Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
-
submitted
12/11/2023, 18:40
General
-
Target
NEAS.fea88f47d673af74899d235b81b9383d.exe
-
Size
109KB
-
MD5
fea88f47d673af74899d235b81b9383d
-
SHA1
9342d561be3082709781691f4dcaf28be6b4792a
-
SHA256
816aa5beba633e9659ad1e5eb4cefa3a6eb5eea31416daebc0f4c05900e9c7a2
-
SHA512
25099f19b8cc0f7949cf66ee484ded4fc0725ff9a5d4aa626d1c6b59660f2cbc756187b29da74d77812e9c3f5777bfd9112c4ac82801b889971c0cd1e055370d
-
SSDEEP
3072:MDEzauhxCbEWnr0kFReAWO8fo3PXl9Z7S/yCsKh2EzZA/z:MDWvhklrtnWOgo35e/yCthvUz
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Malware Backdoor - Berbew 64 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.fea88f47d673af74899d235b81b9383d.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.fea88f47d673af74899d235b81b9383d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aompak32.exeC:\Windows\system32\Aompak32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\Bmbiamhi.exeC:\Windows\system32\Bmbiamhi.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bclang32.exeC:\Windows\system32\Bclang32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\Bfjnjcni.exeC:\Windows\system32\Bfjnjcni.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cmdfgm32.exeC:\Windows\system32\Cmdfgm32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Cjhfpa32.exeC:\Windows\system32\Cjhfpa32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cpeohh32.exeC:\Windows\system32\Cpeohh32.exe2⤵
-
-
C:\Windows\SysWOW64\Cfogeb32.exeC:\Windows\system32\Cfogeb32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cmipblaq.exeC:\Windows\system32\Cmipblaq.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Caghhk32.exeC:\Windows\system32\Caghhk32.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cceddf32.exeC:\Windows\system32\Cceddf32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Diicml32.exeC:\Windows\system32\Diicml32.exe3⤵
-
-
-
C:\Windows\SysWOW64\Cjmpkqqj.exeC:\Windows\system32\Cjmpkqqj.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dapkni32.exeC:\Windows\system32\Dapkni32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dcogje32.exeC:\Windows\system32\Dcogje32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Efepbi32.exeC:\Windows\system32\Efepbi32.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Ccchof32.exeC:\Windows\system32\Ccchof32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bfhadc32.exeC:\Windows\system32\Bfhadc32.exe1⤵
-
C:\Windows\SysWOW64\Bciehh32.exeC:\Windows\system32\Bciehh32.exe1⤵
-
C:\Windows\SysWOW64\Bmomlnjk.exeC:\Windows\system32\Bmomlnjk.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bgbdcgld.exeC:\Windows\system32\Bgbdcgld.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bqilgmdg.exeC:\Windows\system32\Bqilgmdg.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Biadeoce.exeC:\Windows\system32\Biadeoce.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bgpgng32.exeC:\Windows\system32\Bgpgng32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Boipmj32.exeC:\Windows\system32\Boipmj32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bmkcqn32.exeC:\Windows\system32\Bmkcqn32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bfqkddfd.exeC:\Windows\system32\Bfqkddfd.exe1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bogcgj32.exeC:\Windows\system32\Bogcgj32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Amhfkopc.exeC:\Windows\system32\Amhfkopc.exe1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aodfajaj.exeC:\Windows\system32\Aodfajaj.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aijnep32.exeC:\Windows\system32\Aijnep32.exe1⤵
-
C:\Windows\SysWOW64\Aflaie32.exeC:\Windows\system32\Aflaie32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aqoiqn32.exeC:\Windows\system32\Aqoiqn32.exe1⤵
-
C:\Windows\SysWOW64\Aihaoqlp.exeC:\Windows\system32\Aihaoqlp.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ackigjmh.exeC:\Windows\system32\Ackigjmh.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ahfdjanb.exeC:\Windows\system32\Ahfdjanb.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Afghneoo.exeC:\Windows\system32\Afghneoo.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Elbhjp32.exeC:\Windows\system32\Elbhjp32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Efhlhh32.exeC:\Windows\system32\Efhlhh32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Embddb32.exeC:\Windows\system32\Embddb32.exe3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\Eclmamod.exeC:\Windows\system32\Eclmamod.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Efjimhnh.exeC:\Windows\system32\Efjimhnh.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Clchbqoo.exeC:\Windows\system32\Clchbqoo.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fefedmil.exeC:\Windows\system32\Fefedmil.exe4⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mmfkhmdi.exeC:\Windows\system32\Mmfkhmdi.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mfnoqc32.exeC:\Windows\system32\Mfnoqc32.exe6⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mnegbp32.exeC:\Windows\system32\Mnegbp32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mogcihaj.exeC:\Windows\system32\Mogcihaj.exe8⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Mgnlkfal.exeC:\Windows\system32\Mgnlkfal.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mjlhgaqp.exeC:\Windows\system32\Mjlhgaqp.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mqfpckhm.exeC:\Windows\system32\Mqfpckhm.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mgphpe32.exeC:\Windows\system32\Mgphpe32.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
-
-
-
C:\Windows\SysWOW64\Mjodla32.exeC:\Windows\system32\Mjodla32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mqimikfj.exeC:\Windows\system32\Mqimikfj.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Monjjgkb.exeC:\Windows\system32\Monjjgkb.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mgeakekd.exeC:\Windows\system32\Mgeakekd.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nmbjcljl.exeC:\Windows\system32\Nmbjcljl.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nopfpgip.exeC:\Windows\system32\Nopfpgip.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Njfkmphe.exeC:\Windows\system32\Njfkmphe.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmdgikhi.exeC:\Windows\system32\Nmdgikhi.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Npbceggm.exeC:\Windows\system32\Npbceggm.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nflkbanj.exeC:\Windows\system32\Nflkbanj.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nncccnol.exeC:\Windows\system32\Nncccnol.exe9⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Mnmmboed.exeC:\Windows\system32\Mnmmboed.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nqbpojnp.exeC:\Windows\system32\Nqbpojnp.exe1⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ncqlkemc.exeC:\Windows\system32\Ncqlkemc.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Njjdho32.exeC:\Windows\system32\Njjdho32.exe3⤵
-
C:\Windows\SysWOW64\Npgmpf32.exeC:\Windows\system32\Npgmpf32.exe4⤵
-
C:\Windows\SysWOW64\Ngndaccj.exeC:\Windows\system32\Ngndaccj.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Npiiffqe.exeC:\Windows\system32\Npiiffqe.exe6⤵
-
C:\Windows\SysWOW64\Oaifpi32.exeC:\Windows\system32\Oaifpi32.exe7⤵
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Ogcnmc32.exeC:\Windows\system32\Ogcnmc32.exe1⤵
-
C:\Windows\SysWOW64\Onmfimga.exeC:\Windows\system32\Onmfimga.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Oakbehfe.exeC:\Windows\system32\Oakbehfe.exe3⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ocjoadei.exeC:\Windows\system32\Ocjoadei.exe4⤵
-
C:\Windows\SysWOW64\Ofhknodl.exeC:\Windows\system32\Ofhknodl.exe5⤵
-
-
-
-
-
C:\Windows\SysWOW64\Onocomdo.exeC:\Windows\system32\Onocomdo.exe1⤵
-
C:\Windows\SysWOW64\Opqofe32.exeC:\Windows\system32\Opqofe32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ofkgcobj.exeC:\Windows\system32\Ofkgcobj.exe3⤵
-
-
-
C:\Windows\SysWOW64\Ocohmc32.exeC:\Windows\system32\Ocohmc32.exe1⤵
-
C:\Windows\SysWOW64\Ofmdio32.exeC:\Windows\system32\Ofmdio32.exe2⤵
-
-
C:\Windows\SysWOW64\Oabhfg32.exeC:\Windows\system32\Oabhfg32.exe1⤵
-
C:\Windows\SysWOW64\Ocaebc32.exeC:\Windows\system32\Ocaebc32.exe2⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pfoann32.exeC:\Windows\system32\Pfoann32.exe3⤵
- Modifies registry class
-
-
-
C:\Windows\SysWOW64\Pmiikh32.exeC:\Windows\system32\Pmiikh32.exe1⤵
-
C:\Windows\SysWOW64\Pccahbmn.exeC:\Windows\system32\Pccahbmn.exe2⤵
-
C:\Windows\SysWOW64\Pfandnla.exeC:\Windows\system32\Pfandnla.exe3⤵
-
C:\Windows\SysWOW64\Ppjbmc32.exeC:\Windows\system32\Ppjbmc32.exe4⤵
-
C:\Windows\SysWOW64\Phajna32.exeC:\Windows\system32\Phajna32.exe5⤵
-
C:\Windows\SysWOW64\Pplobcpp.exeC:\Windows\system32\Pplobcpp.exe6⤵
-
C:\Windows\SysWOW64\Pjbcplpe.exeC:\Windows\system32\Pjbcplpe.exe7⤵
-
C:\Windows\SysWOW64\Pdmdnadc.exeC:\Windows\system32\Pdmdnadc.exe8⤵
-
C:\Windows\SysWOW64\Qmeigg32.exeC:\Windows\system32\Qmeigg32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qhjmdp32.exeC:\Windows\system32\Qhjmdp32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Oflfdbip.exeC:\Windows\system32\Oflfdbip.exe11⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Pcijce32.exeC:\Windows\system32\Pcijce32.exe12⤵
-
C:\Windows\SysWOW64\Pbljoafi.exeC:\Windows\system32\Pbljoafi.exe13⤵
-
C:\Windows\SysWOW64\Qejfkmem.exeC:\Windows\system32\Qejfkmem.exe14⤵
-
C:\Windows\SysWOW64\Qppkhfec.exeC:\Windows\system32\Qppkhfec.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Ondljl32.exeC:\Windows\system32\Ondljl32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qbngeadf.exeC:\Windows\system32\Qbngeadf.exe1⤵
-
C:\Windows\SysWOW64\Qelcamcj.exeC:\Windows\system32\Qelcamcj.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qmckbjdl.exeC:\Windows\system32\Qmckbjdl.exe3⤵
-
-
-
C:\Windows\SysWOW64\Qpbgnecp.exeC:\Windows\system32\Qpbgnecp.exe1⤵
-
C:\Windows\SysWOW64\Abpcja32.exeC:\Windows\system32\Abpcja32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
C:\Windows\SysWOW64\Aeopfl32.exeC:\Windows\system32\Aeopfl32.exe1⤵
-
C:\Windows\SysWOW64\Amfhgj32.exeC:\Windows\system32\Amfhgj32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Acppddig.exeC:\Windows\system32\Acppddig.exe3⤵
-
C:\Windows\SysWOW64\Cmbpjfij.exeC:\Windows\system32\Cmbpjfij.exe4⤵
- Drops file in System32 directory
- Modifies registry class
-
-
-
-
C:\Windows\SysWOW64\Cpqlfa32.exeC:\Windows\system32\Cpqlfa32.exe1⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Cboibm32.exeC:\Windows\system32\Cboibm32.exe2⤵
-
C:\Windows\SysWOW64\Ciiaogon.exeC:\Windows\system32\Ciiaogon.exe3⤵
-
C:\Windows\SysWOW64\Cpcila32.exeC:\Windows\system32\Cpcila32.exe4⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ciknefmk.exeC:\Windows\system32\Ciknefmk.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Clijablo.exeC:\Windows\system32\Clijablo.exe6⤵
-
-
-
-
-
-
C:\Windows\SysWOW64\Dfonnk32.exeC:\Windows\system32\Dfonnk32.exe1⤵
-
C:\Windows\SysWOW64\Dinjjf32.exeC:\Windows\system32\Dinjjf32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dipgpf32.exeC:\Windows\system32\Dipgpf32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dlncla32.exeC:\Windows\system32\Dlncla32.exe4⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Deidjf32.exeC:\Windows\system32\Deidjf32.exe5⤵
-
C:\Windows\SysWOW64\Dpoiho32.exeC:\Windows\system32\Dpoiho32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Egknji32.exeC:\Windows\system32\Egknji32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Edoncm32.exeC:\Windows\system32\Edoncm32.exe8⤵
-
C:\Windows\SysWOW64\Emgblc32.exeC:\Windows\system32\Emgblc32.exe9⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Epeohn32.exeC:\Windows\system32\Epeohn32.exe10⤵
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Egpgehnb.exeC:\Windows\system32\Egpgehnb.exe1⤵
-
C:\Windows\SysWOW64\Eincadmf.exeC:\Windows\system32\Eincadmf.exe2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\Egbdjhlp.exeC:\Windows\system32\Egbdjhlp.exe1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Enllgbcl.exeC:\Windows\system32\Enllgbcl.exe2⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fckaeioa.exeC:\Windows\system32\Fckaeioa.exe3⤵
-
C:\Windows\SysWOW64\Fncbha32.exeC:\Windows\system32\Fncbha32.exe4⤵
-
-
-
-
C:\Windows\SysWOW64\Fcbgfhii.exeC:\Windows\system32\Fcbgfhii.exe1⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ffpcbchm.exeC:\Windows\system32\Ffpcbchm.exe2⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gnlenp32.exeC:\Windows\system32\Gnlenp32.exe3⤵
-
C:\Windows\SysWOW64\Gmdoel32.exeC:\Windows\system32\Gmdoel32.exe4⤵
-
C:\Windows\SysWOW64\Hqddqj32.exeC:\Windows\system32\Hqddqj32.exe5⤵
-
C:\Windows\SysWOW64\Hmkeekag.exeC:\Windows\system32\Hmkeekag.exe6⤵
-
C:\Windows\SysWOW64\Hfhbipdb.exeC:\Windows\system32\Hfhbipdb.exe7⤵
-
C:\Windows\SysWOW64\Inagpm32.exeC:\Windows\system32\Inagpm32.exe8⤵
-
C:\Windows\SysWOW64\Iqbpahpc.exeC:\Windows\system32\Iqbpahpc.exe9⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Igneda32.exeC:\Windows\system32\Igneda32.exe10⤵
-
C:\Windows\SysWOW64\Ijmapm32.exeC:\Windows\system32\Ijmapm32.exe11⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jgcooaah.exeC:\Windows\system32\Jgcooaah.exe12⤵
-
C:\Windows\SysWOW64\Jghhjq32.exeC:\Windows\system32\Jghhjq32.exe13⤵
-
C:\Windows\SysWOW64\Jjhalkjc.exeC:\Windows\system32\Jjhalkjc.exe14⤵
-
C:\Windows\SysWOW64\Kjmjgk32.exeC:\Windows\system32\Kjmjgk32.exe15⤵
-
C:\Windows\SysWOW64\Kebodc32.exeC:\Windows\system32\Kebodc32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kffhakjp.exeC:\Windows\system32\Kffhakjp.exe17⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lhjnfn32.exeC:\Windows\system32\Lhjnfn32.exe18⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ljijci32.exeC:\Windows\system32\Ljijci32.exe19⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lhmjlm32.exeC:\Windows\system32\Lhmjlm32.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ldckan32.exeC:\Windows\system32\Ldckan32.exe21⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ljncnhhk.exeC:\Windows\system32\Ljncnhhk.exe22⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Laglkb32.exeC:\Windows\system32\Laglkb32.exe23⤵
-
C:\Windows\SysWOW64\Ldfhgn32.exeC:\Windows\system32\Ldfhgn32.exe24⤵
-
C:\Windows\SysWOW64\Lfddci32.exeC:\Windows\system32\Lfddci32.exe25⤵
-
C:\Windows\SysWOW64\Nkpijfgf.exeC:\Windows\system32\Nkpijfgf.exe26⤵
-
C:\Windows\SysWOW64\Ndinck32.exeC:\Windows\system32\Ndinck32.exe27⤵
-
C:\Windows\SysWOW64\Odifjipd.exeC:\Windows\system32\Odifjipd.exe28⤵
-
C:\Windows\SysWOW64\Lmfodn32.exeC:\Windows\system32\Lmfodn32.exe29⤵
-
C:\Windows\SysWOW64\Cnmebblf.exeC:\Windows\system32\Cnmebblf.exe30⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Idinej32.exeC:\Windows\system32\Idinej32.exe31⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jafaem32.exeC:\Windows\system32\Jafaem32.exe32⤵
-
C:\Windows\SysWOW64\Megldcgd.exeC:\Windows\system32\Megldcgd.exe33⤵
-
C:\Windows\SysWOW64\Mkadam32.exeC:\Windows\system32\Mkadam32.exe34⤵
-
C:\Windows\SysWOW64\Mpdgbkab.exeC:\Windows\system32\Mpdgbkab.exe35⤵
-
C:\Windows\SysWOW64\Qmkfoj32.exeC:\Windows\system32\Qmkfoj32.exe36⤵
-
C:\Windows\SysWOW64\Fjanjb32.exeC:\Windows\system32\Fjanjb32.exe37⤵
-
C:\Windows\SysWOW64\Ggldde32.exeC:\Windows\system32\Ggldde32.exe38⤵
-
C:\Windows\SysWOW64\Gnhifonl.exeC:\Windows\system32\Gnhifonl.exe39⤵
-
C:\Windows\SysWOW64\Hfajlp32.exeC:\Windows\system32\Hfajlp32.exe40⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ipohpdbb.exeC:\Windows\system32\Ipohpdbb.exe41⤵
-
C:\Windows\SysWOW64\Idmafc32.exeC:\Windows\system32\Idmafc32.exe42⤵
-
C:\Windows\SysWOW64\Jdajabdc.exeC:\Windows\system32\Jdajabdc.exe43⤵
-
C:\Windows\SysWOW64\Jknocljn.exeC:\Windows\system32\Jknocljn.exe44⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kgnbol32.exeC:\Windows\system32\Kgnbol32.exe45⤵
-
C:\Windows\SysWOW64\Kgpodk32.exeC:\Windows\system32\Kgpodk32.exe46⤵
-
C:\Windows\SysWOW64\Kafcadej.exeC:\Windows\system32\Kafcadej.exe47⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kpkqbq32.exeC:\Windows\system32\Kpkqbq32.exe48⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lkcaeige.exeC:\Windows\system32\Lkcaeige.exe49⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lnanadfi.exeC:\Windows\system32\Lnanadfi.exe50⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lhgbomfo.exeC:\Windows\system32\Lhgbomfo.exe51⤵
-
C:\Windows\SysWOW64\Laofhbmp.exeC:\Windows\system32\Laofhbmp.exe52⤵
-
C:\Windows\SysWOW64\Lnfgmc32.exeC:\Windows\system32\Lnfgmc32.exe53⤵
-
C:\Windows\SysWOW64\Lgqhki32.exeC:\Windows\system32\Lgqhki32.exe54⤵
-
C:\Windows\SysWOW64\Mkoaagmh.exeC:\Windows\system32\Mkoaagmh.exe55⤵
-
C:\Windows\SysWOW64\Mbhina32.exeC:\Windows\system32\Mbhina32.exe56⤵
-
C:\Windows\SysWOW64\Moljgeco.exeC:\Windows\system32\Moljgeco.exe57⤵
-
C:\Windows\SysWOW64\Mhenpk32.exeC:\Windows\system32\Mhenpk32.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mnaghb32.exeC:\Windows\system32\Mnaghb32.exe59⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mqpcdn32.exeC:\Windows\system32\Mqpcdn32.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mgjkag32.exeC:\Windows\system32\Mgjkag32.exe61⤵
-
C:\Windows\SysWOW64\Mbpoop32.exeC:\Windows\system32\Mbpoop32.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ninafj32.exeC:\Windows\system32\Ninafj32.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Neebkkgi.exeC:\Windows\system32\Neebkkgi.exe64⤵
-
C:\Windows\SysWOW64\Nnmfdpni.exeC:\Windows\system32\Nnmfdpni.exe65⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nbkojo32.exeC:\Windows\system32\Nbkojo32.exe66⤵
-
C:\Windows\SysWOW64\Oigdmh32.exeC:\Windows\system32\Oigdmh32.exe67⤵
-
C:\Windows\SysWOW64\Okhmnc32.exeC:\Windows\system32\Okhmnc32.exe68⤵
-
C:\Windows\SysWOW64\Ogoncd32.exeC:\Windows\system32\Ogoncd32.exe69⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oiojmgcb.exeC:\Windows\system32\Oiojmgcb.exe70⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Obgofmjb.exeC:\Windows\system32\Obgofmjb.exe71⤵
-
C:\Windows\SysWOW64\Pldljbmn.exeC:\Windows\system32\Pldljbmn.exe72⤵
-
C:\Windows\SysWOW64\Pacahhib.exeC:\Windows\system32\Pacahhib.exe73⤵
-
C:\Windows\SysWOW64\Qlmopqdc.exeC:\Windows\system32\Qlmopqdc.exe74⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aejmdegn.exeC:\Windows\system32\Aejmdegn.exe75⤵
-
C:\Windows\SysWOW64\Apdkmn32.exeC:\Windows\system32\Apdkmn32.exe76⤵
-
C:\Windows\SysWOW64\Bbjmih32.exeC:\Windows\system32\Bbjmih32.exe77⤵
-
C:\Windows\SysWOW64\Ciioaa32.exeC:\Windows\system32\Ciioaa32.exe78⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cccppgcp.exeC:\Windows\system32\Cccppgcp.exe79⤵
-
C:\Windows\SysWOW64\Chphhn32.exeC:\Windows\system32\Chphhn32.exe80⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Clqncl32.exeC:\Windows\system32\Clqncl32.exe81⤵
-
C:\Windows\SysWOW64\Coojpg32.exeC:\Windows\system32\Coojpg32.exe82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Damflb32.exeC:\Windows\system32\Damflb32.exe83⤵
-
C:\Windows\SysWOW64\Dhgoimlo.exeC:\Windows\system32\Dhgoimlo.exe84⤵
-
C:\Windows\SysWOW64\Doageg32.exeC:\Windows\system32\Doageg32.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dapcab32.exeC:\Windows\system32\Dapcab32.exe86⤵
-
C:\Windows\SysWOW64\Dhjknljl.exeC:\Windows\system32\Dhjknljl.exe87⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dlgddkpc.exeC:\Windows\system32\Dlgddkpc.exe88⤵
-
C:\Windows\SysWOW64\Dcalae32.exeC:\Windows\system32\Dcalae32.exe89⤵
-
C:\Windows\SysWOW64\Dhndil32.exeC:\Windows\system32\Dhndil32.exe90⤵
-
C:\Windows\SysWOW64\Dpemjifi.exeC:\Windows\system32\Dpemjifi.exe91⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dagiba32.exeC:\Windows\system32\Dagiba32.exe92⤵
-
C:\Windows\SysWOW64\Djnaco32.exeC:\Windows\system32\Djnaco32.exe93⤵
-
C:\Windows\SysWOW64\Ecfeldcj.exeC:\Windows\system32\Ecfeldcj.exe94⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Efdbhpbn.exeC:\Windows\system32\Efdbhpbn.exe95⤵
-
C:\Windows\SysWOW64\Ehcndkaa.exeC:\Windows\system32\Ehcndkaa.exe96⤵
-
C:\Windows\SysWOW64\Eomfae32.exeC:\Windows\system32\Eomfae32.exe97⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ebkbmqhb.exeC:\Windows\system32\Ebkbmqhb.exe98⤵
-
C:\Windows\SysWOW64\Bdmpljlj.exeC:\Windows\system32\Bdmpljlj.exe99⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ckghid32.exeC:\Windows\system32\Ckghid32.exe100⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cbnpja32.exeC:\Windows\system32\Cbnpja32.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cellfm32.exeC:\Windows\system32\Cellfm32.exe102⤵
-
C:\Windows\SysWOW64\Chkhbh32.exeC:\Windows\system32\Chkhbh32.exe103⤵
-
C:\Windows\SysWOW64\Ckidoc32.exeC:\Windows\system32\Ckidoc32.exe104⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cbqlpabf.exeC:\Windows\system32\Cbqlpabf.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cacmkn32.exeC:\Windows\system32\Cacmkn32.exe106⤵
-
C:\Windows\SysWOW64\Chmehhpn.exeC:\Windows\system32\Chmehhpn.exe107⤵
-
C:\Windows\SysWOW64\Cogmdb32.exeC:\Windows\system32\Cogmdb32.exe108⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Cddemi32.exeC:\Windows\system32\Cddemi32.exe109⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Clknnf32.exeC:\Windows\system32\Clknnf32.exe110⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Cbefkp32.exeC:\Windows\system32\Cbefkp32.exe111⤵
-
C:\Windows\SysWOW64\Chbncg32.exeC:\Windows\system32\Chbncg32.exe112⤵
-
C:\Windows\SysWOW64\Colfpace.exeC:\Windows\system32\Colfpace.exe113⤵
-
C:\Windows\SysWOW64\Cefolk32.exeC:\Windows\system32\Cefolk32.exe114⤵
-
C:\Windows\SysWOW64\Dlpgiebo.exeC:\Windows\system32\Dlpgiebo.exe115⤵
-
C:\Windows\SysWOW64\Donceaac.exeC:\Windows\system32\Donceaac.exe116⤵
-
C:\Windows\SysWOW64\Dehkbkip.exeC:\Windows\system32\Dehkbkip.exe117⤵
-
C:\Windows\SysWOW64\Dlbcoe32.exeC:\Windows\system32\Dlbcoe32.exe118⤵
-
C:\Windows\SysWOW64\Dkedjbgg.exeC:\Windows\system32\Dkedjbgg.exe119⤵
-
C:\Windows\SysWOW64\Dejhgkgm.exeC:\Windows\system32\Dejhgkgm.exe120⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dldpde32.exeC:\Windows\system32\Dldpde32.exe121⤵
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-