Analysis
-
max time kernel
180s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
07/11/2023, 19:43
General
-
Target
NEAS.c98cf9e509c56e35da6a3086e2a89780.exe
-
Size
95KB
-
MD5
c98cf9e509c56e35da6a3086e2a89780
-
SHA1
d0a7a1b33c0e08dcd50ffd1b7aab9de69a4bbc68
-
SHA256
2e7908dd87cefc5429925363da041b0fdbc15b3704449a1fb8207fe8ac61aeec
-
SHA512
9e4a0e6e77ba111c711e348e90231cae81ac78fe7b686374dbc1a0ed3b451191a10ba37731ceae72515d2e7c4b6628b5fcb05103c4367882d46f417e44bb8900
-
SSDEEP
1536:6KDyH15Ls90OmPAUud6vS7pK1S11/keNI7xMRQrhRVRoRch1dROrwpOudRirVtF/:6KuPINmPAUuUvkpN18eNI7xMetTWM1dK
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.c98cf9e509c56e35da6a3086e2a89780.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.c98cf9e509c56e35da6a3086e2a89780.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gooqfkan.exeC:\Windows\system32\Gooqfkan.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iapbodql.exeC:\Windows\system32\Iapbodql.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ihndgmdd.exeC:\Windows\system32\Ihndgmdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jcfejfag.exeC:\Windows\system32\Jcfejfag.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jcmkjeko.exeC:\Windows\system32\Jcmkjeko.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lcndab32.exeC:\Windows\system32\Lcndab32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Npighq32.exeC:\Windows\system32\Npighq32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Njokei32.exeC:\Windows\system32\Njokei32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Olgnnqpe.exeC:\Windows\system32\Olgnnqpe.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Plcmiofg.exeC:\Windows\system32\Plcmiofg.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qipqibmf.exeC:\Windows\system32\Qipqibmf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Alfcflfb.exeC:\Windows\system32\Alfcflfb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aphegjhc.exeC:\Windows\system32\Aphegjhc.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bnlfqngm.exeC:\Windows\system32\Bnlfqngm.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bdmdng32.exeC:\Windows\system32\Bdmdng32.exe9⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cnjbbl32.exeC:\Windows\system32\Cnjbbl32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cgbfka32.exeC:\Windows\system32\Cgbfka32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dgjmkqke.exeC:\Windows\system32\Dgjmkqke.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Djmbbk32.exeC:\Windows\system32\Djmbbk32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Ejdhcjpl.exeC:\Windows\system32\Ejdhcjpl.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ejfeij32.exeC:\Windows\system32\Ejfeij32.exe2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fmbnfcam.exeC:\Windows\system32\Fmbnfcam.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hoepmd32.exeC:\Windows\system32\Hoepmd32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hknmgd32.exeC:\Windows\system32\Hknmgd32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jedjkkmo.exeC:\Windows\system32\Jedjkkmo.exe6⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jkqccbkf.exeC:\Windows\system32\Jkqccbkf.exe7⤵
- Executes dropped EXE
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Kdpmmf32.exeC:\Windows\system32\Kdpmmf32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Koeajo32.exeC:\Windows\system32\Koeajo32.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Kkhidaeo.exeC:\Windows\system32\Kkhidaeo.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mkadam32.exeC:\Windows\system32\Mkadam32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mbnjcg32.exeC:\Windows\system32\Mbnjcg32.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Pmiijjcf.exeC:\Windows\system32\Pmiijjcf.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qfanbpjg.exeC:\Windows\system32\Qfanbpjg.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aekdolkj.exeC:\Windows\system32\Aekdolkj.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bplhhc32.exeC:\Windows\system32\Bplhhc32.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bnbeggmi.exeC:\Windows\system32\Bnbeggmi.exe5⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dfqogfjo.exeC:\Windows\system32\Dfqogfjo.exe6⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fjanjb32.exeC:\Windows\system32\Fjanjb32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ffjkdc32.exeC:\Windows\system32\Ffjkdc32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hnpognhd.exeC:\Windows\system32\Hnpognhd.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iajkohmj.exeC:\Windows\system32\Iajkohmj.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ihcclb32.exeC:\Windows\system32\Ihcclb32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ionlhlld.exeC:\Windows\system32\Ionlhlld.exe12⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jmnheggo.exeC:\Windows\system32\Jmnheggo.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jdhpba32.exeC:\Windows\system32\Jdhpba32.exe14⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kaonaekb.exeC:\Windows\system32\Kaonaekb.exe15⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Khifno32.exeC:\Windows\system32\Khifno32.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lqdcio32.exeC:\Windows\system32\Lqdcio32.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mgceqh32.exeC:\Windows\system32\Mgceqh32.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mggolhaj.exeC:\Windows\system32\Mggolhaj.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mbpoop32.exeC:\Windows\system32\Mbpoop32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oghgbe32.exeC:\Windows\system32\Oghgbe32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Obbekn32.exeC:\Windows\system32\Obbekn32.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Alplfpbp.exeC:\Windows\system32\Alplfpbp.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bafgdfim.exeC:\Windows\system32\Bafgdfim.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bhgeao32.exeC:\Windows\system32\Bhgeao32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Boanniao.exeC:\Windows\system32\Boanniao.exe26⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cpedckdl.exeC:\Windows\system32\Cpedckdl.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Chbenm32.exeC:\Windows\system32\Chbenm32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dofpqfof.exeC:\Windows\system32\Dofpqfof.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dfbebpdq.exeC:\Windows\system32\Dfbebpdq.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ejiqom32.exeC:\Windows\system32\Ejiqom32.exe31⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fqcilgji.exeC:\Windows\system32\Fqcilgji.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fjlmdmqj.exeC:\Windows\system32\Fjlmdmqj.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Foifmcoa.exeC:\Windows\system32\Foifmcoa.exe34⤵
-
C:\Windows\SysWOW64\Ffbnin32.exeC:\Windows\system32\Ffbnin32.exe35⤵
-
C:\Windows\SysWOW64\Ffggdmbi.exeC:\Windows\system32\Ffggdmbi.exe36⤵
-
C:\Windows\SysWOW64\Gqhknd32.exeC:\Windows\system32\Gqhknd32.exe37⤵
-
C:\Windows\SysWOW64\Hjeiai32.exeC:\Windows\system32\Hjeiai32.exe38⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Hapancai.exeC:\Windows\system32\Hapancai.exe1⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hbanfk32.exeC:\Windows\system32\Hbanfk32.exe2⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hikfbeod.exeC:\Windows\system32\Hikfbeod.exe3⤵
-
C:\Windows\SysWOW64\Ijolhg32.exeC:\Windows\system32\Ijolhg32.exe4⤵
-
C:\Windows\SysWOW64\Impeib32.exeC:\Windows\system32\Impeib32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Idjmfmgp.exeC:\Windows\system32\Idjmfmgp.exe6⤵
-
C:\Windows\SysWOW64\Jpgdlm32.exeC:\Windows\system32\Jpgdlm32.exe7⤵
-
C:\Windows\SysWOW64\Jaimko32.exeC:\Windows\system32\Jaimko32.exe8⤵
-
C:\Windows\SysWOW64\Kpagbk32.exeC:\Windows\system32\Kpagbk32.exe9⤵
-
C:\Windows\SysWOW64\Kkfkod32.exeC:\Windows\system32\Kkfkod32.exe10⤵
-
C:\Windows\SysWOW64\Lcifde32.exeC:\Windows\system32\Lcifde32.exe11⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lmnjan32.exeC:\Windows\system32\Lmnjan32.exe12⤵
-
C:\Windows\SysWOW64\Lckbje32.exeC:\Windows\system32\Lckbje32.exe13⤵
-
C:\Windows\SysWOW64\Lalchm32.exeC:\Windows\system32\Lalchm32.exe14⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lcmopeae.exeC:\Windows\system32\Lcmopeae.exe15⤵
-
C:\Windows\SysWOW64\Mjqjbn32.exeC:\Windows\system32\Mjqjbn32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Mkbcbp32.exeC:\Windows\system32\Mkbcbp32.exe17⤵
-
C:\Windows\SysWOW64\Nnjbdj32.exeC:\Windows\system32\Nnjbdj32.exe18⤵
-
C:\Windows\SysWOW64\Bejoqm32.exeC:\Windows\system32\Bejoqm32.exe19⤵
-
C:\Windows\SysWOW64\Cecbgl32.exeC:\Windows\system32\Cecbgl32.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fdbked32.exeC:\Windows\system32\Fdbked32.exe21⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ghgjlaln.exeC:\Windows\system32\Ghgjlaln.exe22⤵
-
C:\Windows\SysWOW64\Heapmp32.exeC:\Windows\system32\Heapmp32.exe23⤵
-
C:\Windows\SysWOW64\Jfllca32.exeC:\Windows\system32\Jfllca32.exe24⤵
-
C:\Windows\SysWOW64\Kdiobd32.exeC:\Windows\system32\Kdiobd32.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ldgkdbia.exeC:\Windows\system32\Ldgkdbia.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mgagll32.exeC:\Windows\system32\Mgagll32.exe27⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mdehep32.exeC:\Windows\system32\Mdehep32.exe28⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mlqljb32.exeC:\Windows\system32\Mlqljb32.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mlciobhj.exeC:\Windows\system32\Mlciobhj.exe30⤵
-
C:\Windows\SysWOW64\Nenjng32.exeC:\Windows\system32\Nenjng32.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ndokko32.exeC:\Windows\system32\Ndokko32.exe32⤵
-
C:\Windows\SysWOW64\Nngoddkg.exeC:\Windows\system32\Nngoddkg.exe33⤵
-
C:\Windows\SysWOW64\Nllleapo.exeC:\Windows\system32\Nllleapo.exe34⤵
-
C:\Windows\SysWOW64\Ofijifbj.exeC:\Windows\system32\Ofijifbj.exe35⤵
-
C:\Windows\SysWOW64\Olcbfp32.exeC:\Windows\system32\Olcbfp32.exe36⤵
-
C:\Windows\SysWOW64\Pjnipc32.exeC:\Windows\system32\Pjnipc32.exe37⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pddmml32.exeC:\Windows\system32\Pddmml32.exe38⤵
-
C:\Windows\SysWOW64\Pfjcpc32.exeC:\Windows\system32\Pfjcpc32.exe39⤵
-
C:\Windows\SysWOW64\Pdkcnklf.exeC:\Windows\system32\Pdkcnklf.exe40⤵
-
C:\Windows\SysWOW64\Amdddkma.exeC:\Windows\system32\Amdddkma.exe41⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Agjhadmh.exeC:\Windows\system32\Agjhadmh.exe42⤵
-
C:\Windows\SysWOW64\Amfqikko.exeC:\Windows\system32\Amfqikko.exe43⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bcqife32.exeC:\Windows\system32\Bcqife32.exe44⤵
-
C:\Windows\SysWOW64\Bcjlld32.exeC:\Windows\system32\Bcjlld32.exe45⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bnppim32.exeC:\Windows\system32\Bnppim32.exe46⤵
-
C:\Windows\SysWOW64\Cfkenogb.exeC:\Windows\system32\Cfkenogb.exe47⤵
-
C:\Windows\SysWOW64\Cnicpk32.exeC:\Windows\system32\Cnicpk32.exe48⤵
-
C:\Windows\SysWOW64\Dobffj32.exeC:\Windows\system32\Dobffj32.exe49⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Eoilfidj.exeC:\Windows\system32\Eoilfidj.exe50⤵
-
C:\Windows\SysWOW64\Emniheha.exeC:\Windows\system32\Emniheha.exe51⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fkgbli32.exeC:\Windows\system32\Fkgbli32.exe52⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Femgia32.exeC:\Windows\system32\Femgia32.exe53⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fknimh32.exeC:\Windows\system32\Fknimh32.exe54⤵
-
C:\Windows\SysWOW64\Fahajbek.exeC:\Windows\system32\Fahajbek.exe55⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gamjea32.exeC:\Windows\system32\Gamjea32.exe56⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ggqingie.exeC:\Windows\system32\Ggqingie.exe57⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ghpehjph.exeC:\Windows\system32\Ghpehjph.exe58⤵
-
C:\Windows\SysWOW64\Hkaoiemi.exeC:\Windows\system32\Hkaoiemi.exe59⤵
-
C:\Windows\SysWOW64\Inmggo32.exeC:\Windows\system32\Inmggo32.exe60⤵
-
C:\Windows\SysWOW64\Jbbfnlpk.exeC:\Windows\system32\Jbbfnlpk.exe61⤵
-
C:\Windows\SysWOW64\Jpffgp32.exeC:\Windows\system32\Jpffgp32.exe62⤵
-
C:\Windows\SysWOW64\Jfpocjfa.exeC:\Windows\system32\Jfpocjfa.exe63⤵
-
C:\Windows\SysWOW64\Jnkchmdl.exeC:\Windows\system32\Jnkchmdl.exe64⤵
-
C:\Windows\SysWOW64\Jlocaabf.exeC:\Windows\system32\Jlocaabf.exe65⤵
-
C:\Windows\SysWOW64\Kehhjfif.exeC:\Windows\system32\Kehhjfif.exe66⤵
-
C:\Windows\SysWOW64\Klapgq32.exeC:\Windows\system32\Klapgq32.exe67⤵
-
C:\Windows\SysWOW64\Knbiil32.exeC:\Windows\system32\Knbiil32.exe68⤵
-
C:\Windows\SysWOW64\Kpbfbo32.exeC:\Windows\system32\Kpbfbo32.exe69⤵
-
C:\Windows\SysWOW64\Kijjldkh.exeC:\Windows\system32\Kijjldkh.exe70⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kpdbhn32.exeC:\Windows\system32\Kpdbhn32.exe71⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Noaoagca.exeC:\Windows\system32\Noaoagca.exe72⤵
-
C:\Windows\SysWOW64\Nekgna32.exeC:\Windows\system32\Nekgna32.exe73⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nockfgao.exeC:\Windows\system32\Nockfgao.exe74⤵
-
C:\Windows\SysWOW64\Oeffip32.exeC:\Windows\system32\Oeffip32.exe75⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pgdodq32.exeC:\Windows\system32\Pgdodq32.exe76⤵
-
C:\Windows\SysWOW64\Plagmh32.exeC:\Windows\system32\Plagmh32.exe77⤵
-
C:\Windows\SysWOW64\Pckpja32.exeC:\Windows\system32\Pckpja32.exe78⤵
-
C:\Windows\SysWOW64\Pjehflie.exeC:\Windows\system32\Pjehflie.exe79⤵
-
C:\Windows\SysWOW64\Bjjjhifm.exeC:\Windows\system32\Bjjjhifm.exe80⤵
-
C:\Windows\SysWOW64\Bogcqpdd.exeC:\Windows\system32\Bogcqpdd.exe81⤵
-
C:\Windows\SysWOW64\Bjlgnh32.exeC:\Windows\system32\Bjlgnh32.exe82⤵
-
C:\Windows\SysWOW64\Boipfp32.exeC:\Windows\system32\Boipfp32.exe83⤵
-
C:\Windows\SysWOW64\Bfchcijo.exeC:\Windows\system32\Bfchcijo.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Bcghlnih.exeC:\Windows\system32\Bcghlnih.exe85⤵
-
C:\Windows\SysWOW64\Bidqddgp.exeC:\Windows\system32\Bidqddgp.exe86⤵
-
C:\Windows\SysWOW64\Bpniaool.exeC:\Windows\system32\Bpniaool.exe87⤵
-
C:\Windows\SysWOW64\Cafhap32.exeC:\Windows\system32\Cafhap32.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dibmfb32.exeC:\Windows\system32\Dibmfb32.exe89⤵
-
C:\Windows\SysWOW64\Dcgackke.exeC:\Windows\system32\Dcgackke.exe90⤵
-
C:\Windows\SysWOW64\Dannbogl.exeC:\Windows\system32\Dannbogl.exe91⤵
-
C:\Windows\SysWOW64\Diicfa32.exeC:\Windows\system32\Diicfa32.exe92⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dhjcdimf.exeC:\Windows\system32\Dhjcdimf.exe93⤵
-
C:\Windows\SysWOW64\Dmglmpkn.exeC:\Windows\system32\Dmglmpkn.exe94⤵
-
C:\Windows\SysWOW64\Ehlpjikd.exeC:\Windows\system32\Ehlpjikd.exe95⤵
-
C:\Windows\SysWOW64\Ehaieh32.exeC:\Windows\system32\Ehaieh32.exe96⤵
-
C:\Windows\SysWOW64\Emnbmoef.exeC:\Windows\system32\Emnbmoef.exe97⤵
-
C:\Windows\SysWOW64\Ehcfkhel.exeC:\Windows\system32\Ehcfkhel.exe98⤵
-
C:\Windows\SysWOW64\Ealkcm32.exeC:\Windows\system32\Ealkcm32.exe99⤵
-
C:\Windows\SysWOW64\Ekdolcbm.exeC:\Windows\system32\Ekdolcbm.exe100⤵
-
C:\Windows\SysWOW64\Fpagdj32.exeC:\Windows\system32\Fpagdj32.exe101⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ganppk32.exeC:\Windows\system32\Ganppk32.exe102⤵
-
C:\Windows\SysWOW64\Ghhhmebd.exeC:\Windows\system32\Ghhhmebd.exe103⤵
-
C:\Windows\SysWOW64\Iddlccfp.exeC:\Windows\system32\Iddlccfp.exe104⤵
-
C:\Windows\SysWOW64\Igbhpned.exeC:\Windows\system32\Igbhpned.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Jnfcbg32.exeC:\Windows\system32\Jnfcbg32.exe106⤵
-
C:\Windows\SysWOW64\Jgngkmkf.exeC:\Windows\system32\Jgngkmkf.exe107⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jqgldb32.exeC:\Windows\system32\Jqgldb32.exe108⤵
-
C:\Windows\SysWOW64\Jklpakam.exeC:\Windows\system32\Jklpakam.exe109⤵
-
C:\Windows\SysWOW64\Kgjggkqi.exeC:\Windows\system32\Kgjggkqi.exe110⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kbpkdd32.exeC:\Windows\system32\Kbpkdd32.exe111⤵
-
C:\Windows\SysWOW64\Lnkedd32.exeC:\Windows\system32\Lnkedd32.exe112⤵
-
C:\Windows\SysWOW64\Leenanik.exeC:\Windows\system32\Leenanik.exe113⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lbinkb32.exeC:\Windows\system32\Lbinkb32.exe114⤵
-
C:\Windows\SysWOW64\Ljdboe32.exeC:\Windows\system32\Ljdboe32.exe115⤵
-
C:\Windows\SysWOW64\Lankloml.exeC:\Windows\system32\Lankloml.exe116⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lbngfbdo.exeC:\Windows\system32\Lbngfbdo.exe117⤵
-
C:\Windows\SysWOW64\Mhjpnibf.exeC:\Windows\system32\Mhjpnibf.exe118⤵
-
C:\Windows\SysWOW64\Mniafbfn.exeC:\Windows\system32\Mniafbfn.exe119⤵
-
C:\Windows\SysWOW64\Mlmbofdh.exeC:\Windows\system32\Mlmbofdh.exe120⤵
-
C:\Windows\SysWOW64\Majjgmco.exeC:\Windows\system32\Majjgmco.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-