Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
132s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
02/11/2023, 16:53
General
-
Target
NEAS.fdfd3997a8d725434e49046ba67e7bd0.exe
-
Size
96KB
-
MD5
fdfd3997a8d725434e49046ba67e7bd0
-
SHA1
6a8b4d28fcad4d64e757471a4241c0cdee850f4b
-
SHA256
43aacc0b8ec60b4c470038072932aa9cb330a9ce2bbfcf891950aaf8a70a875c
-
SHA512
6c64b609d2bd4446a85c3ed6d43925dba88b245c8fb9ae2077b2247520ae049d04ab56bd7a425ed973637aed1db13cacb22369859ef9de7b3ab5ad73234086fe
-
SSDEEP
1536:a5aKCevf5m/HsA2axbJ507k8jcqUmKu14bm/T4L/38kTmDuxhZ1OduV9jojTIvj7:rhevfba50xUmb14bm/T4L/38ioO9Od6L
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.fdfd3997a8d725434e49046ba67e7bd0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.fdfd3997a8d725434e49046ba67e7bd0.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dedkogqm.exeC:\Windows\system32\Dedkogqm.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fdhail32.exeC:\Windows\system32\Fdhail32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fgncff32.exeC:\Windows\system32\Fgncff32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gqkajk32.exeC:\Windows\system32\Gqkajk32.exe5⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hqddqj32.exeC:\Windows\system32\Hqddqj32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Igneda32.exeC:\Windows\system32\Igneda32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jmbdmg32.exeC:\Windows\system32\Jmbdmg32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jmijnfgd.exeC:\Windows\system32\Jmijnfgd.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kagbdenk.exeC:\Windows\system32\Kagbdenk.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ljkghi32.exeC:\Windows\system32\Ljkghi32.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Loiong32.exeC:\Windows\system32\Loiong32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mhhjhlqm.exeC:\Windows\system32\Mhhjhlqm.exe13⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nejgbn32.exeC:\Windows\system32\Nejgbn32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oolnabal.exeC:\Windows\system32\Oolnabal.exe15⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pnknim32.exeC:\Windows\system32\Pnknim32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qhghge32.exeC:\Windows\system32\Qhghge32.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Afdkfh32.exeC:\Windows\system32\Afdkfh32.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bfghlhmd.exeC:\Windows\system32\Bfghlhmd.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bnicai32.exeC:\Windows\system32\Bnicai32.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cgagjo32.exeC:\Windows\system32\Cgagjo32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Chinkndp.exeC:\Windows\system32\Chinkndp.exe22⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dbckcf32.exeC:\Windows\system32\Dbckcf32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dbehienn.exeC:\Windows\system32\Dbehienn.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dhdmfljb.exeC:\Windows\system32\Dhdmfljb.exe25⤵
- Executes dropped EXE
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Eipilmgh.exeC:\Windows\system32\Eipilmgh.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fefjanml.exeC:\Windows\system32\Fefjanml.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fifomlap.exeC:\Windows\system32\Fifomlap.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fgmllpng.exeC:\Windows\system32\Fgmllpng.exe4⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gohapb32.exeC:\Windows\system32\Gohapb32.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gomkkagl.exeC:\Windows\system32\Gomkkagl.exe6⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gplged32.exeC:\Windows\system32\Gplged32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gjghdj32.exeC:\Windows\system32\Gjghdj32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hcdfho32.exeC:\Windows\system32\Hcdfho32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hcfcmnce.exeC:\Windows\system32\Hcfcmnce.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hjbhph32.exeC:\Windows\system32\Hjbhph32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ihjafd32.exeC:\Windows\system32\Ihjafd32.exe12⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jjqdafmp.exeC:\Windows\system32\Jjqdafmp.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jjemle32.exeC:\Windows\system32\Jjemle32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kaflio32.exeC:\Windows\system32\Kaflio32.exe15⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kjopbd32.exeC:\Windows\system32\Kjopbd32.exe16⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lmdbooik.exeC:\Windows\system32\Lmdbooik.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lfaqcclf.exeC:\Windows\system32\Lfaqcclf.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lcealh32.exeC:\Windows\system32\Lcealh32.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Maeaajpl.exeC:\Windows\system32\Maeaajpl.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nmnnlk32.exeC:\Windows\system32\Nmnnlk32.exe21⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ngklppei.exeC:\Windows\system32\Ngklppei.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Omlkmign.exeC:\Windows\system32\Omlkmign.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pgkegn32.exeC:\Windows\system32\Pgkegn32.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pgnblm32.exeC:\Windows\system32\Pgnblm32.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qpkppbho.exeC:\Windows\system32\Qpkppbho.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Akenij32.exeC:\Windows\system32\Akenij32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aglnnkid.exeC:\Windows\system32\Aglnnkid.exe28⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ahngmnnd.exeC:\Windows\system32\Ahngmnnd.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Addhbo32.exeC:\Windows\system32\Addhbo32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bkamdi32.exeC:\Windows\system32\Bkamdi32.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bqnemp32.exeC:\Windows\system32\Bqnemp32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cjomldfp.exeC:\Windows\system32\Cjomldfp.exe33⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dnghhqdk.exeC:\Windows\system32\Dnghhqdk.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dbgndoho.exeC:\Windows\system32\Dbgndoho.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dbijinfl.exeC:\Windows\system32\Dbijinfl.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ejkenpnp.exeC:\Windows\system32\Ejkenpnp.exe37⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fhbbmc32.exeC:\Windows\system32\Fhbbmc32.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Flpkcbqm.exeC:\Windows\system32\Flpkcbqm.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Faamghko.exeC:\Windows\system32\Faamghko.exe40⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Giddddad.exeC:\Windows\system32\Giddddad.exe41⤵
-
C:\Windows\SysWOW64\Gkeakl32.exeC:\Windows\system32\Gkeakl32.exe42⤵
-
C:\Windows\SysWOW64\Hifaic32.exeC:\Windows\system32\Hifaic32.exe43⤵
-
C:\Windows\SysWOW64\Hlnqln32.exeC:\Windows\system32\Hlnqln32.exe44⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ikjcmi32.exeC:\Windows\system32\Ikjcmi32.exe45⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mlbllc32.exeC:\Windows\system32\Mlbllc32.exe46⤵
-
C:\Windows\SysWOW64\Mboqnm32.exeC:\Windows\system32\Mboqnm32.exe47⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Olgnnqpe.exeC:\Windows\system32\Olgnnqpe.exe48⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Odcojm32.exeC:\Windows\system32\Odcojm32.exe49⤵
-
C:\Windows\SysWOW64\Olqqdo32.exeC:\Windows\system32\Olqqdo32.exe50⤵
-
C:\Windows\SysWOW64\Ppoijn32.exeC:\Windows\system32\Ppoijn32.exe51⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ppafpm32.exeC:\Windows\system32\Ppafpm32.exe52⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pcfhlh32.exeC:\Windows\system32\Pcfhlh32.exe53⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qpjifl32.exeC:\Windows\system32\Qpjifl32.exe54⤵
-
C:\Windows\SysWOW64\Qnniopcm.exeC:\Windows\system32\Qnniopcm.exe55⤵
-
C:\Windows\SysWOW64\Acmomgoa.exeC:\Windows\system32\Acmomgoa.exe56⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Acpkbf32.exeC:\Windows\system32\Acpkbf32.exe57⤵
-
C:\Windows\SysWOW64\Acgacegg.exeC:\Windows\system32\Acgacegg.exe58⤵
-
C:\Windows\SysWOW64\Bqdechnf.exeC:\Windows\system32\Bqdechnf.exe59⤵
-
C:\Windows\SysWOW64\Ckiipa32.exeC:\Windows\system32\Ckiipa32.exe60⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cklffq32.exeC:\Windows\system32\Cklffq32.exe61⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cqinng32.exeC:\Windows\system32\Cqinng32.exe62⤵
-
C:\Windows\SysWOW64\Cdicje32.exeC:\Windows\system32\Cdicje32.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cnahbk32.exeC:\Windows\system32\Cnahbk32.exe64⤵
-
C:\Windows\SysWOW64\Dcnqkb32.exeC:\Windows\system32\Dcnqkb32.exe65⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dncehk32.exeC:\Windows\system32\Dncehk32.exe66⤵
-
C:\Windows\SysWOW64\Dcqmpa32.exeC:\Windows\system32\Dcqmpa32.exe67⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dnfanjqp.exeC:\Windows\system32\Dnfanjqp.exe68⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dccjfaog.exeC:\Windows\system32\Dccjfaog.exe69⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dcegkamd.exeC:\Windows\system32\Dcegkamd.exe70⤵
-
C:\Windows\SysWOW64\Dnkkij32.exeC:\Windows\system32\Dnkkij32.exe71⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ekahhn32.exeC:\Windows\system32\Ekahhn32.exe72⤵
-
C:\Windows\SysWOW64\Ekeacmel.exeC:\Windows\system32\Ekeacmel.exe73⤵
-
C:\Windows\SysWOW64\Fcjimnjl.exeC:\Windows\system32\Fcjimnjl.exe74⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hejono32.exeC:\Windows\system32\Hejono32.exe75⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Hkggfe32.exeC:\Windows\system32\Hkggfe32.exe76⤵
-
C:\Windows\SysWOW64\Hhpaki32.exeC:\Windows\system32\Hhpaki32.exe77⤵
-
C:\Windows\SysWOW64\Hoiihcde.exeC:\Windows\system32\Hoiihcde.exe78⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Imabnofj.exeC:\Windows\system32\Imabnofj.exe79⤵
-
C:\Windows\SysWOW64\Ioqohb32.exeC:\Windows\system32\Ioqohb32.exe80⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jdgjgh32.exeC:\Windows\system32\Jdgjgh32.exe81⤵
-
C:\Windows\SysWOW64\Jkcpia32.exeC:\Windows\system32\Jkcpia32.exe82⤵
-
C:\Windows\SysWOW64\Jnalem32.exeC:\Windows\system32\Jnalem32.exe83⤵
-
C:\Windows\SysWOW64\Khlinedh.exeC:\Windows\system32\Khlinedh.exe84⤵
-
C:\Windows\SysWOW64\Knhbflbp.exeC:\Windows\system32\Knhbflbp.exe85⤵
-
C:\Windows\SysWOW64\Kdbjbfjl.exeC:\Windows\system32\Kdbjbfjl.exe86⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kohnpoib.exeC:\Windows\system32\Kohnpoib.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kdeghfhj.exeC:\Windows\system32\Kdeghfhj.exe88⤵
-
C:\Windows\SysWOW64\Kfdcbiol.exeC:\Windows\system32\Kfdcbiol.exe89⤵
-
C:\Windows\SysWOW64\Komhkn32.exeC:\Windows\system32\Komhkn32.exe90⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lhelddln.exeC:\Windows\system32\Lhelddln.exe91⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mmaakpfd.exeC:\Windows\system32\Mmaakpfd.exe92⤵
-
C:\Windows\SysWOW64\Mnbnchlb.exeC:\Windows\system32\Mnbnchlb.exe93⤵
-
C:\Windows\SysWOW64\Mbbcofpf.exeC:\Windows\system32\Mbbcofpf.exe94⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Npkmcj32.exeC:\Windows\system32\Npkmcj32.exe95⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Obnbjdfi.exeC:\Windows\system32\Obnbjdfi.exe96⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Omhpcm32.exeC:\Windows\system32\Omhpcm32.exe97⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Opkfjgmh.exeC:\Windows\system32\Opkfjgmh.exe98⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Plbfohbl.exeC:\Windows\system32\Plbfohbl.exe99⤵
-
C:\Windows\SysWOW64\Pfhklabb.exeC:\Windows\system32\Pfhklabb.exe100⤵
-
C:\Windows\SysWOW64\Pmiijjcf.exeC:\Windows\system32\Pmiijjcf.exe101⤵
-
C:\Windows\SysWOW64\Amblpikl.exeC:\Windows\system32\Amblpikl.exe102⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bckddn32.exeC:\Windows\system32\Bckddn32.exe103⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Blchmdff.exeC:\Windows\system32\Blchmdff.exe104⤵
-
C:\Windows\SysWOW64\Bjgifhep.exeC:\Windows\system32\Bjgifhep.exe105⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bpaacblm.exeC:\Windows\system32\Bpaacblm.exe106⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dncnnd32.exeC:\Windows\system32\Dncnnd32.exe107⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dgkbfjeg.exeC:\Windows\system32\Dgkbfjeg.exe108⤵
-
C:\Windows\SysWOW64\Egeemiml.exeC:\Windows\system32\Egeemiml.exe109⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Emanepld.exeC:\Windows\system32\Emanepld.exe110⤵
-
C:\Windows\SysWOW64\Efjbne32.exeC:\Windows\system32\Efjbne32.exe111⤵
-
C:\Windows\SysWOW64\Ecnbgian.exeC:\Windows\system32\Ecnbgian.exe112⤵
-
C:\Windows\SysWOW64\Encgdbqd.exeC:\Windows\system32\Encgdbqd.exe113⤵
-
C:\Windows\SysWOW64\Ecpomiok.exeC:\Windows\system32\Ecpomiok.exe114⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Eqdpfm32.exeC:\Windows\system32\Eqdpfm32.exe115⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fceihh32.exeC:\Windows\system32\Fceihh32.exe116⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Fnjmea32.exeC:\Windows\system32\Fnjmea32.exe117⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fplimi32.exeC:\Windows\system32\Fplimi32.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fmpjfn32.exeC:\Windows\system32\Fmpjfn32.exe119⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ffhnocfd.exeC:\Windows\system32\Ffhnocfd.exe120⤵
-
C:\Windows\SysWOW64\Fanbll32.exeC:\Windows\system32\Fanbll32.exe121⤵
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-