Analysis
-
max time kernel
128s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
17/11/2023, 02:18
General
-
Target
NEAS.29f093fc1e3741872e58f0cff2085880.exe
-
Size
169KB
-
MD5
29f093fc1e3741872e58f0cff2085880
-
SHA1
78b7fd5fcf70c4e7b7ec8d13cb3bb2757c1801d8
-
SHA256
e0b16f89879bca011e728bda9ab8b311b2f386276572646bcb71f425b7c18e28
-
SHA512
be22e62cb8f8f0b326b0a54e3d444cd5c88b82bf7f5bd43d04c1ee9190b5ceef0e0a5e1b746ea85b6541936ffcbef9ce6703ff399aef24219474df30010d2bb5
-
SSDEEP
3072:enn+j6qw3H8qvZhv4PxMeEvPOdgujv6NLPfFFrKP92f65Ha:MnQ6qw3bv4JML3OdgawrFZKPf9
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Malware Backdoor - Berbew 64 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.29f093fc1e3741872e58f0cff2085880.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.29f093fc1e3741872e58f0cff2085880.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cfqmpl32.exeC:\Windows\system32\Cfqmpl32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Coiaiakf.exeC:\Windows\system32\Coiaiakf.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
-
-
C:\Windows\SysWOW64\Ciafbg32.exeC:\Windows\system32\Ciafbg32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dbjkkl32.exeC:\Windows\system32\Dbjkkl32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dcigeooj.exeC:\Windows\system32\Dcigeooj.exe3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dmalne32.exeC:\Windows\system32\Dmalne32.exe4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dckdjomg.exeC:\Windows\system32\Dckdjomg.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dmdhcddh.exeC:\Windows\system32\Dmdhcddh.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Djhimica.exeC:\Windows\system32\Djhimica.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dpdaepai.exeC:\Windows\system32\Dpdaepai.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dimenegi.exeC:\Windows\system32\Dimenegi.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ejlbhh32.exeC:\Windows\system32\Ejlbhh32.exe10⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ecefqnel.exeC:\Windows\system32\Ecefqnel.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eiaoid32.exeC:\Windows\system32\Eiaoid32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ebjcajjd.exeC:\Windows\system32\Ebjcajjd.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Emphocjj.exeC:\Windows\system32\Emphocjj.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Embddb32.exeC:\Windows\system32\Embddb32.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Emdajb32.exeC:\Windows\system32\Emdajb32.exe16⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ffmfchle.exeC:\Windows\system32\Ffmfchle.exe17⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Flinkojm.exeC:\Windows\system32\Flinkojm.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ffobhg32.exeC:\Windows\system32\Ffobhg32.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ffaong32.exeC:\Windows\system32\Ffaong32.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fdepgkgj.exeC:\Windows\system32\Fdepgkgj.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fmndpq32.exeC:\Windows\system32\Fmndpq32.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Fffhifdk.exeC:\Windows\system32\Fffhifdk.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gigaka32.exeC:\Windows\system32\Gigaka32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gdlfhj32.exeC:\Windows\system32\Gdlfhj32.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Glgjlm32.exeC:\Windows\system32\Glgjlm32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gikkfqmf.exeC:\Windows\system32\Gikkfqmf.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gbdoof32.exeC:\Windows\system32\Gbdoof32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Glldgljg.exeC:\Windows\system32\Glldgljg.exe7⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hloqml32.exeC:\Windows\system32\Hloqml32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hkpqkcpd.exeC:\Windows\system32\Hkpqkcpd.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hlambk32.exeC:\Windows\system32\Hlambk32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hmpjmn32.exeC:\Windows\system32\Hmpjmn32.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hpabni32.exeC:\Windows\system32\Hpabni32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Knchpiom.exeC:\Windows\system32\Knchpiom.exe13⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Knfeeimj.exeC:\Windows\system32\Knfeeimj.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kmieae32.exeC:\Windows\system32\Kmieae32.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kcbnnpka.exeC:\Windows\system32\Kcbnnpka.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kmkbfeab.exeC:\Windows\system32\Kmkbfeab.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lklbdm32.exeC:\Windows\system32\Lklbdm32.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lnjnqh32.exeC:\Windows\system32\Lnjnqh32.exe19⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lcggio32.exeC:\Windows\system32\Lcggio32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ljaoeini.exeC:\Windows\system32\Ljaoeini.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ldgccb32.exeC:\Windows\system32\Ldgccb32.exe22⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lnohlgep.exeC:\Windows\system32\Lnohlgep.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ldipha32.exeC:\Windows\system32\Ldipha32.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lggldm32.exeC:\Windows\system32\Lggldm32.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lnadagbm.exeC:\Windows\system32\Lnadagbm.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lqpamb32.exeC:\Windows\system32\Lqpamb32.exe27⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lkeekk32.exeC:\Windows\system32\Lkeekk32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lqbncb32.exeC:\Windows\system32\Lqbncb32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mkhapk32.exeC:\Windows\system32\Mkhapk32.exe30⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mminhceb.exeC:\Windows\system32\Mminhceb.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mepfiq32.exeC:\Windows\system32\Mepfiq32.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mkjnfkma.exeC:\Windows\system32\Mkjnfkma.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mmkkmc32.exeC:\Windows\system32\Mmkkmc32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mebcop32.exeC:\Windows\system32\Mebcop32.exe35⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mkmkkjko.exeC:\Windows\system32\Mkmkkjko.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mmnhcb32.exeC:\Windows\system32\Mmnhcb32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mchppmij.exeC:\Windows\system32\Mchppmij.exe38⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mcjmel32.exeC:\Windows\system32\Mcjmel32.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nghekkmn.exeC:\Windows\system32\Nghekkmn.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmenca32.exeC:\Windows\system32\Nmenca32.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ncofplba.exeC:\Windows\system32\Ncofplba.exe42⤵
-
C:\Windows\SysWOW64\Nndjndbh.exeC:\Windows\system32\Nndjndbh.exe43⤵
-
C:\Windows\SysWOW64\Nenbjo32.exeC:\Windows\system32\Nenbjo32.exe44⤵
-
C:\Windows\SysWOW64\Njkkbehl.exeC:\Windows\system32\Njkkbehl.exe45⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nmigoagp.exeC:\Windows\system32\Nmigoagp.exe46⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nccokk32.exeC:\Windows\system32\Nccokk32.exe47⤵
-
C:\Windows\SysWOW64\Nnicid32.exeC:\Windows\system32\Nnicid32.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Neclenfo.exeC:\Windows\system32\Neclenfo.exe49⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nhahaiec.exeC:\Windows\system32\Nhahaiec.exe50⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nnkpnclp.exeC:\Windows\system32\Nnkpnclp.exe51⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Odhifjkg.exeC:\Windows\system32\Odhifjkg.exe52⤵
-
C:\Windows\SysWOW64\Ojbacd32.exeC:\Windows\system32\Ojbacd32.exe53⤵
-
C:\Windows\SysWOW64\Oeheqm32.exeC:\Windows\system32\Oeheqm32.exe54⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Onpjichj.exeC:\Windows\system32\Onpjichj.exe55⤵
-
C:\Windows\SysWOW64\Oejbfmpg.exeC:\Windows\system32\Oejbfmpg.exe56⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Omegjomb.exeC:\Windows\system32\Omegjomb.exe57⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ojigdcll.exeC:\Windows\system32\Ojigdcll.exe58⤵
-
C:\Windows\SysWOW64\Oeokal32.exeC:\Windows\system32\Oeokal32.exe59⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Olicnfco.exeC:\Windows\system32\Olicnfco.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Peahgl32.exeC:\Windows\system32\Peahgl32.exe61⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pknqoc32.exeC:\Windows\system32\Pknqoc32.exe62⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pahilmoc.exeC:\Windows\system32\Pahilmoc.exe63⤵
-
C:\Windows\SysWOW64\Phaahggp.exeC:\Windows\system32\Phaahggp.exe64⤵
-
C:\Windows\SysWOW64\Pajeam32.exeC:\Windows\system32\Pajeam32.exe65⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Phdnngdn.exeC:\Windows\system32\Phdnngdn.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ponfka32.exeC:\Windows\system32\Ponfka32.exe67⤵
-
C:\Windows\SysWOW64\Phfjcf32.exeC:\Windows\system32\Phfjcf32.exe68⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Popbpqjh.exeC:\Windows\system32\Popbpqjh.exe69⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Phigif32.exeC:\Windows\system32\Phigif32.exe70⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pkgcea32.exeC:\Windows\system32\Pkgcea32.exe71⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Qmepam32.exeC:\Windows\system32\Qmepam32.exe72⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Qhkdof32.exeC:\Windows\system32\Qhkdof32.exe73⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Qoelkp32.exeC:\Windows\system32\Qoelkp32.exe74⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qachgk32.exeC:\Windows\system32\Qachgk32.exe75⤵
-
C:\Windows\SysWOW64\Qlimed32.exeC:\Windows\system32\Qlimed32.exe76⤵
-
C:\Windows\SysWOW64\Aogiap32.exeC:\Windows\system32\Aogiap32.exe77⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Aafemk32.exeC:\Windows\system32\Aafemk32.exe78⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ahpmjejp.exeC:\Windows\system32\Ahpmjejp.exe79⤵
-
C:\Windows\SysWOW64\Aknifq32.exeC:\Windows\system32\Aknifq32.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aednci32.exeC:\Windows\system32\Aednci32.exe81⤵
-
C:\Windows\SysWOW64\Akqfkp32.exeC:\Windows\system32\Akqfkp32.exe82⤵
-
C:\Windows\SysWOW64\Aefjii32.exeC:\Windows\system32\Aefjii32.exe83⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Alpbecod.exeC:\Windows\system32\Alpbecod.exe84⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Anaomkdb.exeC:\Windows\system32\Anaomkdb.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ahgcjddh.exeC:\Windows\system32\Ahgcjddh.exe86⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Adndoe32.exeC:\Windows\system32\Adndoe32.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Akglloai.exeC:\Windows\system32\Akglloai.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bkjiao32.exeC:\Windows\system32\Bkjiao32.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Badanigc.exeC:\Windows\system32\Badanigc.exe90⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Blielbfi.exeC:\Windows\system32\Blielbfi.exe91⤵
-
C:\Windows\SysWOW64\Bohbhmfm.exeC:\Windows\system32\Bohbhmfm.exe92⤵
-
C:\Windows\SysWOW64\Bafndi32.exeC:\Windows\system32\Bafndi32.exe93⤵
-
C:\Windows\SysWOW64\Bkobmnka.exeC:\Windows\system32\Bkobmnka.exe94⤵
-
C:\Windows\SysWOW64\Bnmoijje.exeC:\Windows\system32\Bnmoijje.exe95⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Bedgjgkg.exeC:\Windows\system32\Bedgjgkg.exe96⤵
-
C:\Windows\SysWOW64\Bhbcfbjk.exeC:\Windows\system32\Bhbcfbjk.exe97⤵
-
C:\Windows\SysWOW64\Bomkcm32.exeC:\Windows\system32\Bomkcm32.exe98⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Bffcpg32.exeC:\Windows\system32\Bffcpg32.exe99⤵
-
C:\Windows\SysWOW64\Blqllqqa.exeC:\Windows\system32\Blqllqqa.exe100⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Cnahdi32.exeC:\Windows\system32\Cnahdi32.exe101⤵
-
C:\Windows\SysWOW64\Cdlqqcnl.exeC:\Windows\system32\Cdlqqcnl.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Clchbqoo.exeC:\Windows\system32\Clchbqoo.exe103⤵
-
C:\Windows\SysWOW64\Cndeii32.exeC:\Windows\system32\Cndeii32.exe104⤵
-
C:\Windows\SysWOW64\Cdnmfclj.exeC:\Windows\system32\Cdnmfclj.exe105⤵
-
C:\Windows\SysWOW64\Ckhecmcf.exeC:\Windows\system32\Ckhecmcf.exe106⤵
-
C:\Windows\SysWOW64\Cnfaohbj.exeC:\Windows\system32\Cnfaohbj.exe107⤵
-
C:\Windows\SysWOW64\Cdpjlb32.exeC:\Windows\system32\Cdpjlb32.exe108⤵
-
C:\Windows\SysWOW64\Ckjbhmad.exeC:\Windows\system32\Ckjbhmad.exe109⤵
-
C:\Windows\SysWOW64\Cfpffeaj.exeC:\Windows\system32\Cfpffeaj.exe110⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cljobphg.exeC:\Windows\system32\Cljobphg.exe111⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Cohkokgj.exeC:\Windows\system32\Cohkokgj.exe112⤵
-
C:\Windows\SysWOW64\Cfbcke32.exeC:\Windows\system32\Cfbcke32.exe113⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Chqogq32.exeC:\Windows\system32\Chqogq32.exe114⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dbicpfdk.exeC:\Windows\system32\Dbicpfdk.exe115⤵
-
C:\Windows\SysWOW64\Dhclmp32.exeC:\Windows\system32\Dhclmp32.exe116⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dfiildio.exeC:\Windows\system32\Dfiildio.exe117⤵
-
C:\Windows\SysWOW64\Dmcain32.exeC:\Windows\system32\Dmcain32.exe118⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dbpjaeoc.exeC:\Windows\system32\Dbpjaeoc.exe119⤵
-
C:\Windows\SysWOW64\Ddnfmqng.exeC:\Windows\system32\Ddnfmqng.exe120⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gbkkik32.exeC:\Windows\system32\Gbkkik32.exe121⤵
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-