Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
162s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
11/11/2023, 11:37
General
-
Target
NEAS.fbfb19fac3e122497ad61de373b5ffab.exe
-
Size
482KB
-
MD5
fbfb19fac3e122497ad61de373b5ffab
-
SHA1
aca0ce9e7a0cc42d72df8b93c6ed7deded0fe70e
-
SHA256
7dc921cef900fc2efaaa0a3148ef394323246641ec31d7bb8afa7734dfa2550c
-
SHA512
b965d52af8b04c5d234120e4e47fe986af8d97f1f0898af2171583d13b7259415da58237de1ace40d949ae0e41bf00bfcd7db0ce3810a29c5e97ba578dc0e6fe
-
SSDEEP
6144:BD8+c2Ll+wGXAF2PbgKLVGFM6234lKm3mo8Yvi4KsLTFM6234lKm3:tLLMwGXAF5KLVGFB24lwR45FB24l
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.fbfb19fac3e122497ad61de373b5ffab.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.fbfb19fac3e122497ad61de373b5ffab.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bgnffj32.exeC:\Windows\system32\Bgnffj32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bdfpkm32.exeC:\Windows\system32\Bdfpkm32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bajqda32.exeC:\Windows\system32\Bajqda32.exe4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Coegoe32.exeC:\Windows\system32\Coegoe32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dnmaea32.exeC:\Windows\system32\Dnmaea32.exe6⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dkcndeen.exeC:\Windows\system32\Dkcndeen.exe7⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dqbcbkab.exeC:\Windows\system32\Dqbcbkab.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eoepebho.exeC:\Windows\system32\Eoepebho.exe9⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Egcaod32.exeC:\Windows\system32\Egcaod32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Enpfan32.exeC:\Windows\system32\Enpfan32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fnfmbmbi.exeC:\Windows\system32\Fnfmbmbi.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gejhef32.exeC:\Windows\system32\Gejhef32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gbnhoj32.exeC:\Windows\system32\Gbnhoj32.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Glhimp32.exeC:\Windows\system32\Glhimp32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hpfbcn32.exeC:\Windows\system32\Hpfbcn32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hioflcbj.exeC:\Windows\system32\Hioflcbj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hbgkei32.exeC:\Windows\system32\Hbgkei32.exe18⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hldiinke.exeC:\Windows\system32\Hldiinke.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ihmfco32.exeC:\Windows\system32\Ihmfco32.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jhgiim32.exeC:\Windows\system32\Jhgiim32.exe21⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jekjcaef.exeC:\Windows\system32\Jekjcaef.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jhkbdmbg.exeC:\Windows\system32\Jhkbdmbg.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jllhpkfk.exeC:\Windows\system32\Jllhpkfk.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kpiqfima.exeC:\Windows\system32\Kpiqfima.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kefiopki.exeC:\Windows\system32\Kefiopki.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Koajmepf.exeC:\Windows\system32\Koajmepf.exe27⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kpccmhdg.exeC:\Windows\system32\Kpccmhdg.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lebijnak.exeC:\Windows\system32\Lebijnak.exe29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lomjicei.exeC:\Windows\system32\Lomjicei.exe30⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lckboblp.exeC:\Windows\system32\Lckboblp.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mcoljagj.exeC:\Windows\system32\Mcoljagj.exe32⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mpeiie32.exeC:\Windows\system32\Mpeiie32.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nbnlaldg.exeC:\Windows\system32\Nbnlaldg.exe34⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Njljch32.exeC:\Windows\system32\Njljch32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ofjqihnn.exeC:\Windows\system32\Ofjqihnn.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Omfekbdh.exeC:\Windows\system32\Omfekbdh.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pcbkml32.exeC:\Windows\system32\Pcbkml32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pjoppf32.exeC:\Windows\system32\Pjoppf32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pidlqb32.exeC:\Windows\system32\Pidlqb32.exe40⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pmbegqjk.exeC:\Windows\system32\Pmbegqjk.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qbajeg32.exeC:\Windows\system32\Qbajeg32.exe42⤵
-
C:\Windows\SysWOW64\Amikgpcc.exeC:\Windows\system32\Amikgpcc.exe43⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Amkhmoap.exeC:\Windows\system32\Amkhmoap.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Banjnm32.exeC:\Windows\system32\Banjnm32.exe45⤵
-
C:\Windows\SysWOW64\Bfmolc32.exeC:\Windows\system32\Bfmolc32.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bkkhbb32.exeC:\Windows\system32\Bkkhbb32.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckpamabg.exeC:\Windows\system32\Ckpamabg.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cienon32.exeC:\Windows\system32\Cienon32.exe49⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cpfmlghd.exeC:\Windows\system32\Cpfmlghd.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dcffnbee.exeC:\Windows\system32\Dcffnbee.exe51⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dcnlnaom.exeC:\Windows\system32\Dcnlnaom.exe52⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Ahngmnnd.exeC:\Windows\system32\Ahngmnnd.exe36⤵
-
C:\Windows\SysWOW64\Abflfc32.exeC:\Windows\system32\Abflfc32.exe37⤵
-
C:\Windows\SysWOW64\Akopoi32.exeC:\Windows\system32\Akopoi32.exe38⤵
-
C:\Windows\SysWOW64\Bdgehobe.exeC:\Windows\system32\Bdgehobe.exe39⤵
-
C:\Windows\SysWOW64\Bkamdi32.exeC:\Windows\system32\Bkamdi32.exe40⤵
-
C:\Windows\SysWOW64\Bkcjjhgp.exeC:\Windows\system32\Bkcjjhgp.exe41⤵
-
C:\Windows\SysWOW64\Bdlncn32.exeC:\Windows\system32\Bdlncn32.exe42⤵
-
C:\Windows\SysWOW64\Bkefphem.exeC:\Windows\system32\Bkefphem.exe43⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Npcaie32.exeC:\Windows\system32\Npcaie32.exe20⤵
-
C:\Windows\SysWOW64\Okiefn32.exeC:\Windows\system32\Okiefn32.exe21⤵
-
C:\Windows\SysWOW64\Oacmchcl.exeC:\Windows\system32\Oacmchcl.exe22⤵
-
C:\Windows\SysWOW64\Ohmepbki.exeC:\Windows\system32\Ohmepbki.exe23⤵
-
C:\Windows\SysWOW64\Oinbgk32.exeC:\Windows\system32\Oinbgk32.exe24⤵
-
C:\Windows\SysWOW64\Odcfdc32.exeC:\Windows\system32\Odcfdc32.exe25⤵
-
C:\Windows\SysWOW64\Oiqomj32.exeC:\Windows\system32\Oiqomj32.exe26⤵
-
C:\Windows\SysWOW64\Odfcjc32.exeC:\Windows\system32\Odfcjc32.exe27⤵
-
C:\Windows\SysWOW64\Okpkgm32.exeC:\Windows\system32\Okpkgm32.exe28⤵
-
C:\Windows\SysWOW64\Oajccgmd.exeC:\Windows\system32\Oajccgmd.exe29⤵
-
C:\Windows\SysWOW64\Ohdlpa32.exeC:\Windows\system32\Ohdlpa32.exe30⤵
-
C:\Windows\SysWOW64\Oiehhjjp.exeC:\Windows\system32\Oiehhjjp.exe31⤵
-
C:\Windows\SysWOW64\Opopdd32.exeC:\Windows\system32\Opopdd32.exe32⤵
-
C:\Windows\SysWOW64\Pgihanii.exeC:\Windows\system32\Pgihanii.exe33⤵
-
C:\Windows\SysWOW64\Pncanhaf.exeC:\Windows\system32\Pncanhaf.exe34⤵
-
C:\Windows\SysWOW64\Pdmikb32.exeC:\Windows\system32\Pdmikb32.exe35⤵
-
C:\Windows\SysWOW64\Pjjaci32.exeC:\Windows\system32\Pjjaci32.exe36⤵
-
C:\Windows\SysWOW64\Pjlnhi32.exeC:\Windows\system32\Pjlnhi32.exe37⤵
-
C:\Windows\SysWOW64\Pnjgog32.exeC:\Windows\system32\Pnjgog32.exe38⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Eoocfegl.exeC:\Windows\system32\Eoocfegl.exe8⤵
-
C:\Windows\SysWOW64\Efikco32.exeC:\Windows\system32\Efikco32.exe9⤵
-
C:\Windows\SysWOW64\Elccpife.exeC:\Windows\system32\Elccpife.exe10⤵
-
C:\Windows\SysWOW64\Eflhiolf.exeC:\Windows\system32\Eflhiolf.exe11⤵
-
C:\Windows\SysWOW64\Ecphbckp.exeC:\Windows\system32\Ecphbckp.exe12⤵
-
C:\Windows\SysWOW64\Ejiqom32.exeC:\Windows\system32\Ejiqom32.exe13⤵
-
C:\Windows\SysWOW64\Fcbehbim.exeC:\Windows\system32\Fcbehbim.exe14⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Fqfeag32.exeC:\Windows\system32\Fqfeag32.exe15⤵
-
C:\Windows\SysWOW64\Fjnjjlog.exeC:\Windows\system32\Fjnjjlog.exe16⤵
-
C:\Windows\SysWOW64\Fcfocb32.exeC:\Windows\system32\Fcfocb32.exe17⤵
-
C:\Windows\SysWOW64\Ficgkico.exeC:\Windows\system32\Ficgkico.exe18⤵
-
C:\Windows\SysWOW64\Fblldn32.exeC:\Windows\system32\Fblldn32.exe19⤵
-
C:\Windows\SysWOW64\Fifdqhal.exeC:\Windows\system32\Fifdqhal.exe20⤵
-
C:\Windows\SysWOW64\Gcneca32.exeC:\Windows\system32\Gcneca32.exe21⤵
-
C:\Windows\SysWOW64\Gcpaiq32.exeC:\Windows\system32\Gcpaiq32.exe22⤵
-
C:\Windows\SysWOW64\Gfqjkljn.exeC:\Windows\system32\Gfqjkljn.exe23⤵
-
C:\Windows\SysWOW64\Gcggjp32.exeC:\Windows\system32\Gcggjp32.exe24⤵
-
C:\Windows\SysWOW64\Hfoflj32.exeC:\Windows\system32\Hfoflj32.exe25⤵
-
C:\Windows\SysWOW64\Ipihkobl.exeC:\Windows\system32\Ipihkobl.exe26⤵
-
C:\Windows\SysWOW64\Iiblcdil.exeC:\Windows\system32\Iiblcdil.exe27⤵
-
C:\Windows\SysWOW64\Icgqqmib.exeC:\Windows\system32\Icgqqmib.exe28⤵
-
C:\Windows\SysWOW64\Ijaimg32.exeC:\Windows\system32\Ijaimg32.exe29⤵
-
C:\Windows\SysWOW64\Iannpa32.exeC:\Windows\system32\Iannpa32.exe30⤵
-
C:\Windows\SysWOW64\Iiibdc32.exeC:\Windows\system32\Iiibdc32.exe31⤵
-
C:\Windows\SysWOW64\Jabgkpad.exeC:\Windows\system32\Jabgkpad.exe32⤵
-
C:\Windows\SysWOW64\Jjklcf32.exeC:\Windows\system32\Jjklcf32.exe33⤵
-
C:\Windows\SysWOW64\Jbfphh32.exeC:\Windows\system32\Jbfphh32.exe34⤵
-
C:\Windows\SysWOW64\Jiphebml.exeC:\Windows\system32\Jiphebml.exe35⤵
-
C:\Windows\SysWOW64\Jfdinf32.exeC:\Windows\system32\Jfdinf32.exe36⤵
-
C:\Windows\SysWOW64\Jaimko32.exeC:\Windows\system32\Jaimko32.exe37⤵
-
C:\Windows\SysWOW64\Jkaadebl.exeC:\Windows\system32\Jkaadebl.exe38⤵
-
C:\Windows\SysWOW64\Kmbkfp32.exeC:\Windows\system32\Kmbkfp32.exe39⤵
-
C:\Windows\SysWOW64\Kgkooeen.exeC:\Windows\system32\Kgkooeen.exe40⤵
-
C:\Windows\SysWOW64\Kpccgk32.exeC:\Windows\system32\Kpccgk32.exe41⤵
-
C:\Windows\SysWOW64\Kmgdaokh.exeC:\Windows\system32\Kmgdaokh.exe42⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kkkdjcjb.exeC:\Windows\system32\Kkkdjcjb.exe43⤵
-
C:\Windows\SysWOW64\Kipalpoj.exeC:\Windows\system32\Kipalpoj.exe44⤵
-
C:\Windows\SysWOW64\Lcifde32.exeC:\Windows\system32\Lcifde32.exe45⤵
-
C:\Windows\SysWOW64\Lpmfnj32.exeC:\Windows\system32\Lpmfnj32.exe46⤵
-
C:\Windows\SysWOW64\Lmqggncn.exeC:\Windows\system32\Lmqggncn.exe47⤵
-
C:\Windows\SysWOW64\Lanpml32.exeC:\Windows\system32\Lanpml32.exe48⤵
-
C:\Windows\SysWOW64\Lkgdfb32.exeC:\Windows\system32\Lkgdfb32.exe49⤵
-
C:\Windows\SysWOW64\Lcbikd32.exeC:\Windows\system32\Lcbikd32.exe50⤵
-
C:\Windows\SysWOW64\Lpfidh32.exeC:\Windows\system32\Lpfidh32.exe51⤵
-
C:\Windows\SysWOW64\Maefnk32.exeC:\Windows\system32\Maefnk32.exe52⤵
-
C:\Windows\SysWOW64\Mjqjbn32.exeC:\Windows\system32\Mjqjbn32.exe53⤵
-
C:\Windows\SysWOW64\Mciokcgg.exeC:\Windows\system32\Mciokcgg.exe54⤵
-
C:\Windows\SysWOW64\Mjednmla.exeC:\Windows\system32\Mjednmla.exe55⤵
-
C:\Windows\SysWOW64\Mcnhfb32.exeC:\Windows\system32\Mcnhfb32.exe56⤵
-
C:\Windows\SysWOW64\Mjhqcmjo.exeC:\Windows\system32\Mjhqcmjo.exe57⤵
-
C:\Windows\SysWOW64\Nqaipgal.exeC:\Windows\system32\Nqaipgal.exe58⤵
-
C:\Windows\SysWOW64\Njjmil32.exeC:\Windows\system32\Njjmil32.exe59⤵
-
C:\Windows\SysWOW64\Ngnnbq32.exeC:\Windows\system32\Ngnnbq32.exe60⤵
-
C:\Windows\SysWOW64\Nqioqf32.exeC:\Windows\system32\Nqioqf32.exe61⤵
-
C:\Windows\SysWOW64\Nbhkjicf.exeC:\Windows\system32\Nbhkjicf.exe62⤵
-
C:\Windows\SysWOW64\Ogjmnomi.exeC:\Windows\system32\Ogjmnomi.exe63⤵
-
C:\Windows\SysWOW64\Okgfdm32.exeC:\Windows\system32\Okgfdm32.exe64⤵
-
C:\Windows\SysWOW64\Obanqgkl.exeC:\Windows\system32\Obanqgkl.exe65⤵
-
C:\Windows\SysWOW64\Ojmcej32.exeC:\Windows\system32\Ojmcej32.exe66⤵
-
C:\Windows\SysWOW64\Pkaijl32.exeC:\Windows\system32\Pkaijl32.exe67⤵
-
C:\Windows\SysWOW64\Panabc32.exeC:\Windows\system32\Panabc32.exe68⤵
-
C:\Windows\SysWOW64\Papnhbgi.exeC:\Windows\system32\Papnhbgi.exe69⤵
-
C:\Windows\SysWOW64\Pkebekgo.exeC:\Windows\system32\Pkebekgo.exe70⤵
-
C:\Windows\SysWOW64\Pkhokkel.exeC:\Windows\system32\Pkhokkel.exe71⤵
-
C:\Windows\SysWOW64\Qaegcb32.exeC:\Windows\system32\Qaegcb32.exe72⤵
-
C:\Windows\SysWOW64\Qkjlpk32.exeC:\Windows\system32\Qkjlpk32.exe73⤵
-
C:\Windows\SysWOW64\Ankdbf32.exeC:\Windows\system32\Ankdbf32.exe74⤵
-
C:\Windows\SysWOW64\Achmjmnb.exeC:\Windows\system32\Achmjmnb.exe75⤵
-
C:\Windows\SysWOW64\Anmagenh.exeC:\Windows\system32\Anmagenh.exe76⤵
-
C:\Windows\SysWOW64\Ahffqk32.exeC:\Windows\system32\Ahffqk32.exe77⤵
-
C:\Windows\SysWOW64\Abkjnd32.exeC:\Windows\system32\Abkjnd32.exe78⤵
-
C:\Windows\SysWOW64\Ahhbfkbf.exeC:\Windows\system32\Ahhbfkbf.exe79⤵
-
C:\Windows\SysWOW64\Aaqgop32.exeC:\Windows\system32\Aaqgop32.exe80⤵
-
C:\Windows\SysWOW64\Alfkli32.exeC:\Windows\system32\Alfkli32.exe81⤵
-
C:\Windows\SysWOW64\Aaccdp32.exeC:\Windows\system32\Aaccdp32.exe82⤵
-
C:\Windows\SysWOW64\Blhhaigj.exeC:\Windows\system32\Blhhaigj.exe83⤵
-
C:\Windows\SysWOW64\Bdcmfkde.exeC:\Windows\system32\Bdcmfkde.exe84⤵
-
C:\Windows\SysWOW64\Bjnece32.exeC:\Windows\system32\Bjnece32.exe85⤵
-
C:\Windows\SysWOW64\Becipn32.exeC:\Windows\system32\Becipn32.exe86⤵
-
C:\Windows\SysWOW64\Boknic32.exeC:\Windows\system32\Boknic32.exe87⤵
-
C:\Windows\SysWOW64\Bonjnc32.exeC:\Windows\system32\Bonjnc32.exe88⤵
-
C:\Windows\SysWOW64\Bjdkcd32.exeC:\Windows\system32\Bjdkcd32.exe89⤵
-
C:\Windows\SysWOW64\Baocpnmf.exeC:\Windows\system32\Baocpnmf.exe90⤵
-
C:\Windows\SysWOW64\Cellfm32.exeC:\Windows\system32\Cellfm32.exe91⤵
-
C:\Windows\SysWOW64\Clfdcgkj.exeC:\Windows\system32\Clfdcgkj.exe92⤵
-
C:\Windows\SysWOW64\Cbqlpabf.exeC:\Windows\system32\Cbqlpabf.exe93⤵
-
C:\Windows\SysWOW64\Chmehhpn.exeC:\Windows\system32\Chmehhpn.exe94⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Cogmdb32.exeC:\Windows\system32\Cogmdb32.exe95⤵
-
C:\Windows\SysWOW64\Ceaealoh.exeC:\Windows\system32\Ceaealoh.exe96⤵
-
C:\Windows\SysWOW64\Cbefkp32.exeC:\Windows\system32\Cbefkp32.exe97⤵
-
C:\Windows\SysWOW64\Cdfbbhdp.exeC:\Windows\system32\Cdfbbhdp.exe98⤵
-
C:\Windows\SysWOW64\Cajblmci.exeC:\Windows\system32\Cajblmci.exe99⤵
-
C:\Windows\SysWOW64\Donceaac.exeC:\Windows\system32\Donceaac.exe100⤵
-
C:\Windows\SysWOW64\Dlbcoe32.exeC:\Windows\system32\Dlbcoe32.exe101⤵
-
C:\Windows\SysWOW64\Eojcao32.exeC:\Windows\system32\Eojcao32.exe102⤵
-
C:\Windows\SysWOW64\Ekqcfpmj.exeC:\Windows\system32\Ekqcfpmj.exe103⤵
-
C:\Windows\SysWOW64\Ehimkd32.exeC:\Windows\system32\Ehimkd32.exe104⤵
-
C:\Windows\SysWOW64\Fdpnpe32.exeC:\Windows\system32\Fdpnpe32.exe105⤵
-
C:\Windows\SysWOW64\Fdegkdim.exeC:\Windows\system32\Fdegkdim.exe106⤵
-
C:\Windows\SysWOW64\Fkcibnmd.exeC:\Windows\system32\Fkcibnmd.exe107⤵
-
C:\Windows\SysWOW64\Gdlnkc32.exeC:\Windows\system32\Gdlnkc32.exe108⤵
-
C:\Windows\SysWOW64\Glcelq32.exeC:\Windows\system32\Glcelq32.exe109⤵
-
C:\Windows\SysWOW64\Gbpnegbo.exeC:\Windows\system32\Gbpnegbo.exe110⤵
-
C:\Windows\SysWOW64\Glebbpbd.exeC:\Windows\system32\Glebbpbd.exe111⤵
-
C:\Windows\SysWOW64\Gbbkjgpl.exeC:\Windows\system32\Gbbkjgpl.exe112⤵
-
C:\Windows\SysWOW64\Gbdgpfni.exeC:\Windows\system32\Gbdgpfni.exe113⤵
-
C:\Windows\SysWOW64\Gbgdef32.exeC:\Windows\system32\Gbgdef32.exe114⤵
-
C:\Windows\SysWOW64\Hbiakf32.exeC:\Windows\system32\Hbiakf32.exe115⤵
-
C:\Windows\SysWOW64\Hkaedk32.exeC:\Windows\system32\Hkaedk32.exe116⤵
-
C:\Windows\SysWOW64\Hbknqeha.exeC:\Windows\system32\Hbknqeha.exe117⤵
-
C:\Windows\SysWOW64\Hcmgphma.exeC:\Windows\system32\Hcmgphma.exe118⤵
-
C:\Windows\SysWOW64\Hmfkin32.exeC:\Windows\system32\Hmfkin32.exe119⤵
-
C:\Windows\SysWOW64\Hcpcehko.exeC:\Windows\system32\Hcpcehko.exe120⤵
-
C:\Windows\SysWOW64\Hmhhnmao.exeC:\Windows\system32\Hmhhnmao.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-