Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
02/11/2023, 16:52
General
-
Target
NEAS.edc4f864dda2874d9daccc80e81ad2f0.exe
-
Size
388KB
-
MD5
edc4f864dda2874d9daccc80e81ad2f0
-
SHA1
d7f4f180d8a5fac5219103c3ceb4e475d0eda7a3
-
SHA256
3312cddc0d09292fbc49d1092ca240e4793b692f4877036d026713e0637ad33e
-
SHA512
a8f81db875d1c27372e03f11950a4b42dd7ce919d01f5c3377af95b40dab2101e1d7406f635338952f5233df931da254b99e03ed9c25d9c6d843de3cb3c02d83
-
SSDEEP
3072:7hcf8J4jbVXI6jN7oXSyIigSeDqIsKEYWyPVBwenSVGZ3Odl2:7obV46jN8XrIigpD6HYW0VBLSkOi
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.edc4f864dda2874d9daccc80e81ad2f0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.edc4f864dda2874d9daccc80e81ad2f0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bnkgeg32.exeC:\Windows\system32\Bnkgeg32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bchomn32.exeC:\Windows\system32\Bchomn32.exe3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bnmcjg32.exeC:\Windows\system32\Bnmcjg32.exe4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
-
-
-
C:\Windows\SysWOW64\Bgehcmmm.exeC:\Windows\system32\Bgehcmmm.exe1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bnbmefbg.exeC:\Windows\system32\Bnbmefbg.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cmgjgcgo.exeC:\Windows\system32\Cmgjgcgo.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cmiflbel.exeC:\Windows\system32\Cmiflbel.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cnicfe32.exeC:\Windows\system32\Cnicfe32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cmnpgb32.exeC:\Windows\system32\Cmnpgb32.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cjbpaf32.exeC:\Windows\system32\Cjbpaf32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ddjejl32.exeC:\Windows\system32\Ddjejl32.exe8⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Danecp32.exeC:\Windows\system32\Danecp32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Daqbip32.exeC:\Windows\system32\Daqbip32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dfnjafap.exeC:\Windows\system32\Dfnjafap.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dhmgki32.exeC:\Windows\system32\Dhmgki32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dddhpjof.exeC:\Windows\system32\Dddhpjof.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Doilmc32.exeC:\Windows\system32\Doilmc32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Plejdkmm.exeC:\Windows\system32\Plejdkmm.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pemomqcn.exeC:\Windows\system32\Pemomqcn.exe16⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Qkjgegae.exeC:\Windows\system32\Qkjgegae.exe1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qkmdkgob.exeC:\Windows\system32\Qkmdkgob.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Allpejfe.exeC:\Windows\system32\Allpejfe.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Aaiimadl.exeC:\Windows\system32\Aaiimadl.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Akamff32.exeC:\Windows\system32\Akamff32.exe2⤵
- Executes dropped EXE
- Modifies registry class
-
-
C:\Windows\SysWOW64\Ahenokjf.exeC:\Windows\system32\Ahenokjf.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ackbmcjl.exeC:\Windows\system32\Ackbmcjl.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Alcfei32.exeC:\Windows\system32\Alcfei32.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Abbkcpma.exeC:\Windows\system32\Abbkcpma.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Boflmdkk.exeC:\Windows\system32\Boflmdkk.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bjnmpl32.exeC:\Windows\system32\Bjnmpl32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bhcjqinf.exeC:\Windows\system32\Bhcjqinf.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bmabggdm.exeC:\Windows\system32\Bmabggdm.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cmcolgbj.exeC:\Windows\system32\Cmcolgbj.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cfldelik.exeC:\Windows\system32\Cfldelik.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckilmcgb.exeC:\Windows\system32\Ckilmcgb.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cfnqklgh.exeC:\Windows\system32\Cfnqklgh.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cofecami.exeC:\Windows\system32\Cofecami.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cioilg32.exeC:\Windows\system32\Cioilg32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cbgnemjj.exeC:\Windows\system32\Cbgnemjj.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Coknoaic.exeC:\Windows\system32\Coknoaic.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dfefkkqp.exeC:\Windows\system32\Dfefkkqp.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dkbocbog.exeC:\Windows\system32\Dkbocbog.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Djcoai32.exeC:\Windows\system32\Djcoai32.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dckdjomg.exeC:\Windows\system32\Dckdjomg.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dihlbf32.exeC:\Windows\system32\Dihlbf32.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dpbdopck.exeC:\Windows\system32\Dpbdopck.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dflmlj32.exeC:\Windows\system32\Dflmlj32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dlieda32.exeC:\Windows\system32\Dlieda32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dbcmakpl.exeC:\Windows\system32\Dbcmakpl.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dmhand32.exeC:\Windows\system32\Dmhand32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Emkndc32.exeC:\Windows\system32\Emkndc32.exe24⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ecefqnel.exeC:\Windows\system32\Ecefqnel.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Efccmidp.exeC:\Windows\system32\Efccmidp.exe26⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Elpkep32.exeC:\Windows\system32\Elpkep32.exe27⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Anijjkbj.exeC:\Windows\system32\Anijjkbj.exe9⤵
-
C:\Windows\SysWOW64\Aohfdnil.exeC:\Windows\system32\Aohfdnil.exe10⤵
-
C:\Windows\SysWOW64\Aeeomegd.exeC:\Windows\system32\Aeeomegd.exe11⤵
-
C:\Windows\SysWOW64\Afdkfh32.exeC:\Windows\system32\Afdkfh32.exe12⤵
-
C:\Windows\SysWOW64\Bgfhnpde.exeC:\Windows\system32\Bgfhnpde.exe13⤵
-
C:\Windows\SysWOW64\Bfghlhmd.exeC:\Windows\system32\Bfghlhmd.exe14⤵
-
C:\Windows\SysWOW64\Bkdqdokk.exeC:\Windows\system32\Bkdqdokk.exe15⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Belemd32.exeC:\Windows\system32\Belemd32.exe16⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bngfli32.exeC:\Windows\system32\Bngfli32.exe17⤵
-
C:\Windows\SysWOW64\Bfnnmg32.exeC:\Windows\system32\Bfnnmg32.exe18⤵
-
C:\Windows\SysWOW64\Bnicai32.exeC:\Windows\system32\Bnicai32.exe19⤵
-
C:\Windows\SysWOW64\Clmckmcq.exeC:\Windows\system32\Clmckmcq.exe20⤵
-
C:\Windows\SysWOW64\Cbglgg32.exeC:\Windows\system32\Cbglgg32.exe21⤵
-
C:\Windows\SysWOW64\Cbihmg32.exeC:\Windows\system32\Cbihmg32.exe22⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cicqja32.exeC:\Windows\system32\Cicqja32.exe23⤵
-
C:\Windows\SysWOW64\Cpmifkgd.exeC:\Windows\system32\Cpmifkgd.exe24⤵
-
C:\Windows\SysWOW64\Cblebgfh.exeC:\Windows\system32\Cblebgfh.exe25⤵
-
C:\Windows\SysWOW64\Cifmoa32.exeC:\Windows\system32\Cifmoa32.exe26⤵
-
C:\Windows\SysWOW64\Cppelkeb.exeC:\Windows\system32\Cppelkeb.exe27⤵
-
C:\Windows\SysWOW64\Chkjpm32.exeC:\Windows\system32\Chkjpm32.exe28⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Deokja32.exeC:\Windows\system32\Deokja32.exe29⤵
-
C:\Windows\SysWOW64\Dimcppgm.exeC:\Windows\system32\Dimcppgm.exe30⤵
-
C:\Windows\SysWOW64\Dpglmjoj.exeC:\Windows\system32\Dpglmjoj.exe31⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dlnlak32.exeC:\Windows\system32\Dlnlak32.exe32⤵
-
C:\Windows\SysWOW64\Diamko32.exeC:\Windows\system32\Diamko32.exe33⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Abponp32.exeC:\Windows\system32\Abponp32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Efepbi32.exeC:\Windows\system32\Efepbi32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eciplm32.exeC:\Windows\system32\Eciplm32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ejchhgid.exeC:\Windows\system32\Ejchhgid.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eclmamod.exeC:\Windows\system32\Eclmamod.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbajbi32.exeC:\Windows\system32\Fbajbi32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fpejlmcf.exeC:\Windows\system32\Fpejlmcf.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ffobhg32.exeC:\Windows\system32\Ffobhg32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Fllkqn32.exeC:\Windows\system32\Fllkqn32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fjmkoeqi.exeC:\Windows\system32\Fjmkoeqi.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fpjcgm32.exeC:\Windows\system32\Fpjcgm32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ffclcgfn.exeC:\Windows\system32\Ffclcgfn.exe11⤵
-
C:\Windows\SysWOW64\Flqdlnde.exeC:\Windows\system32\Flqdlnde.exe12⤵
-
C:\Windows\SysWOW64\Fffhifdk.exeC:\Windows\system32\Fffhifdk.exe13⤵
-
C:\Windows\SysWOW64\Gpnmbl32.exeC:\Windows\system32\Gpnmbl32.exe14⤵
-
C:\Windows\SysWOW64\Gfheof32.exeC:\Windows\system32\Gfheof32.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gigaka32.exeC:\Windows\system32\Gigaka32.exe16⤵
-
C:\Windows\SysWOW64\Gdlfhj32.exeC:\Windows\system32\Gdlfhj32.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Giinpa32.exeC:\Windows\system32\Giinpa32.exe18⤵
-
C:\Windows\SysWOW64\Gpcfmkff.exeC:\Windows\system32\Gpcfmkff.exe19⤵
-
C:\Windows\SysWOW64\Gfmojenc.exeC:\Windows\system32\Gfmojenc.exe20⤵
-
C:\Windows\SysWOW64\Gpecbk32.exeC:\Windows\system32\Gpecbk32.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gfokoelp.exeC:\Windows\system32\Gfokoelp.exe22⤵
-
C:\Windows\SysWOW64\Gphphj32.exeC:\Windows\system32\Gphphj32.exe23⤵
-
C:\Windows\SysWOW64\Gbfldf32.exeC:\Windows\system32\Gbfldf32.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gipdap32.exeC:\Windows\system32\Gipdap32.exe25⤵
-
C:\Windows\SysWOW64\Hbhijepa.exeC:\Windows\system32\Hbhijepa.exe26⤵
-
C:\Windows\SysWOW64\Hplicjok.exeC:\Windows\system32\Hplicjok.exe27⤵
-
C:\Windows\SysWOW64\Hgfapd32.exeC:\Windows\system32\Hgfapd32.exe28⤵
-
C:\Windows\SysWOW64\Hlcjhkdp.exeC:\Windows\system32\Hlcjhkdp.exe29⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hmbfbn32.exeC:\Windows\system32\Hmbfbn32.exe30⤵
-
C:\Windows\SysWOW64\Hdmoohbo.exeC:\Windows\system32\Hdmoohbo.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hkfglb32.exeC:\Windows\system32\Hkfglb32.exe32⤵
-
C:\Windows\SysWOW64\Hlhccj32.exeC:\Windows\system32\Hlhccj32.exe33⤵
-
C:\Windows\SysWOW64\Ipflihfq.exeC:\Windows\system32\Ipflihfq.exe34⤵
-
C:\Windows\SysWOW64\Iphioh32.exeC:\Windows\system32\Iphioh32.exe35⤵
-
C:\Windows\SysWOW64\Iknmla32.exeC:\Windows\system32\Iknmla32.exe36⤵
-
C:\Windows\SysWOW64\Jpaleglc.exeC:\Windows\system32\Jpaleglc.exe37⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jcphab32.exeC:\Windows\system32\Jcphab32.exe38⤵
-
C:\Windows\SysWOW64\Jnelok32.exeC:\Windows\system32\Jnelok32.exe39⤵
-
C:\Windows\SysWOW64\Jpdhkf32.exeC:\Windows\system32\Jpdhkf32.exe40⤵
-
C:\Windows\SysWOW64\Jcbdgb32.exeC:\Windows\system32\Jcbdgb32.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jnhidk32.exeC:\Windows\system32\Jnhidk32.exe42⤵
-
C:\Windows\SysWOW64\Jcdala32.exeC:\Windows\system32\Jcdala32.exe43⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jjoiil32.exeC:\Windows\system32\Jjoiil32.exe44⤵
-
C:\Windows\SysWOW64\Jqhafffk.exeC:\Windows\system32\Jqhafffk.exe45⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jgbjbp32.exeC:\Windows\system32\Jgbjbp32.exe46⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jnlbojee.exeC:\Windows\system32\Jnlbojee.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Jdfjld32.exeC:\Windows\system32\Jdfjld32.exe48⤵
-
C:\Windows\SysWOW64\Kkpbin32.exeC:\Windows\system32\Kkpbin32.exe49⤵
-
C:\Windows\SysWOW64\Kqmkae32.exeC:\Windows\system32\Kqmkae32.exe50⤵
-
C:\Windows\SysWOW64\Kggcnoic.exeC:\Windows\system32\Kggcnoic.exe51⤵
-
C:\Windows\SysWOW64\Knalji32.exeC:\Windows\system32\Knalji32.exe52⤵
-
C:\Windows\SysWOW64\Kcndbp32.exeC:\Windows\system32\Kcndbp32.exe53⤵
-
C:\Windows\SysWOW64\Knchpiom.exeC:\Windows\system32\Knchpiom.exe54⤵
-
C:\Windows\SysWOW64\Kdmqmc32.exeC:\Windows\system32\Kdmqmc32.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kjjiej32.exeC:\Windows\system32\Kjjiej32.exe56⤵
-
C:\Windows\SysWOW64\Kqdaadln.exeC:\Windows\system32\Kqdaadln.exe57⤵
-
C:\Windows\SysWOW64\Kmkbfeab.exeC:\Windows\system32\Kmkbfeab.exe58⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ljobpiql.exeC:\Windows\system32\Ljobpiql.exe59⤵
-
C:\Windows\SysWOW64\Lqikmc32.exeC:\Windows\system32\Lqikmc32.exe60⤵
-
C:\Windows\SysWOW64\Lknojl32.exeC:\Windows\system32\Lknojl32.exe61⤵
-
C:\Windows\SysWOW64\Lqkgbcff.exeC:\Windows\system32\Lqkgbcff.exe62⤵
-
C:\Windows\SysWOW64\Lgepom32.exeC:\Windows\system32\Lgepom32.exe63⤵
-
C:\Windows\SysWOW64\Lqndhcdc.exeC:\Windows\system32\Lqndhcdc.exe64⤵
-
C:\Windows\SysWOW64\Lclpdncg.exeC:\Windows\system32\Lclpdncg.exe65⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lnadagbm.exeC:\Windows\system32\Lnadagbm.exe66⤵
-
C:\Windows\SysWOW64\Lkeekk32.exeC:\Windows\system32\Lkeekk32.exe67⤵
-
C:\Windows\SysWOW64\Mjkblhfo.exeC:\Windows\system32\Mjkblhfo.exe68⤵
-
C:\Windows\SysWOW64\Mminhceb.exeC:\Windows\system32\Mminhceb.exe69⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mgobel32.exeC:\Windows\system32\Mgobel32.exe70⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mnhkbfme.exeC:\Windows\system32\Mnhkbfme.exe71⤵
-
C:\Windows\SysWOW64\Mebcop32.exeC:\Windows\system32\Mebcop32.exe72⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mkmkkjko.exeC:\Windows\system32\Mkmkkjko.exe73⤵
-
C:\Windows\SysWOW64\Maiccajf.exeC:\Windows\system32\Maiccajf.exe74⤵
-
C:\Windows\SysWOW64\Mgclpkac.exeC:\Windows\system32\Mgclpkac.exe75⤵
-
C:\Windows\SysWOW64\Mmpdhboj.exeC:\Windows\system32\Mmpdhboj.exe76⤵
-
C:\Windows\SysWOW64\Mgehfkop.exeC:\Windows\system32\Mgehfkop.exe77⤵
-
C:\Windows\SysWOW64\Mnpabe32.exeC:\Windows\system32\Mnpabe32.exe78⤵
-
C:\Windows\SysWOW64\Nclikl32.exeC:\Windows\system32\Nclikl32.exe79⤵
-
C:\Windows\SysWOW64\Napjdpcn.exeC:\Windows\system32\Napjdpcn.exe80⤵
-
C:\Windows\SysWOW64\Nlfnaicd.exeC:\Windows\system32\Nlfnaicd.exe81⤵
-
C:\Windows\SysWOW64\Nndjndbh.exeC:\Windows\system32\Nndjndbh.exe82⤵
-
C:\Windows\SysWOW64\Nenbjo32.exeC:\Windows\system32\Nenbjo32.exe83⤵
-
C:\Windows\SysWOW64\Nlhkgi32.exeC:\Windows\system32\Nlhkgi32.exe84⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Neqopnhb.exeC:\Windows\system32\Neqopnhb.exe85⤵
-
C:\Windows\SysWOW64\Njmhhefi.exeC:\Windows\system32\Njmhhefi.exe86⤵
-
C:\Windows\SysWOW64\Nagpeo32.exeC:\Windows\system32\Nagpeo32.exe87⤵
-
C:\Windows\SysWOW64\Nlmdbh32.exeC:\Windows\system32\Nlmdbh32.exe88⤵
-
C:\Windows\SysWOW64\Nnkpnclp.exeC:\Windows\system32\Nnkpnclp.exe89⤵
-
C:\Windows\SysWOW64\Odhifjkg.exeC:\Windows\system32\Odhifjkg.exe90⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ojbacd32.exeC:\Windows\system32\Ojbacd32.exe91⤵
-
C:\Windows\SysWOW64\Olanmgig.exeC:\Windows\system32\Olanmgig.exe92⤵
-
C:\Windows\SysWOW64\Omcjep32.exeC:\Windows\system32\Omcjep32.exe93⤵
-
C:\Windows\SysWOW64\Oejbfmpg.exeC:\Windows\system32\Oejbfmpg.exe94⤵
-
C:\Windows\SysWOW64\Oldjcg32.exeC:\Windows\system32\Oldjcg32.exe95⤵
-
C:\Windows\SysWOW64\Oaqbkn32.exeC:\Windows\system32\Oaqbkn32.exe96⤵
-
C:\Windows\SysWOW64\Olfghg32.exeC:\Windows\system32\Olfghg32.exe97⤵
-
C:\Windows\SysWOW64\Oacoqnci.exeC:\Windows\system32\Oacoqnci.exe98⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Odalmibl.exeC:\Windows\system32\Odalmibl.exe99⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Okkdic32.exeC:\Windows\system32\Okkdic32.exe100⤵
-
C:\Windows\SysWOW64\Paelfmaf.exeC:\Windows\system32\Paelfmaf.exe101⤵
-
C:\Windows\SysWOW64\Plkpcfal.exeC:\Windows\system32\Plkpcfal.exe102⤵
-
C:\Windows\SysWOW64\Poimpapp.exeC:\Windows\system32\Poimpapp.exe103⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pdfehh32.exeC:\Windows\system32\Pdfehh32.exe104⤵
-
C:\Windows\SysWOW64\Pkpmdbfd.exeC:\Windows\system32\Pkpmdbfd.exe105⤵
-
C:\Windows\SysWOW64\Pmoiqneg.exeC:\Windows\system32\Pmoiqneg.exe106⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Phdnngdn.exeC:\Windows\system32\Phdnngdn.exe107⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Palbgl32.exeC:\Windows\system32\Palbgl32.exe108⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Phfjcf32.exeC:\Windows\system32\Phfjcf32.exe109⤵
-
C:\Windows\SysWOW64\Pmcclm32.exeC:\Windows\system32\Pmcclm32.exe110⤵
-
C:\Windows\SysWOW64\Pkgcea32.exeC:\Windows\system32\Pkgcea32.exe111⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qemhbj32.exeC:\Windows\system32\Qemhbj32.exe112⤵
-
C:\Windows\SysWOW64\Qhkdof32.exeC:\Windows\system32\Qhkdof32.exe113⤵
-
C:\Windows\SysWOW64\Qoelkp32.exeC:\Windows\system32\Qoelkp32.exe114⤵
-
C:\Windows\SysWOW64\Qeodhjmo.exeC:\Windows\system32\Qeodhjmo.exe115⤵
-
C:\Windows\SysWOW64\Qlimed32.exeC:\Windows\system32\Qlimed32.exe116⤵
-
C:\Windows\SysWOW64\Aogiap32.exeC:\Windows\system32\Aogiap32.exe117⤵
-
C:\Windows\SysWOW64\Ahpmjejp.exeC:\Windows\system32\Ahpmjejp.exe118⤵
-
C:\Windows\SysWOW64\Aknifq32.exeC:\Windows\system32\Aknifq32.exe119⤵
-
C:\Windows\SysWOW64\Aednci32.exeC:\Windows\system32\Aednci32.exe120⤵
-
C:\Windows\SysWOW64\Alnfpcag.exeC:\Windows\system32\Alnfpcag.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-