Analysis
-
max time kernel
145s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
16-11-2023 18:01
General
-
Target
NEAS.ee067c103e0fd10c9264d58cade5983c.exe
-
Size
55KB
-
MD5
ee067c103e0fd10c9264d58cade5983c
-
SHA1
606b7c3e143d2328ca2666b937db2a1380a32a8e
-
SHA256
3d42c6d868c863fd00814687eb3448c667f55c3b0f0c99e043adc299783bd9e6
-
SHA512
f8d2cca2ab4003f965dd6b152f9b24278f86ea29f8f0cc1f63c08f450a977750537ca08dc63bbc09d702897c3fd73824f05dc50b9448e2701eb569c35d00dc19
-
SSDEEP
1536:vp5qESWPuKnQ/lg7wbOlunK+Cy60mwsJ1ZbdRMlqyKPRvN2Lg:v7qgUK+bYJHbdMKpmg
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.ee067c103e0fd10c9264d58cade5983c.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.ee067c103e0fd10c9264d58cade5983c.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hehdfdek.exeC:\Windows\system32\Hehdfdek.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hpmhdmea.exeC:\Windows\system32\Hpmhdmea.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Haodle32.exeC:\Windows\system32\Haodle32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hldiinke.exeC:\Windows\system32\Hldiinke.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hbnaeh32.exeC:\Windows\system32\Hbnaeh32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ihkjno32.exeC:\Windows\system32\Ihkjno32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ibqnkh32.exeC:\Windows\system32\Ibqnkh32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iimcma32.exeC:\Windows\system32\Iimcma32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ipgkjlmg.exeC:\Windows\system32\Ipgkjlmg.exe10⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iahgad32.exeC:\Windows\system32\Iahgad32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ipihpkkd.exeC:\Windows\system32\Ipihpkkd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ilphdlqh.exeC:\Windows\system32\Ilphdlqh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jemfhacc.exeC:\Windows\system32\Jemfhacc.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jlgoek32.exeC:\Windows\system32\Jlgoek32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jadgnb32.exeC:\Windows\system32\Jadgnb32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jlikkkhn.exeC:\Windows\system32\Jlikkkhn.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jbccge32.exeC:\Windows\system32\Jbccge32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jhplpl32.exeC:\Windows\system32\Jhplpl32.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jojdlfeo.exeC:\Windows\system32\Jojdlfeo.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kedlip32.exeC:\Windows\system32\Kedlip32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Klndfj32.exeC:\Windows\system32\Klndfj32.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kbhmbdle.exeC:\Windows\system32\Kbhmbdle.exe23⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kibeoo32.exeC:\Windows\system32\Kibeoo32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Koonge32.exeC:\Windows\system32\Koonge32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Keifdpif.exeC:\Windows\system32\Keifdpif.exe26⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Khgbqkhj.exeC:\Windows\system32\Khgbqkhj.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Koajmepf.exeC:\Windows\system32\Koajmepf.exe28⤵
- Executes dropped EXE
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Kekbjo32.exeC:\Windows\system32\Kekbjo32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kcoccc32.exeC:\Windows\system32\Kcoccc32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lllagh32.exeC:\Windows\system32\Lllagh32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lcfidb32.exeC:\Windows\system32\Lcfidb32.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Llnnmhfe.exeC:\Windows\system32\Llnnmhfe.exe5⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lchfib32.exeC:\Windows\system32\Lchfib32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lbebilli.exeC:\Windows\system32\Lbebilli.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pfbmdabh.exeC:\Windows\system32\Pfbmdabh.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Peempn32.exeC:\Windows\system32\Peempn32.exe9⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pkoemhao.exeC:\Windows\system32\Pkoemhao.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pbimjb32.exeC:\Windows\system32\Pbimjb32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmoagk32.exeC:\Windows\system32\Pmoagk32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pcijce32.exeC:\Windows\system32\Pcijce32.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qejfkmem.exeC:\Windows\system32\Qejfkmem.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qmanljfo.exeC:\Windows\system32\Qmanljfo.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Abpcja32.exeC:\Windows\system32\Abpcja32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Amfhgj32.exeC:\Windows\system32\Amfhgj32.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Acppddig.exeC:\Windows\system32\Acppddig.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aimhmkgn.exeC:\Windows\system32\Aimhmkgn.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Apimodmh.exeC:\Windows\system32\Apimodmh.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Afceko32.exeC:\Windows\system32\Afceko32.exe21⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Abjfqpji.exeC:\Windows\system32\Abjfqpji.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aidomjaf.exeC:\Windows\system32\Aidomjaf.exe23⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bcicjbal.exeC:\Windows\system32\Bcicjbal.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bejobk32.exeC:\Windows\system32\Bejobk32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bmagch32.exeC:\Windows\system32\Bmagch32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bpbpecen.exeC:\Windows\system32\Bpbpecen.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bliajd32.exeC:\Windows\system32\Bliajd32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bcpika32.exeC:\Windows\system32\Bcpika32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cfcoblfb.exeC:\Windows\system32\Cfcoblfb.exe30⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Khfdlnab.exeC:\Windows\system32\Khfdlnab.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kmbmdeoj.exeC:\Windows\system32\Kmbmdeoj.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kdmeqo32.exeC:\Windows\system32\Kdmeqo32.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kmeiie32.exeC:\Windows\system32\Kmeiie32.exe34⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lelajb32.exeC:\Windows\system32\Lelajb32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhjnfn32.exeC:\Windows\system32\Lhjnfn32.exe36⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lennpb32.exeC:\Windows\system32\Lennpb32.exe37⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Logbigbg.exeC:\Windows\system32\Logbigbg.exe38⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lhogamih.exeC:\Windows\system32\Lhogamih.exe39⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Loiong32.exeC:\Windows\system32\Loiong32.exe40⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lechkaga.exeC:\Windows\system32\Lechkaga.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lokldg32.exeC:\Windows\system32\Lokldg32.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ldhdlnli.exeC:\Windows\system32\Ldhdlnli.exe43⤵
-
C:\Windows\SysWOW64\Loniiflo.exeC:\Windows\system32\Loniiflo.exe44⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mdmngm32.exeC:\Windows\system32\Mdmngm32.exe45⤵
-
C:\Windows\SysWOW64\Mkgfdgpq.exeC:\Windows\system32\Mkgfdgpq.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mmebpbod.exeC:\Windows\system32\Mmebpbod.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mgngih32.exeC:\Windows\system32\Mgngih32.exe48⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Moeoje32.exeC:\Windows\system32\Moeoje32.exe49⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mdagbl32.exeC:\Windows\system32\Mdagbl32.exe50⤵
-
C:\Windows\SysWOW64\Maehlqch.exeC:\Windows\system32\Maehlqch.exe51⤵
-
C:\Windows\SysWOW64\Mdddhlbl.exeC:\Windows\system32\Mdddhlbl.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Moiheebb.exeC:\Windows\system32\Moiheebb.exe53⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Nahdapae.exeC:\Windows\system32\Nahdapae.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nhbmnj32.exeC:\Windows\system32\Nhbmnj32.exe55⤵
-
C:\Windows\SysWOW64\Nhdicjfp.exeC:\Windows\system32\Nhdicjfp.exe56⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Namnmp32.exeC:\Windows\system32\Namnmp32.exe57⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ndkjik32.exeC:\Windows\system32\Ndkjik32.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nejgbn32.exeC:\Windows\system32\Nejgbn32.exe59⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nhicoi32.exeC:\Windows\system32\Nhicoi32.exe60⤵
-
C:\Windows\SysWOW64\Nkgoke32.exeC:\Windows\system32\Nkgoke32.exe61⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Naaghoik.exeC:\Windows\system32\Naaghoik.exe62⤵
-
C:\Windows\SysWOW64\Nhkpdi32.exeC:\Windows\system32\Nhkpdi32.exe63⤵
-
C:\Windows\SysWOW64\Ngnppfgb.exeC:\Windows\system32\Ngnppfgb.exe64⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Onhhmpoo.exeC:\Windows\system32\Onhhmpoo.exe65⤵
-
C:\Windows\SysWOW64\Oeopnmoa.exeC:\Windows\system32\Oeopnmoa.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Oklifdmi.exeC:\Windows\system32\Oklifdmi.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hfgloiqf.exeC:\Windows\system32\Hfgloiqf.exe68⤵
-
C:\Windows\SysWOW64\Pgnblm32.exeC:\Windows\system32\Pgnblm32.exe69⤵
-
C:\Windows\SysWOW64\Bqpbboeg.exeC:\Windows\system32\Bqpbboeg.exe70⤵
-
C:\Windows\SysWOW64\Bhgjcmfi.exeC:\Windows\system32\Bhgjcmfi.exe71⤵
-
C:\Windows\SysWOW64\Bkefphem.exeC:\Windows\system32\Bkefphem.exe72⤵
-
C:\Windows\SysWOW64\Bjhgke32.exeC:\Windows\system32\Bjhgke32.exe73⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bbpolb32.exeC:\Windows\system32\Bbpolb32.exe74⤵
-
C:\Windows\SysWOW64\Bdnkhn32.exeC:\Windows\system32\Bdnkhn32.exe75⤵
-
C:\Windows\SysWOW64\Bjmpfdhb.exeC:\Windows\system32\Bjmpfdhb.exe76⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cqghcn32.exeC:\Windows\system32\Cqghcn32.exe77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cinpdl32.exeC:\Windows\system32\Cinpdl32.exe78⤵
-
C:\Windows\SysWOW64\Cnmebblf.exeC:\Windows\system32\Cnmebblf.exe79⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cicjokll.exeC:\Windows\system32\Cicjokll.exe80⤵
-
C:\Windows\SysWOW64\Cjdfgc32.exeC:\Windows\system32\Cjdfgc32.exe81⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Canocm32.exeC:\Windows\system32\Canocm32.exe82⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cjfclcpg.exeC:\Windows\system32\Cjfclcpg.exe83⤵
-
C:\Windows\SysWOW64\Jllmml32.exeC:\Windows\system32\Jllmml32.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jcfejfag.exeC:\Windows\system32\Jcfejfag.exe85⤵
-
C:\Windows\SysWOW64\Lfnmcnjn.exeC:\Windows\system32\Lfnmcnjn.exe86⤵
-
C:\Windows\SysWOW64\Mmokpglb.exeC:\Windows\system32\Mmokpglb.exe87⤵
-
C:\Windows\SysWOW64\Mppdbb32.exeC:\Windows\system32\Mppdbb32.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mboqnm32.exeC:\Windows\system32\Mboqnm32.exe89⤵
-
C:\Windows\SysWOW64\Mjehok32.exeC:\Windows\system32\Mjehok32.exe90⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mmdekf32.exeC:\Windows\system32\Mmdekf32.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mcnmhpoj.exeC:\Windows\system32\Mcnmhpoj.exe92⤵
-
C:\Windows\SysWOW64\Mikepg32.exeC:\Windows\system32\Mikepg32.exe93⤵
-
C:\Windows\SysWOW64\Mlialb32.exeC:\Windows\system32\Mlialb32.exe94⤵
-
C:\Windows\SysWOW64\Mcpjnp32.exeC:\Windows\system32\Mcpjnp32.exe95⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mminfech.exeC:\Windows\system32\Mminfech.exe96⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Npgjbabk.exeC:\Windows\system32\Npgjbabk.exe97⤵
-
C:\Windows\SysWOW64\Nfabok32.exeC:\Windows\system32\Nfabok32.exe98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nmkkle32.exeC:\Windows\system32\Nmkkle32.exe99⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ncecioib.exeC:\Windows\system32\Ncecioib.exe100⤵
-
C:\Windows\SysWOW64\Nfcoekhe.exeC:\Windows\system32\Nfcoekhe.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nmmgae32.exeC:\Windows\system32\Nmmgae32.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ndgpnogo.exeC:\Windows\system32\Ndgpnogo.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nffljjfc.exeC:\Windows\system32\Nffljjfc.exe104⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nidhffef.exeC:\Windows\system32\Nidhffef.exe105⤵
-
C:\Windows\SysWOW64\Npnqcpmc.exeC:\Windows\system32\Npnqcpmc.exe106⤵
-
C:\Windows\SysWOW64\Nbmmoklg.exeC:\Windows\system32\Nbmmoklg.exe107⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ccbaoc32.exeC:\Windows\system32\Ccbaoc32.exe108⤵
-
C:\Windows\SysWOW64\Cgnmpbec.exeC:\Windows\system32\Cgnmpbec.exe109⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ckiipa32.exeC:\Windows\system32\Ckiipa32.exe110⤵
-
C:\Windows\SysWOW64\Cmkehicj.exeC:\Windows\system32\Cmkehicj.exe111⤵
-
C:\Windows\SysWOW64\Cnjbbl32.exeC:\Windows\system32\Cnjbbl32.exe112⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ccgjjc32.exeC:\Windows\system32\Ccgjjc32.exe113⤵
-
C:\Windows\SysWOW64\Cknbkpif.exeC:\Windows\system32\Cknbkpif.exe114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cnmoglij.exeC:\Windows\system32\Cnmoglij.exe115⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cdfgdf32.exeC:\Windows\system32\Cdfgdf32.exe116⤵
-
C:\Windows\SysWOW64\Ccigpbga.exeC:\Windows\system32\Ccigpbga.exe117⤵
-
C:\Windows\SysWOW64\Cgecpa32.exeC:\Windows\system32\Cgecpa32.exe118⤵
-
C:\Windows\SysWOW64\Cnokmkfh.exeC:\Windows\system32\Cnokmkfh.exe119⤵
-
C:\Windows\SysWOW64\Cqmgigfk.exeC:\Windows\system32\Cqmgigfk.exe120⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ccldebeo.exeC:\Windows\system32\Ccldebeo.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-