Analysis
-
max time kernel
138s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 14:30
General
-
Target
d76a4073830ddfb2ef106ce052e405d0_NeikiAnalytics.exe
-
Size
163KB
-
MD5
d76a4073830ddfb2ef106ce052e405d0
-
SHA1
71d30e5dd109fa41a6dfcdf59c2a9dc4dd116243
-
SHA256
fde498c7521bfa40f8b02ffb173e34ec10567d8106bd2274aa4f65cdb5711a4d
-
SHA512
57a456ac103e83269bff86adb9130c41eb450a2cf8a74eb27f7535598c102aeb92b6d3a6fb9f98c1c81e0be8571380d04fb1b2bda89a820f70482046eeb96207
-
SSDEEP
1536:PwGzLl8fqBGKjRMp/xqLm3/AxDf5flProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:oELleuhRMYCAxDf5fltOrWKDBr+yJb
Score
10/10
Malware Config
Extracted
Family
gozi
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\569877267\zmstage.exeC:\Users\Admin\AppData\Local\Temp\569877267\zmstage.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\d76a4073830ddfb2ef106ce052e405d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d76a4073830ddfb2ef106ce052e405d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aejfpjne.exeC:\Windows\system32\Aejfpjne.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Acmflf32.exeC:\Windows\system32\Acmflf32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aldomc32.exeC:\Windows\system32\Aldomc32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ajfoiqll.exeC:\Windows\system32\Ajfoiqll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Abngjnmo.exeC:\Windows\system32\Abngjnmo.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aaqgek32.exeC:\Windows\system32\Aaqgek32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Acocaf32.exeC:\Windows\system32\Acocaf32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ajiknpjj.exeC:\Windows\system32\Ajiknpjj.exe9⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aeopki32.exeC:\Windows\system32\Aeopki32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ahmlgd32.exeC:\Windows\system32\Ahmlgd32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ajkhdp32.exeC:\Windows\system32\Ajkhdp32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aaepqjpd.exeC:\Windows\system32\Aaepqjpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Adcmmeog.exeC:\Windows\system32\Adcmmeog.exe14⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ajneip32.exeC:\Windows\system32\Ajneip32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Abemjmgg.exeC:\Windows\system32\Abemjmgg.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Becifhfj.exeC:\Windows\system32\Becifhfj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Blmacb32.exeC:\Windows\system32\Blmacb32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bnlnon32.exeC:\Windows\system32\Bnlnon32.exe19⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Beeflhdh.exeC:\Windows\system32\Beeflhdh.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bjbndobo.exeC:\Windows\system32\Bjbndobo.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bbifelba.exeC:\Windows\system32\Bbifelba.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Balfaiil.exeC:\Windows\system32\Balfaiil.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bdkcmdhp.exeC:\Windows\system32\Bdkcmdhp.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Blbknaib.exeC:\Windows\system32\Blbknaib.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bblckl32.exeC:\Windows\system32\Bblckl32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bdmpcdfm.exeC:\Windows\system32\Bdmpcdfm.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bjghpn32.exeC:\Windows\system32\Bjghpn32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bbnpqk32.exeC:\Windows\system32\Bbnpqk32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bemlmgnp.exeC:\Windows\system32\Bemlmgnp.exe30⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Blfdia32.exeC:\Windows\system32\Blfdia32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Boepel32.exeC:\Windows\system32\Boepel32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cacmah32.exeC:\Windows\system32\Cacmah32.exe33⤵
-
C:\Windows\SysWOW64\Cdainc32.exeC:\Windows\system32\Cdainc32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cogmkl32.exeC:\Windows\system32\Cogmkl32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cafigg32.exeC:\Windows\system32\Cafigg32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cddecc32.exeC:\Windows\system32\Cddecc32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Clkndpag.exeC:\Windows\system32\Clkndpag.exe38⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cbefaj32.exeC:\Windows\system32\Cbefaj32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cahfmgoo.exeC:\Windows\system32\Cahfmgoo.exe40⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cdfbibnb.exeC:\Windows\system32\Cdfbibnb.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Clnjjpod.exeC:\Windows\system32\Clnjjpod.exe42⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cbgbgj32.exeC:\Windows\system32\Cbgbgj32.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cefoce32.exeC:\Windows\system32\Cefoce32.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Clpgpp32.exeC:\Windows\system32\Clpgpp32.exe45⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Camphf32.exeC:\Windows\system32\Camphf32.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cehkhecb.exeC:\Windows\system32\Cehkhecb.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Chghdqbf.exeC:\Windows\system32\Chghdqbf.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckedalaj.exeC:\Windows\system32\Ckedalaj.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dbllbibl.exeC:\Windows\system32\Dbllbibl.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ddmhja32.exeC:\Windows\system32\Ddmhja32.exe51⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dhidjpqc.exeC:\Windows\system32\Dhidjpqc.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dkgqfl32.exeC:\Windows\system32\Dkgqfl32.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dboigi32.exeC:\Windows\system32\Dboigi32.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Demecd32.exeC:\Windows\system32\Demecd32.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dhkapp32.exeC:\Windows\system32\Dhkapp32.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dkjmlk32.exeC:\Windows\system32\Dkjmlk32.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Doeiljfn.exeC:\Windows\system32\Doeiljfn.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dadeieea.exeC:\Windows\system32\Dadeieea.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ddbbeade.exeC:\Windows\system32\Ddbbeade.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dlijfneg.exeC:\Windows\system32\Dlijfneg.exe61⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dkljak32.exeC:\Windows\system32\Dkljak32.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dohfbj32.exeC:\Windows\system32\Dohfbj32.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dccbbhld.exeC:\Windows\system32\Dccbbhld.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Deanodkh.exeC:\Windows\system32\Deanodkh.exe65⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dhpjkojk.exeC:\Windows\system32\Dhpjkojk.exe66⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dojcgi32.exeC:\Windows\system32\Dojcgi32.exe67⤵
-
C:\Windows\SysWOW64\Dahode32.exeC:\Windows\system32\Dahode32.exe68⤵
-
C:\Windows\SysWOW64\Ekacmjgl.exeC:\Windows\system32\Ekacmjgl.exe69⤵
-
C:\Windows\SysWOW64\Eaklidoi.exeC:\Windows\system32\Eaklidoi.exe70⤵
-
C:\Windows\SysWOW64\Edihepnm.exeC:\Windows\system32\Edihepnm.exe71⤵
-
C:\Windows\SysWOW64\Ekcpbj32.exeC:\Windows\system32\Ekcpbj32.exe72⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ecjhcg32.exeC:\Windows\system32\Ecjhcg32.exe73⤵
-
C:\Windows\SysWOW64\Eeidoc32.exeC:\Windows\system32\Eeidoc32.exe74⤵
-
C:\Windows\SysWOW64\Ehgqln32.exeC:\Windows\system32\Ehgqln32.exe75⤵
-
C:\Windows\SysWOW64\Eoaihhlp.exeC:\Windows\system32\Eoaihhlp.exe76⤵
-
C:\Windows\SysWOW64\Ecmeig32.exeC:\Windows\system32\Ecmeig32.exe77⤵
-
C:\Windows\SysWOW64\Ednaqo32.exeC:\Windows\system32\Ednaqo32.exe78⤵
-
C:\Windows\SysWOW64\Eleiam32.exeC:\Windows\system32\Eleiam32.exe79⤵
-
C:\Windows\SysWOW64\Eocenh32.exeC:\Windows\system32\Eocenh32.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ecoangbg.exeC:\Windows\system32\Ecoangbg.exe81⤵
-
C:\Windows\SysWOW64\Eabbjc32.exeC:\Windows\system32\Eabbjc32.exe82⤵
-
C:\Windows\SysWOW64\Edpnfo32.exeC:\Windows\system32\Edpnfo32.exe83⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ehljfnpn.exeC:\Windows\system32\Ehljfnpn.exe84⤵
-
C:\Windows\SysWOW64\Eofbch32.exeC:\Windows\system32\Eofbch32.exe85⤵
-
C:\Windows\SysWOW64\Eadopc32.exeC:\Windows\system32\Eadopc32.exe86⤵
-
C:\Windows\SysWOW64\Edbklofb.exeC:\Windows\system32\Edbklofb.exe87⤵
-
C:\Windows\SysWOW64\Fljcmlfd.exeC:\Windows\system32\Fljcmlfd.exe88⤵
-
C:\Windows\SysWOW64\Fafkecel.exeC:\Windows\system32\Fafkecel.exe89⤵
-
C:\Windows\SysWOW64\Febgea32.exeC:\Windows\system32\Febgea32.exe90⤵
-
C:\Windows\SysWOW64\Fhqcam32.exeC:\Windows\system32\Fhqcam32.exe91⤵
-
C:\Windows\SysWOW64\Fllpbldb.exeC:\Windows\system32\Fllpbldb.exe92⤵
-
C:\Windows\SysWOW64\Fkopnh32.exeC:\Windows\system32\Fkopnh32.exe93⤵
-
C:\Windows\SysWOW64\Fcfhof32.exeC:\Windows\system32\Fcfhof32.exe94⤵
-
C:\Windows\SysWOW64\Ffddka32.exeC:\Windows\system32\Ffddka32.exe95⤵
-
C:\Windows\SysWOW64\Fdgdgnbm.exeC:\Windows\system32\Fdgdgnbm.exe96⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fhcpgmjf.exeC:\Windows\system32\Fhcpgmjf.exe97⤵
-
C:\Windows\SysWOW64\Fkalchij.exeC:\Windows\system32\Fkalchij.exe98⤵
-
C:\Windows\SysWOW64\Fakdpb32.exeC:\Windows\system32\Fakdpb32.exe99⤵
-
C:\Windows\SysWOW64\Ffgqqaip.exeC:\Windows\system32\Ffgqqaip.exe100⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fdialn32.exeC:\Windows\system32\Fdialn32.exe101⤵
-
C:\Windows\SysWOW64\Fhemmlhc.exeC:\Windows\system32\Fhemmlhc.exe102⤵
-
C:\Windows\SysWOW64\Fkciihgg.exeC:\Windows\system32\Fkciihgg.exe103⤵
-
C:\Windows\SysWOW64\Fooeif32.exeC:\Windows\system32\Fooeif32.exe104⤵
-
C:\Windows\SysWOW64\Fbnafb32.exeC:\Windows\system32\Fbnafb32.exe105⤵
-
C:\Windows\SysWOW64\Fhgjblfq.exeC:\Windows\system32\Fhgjblfq.exe106⤵
-
C:\Windows\SysWOW64\Fkffog32.exeC:\Windows\system32\Fkffog32.exe107⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fcmnpe32.exeC:\Windows\system32\Fcmnpe32.exe108⤵
-
C:\Windows\SysWOW64\Ffkjlp32.exeC:\Windows\system32\Ffkjlp32.exe109⤵
-
C:\Windows\SysWOW64\Fhjfhl32.exeC:\Windows\system32\Fhjfhl32.exe110⤵
-
C:\Windows\SysWOW64\Gkhbdg32.exeC:\Windows\system32\Gkhbdg32.exe111⤵
-
C:\Windows\SysWOW64\Gododflk.exeC:\Windows\system32\Gododflk.exe112⤵
-
C:\Windows\SysWOW64\Gbbkaako.exeC:\Windows\system32\Gbbkaako.exe113⤵
-
C:\Windows\SysWOW64\Ghlcnk32.exeC:\Windows\system32\Ghlcnk32.exe114⤵
-
C:\Windows\SysWOW64\Gkkojgao.exeC:\Windows\system32\Gkkojgao.exe115⤵
-
C:\Windows\SysWOW64\Gcagkdba.exeC:\Windows\system32\Gcagkdba.exe116⤵
-
C:\Windows\SysWOW64\Ghopckpi.exeC:\Windows\system32\Ghopckpi.exe117⤵
-
C:\Windows\SysWOW64\Gkmlofol.exeC:\Windows\system32\Gkmlofol.exe118⤵
-
C:\Windows\SysWOW64\Gcddpdpo.exeC:\Windows\system32\Gcddpdpo.exe119⤵
-
C:\Windows\SysWOW64\Gfbploob.exeC:\Windows\system32\Gfbploob.exe120⤵
-
C:\Windows\SysWOW64\Gdeqhl32.exeC:\Windows\system32\Gdeqhl32.exe121⤵
-
C:\Windows\SysWOW64\Gmlhii32.exeC:\Windows\system32\Gmlhii32.exe122⤵
-
C:\Windows\SysWOW64\Gokdeeec.exeC:\Windows\system32\Gokdeeec.exe123⤵
-
C:\Windows\SysWOW64\Gbiaapdf.exeC:\Windows\system32\Gbiaapdf.exe124⤵
-
C:\Windows\SysWOW64\Gfembo32.exeC:\Windows\system32\Gfembo32.exe125⤵
-
C:\Windows\SysWOW64\Gmoeoidl.exeC:\Windows\system32\Gmoeoidl.exe126⤵
-
C:\Windows\SysWOW64\Gkaejf32.exeC:\Windows\system32\Gkaejf32.exe127⤵
-
C:\Windows\SysWOW64\Gomakdcp.exeC:\Windows\system32\Gomakdcp.exe128⤵
-
C:\Windows\SysWOW64\Gcimkc32.exeC:\Windows\system32\Gcimkc32.exe129⤵
-
C:\Windows\SysWOW64\Gfgjgo32.exeC:\Windows\system32\Gfgjgo32.exe130⤵
-
C:\Windows\SysWOW64\Gdjjckag.exeC:\Windows\system32\Gdjjckag.exe131⤵
-
C:\Windows\SysWOW64\Hmabdibj.exeC:\Windows\system32\Hmabdibj.exe132⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hkdbpe32.exeC:\Windows\system32\Hkdbpe32.exe133⤵
-
C:\Windows\SysWOW64\Hbnjmp32.exeC:\Windows\system32\Hbnjmp32.exe134⤵
-
C:\Windows\SysWOW64\Hfifmnij.exeC:\Windows\system32\Hfifmnij.exe135⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hihbijhn.exeC:\Windows\system32\Hihbijhn.exe136⤵
-
C:\Windows\SysWOW64\Hmcojh32.exeC:\Windows\system32\Hmcojh32.exe137⤵
-
C:\Windows\SysWOW64\Hobkfd32.exeC:\Windows\system32\Hobkfd32.exe138⤵
-
C:\Windows\SysWOW64\Hcmgfbhd.exeC:\Windows\system32\Hcmgfbhd.exe139⤵
-
C:\Windows\SysWOW64\Hflcbngh.exeC:\Windows\system32\Hflcbngh.exe140⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hijooifk.exeC:\Windows\system32\Hijooifk.exe141⤵
-
C:\Windows\SysWOW64\Hkikkeeo.exeC:\Windows\system32\Hkikkeeo.exe142⤵
-
C:\Windows\SysWOW64\Hbbdholl.exeC:\Windows\system32\Hbbdholl.exe143⤵
-
C:\Windows\SysWOW64\Hfnphn32.exeC:\Windows\system32\Hfnphn32.exe144⤵
-
C:\Windows\SysWOW64\Heapdjlp.exeC:\Windows\system32\Heapdjlp.exe145⤵
-
C:\Windows\SysWOW64\Himldi32.exeC:\Windows\system32\Himldi32.exe146⤵
-
C:\Windows\SysWOW64\Hbeqmoji.exeC:\Windows\system32\Hbeqmoji.exe147⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hfqlnm32.exeC:\Windows\system32\Hfqlnm32.exe148⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hkmefd32.exeC:\Windows\system32\Hkmefd32.exe149⤵
-
C:\Windows\SysWOW64\Hcdmga32.exeC:\Windows\system32\Hcdmga32.exe150⤵
-
C:\Windows\SysWOW64\Hfcicmqp.exeC:\Windows\system32\Hfcicmqp.exe151⤵
-
C:\Windows\SysWOW64\Iiaephpc.exeC:\Windows\system32\Iiaephpc.exe152⤵
-
C:\Windows\SysWOW64\Ikpaldog.exeC:\Windows\system32\Ikpaldog.exe153⤵
-
C:\Windows\SysWOW64\Ipknlb32.exeC:\Windows\system32\Ipknlb32.exe154⤵
-
C:\Windows\SysWOW64\Ibjjhn32.exeC:\Windows\system32\Ibjjhn32.exe155⤵
-
C:\Windows\SysWOW64\Iehfdi32.exeC:\Windows\system32\Iehfdi32.exe156⤵
-
C:\Windows\SysWOW64\Ikbnacmd.exeC:\Windows\system32\Ikbnacmd.exe157⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Icifbang.exeC:\Windows\system32\Icifbang.exe158⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ifgbnlmj.exeC:\Windows\system32\Ifgbnlmj.exe159⤵
-
C:\Windows\SysWOW64\Iejcji32.exeC:\Windows\system32\Iejcji32.exe160⤵
-
C:\Windows\SysWOW64\Iifokh32.exeC:\Windows\system32\Iifokh32.exe161⤵
-
C:\Windows\SysWOW64\Imakkfdg.exeC:\Windows\system32\Imakkfdg.exe162⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ildkgc32.exeC:\Windows\system32\Ildkgc32.exe163⤵
-
C:\Windows\SysWOW64\Ickchq32.exeC:\Windows\system32\Ickchq32.exe164⤵
-
C:\Windows\SysWOW64\Ibnccmbo.exeC:\Windows\system32\Ibnccmbo.exe165⤵
-
C:\Windows\SysWOW64\Iemppiab.exeC:\Windows\system32\Iemppiab.exe166⤵
-
C:\Windows\SysWOW64\Iihkpg32.exeC:\Windows\system32\Iihkpg32.exe167⤵
-
C:\Windows\SysWOW64\Ipbdmaah.exeC:\Windows\system32\Ipbdmaah.exe168⤵
-
C:\Windows\SysWOW64\Icnpmp32.exeC:\Windows\system32\Icnpmp32.exe169⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ifllil32.exeC:\Windows\system32\Ifllil32.exe170⤵
-
C:\Windows\SysWOW64\Iikhfg32.exeC:\Windows\system32\Iikhfg32.exe171⤵
-
C:\Windows\SysWOW64\Imfdff32.exeC:\Windows\system32\Imfdff32.exe172⤵
-
C:\Windows\SysWOW64\Ipdqba32.exeC:\Windows\system32\Ipdqba32.exe173⤵
-
C:\Windows\SysWOW64\Ibcmom32.exeC:\Windows\system32\Ibcmom32.exe174⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jfoiokfb.exeC:\Windows\system32\Jfoiokfb.exe175⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jimekgff.exeC:\Windows\system32\Jimekgff.exe176⤵
-
C:\Windows\SysWOW64\Jlkagbej.exeC:\Windows\system32\Jlkagbej.exe177⤵
-
C:\Windows\SysWOW64\Jcbihpel.exeC:\Windows\system32\Jcbihpel.exe178⤵
-
C:\Windows\SysWOW64\Jfaedkdp.exeC:\Windows\system32\Jfaedkdp.exe179⤵
-
C:\Windows\SysWOW64\Jioaqfcc.exeC:\Windows\system32\Jioaqfcc.exe180⤵
-
C:\Windows\SysWOW64\Jpijnqkp.exeC:\Windows\system32\Jpijnqkp.exe181⤵
-
C:\Windows\SysWOW64\Jcefno32.exeC:\Windows\system32\Jcefno32.exe182⤵
-
C:\Windows\SysWOW64\Jefbfgig.exeC:\Windows\system32\Jefbfgig.exe183⤵
-
C:\Windows\SysWOW64\Jmmjgejj.exeC:\Windows\system32\Jmmjgejj.exe184⤵
-
C:\Windows\SysWOW64\Jplfcpin.exeC:\Windows\system32\Jplfcpin.exe185⤵
-
C:\Windows\SysWOW64\Jfeopj32.exeC:\Windows\system32\Jfeopj32.exe186⤵
-
C:\Windows\SysWOW64\Jidklf32.exeC:\Windows\system32\Jidklf32.exe187⤵
-
C:\Windows\SysWOW64\Jmpgldhg.exeC:\Windows\system32\Jmpgldhg.exe188⤵
-
C:\Windows\SysWOW64\Jcioiood.exeC:\Windows\system32\Jcioiood.exe189⤵
-
C:\Windows\SysWOW64\Jfhlejnh.exeC:\Windows\system32\Jfhlejnh.exe190⤵
-
C:\Windows\SysWOW64\Jifhaenk.exeC:\Windows\system32\Jifhaenk.exe191⤵
-
C:\Windows\SysWOW64\Jcllonma.exeC:\Windows\system32\Jcllonma.exe192⤵
-
C:\Windows\SysWOW64\Kemhff32.exeC:\Windows\system32\Kemhff32.exe193⤵
-
C:\Windows\SysWOW64\Kpbmco32.exeC:\Windows\system32\Kpbmco32.exe194⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kfmepi32.exeC:\Windows\system32\Kfmepi32.exe195⤵
-
C:\Windows\SysWOW64\Kikame32.exeC:\Windows\system32\Kikame32.exe196⤵
-
C:\Windows\SysWOW64\Kbceejpf.exeC:\Windows\system32\Kbceejpf.exe197⤵
-
C:\Windows\SysWOW64\Kfoafi32.exeC:\Windows\system32\Kfoafi32.exe198⤵
-
C:\Windows\SysWOW64\Kimnbd32.exeC:\Windows\system32\Kimnbd32.exe199⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kpgfooop.exeC:\Windows\system32\Kpgfooop.exe200⤵
-
C:\Windows\SysWOW64\Kdcbom32.exeC:\Windows\system32\Kdcbom32.exe201⤵
-
C:\Windows\SysWOW64\Kfankifm.exeC:\Windows\system32\Kfankifm.exe202⤵
-
C:\Windows\SysWOW64\Kipkhdeq.exeC:\Windows\system32\Kipkhdeq.exe203⤵
-
C:\Windows\SysWOW64\Kmkfhc32.exeC:\Windows\system32\Kmkfhc32.exe204⤵
-
C:\Windows\SysWOW64\Kpjcdn32.exeC:\Windows\system32\Kpjcdn32.exe205⤵
-
C:\Windows\SysWOW64\Kdeoemeg.exeC:\Windows\system32\Kdeoemeg.exe206⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kfckahdj.exeC:\Windows\system32\Kfckahdj.exe207⤵
-
C:\Windows\SysWOW64\Kibgmdcn.exeC:\Windows\system32\Kibgmdcn.exe208⤵
-
C:\Windows\SysWOW64\Klqcioba.exeC:\Windows\system32\Klqcioba.exe209⤵
-
C:\Windows\SysWOW64\Kdgljmcd.exeC:\Windows\system32\Kdgljmcd.exe210⤵
-
C:\Windows\SysWOW64\Lbjlfi32.exeC:\Windows\system32\Lbjlfi32.exe211⤵
-
C:\Windows\SysWOW64\Leihbeib.exeC:\Windows\system32\Leihbeib.exe212⤵
-
C:\Windows\SysWOW64\Lmppcbjd.exeC:\Windows\system32\Lmppcbjd.exe213⤵
-
C:\Windows\SysWOW64\Lpnlpnih.exeC:\Windows\system32\Lpnlpnih.exe214⤵
-
C:\Windows\SysWOW64\Lbmhlihl.exeC:\Windows\system32\Lbmhlihl.exe215⤵
-
C:\Windows\SysWOW64\Lfhdlh32.exeC:\Windows\system32\Lfhdlh32.exe216⤵
-
C:\Windows\SysWOW64\Ligqhc32.exeC:\Windows\system32\Ligqhc32.exe217⤵
-
C:\Windows\SysWOW64\Lmbmibhb.exeC:\Windows\system32\Lmbmibhb.exe218⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lpqiemge.exeC:\Windows\system32\Lpqiemge.exe219⤵
-
C:\Windows\SysWOW64\Lboeaifi.exeC:\Windows\system32\Lboeaifi.exe220⤵
-
C:\Windows\SysWOW64\Lenamdem.exeC:\Windows\system32\Lenamdem.exe221⤵
-
C:\Windows\SysWOW64\Lmdina32.exeC:\Windows\system32\Lmdina32.exe222⤵
-
C:\Windows\SysWOW64\Lpcfkm32.exeC:\Windows\system32\Lpcfkm32.exe223⤵
-
C:\Windows\SysWOW64\Lbabgh32.exeC:\Windows\system32\Lbabgh32.exe224⤵
-
C:\Windows\SysWOW64\Lepncd32.exeC:\Windows\system32\Lepncd32.exe225⤵
-
C:\Windows\SysWOW64\Lmgfda32.exeC:\Windows\system32\Lmgfda32.exe226⤵
-
C:\Windows\SysWOW64\Lpebpm32.exeC:\Windows\system32\Lpebpm32.exe227⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ldanqkki.exeC:\Windows\system32\Ldanqkki.exe228⤵
-
C:\Windows\SysWOW64\Lgokmgjm.exeC:\Windows\system32\Lgokmgjm.exe229⤵
-
C:\Windows\SysWOW64\Lingibiq.exeC:\Windows\system32\Lingibiq.exe230⤵
-
C:\Windows\SysWOW64\Lllcen32.exeC:\Windows\system32\Lllcen32.exe231⤵
-
C:\Windows\SysWOW64\Mdckfk32.exeC:\Windows\system32\Mdckfk32.exe232⤵
-
C:\Windows\SysWOW64\Mgagbf32.exeC:\Windows\system32\Mgagbf32.exe233⤵
-
C:\Windows\SysWOW64\Mipcob32.exeC:\Windows\system32\Mipcob32.exe234⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mmlpoqpg.exeC:\Windows\system32\Mmlpoqpg.exe235⤵
-
C:\Windows\SysWOW64\Mpjlklok.exeC:\Windows\system32\Mpjlklok.exe236⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mdehlk32.exeC:\Windows\system32\Mdehlk32.exe237⤵
-
C:\Windows\SysWOW64\Megdccmb.exeC:\Windows\system32\Megdccmb.exe238⤵
-
C:\Windows\SysWOW64\Mmnldp32.exeC:\Windows\system32\Mmnldp32.exe239⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mlampmdo.exeC:\Windows\system32\Mlampmdo.exe240⤵