljf.exe33⤵
-
C:\Windows\SysWOW64\Kilphk32.exeC:\Windows\system32\Kilphk32.exe34⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kfpqap32.exeC:\Windows\system32\Kfpqap32.exe35⤵
-
C:\Windows\SysWOW64\Kiajck32.exeC:\Windows\system32\Kiajck32.exe36⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kmobii32.exeC:\Windows\system32\Kmobii32.exe37⤵
-
C:\Windows\SysWOW64\Kmaooihb.exeC:\Windows\system32\Kmaooihb.exe38⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lobhqdec.exeC:\Windows\system32\Lobhqdec.exe39⤵
-
C:\Windows\SysWOW64\Midoph32.exeC:\Windows\system32\Midoph32.exe40⤵
-
C:\Windows\SysWOW64\Mlgegcng.exeC:\Windows\system32\Mlgegcng.exe41⤵
-
C:\Windows\SysWOW64\Mpenmadn.exeC:\Windows\system32\Mpenmadn.exe42⤵
-
C:\Windows\SysWOW64\Okodlgbl.exeC:\Windows\system32\Okodlgbl.exe43⤵
-
C:\Windows\SysWOW64\Pignccea.exeC:\Windows\system32\Pignccea.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pcfhlh32.exeC:\Windows\system32\Pcfhlh32.exe45⤵
-
C:\Windows\SysWOW64\Alfcflfb.exeC:\Windows\system32\Alfcflfb.exe46⤵
-
C:\Windows\SysWOW64\Agndidce.exeC:\Windows\system32\Agndidce.exe47⤵
-
C:\Windows\SysWOW64\Bgbmdd32.exeC:\Windows\system32\Bgbmdd32.exe48⤵
-
C:\Windows\SysWOW64\Bkpfjb32.exeC:\Windows\system32\Bkpfjb32.exe49⤵
-
C:\Windows\SysWOW64\Bkepeaaa.exeC:\Windows\system32\Bkepeaaa.exe50⤵
-
C:\Windows\SysWOW64\Ckiipa32.exeC:\Windows\system32\Ckiipa32.exe51⤵
-
C:\Windows\SysWOW64\Cqkkcghn.exeC:\Windows\system32\Cqkkcghn.exe52⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ddkpoelb.exeC:\Windows\system32\Ddkpoelb.exe53⤵
-
C:\Windows\SysWOW64\Endnohdp.exeC:\Windows\system32\Endnohdp.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Emikpeig.exeC:\Windows\system32\Emikpeig.exe55⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ejmkiiha.exeC:\Windows\system32\Ejmkiiha.exe56⤵
-
C:\Windows\SysWOW64\Fmndkd32.exeC:\Windows\system32\Fmndkd32.exe57⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fegiba32.exeC:\Windows\system32\Fegiba32.exe58⤵
-
C:\Windows\SysWOW64\Fhhaclqc.exeC:\Windows\system32\Fhhaclqc.exe59⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fdobhm32.exeC:\Windows\system32\Fdobhm32.exe60⤵
-
C:\Windows\SysWOW64\Genobp32.exeC:\Windows\system32\Genobp32.exe61⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gmjcgb32.exeC:\Windows\system32\Gmjcgb32.exe62⤵
-
C:\Windows\SysWOW64\Gmlplbib.exeC:\Windows\system32\Gmlplbib.exe63⤵
-
C:\Windows\SysWOW64\Gjpaffhl.exeC:\Windows\system32\Gjpaffhl.exe64⤵
-
C:\Windows\SysWOW64\Gonilenb.exeC:\Windows\system32\Gonilenb.exe65⤵
-
C:\Windows\SysWOW64\Hmcfma32.exeC:\Windows\system32\Hmcfma32.exe66⤵
-
C:\Windows\SysWOW64\Hdokok32.exeC:\Windows\system32\Hdokok32.exe67⤵
-
C:\Windows\SysWOW64\Hmjmnpmb.exeC:\Windows\system32\Hmjmnpmb.exe68⤵
-
C:\Windows\SysWOW64\Hknmgd32.exeC:\Windows\system32\Hknmgd32.exe69⤵
-
C:\Windows\SysWOW64\Iajbinaf.exeC:\Windows\system32\Iajbinaf.exe70⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Idkkki32.exeC:\Windows\system32\Idkkki32.exe71⤵
-
C:\Windows\SysWOW64\Ihicah32.exeC:\Windows\system32\Ihicah32.exe72⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jklihbol.exeC:\Windows\system32\Jklihbol.exe73⤵
-
C:\Windows\SysWOW64\Kbfjljhf.exeC:\Windows\system32\Kbfjljhf.exe74⤵
-
C:\Windows\SysWOW64\Kkaljpmd.exeC:\Windows\system32\Kkaljpmd.exe75⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lnbdlkje.exeC:\Windows\system32\Lnbdlkje.exe76⤵
-
C:\Windows\SysWOW64\Lmeapbpa.exeC:\Windows\system32\Lmeapbpa.exe77⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lnikmjdm.exeC:\Windows\system32\Lnikmjdm.exe78⤵
-
C:\Windows\SysWOW64\Lnkgbibj.exeC:\Windows\system32\Lnkgbibj.exe79⤵
-
C:\Windows\SysWOW64\Niohap32.exeC:\Windows\system32\Niohap32.exe80⤵
-
C:\Windows\SysWOW64\Nejbaqgo.exeC:\Windows\system32\Nejbaqgo.exe81⤵
-
C:\Windows\SysWOW64\Oihkgo32.exeC:\Windows\system32\Oihkgo32.exe82⤵
-
C:\Windows\SysWOW64\Ofnhfbjl.exeC:\Windows\system32\Ofnhfbjl.exe83⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Opkfjgmh.exeC:\Windows\system32\Opkfjgmh.exe84⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Plbfohbl.exeC:\Windows\system32\Plbfohbl.exe85⤵
-
C:\Windows\SysWOW64\Pbokab32.exeC:\Windows\system32\Pbokab32.exe86⤵
-
C:\Windows\SysWOW64\Pikqcl32.exeC:\Windows\system32\Pikqcl32.exe87⤵
-
C:\Windows\SysWOW64\Pimmil32.exeC:\Windows\system32\Pimmil32.exe88⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qlpcpffl.exeC:\Windows\system32\Qlpcpffl.exe89⤵
-
C:\Windows\SysWOW64\Apqhldjp.exeC:\Windows\system32\Apqhldjp.exe90⤵
-
C:\Windows\SysWOW64\Acaanp32.exeC:\Windows\system32\Acaanp32.exe91⤵
-
C:\Windows\SysWOW64\Accnco32.exeC:\Windows\system32\Accnco32.exe92⤵
-
C:\Windows\SysWOW64\Bipcei32.exeC:\Windows\system32\Bipcei32.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bnnklg32.exeC:\Windows\system32\Bnnklg32.exe94⤵
-
C:\Windows\SysWOW64\Bcmqin32.exeC:\Windows\system32\Bcmqin32.exe95⤵
-
C:\Windows\SysWOW64\Cnealfkf.exeC:\Windows\system32\Cnealfkf.exe96⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dnjdncio.exeC:\Windows\system32\Dnjdncio.exe97⤵
-
C:\Windows\SysWOW64\Fceihh32.exeC:\Windows\system32\Fceihh32.exe98⤵
-
C:\Windows\SysWOW64\Fnmjkahi.exeC:\Windows\system32\Fnmjkahi.exe99⤵
-
C:\Windows\SysWOW64\Fnofpqff.exeC:\Windows\system32\Fnofpqff.exe100⤵
-
C:\Windows\SysWOW64\Fapobl32.exeC:\Windows\system32\Fapobl32.exe101⤵
-
C:\Windows\SysWOW64\Gmfpgmil.exeC:\Windows\system32\Gmfpgmil.exe102⤵
-
C:\Windows\SysWOW64\Gcceifof.exeC:\Windows\system32\Gcceifof.exe103⤵
-
C:\Windows\SysWOW64\Ghanoeel.exeC:\Windows\system32\Ghanoeel.exe104⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ghcjedcj.exeC:\Windows\system32\Ghcjedcj.exe105⤵
-
C:\Windows\SysWOW64\Hmbpbk32.exeC:\Windows\system32\Hmbpbk32.exe106⤵
-
C:\Windows\SysWOW64\Hpchdf32.exeC:\Windows\system32\Hpchdf32.exe107⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hpeejfjm.exeC:\Windows\system32\Hpeejfjm.exe108⤵
-
C:\Windows\SysWOW64\Hphbpehj.exeC:\Windows\system32\Hphbpehj.exe109⤵
-
C:\Windows\SysWOW64\Ipjoee32.exeC:\Windows\system32\Ipjoee32.exe110⤵
-
C:\Windows\SysWOW64\Iajkohmj.exeC:\Windows\system32\Iajkohmj.exe111⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ifipmo32.exeC:\Windows\system32\Ifipmo32.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Idmafc32.exeC:\Windows\system32\Idmafc32.exe113⤵
-
C:\Windows\SysWOW64\Ipcakd32.exeC:\Windows\system32\Ipcakd32.exe114⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jmjojh32.exeC:\Windows\system32\Jmjojh32.exe115⤵
-
C:\Windows\SysWOW64\Jmlkpgia.exeC:\Windows\system32\Jmlkpgia.exe116⤵
-
C:\Windows\SysWOW64\Jajdff32.exeC:\Windows\system32\Jajdff32.exe117⤵
-
C:\Windows\SysWOW64\Jalakeme.exeC:\Windows\system32\Jalakeme.exe118⤵
-
C:\Windows\SysWOW64\Kpanmb32.exeC:\Windows\system32\Kpanmb32.exe119⤵
-
C:\Windows\SysWOW64\Kdpfbp32.exeC:\Windows\system32\Kdpfbp32.exe120⤵
-
C:\Windows\SysWOW64\Kpfggang.exeC:\Windows\system32\Kpfggang.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-