Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
79s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
04/11/2023, 10:48
General
-
Target
NEAS.38574ef664cea36932cbf99cc81e6070_JC.exe
-
Size
1.9MB
-
MD5
38574ef664cea36932cbf99cc81e6070
-
SHA1
03217cba9f234c5c65bbd347a97880a4a9d9d70d
-
SHA256
11ca5915685f661bef7635abb3069d75c0bc0655549c42e836ba057ee540a7e9
-
SHA512
d577be00692379ec315457eec6619536affe5967662838466e2f9adc017a84d2e38014ba2a74433a77b64949331ef979458b9694eaf48bf45e14e74bbc8f09bf
-
SSDEEP
24576:GaBNIVyeNIVy2jMcNIVyeNIVy2jWCNIVyeNIVy2jMcNIVyeNIVy2jP:tEyjUyjWyjUyjz
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.38574ef664cea36932cbf99cc81e6070_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.38574ef664cea36932cbf99cc81e6070_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nhmofj32.exeC:\Windows\system32\Nhmofj32.exe2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nlkgmh32.exeC:\Windows\system32\Nlkgmh32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nhahaiec.exeC:\Windows\system32\Nhahaiec.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oloahhki.exeC:\Windows\system32\Oloahhki.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Odoogi32.exeC:\Windows\system32\Odoogi32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Phaahggp.exeC:\Windows\system32\Phaahggp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pkbjjbda.exeC:\Windows\system32\Pkbjjbda.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ddnfmqng.exeC:\Windows\system32\Ddnfmqng.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Deqcbpld.exeC:\Windows\system32\Deqcbpld.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Efpomccg.exeC:\Windows\system32\Efpomccg.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ebimgcfi.exeC:\Windows\system32\Ebimgcfi.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Enpmld32.exeC:\Windows\system32\Enpmld32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eppjfgcp.exeC:\Windows\system32\Eppjfgcp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fneggdhg.exeC:\Windows\system32\Fneggdhg.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
C:\Windows\SysWOW64\Fligqhga.exeC:\Windows\system32\Fligqhga.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Geohklaa.exeC:\Windows\system32\Geohklaa.exe2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gfodeohd.exeC:\Windows\system32\Gfodeohd.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gojiiafp.exeC:\Windows\system32\Gojiiafp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ipeeobbe.exeC:\Windows\system32\Ipeeobbe.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iplkpa32.exeC:\Windows\system32\Iplkpa32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jcoaglhk.exeC:\Windows\system32\Jcoaglhk.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jokkgl32.exeC:\Windows\system32\Jokkgl32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lcdciiec.exeC:\Windows\system32\Lcdciiec.exe9⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Lqhdbm32.exeC:\Windows\system32\Lqhdbm32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lnldla32.exeC:\Windows\system32\Lnldla32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lnangaoa.exeC:\Windows\system32\Lnangaoa.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Modgdicm.exeC:\Windows\system32\Modgdicm.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mqdcnl32.exeC:\Windows\system32\Mqdcnl32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmdgikhi.exeC:\Windows\system32\Nmdgikhi.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nfaemp32.exeC:\Windows\system32\Nfaemp32.exe7⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ocgbld32.exeC:\Windows\system32\Ocgbld32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Opnbae32.exeC:\Windows\system32\Opnbae32.exe9⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Oghghb32.exeC:\Windows\system32\Oghghb32.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmiikh32.exeC:\Windows\system32\Pmiikh32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pffgom32.exeC:\Windows\system32\Pffgom32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdjgha32.exeC:\Windows\system32\Pdjgha32.exe13⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Qjfmkk32.exeC:\Windows\system32\Qjfmkk32.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Qfmmplad.exeC:\Windows\system32\Qfmmplad.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Akkffkhk.exeC:\Windows\system32\Akkffkhk.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Afbgkl32.exeC:\Windows\system32\Afbgkl32.exe4⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Adfgdpmi.exeC:\Windows\system32\Adfgdpmi.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ahdpjn32.exeC:\Windows\system32\Ahdpjn32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Adkqoohc.exeC:\Windows\system32\Adkqoohc.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bobabg32.exeC:\Windows\system32\Bobabg32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Boenhgdd.exeC:\Windows\system32\Boenhgdd.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bdagpnbk.exeC:\Windows\system32\Bdagpnbk.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bhblllfo.exeC:\Windows\system32\Bhblllfo.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bajqda32.exeC:\Windows\system32\Bajqda32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckbemgcp.exeC:\Windows\system32\Ckbemgcp.exe13⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cdkifmjq.exeC:\Windows\system32\Cdkifmjq.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cpbjkn32.exeC:\Windows\system32\Cpbjkn32.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cnfkdb32.exeC:\Windows\system32\Cnfkdb32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cgnomg32.exeC:\Windows\system32\Cgnomg32.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Chnlgjlb.exeC:\Windows\system32\Chnlgjlb.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dafppp32.exeC:\Windows\system32\Dafppp32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dojqjdbl.exeC:\Windows\system32\Dojqjdbl.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dhbebj32.exeC:\Windows\system32\Dhbebj32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dakikoom.exeC:\Windows\system32\Dakikoom.exe22⤵
- Executes dropped EXE
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Dggbcf32.exeC:\Windows\system32\Dggbcf32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dqpfmlce.exeC:\Windows\system32\Dqpfmlce.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dndgfpbo.exeC:\Windows\system32\Dndgfpbo.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ekjded32.exeC:\Windows\system32\Ekjded32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Edbiniff.exeC:\Windows\system32\Edbiniff.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eojiqb32.exeC:\Windows\system32\Eojiqb32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Egened32.exeC:\Windows\system32\Egened32.exe7⤵
-
C:\Windows\SysWOW64\Edionhpn.exeC:\Windows\system32\Edionhpn.exe8⤵
-
C:\Windows\SysWOW64\Fnbcgn32.exeC:\Windows\system32\Fnbcgn32.exe9⤵
-
C:\Windows\SysWOW64\Fgjhpcmo.exeC:\Windows\system32\Fgjhpcmo.exe10⤵
-
C:\Windows\SysWOW64\Fdnhih32.exeC:\Windows\system32\Fdnhih32.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fnfmbmbi.exeC:\Windows\system32\Fnfmbmbi.exe12⤵
-
C:\Windows\SysWOW64\Fgoakc32.exeC:\Windows\system32\Fgoakc32.exe13⤵
-
C:\Windows\SysWOW64\Fqgedh32.exeC:\Windows\system32\Fqgedh32.exe14⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Feenjgfq.exeC:\Windows\system32\Feenjgfq.exe15⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gbiockdj.exeC:\Windows\system32\Gbiockdj.exe16⤵
-
C:\Windows\SysWOW64\Gnpphljo.exeC:\Windows\system32\Gnpphljo.exe17⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gghdaa32.exeC:\Windows\system32\Gghdaa32.exe18⤵
-
C:\Windows\SysWOW64\Glfmgp32.exeC:\Windows\system32\Glfmgp32.exe19⤵
-
C:\Windows\SysWOW64\Geoapenf.exeC:\Windows\system32\Geoapenf.exe20⤵
-
C:\Windows\SysWOW64\Hnibokbd.exeC:\Windows\system32\Hnibokbd.exe21⤵
-
C:\Windows\SysWOW64\Hhaggp32.exeC:\Windows\system32\Hhaggp32.exe22⤵
-
C:\Windows\SysWOW64\Heegad32.exeC:\Windows\system32\Heegad32.exe23⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hpkknmgd.exeC:\Windows\system32\Hpkknmgd.exe24⤵
-
C:\Windows\SysWOW64\Hicpgc32.exeC:\Windows\system32\Hicpgc32.exe25⤵
-
C:\Windows\SysWOW64\Haodle32.exeC:\Windows\system32\Haodle32.exe26⤵
-
C:\Windows\SysWOW64\Ilfennic.exeC:\Windows\system32\Ilfennic.exe27⤵
-
C:\Windows\SysWOW64\Ieojgc32.exeC:\Windows\system32\Ieojgc32.exe28⤵
-
C:\Windows\SysWOW64\Ipgkjlmg.exeC:\Windows\system32\Ipgkjlmg.exe29⤵
-
C:\Windows\SysWOW64\Ihbponja.exeC:\Windows\system32\Ihbponja.exe30⤵
-
C:\Windows\SysWOW64\Iefphb32.exeC:\Windows\system32\Iefphb32.exe31⤵
-
C:\Windows\SysWOW64\Jidinqpb.exeC:\Windows\system32\Jidinqpb.exe32⤵
-
C:\Windows\SysWOW64\Jhifomdj.exeC:\Windows\system32\Jhifomdj.exe33⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jbagbebm.exeC:\Windows\system32\Jbagbebm.exe34⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jhnojl32.exeC:\Windows\system32\Jhnojl32.exe35⤵
-
C:\Windows\SysWOW64\Jhplpl32.exeC:\Windows\system32\Jhplpl32.exe36⤵
-
C:\Windows\SysWOW64\Kedlip32.exeC:\Windows\system32\Kedlip32.exe37⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kpiqfima.exeC:\Windows\system32\Kpiqfima.exe38⤵
-
C:\Windows\SysWOW64\Kheekkjl.exeC:\Windows\system32\Kheekkjl.exe39⤵
-
C:\Windows\SysWOW64\Kapfiqoj.exeC:\Windows\system32\Kapfiqoj.exe40⤵
-
C:\Windows\SysWOW64\Kpqggh32.exeC:\Windows\system32\Kpqggh32.exe41⤵
-
C:\Windows\SysWOW64\Khlklj32.exeC:\Windows\system32\Khlklj32.exe42⤵
-
C:\Windows\SysWOW64\Kadpdp32.exeC:\Windows\system32\Kadpdp32.exe43⤵
-
C:\Windows\SysWOW64\Lljdai32.exeC:\Windows\system32\Lljdai32.exe44⤵
-
C:\Windows\SysWOW64\Lafmjp32.exeC:\Windows\system32\Lafmjp32.exe45⤵
-
C:\Windows\SysWOW64\Lojmcdgl.exeC:\Windows\system32\Lojmcdgl.exe46⤵
-
C:\Windows\SysWOW64\Lpjjmg32.exeC:\Windows\system32\Lpjjmg32.exe47⤵
-
C:\Windows\SysWOW64\Legben32.exeC:\Windows\system32\Legben32.exe48⤵
-
C:\Windows\SysWOW64\Lplfcf32.exeC:\Windows\system32\Lplfcf32.exe49⤵
-
C:\Windows\SysWOW64\Llcghg32.exeC:\Windows\system32\Llcghg32.exe50⤵
-
C:\Windows\SysWOW64\Mhjhmhhd.exeC:\Windows\system32\Mhjhmhhd.exe51⤵
-
C:\Windows\SysWOW64\Mablfnne.exeC:\Windows\system32\Mablfnne.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mpclce32.exeC:\Windows\system32\Mpclce32.exe53⤵
-
C:\Windows\SysWOW64\Mbdiknlb.exeC:\Windows\system32\Mbdiknlb.exe54⤵
-
C:\Windows\SysWOW64\Mpeiie32.exeC:\Windows\system32\Mpeiie32.exe55⤵
-
C:\Windows\SysWOW64\Mlljnf32.exeC:\Windows\system32\Mlljnf32.exe56⤵
-
C:\Windows\SysWOW64\Mfenglqf.exeC:\Windows\system32\Mfenglqf.exe57⤵
-
C:\Windows\SysWOW64\Nblolm32.exeC:\Windows\system32\Nblolm32.exe58⤵
-
C:\Windows\SysWOW64\Nqmojd32.exeC:\Windows\system32\Nqmojd32.exe59⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Noblkqca.exeC:\Windows\system32\Noblkqca.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Njgqhicg.exeC:\Windows\system32\Njgqhicg.exe61⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nfnamjhk.exeC:\Windows\system32\Nfnamjhk.exe62⤵
-
C:\Windows\SysWOW64\Nofefp32.exeC:\Windows\system32\Nofefp32.exe63⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Njljch32.exeC:\Windows\system32\Njljch32.exe64⤵
-
C:\Windows\SysWOW64\Obgohklm.exeC:\Windows\system32\Obgohklm.exe65⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oqhoeb32.exeC:\Windows\system32\Oqhoeb32.exe66⤵
-
C:\Windows\SysWOW64\Ojqcnhkl.exeC:\Windows\system32\Ojqcnhkl.exe67⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oblhcj32.exeC:\Windows\system32\Oblhcj32.exe68⤵
-
C:\Windows\SysWOW64\Pqbala32.exeC:\Windows\system32\Pqbala32.exe69⤵
-
C:\Windows\SysWOW64\Pfojdh32.exeC:\Windows\system32\Pfojdh32.exe70⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ppgomnai.exeC:\Windows\system32\Ppgomnai.exe71⤵
-
C:\Windows\SysWOW64\Pmkofa32.exeC:\Windows\system32\Pmkofa32.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pbhgoh32.exeC:\Windows\system32\Pbhgoh32.exe73⤵
-
C:\Windows\SysWOW64\Paihlpfi.exeC:\Windows\system32\Paihlpfi.exe74⤵
-
C:\Windows\SysWOW64\Pjaleemj.exeC:\Windows\system32\Pjaleemj.exe75⤵
-
C:\Windows\SysWOW64\Pblajhje.exeC:\Windows\system32\Pblajhje.exe76⤵
-
C:\Windows\SysWOW64\Pmbegqjk.exeC:\Windows\system32\Pmbegqjk.exe77⤵
-
C:\Windows\SysWOW64\Qiiflaoo.exeC:\Windows\system32\Qiiflaoo.exe78⤵
-
C:\Windows\SysWOW64\Qfmfefni.exeC:\Windows\system32\Qfmfefni.exe79⤵
-
C:\Windows\SysWOW64\Apeknk32.exeC:\Windows\system32\Apeknk32.exe80⤵
-
C:\Windows\SysWOW64\Ajjokd32.exeC:\Windows\system32\Ajjokd32.exe81⤵
-
C:\Windows\SysWOW64\Acccdj32.exeC:\Windows\system32\Acccdj32.exe82⤵
-
C:\Windows\SysWOW64\Ajmladbl.exeC:\Windows\system32\Ajmladbl.exe83⤵
-
C:\Windows\SysWOW64\Apjdikqd.exeC:\Windows\system32\Apjdikqd.exe84⤵
-
C:\Windows\SysWOW64\Ajohfcpj.exeC:\Windows\system32\Ajohfcpj.exe85⤵
-
C:\Windows\SysWOW64\Adgmoigj.exeC:\Windows\system32\Adgmoigj.exe86⤵
-
C:\Windows\SysWOW64\Ampaho32.exeC:\Windows\system32\Ampaho32.exe87⤵
-
C:\Windows\SysWOW64\Biiobo32.exeC:\Windows\system32\Biiobo32.exe88⤵
-
C:\Windows\SysWOW64\Babcil32.exeC:\Windows\system32\Babcil32.exe89⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Binhnomg.exeC:\Windows\system32\Binhnomg.exe90⤵
-
C:\Windows\SysWOW64\Bbfmgd32.exeC:\Windows\system32\Bbfmgd32.exe91⤵
-
C:\Windows\SysWOW64\Bgdemb32.exeC:\Windows\system32\Bgdemb32.exe92⤵
-
C:\Windows\SysWOW64\Cgfbbb32.exeC:\Windows\system32\Cgfbbb32.exe93⤵
-
C:\Windows\SysWOW64\Cpogkhnl.exeC:\Windows\system32\Cpogkhnl.exe94⤵
-
C:\Windows\SysWOW64\Ckdkhq32.exeC:\Windows\system32\Ckdkhq32.exe95⤵
-
C:\Windows\SysWOW64\Cgklmacf.exeC:\Windows\system32\Cgklmacf.exe96⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cdolgfbp.exeC:\Windows\system32\Cdolgfbp.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Cpfmlghd.exeC:\Windows\system32\Cpfmlghd.exe98⤵
-
C:\Windows\SysWOW64\Dinael32.exeC:\Windows\system32\Dinael32.exe99⤵
-
C:\Windows\SysWOW64\Dpjfgf32.exeC:\Windows\system32\Dpjfgf32.exe100⤵
-
C:\Windows\SysWOW64\Dickplko.exeC:\Windows\system32\Dickplko.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ddhomdje.exeC:\Windows\system32\Ddhomdje.exe102⤵
-
C:\Windows\SysWOW64\Dgihop32.exeC:\Windows\system32\Dgihop32.exe103⤵
-
C:\Windows\SysWOW64\Dcphdqmj.exeC:\Windows\system32\Dcphdqmj.exe104⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Enemaimp.exeC:\Windows\system32\Enemaimp.exe105⤵
-
C:\Windows\SysWOW64\Ephbhd32.exeC:\Windows\system32\Ephbhd32.exe106⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ekngemhd.exeC:\Windows\system32\Ekngemhd.exe107⤵
-
C:\Windows\SysWOW64\Ecikjoep.exeC:\Windows\system32\Ecikjoep.exe108⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Enopghee.exeC:\Windows\system32\Enopghee.exe109⤵
-
C:\Windows\SysWOW64\Fclhpo32.exeC:\Windows\system32\Fclhpo32.exe110⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fqphic32.exeC:\Windows\system32\Fqphic32.exe111⤵
-
C:\Windows\SysWOW64\Fdpnda32.exeC:\Windows\system32\Fdpnda32.exe112⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fjmfmh32.exeC:\Windows\system32\Fjmfmh32.exe113⤵
-
C:\Windows\SysWOW64\Fdbkja32.exeC:\Windows\system32\Fdbkja32.exe114⤵
-
C:\Windows\SysWOW64\Fnjocf32.exeC:\Windows\system32\Fnjocf32.exe115⤵
-
C:\Windows\SysWOW64\Gcghkm32.exeC:\Windows\system32\Gcghkm32.exe116⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gbhhieao.exeC:\Windows\system32\Gbhhieao.exe117⤵
-
C:\Windows\SysWOW64\Ggepalof.exeC:\Windows\system32\Ggepalof.exe118⤵
-
C:\Windows\SysWOW64\Gdiakp32.exeC:\Windows\system32\Gdiakp32.exe119⤵
-
C:\Windows\SysWOW64\Gnaecedp.exeC:\Windows\system32\Gnaecedp.exe120⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ggjjlk32.exeC:\Windows\system32\Ggjjlk32.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-