Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
21/10/2023, 21:35
General
-
Target
NEAS.e3ef92e482e18a76c8c4825200aca9b0.exe
-
Size
300KB
-
MD5
e3ef92e482e18a76c8c4825200aca9b0
-
SHA1
45e82094465a3bb6378e7786cbfb3b653564c412
-
SHA256
a745e724d3ad6294972506b8d16bf4504de390609662a2c20e83ddcee8d5819a
-
SHA512
3ecc4ec95160d2d56cc6295a482ba97612f4cc95b97c3874298f8e827bb12f97eb35c5229b65f9fca1db04be3be14044ecffe5b660aa761dfeb1f44c50625a28
-
SSDEEP
6144:8NDe2/vrQHtohIhqufhcmoZjwszeXmr8SeNpgdyuH1l+/Wd:C64vrQoMymCjb87g4/c
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Malware Backdoor - Berbew 64 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.e3ef92e482e18a76c8c4825200aca9b0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.e3ef92e482e18a76c8c4825200aca9b0.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ehgbhbgn.exeC:\Windows\system32\Ehgbhbgn.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ejmhkiig.exeC:\Windows\system32\Ejmhkiig.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Efdhpjok.exeC:\Windows\system32\Efdhpjok.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fjbafi32.exeC:\Windows\system32\Fjbafi32.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fbpbpkpj.exeC:\Windows\system32\Fbpbpkpj.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fgohna32.exeC:\Windows\system32\Fgohna32.exe7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Findhdcb.exeC:\Windows\system32\Findhdcb.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gcheib32.exeC:\Windows\system32\Gcheib32.exe9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gnpflj32.exeC:\Windows\system32\Gnpflj32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gjicfk32.exeC:\Windows\system32\Gjicfk32.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gcahoqhf.exeC:\Windows\system32\Gcahoqhf.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hpjeialg.exeC:\Windows\system32\Hpjeialg.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hibjbgbh.exeC:\Windows\system32\Hibjbgbh.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hnbopmnm.exeC:\Windows\system32\Hnbopmnm.exe15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hjipenda.exeC:\Windows\system32\Hjipenda.exe16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Imleli32.exeC:\Windows\system32\Imleli32.exe17⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Ifdjeoep.exeC:\Windows\system32\Ifdjeoep.exe18⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Ieigfk32.exeC:\Windows\system32\Ieigfk32.exe19⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Ioakoq32.exeC:\Windows\system32\Ioakoq32.exe20⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Jodhdp32.exeC:\Windows\system32\Jodhdp32.exe21⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Jagnlkjd.exeC:\Windows\system32\Jagnlkjd.exe22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Kjglkm32.exeC:\Windows\system32\Kjglkm32.exe23⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Khlili32.exeC:\Windows\system32\Khlili32.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Kkmand32.exeC:\Windows\system32\Kkmand32.exe25⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Kokjdb32.exeC:\Windows\system32\Kokjdb32.exe26⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kfebambf.exeC:\Windows\system32\Kfebambf.exe27⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Lnpgeopa.exeC:\Windows\system32\Lnpgeopa.exe28⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Ljghjpfe.exeC:\Windows\system32\Ljghjpfe.exe29⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Lgkhdddo.exeC:\Windows\system32\Lgkhdddo.exe30⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Lgmeid32.exeC:\Windows\system32\Lgmeid32.exe31⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Lqejbiim.exeC:\Windows\system32\Lqejbiim.exe32⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Windows\SysWOW64\Lcfbdd32.exeC:\Windows\system32\Lcfbdd32.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mfdopp32.exeC:\Windows\system32\Mfdopp32.exe34⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mpmcielb.exeC:\Windows\system32\Mpmcielb.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Miehak32.exeC:\Windows\system32\Miehak32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mnbpjb32.exeC:\Windows\system32\Mnbpjb32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mihdgkpp.exeC:\Windows\system32\Mihdgkpp.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Meoell32.exeC:\Windows\system32\Meoell32.exe39⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mgmahg32.exeC:\Windows\system32\Mgmahg32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mhonngce.exeC:\Windows\system32\Mhonngce.exe41⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mnifja32.exeC:\Windows\system32\Mnifja32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nhakcfab.exeC:\Windows\system32\Nhakcfab.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nnkcpq32.exeC:\Windows\system32\Nnkcpq32.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Npmphinm.exeC:\Windows\system32\Npmphinm.exe45⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nhdhif32.exeC:\Windows\system32\Nhdhif32.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmqpam32.exeC:\Windows\system32\Nmqpam32.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ndkhngdd.exeC:\Windows\system32\Ndkhngdd.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nigafnck.exeC:\Windows\system32\Nigafnck.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Npaich32.exeC:\Windows\system32\Npaich32.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nenakoho.exeC:\Windows\system32\Nenakoho.exe51⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nlhjhi32.exeC:\Windows\system32\Nlhjhi32.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nfnneb32.exeC:\Windows\system32\Nfnneb32.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ohojmjep.exeC:\Windows\system32\Ohojmjep.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Obdojcef.exeC:\Windows\system32\Obdojcef.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Obgkpb32.exeC:\Windows\system32\Obgkpb32.exe56⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oehdan32.exeC:\Windows\system32\Oehdan32.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oopijc32.exeC:\Windows\system32\Oopijc32.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oanefo32.exeC:\Windows\system32\Oanefo32.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ogknoe32.exeC:\Windows\system32\Ogknoe32.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oaqbln32.exeC:\Windows\system32\Oaqbln32.exe61⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pgnjde32.exeC:\Windows\system32\Pgnjde32.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ppfomk32.exeC:\Windows\system32\Ppfomk32.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pgpgjepk.exeC:\Windows\system32\Pgpgjepk.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pphkbj32.exeC:\Windows\system32\Pphkbj32.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pcghof32.exeC:\Windows\system32\Pcghof32.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Piqpkpml.exeC:\Windows\system32\Piqpkpml.exe67⤵
-
C:\Windows\SysWOW64\Ppkhhjei.exeC:\Windows\system32\Ppkhhjei.exe68⤵
-
C:\Windows\SysWOW64\Palepb32.exeC:\Windows\system32\Palepb32.exe69⤵
-
C:\Windows\SysWOW64\Plaimk32.exeC:\Windows\system32\Plaimk32.exe70⤵
-
C:\Windows\SysWOW64\Pckajebj.exeC:\Windows\system32\Pckajebj.exe71⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Phhjblpa.exeC:\Windows\system32\Phhjblpa.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qobbofgn.exeC:\Windows\system32\Qobbofgn.exe73⤵
-
C:\Windows\SysWOW64\Qfljkp32.exeC:\Windows\system32\Qfljkp32.exe74⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qkibcg32.exeC:\Windows\system32\Qkibcg32.exe75⤵
-
C:\Windows\SysWOW64\Qngopb32.exeC:\Windows\system32\Qngopb32.exe76⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qdaglmcb.exeC:\Windows\system32\Qdaglmcb.exe77⤵
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Bpfebmia.exeC:\Windows\system32\Bpfebmia.exe38⤵
-
C:\Windows\SysWOW64\Bdaabk32.exeC:\Windows\system32\Bdaabk32.exe39⤵
-
C:\Windows\SysWOW64\Bkkioeig.exeC:\Windows\system32\Bkkioeig.exe40⤵
-
C:\Windows\SysWOW64\Baealp32.exeC:\Windows\system32\Baealp32.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bknfeege.exeC:\Windows\system32\Bknfeege.exe42⤵
-
C:\Windows\SysWOW64\Blobmm32.exeC:\Windows\system32\Blobmm32.exe43⤵
-
C:\Windows\SysWOW64\Bdfjnkne.exeC:\Windows\system32\Bdfjnkne.exe44⤵
-
C:\Windows\SysWOW64\Biccfalm.exeC:\Windows\system32\Biccfalm.exe45⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Blaobmkq.exeC:\Windows\system32\Blaobmkq.exe46⤵
-
C:\Windows\SysWOW64\Cbkgog32.exeC:\Windows\system32\Cbkgog32.exe47⤵
-
C:\Windows\SysWOW64\Ccpqjfnh.exeC:\Windows\system32\Ccpqjfnh.exe48⤵
-
C:\Windows\SysWOW64\Cabaec32.exeC:\Windows\system32\Cabaec32.exe49⤵
-
C:\Windows\SysWOW64\Cdamao32.exeC:\Windows\system32\Cdamao32.exe50⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cofaog32.exeC:\Windows\system32\Cofaog32.exe51⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cdcjgnbc.exeC:\Windows\system32\Cdcjgnbc.exe52⤵
-
C:\Windows\SysWOW64\Cgbfcjag.exeC:\Windows\system32\Cgbfcjag.exe53⤵
-
C:\Windows\SysWOW64\Chabmm32.exeC:\Windows\system32\Chabmm32.exe54⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dgfpni32.exeC:\Windows\system32\Dgfpni32.exe55⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ddjphm32.exeC:\Windows\system32\Ddjphm32.exe56⤵
-
C:\Windows\SysWOW64\Dleelp32.exeC:\Windows\system32\Dleelp32.exe57⤵
-
C:\Windows\SysWOW64\Dcpmijqc.exeC:\Windows\system32\Dcpmijqc.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dhleaq32.exeC:\Windows\system32\Dhleaq32.exe59⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dofnnkfg.exeC:\Windows\system32\Dofnnkfg.exe60⤵
-
C:\Windows\SysWOW64\Djlbkcfn.exeC:\Windows\system32\Djlbkcfn.exe61⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dljngoea.exeC:\Windows\system32\Dljngoea.exe62⤵
-
C:\Windows\SysWOW64\Dbggpfci.exeC:\Windows\system32\Dbggpfci.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Edeclabl.exeC:\Windows\system32\Edeclabl.exe64⤵
-
C:\Windows\SysWOW64\Enpdjfgj.exeC:\Windows\system32\Enpdjfgj.exe65⤵
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Hgbhibio.exeC:\Windows\system32\Hgbhibio.exe56⤵
-
C:\Windows\SysWOW64\Hbhmfk32.exeC:\Windows\system32\Hbhmfk32.exe57⤵
-
C:\Windows\SysWOW64\Hibebeqb.exeC:\Windows\system32\Hibebeqb.exe58⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ieiegf32.exeC:\Windows\system32\Ieiegf32.exe59⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Icnbic32.exeC:\Windows\system32\Icnbic32.exe60⤵
-
C:\Windows\SysWOW64\Ipgpcc32.exeC:\Windows\system32\Ipgpcc32.exe61⤵
-
C:\Windows\SysWOW64\Ilnqhddd.exeC:\Windows\system32\Ilnqhddd.exe62⤵
-
C:\Windows\SysWOW64\Iceiibef.exeC:\Windows\system32\Iceiibef.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jmmmbg32.exeC:\Windows\system32\Jmmmbg32.exe64⤵
-
C:\Windows\SysWOW64\Jplinckj.exeC:\Windows\system32\Jplinckj.exe65⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jehbfjia.exeC:\Windows\system32\Jehbfjia.exe66⤵
-
C:\Windows\SysWOW64\Jpnfdbig.exeC:\Windows\system32\Jpnfdbig.exe67⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jekoljgo.exeC:\Windows\system32\Jekoljgo.exe68⤵
-
C:\Windows\SysWOW64\Jlegic32.exeC:\Windows\system32\Jlegic32.exe69⤵
-
C:\Windows\SysWOW64\Jdplmflg.exeC:\Windows\system32\Jdplmflg.exe70⤵
-
C:\Windows\SysWOW64\Jlgcncli.exeC:\Windows\system32\Jlgcncli.exe71⤵
-
C:\Windows\SysWOW64\Jfadoaih.exeC:\Windows\system32\Jfadoaih.exe72⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jmkmlk32.exeC:\Windows\system32\Jmkmlk32.exe73⤵
-
C:\Windows\SysWOW64\Kiamql32.exeC:\Windows\system32\Kiamql32.exe74⤵
-
C:\Windows\SysWOW64\Kidjfl32.exeC:\Windows\system32\Kidjfl32.exe75⤵
-
C:\Windows\SysWOW64\Kpnbcfkc.exeC:\Windows\system32\Kpnbcfkc.exe76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kghkppbp.exeC:\Windows\system32\Kghkppbp.exe77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kocodbpk.exeC:\Windows\system32\Kocodbpk.exe78⤵
-
C:\Windows\SysWOW64\Kihcakpa.exeC:\Windows\system32\Kihcakpa.exe79⤵
-
C:\Windows\SysWOW64\Klgpmgod.exeC:\Windows\system32\Klgpmgod.exe80⤵
-
C:\Windows\SysWOW64\Kadhen32.exeC:\Windows\system32\Kadhen32.exe81⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kikpgk32.exeC:\Windows\system32\Kikpgk32.exe82⤵
-
C:\Windows\SysWOW64\Lohiob32.exeC:\Windows\system32\Lohiob32.exe83⤵
-
C:\Windows\SysWOW64\Lddagi32.exeC:\Windows\system32\Lddagi32.exe84⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lkoidcaj.exeC:\Windows\system32\Lkoidcaj.exe85⤵
-
C:\Windows\SysWOW64\Lednal32.exeC:\Windows\system32\Lednal32.exe86⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lgejidgn.exeC:\Windows\system32\Lgejidgn.exe87⤵
-
C:\Windows\SysWOW64\Lpnobi32.exeC:\Windows\system32\Lpnobi32.exe88⤵
-
C:\Windows\SysWOW64\Lhegcg32.exeC:\Windows\system32\Lhegcg32.exe89⤵
-
C:\Windows\SysWOW64\Ljfckodo.exeC:\Windows\system32\Ljfckodo.exe90⤵
-
C:\Windows\SysWOW64\Lppkgi32.exeC:\Windows\system32\Lppkgi32.exe91⤵
-
C:\Windows\SysWOW64\Lcnhcdkp.exeC:\Windows\system32\Lcnhcdkp.exe92⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Ldndng32.exeC:\Windows\system32\Ldndng32.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mfoqephq.exeC:\Windows\system32\Mfoqephq.exe55⤵
-
C:\Windows\SysWOW64\Mfamko32.exeC:\Windows\system32\Mfamko32.exe56⤵
-
C:\Windows\SysWOW64\Mhpigk32.exeC:\Windows\system32\Mhpigk32.exe57⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mbhnpplb.exeC:\Windows\system32\Mbhnpplb.exe58⤵
-
C:\Windows\SysWOW64\Mjofanld.exeC:\Windows\system32\Mjofanld.exe59⤵
-
C:\Windows\SysWOW64\Mchjjc32.exeC:\Windows\system32\Mchjjc32.exe60⤵
-
C:\Windows\SysWOW64\Mdigakic.exeC:\Windows\system32\Mdigakic.exe61⤵
-
C:\Windows\SysWOW64\Mkconepp.exeC:\Windows\system32\Mkconepp.exe62⤵
-
C:\Windows\SysWOW64\Mbmgkp32.exeC:\Windows\system32\Mbmgkp32.exe63⤵
-
C:\Windows\SysWOW64\Mgjpcf32.exeC:\Windows\system32\Mgjpcf32.exe64⤵
-
C:\Windows\SysWOW64\Moahdd32.exeC:\Windows\system32\Moahdd32.exe65⤵
-
C:\Windows\SysWOW64\Nglmifca.exeC:\Windows\system32\Nglmifca.exe66⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Njjieace.exeC:\Windows\system32\Njjieace.exe67⤵
-
C:\Windows\SysWOW64\Ndpmbjbk.exeC:\Windows\system32\Ndpmbjbk.exe68⤵
-
C:\Windows\SysWOW64\Njmejaqb.exeC:\Windows\system32\Njmejaqb.exe69⤵
-
C:\Windows\SysWOW64\Nqgngk32.exeC:\Windows\system32\Nqgngk32.exe70⤵
-
C:\Windows\SysWOW64\Ncejcg32.exeC:\Windows\system32\Ncejcg32.exe71⤵
-
C:\Windows\SysWOW64\Njobpa32.exeC:\Windows\system32\Njobpa32.exe72⤵
-
C:\Windows\SysWOW64\Nplkhh32.exeC:\Windows\system32\Nplkhh32.exe73⤵
-
C:\Windows\SysWOW64\Nffcebdd.exeC:\Windows\system32\Nffcebdd.exe74⤵
-
C:\Windows\SysWOW64\Nmpkal32.exeC:\Windows\system32\Nmpkal32.exe75⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nbmcjc32.exeC:\Windows\system32\Nbmcjc32.exe76⤵
-
C:\Windows\SysWOW64\Oiglfm32.exeC:\Windows\system32\Oiglfm32.exe77⤵
-
C:\Windows\SysWOW64\Opqdcgib.exeC:\Windows\system32\Opqdcgib.exe78⤵
-
C:\Windows\SysWOW64\Ofklpa32.exeC:\Windows\system32\Ofklpa32.exe79⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Olgehh32.exeC:\Windows\system32\Olgehh32.exe80⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Onfadc32.exeC:\Windows\system32\Onfadc32.exe81⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Lndlamke.exeC:\Windows\system32\Lndlamke.exe49⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Bmgifa32.exeC:\Windows\system32\Bmgifa32.exe34⤵
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Eqamla32.exeC:\Windows\system32\Eqamla32.exe13⤵
-
C:\Windows\SysWOW64\Ecoihm32.exeC:\Windows\system32\Ecoihm32.exe14⤵
-
C:\Windows\SysWOW64\Ekfaij32.exeC:\Windows\system32\Ekfaij32.exe15⤵
-
C:\Windows\SysWOW64\Emhnqbjo.exeC:\Windows\system32\Emhnqbjo.exe16⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Egmbnkie.exeC:\Windows\system32\Egmbnkie.exe17⤵
-
C:\Windows\SysWOW64\Ejlnjg32.exeC:\Windows\system32\Ejlnjg32.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fphgbn32.exeC:\Windows\system32\Fphgbn32.exe19⤵
-
C:\Windows\SysWOW64\Fgpock32.exeC:\Windows\system32\Fgpock32.exe20⤵
-
C:\Windows\SysWOW64\Fqhclqnc.exeC:\Windows\system32\Fqhclqnc.exe21⤵
-
C:\Windows\SysWOW64\Ffeldglk.exeC:\Windows\system32\Ffeldglk.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fmodaadg.exeC:\Windows\system32\Fmodaadg.exe23⤵
-
C:\Windows\SysWOW64\Fpmpnmck.exeC:\Windows\system32\Fpmpnmck.exe24⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fppmcmah.exeC:\Windows\system32\Fppmcmah.exe25⤵
-
C:\Windows\SysWOW64\Ffiepg32.exeC:\Windows\system32\Ffiepg32.exe26⤵
-
C:\Windows\SysWOW64\Fhkagonc.exeC:\Windows\system32\Fhkagonc.exe27⤵
-
C:\Windows\SysWOW64\Fnejdiep.exeC:\Windows\system32\Fnejdiep.exe28⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ghmnmo32.exeC:\Windows\system32\Ghmnmo32.exe29⤵
-
C:\Windows\SysWOW64\Gbbbjg32.exeC:\Windows\system32\Gbbbjg32.exe30⤵
-
C:\Windows\SysWOW64\Gddobpbe.exeC:\Windows\system32\Gddobpbe.exe31⤵
-
C:\Windows\SysWOW64\Gjngoj32.exeC:\Windows\system32\Gjngoj32.exe32⤵
-
C:\Windows\SysWOW64\Gahpkd32.exeC:\Windows\system32\Gahpkd32.exe33⤵
-
C:\Windows\SysWOW64\Gfdhck32.exeC:\Windows\system32\Gfdhck32.exe34⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gnlpeh32.exeC:\Windows\system32\Gnlpeh32.exe35⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gpmllpef.exeC:\Windows\system32\Gpmllpef.exe36⤵
-
C:\Windows\SysWOW64\Gjbqjiem.exeC:\Windows\system32\Gjbqjiem.exe37⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hhogaamj.exeC:\Windows\system32\Hhogaamj.exe38⤵
-
C:\Windows\SysWOW64\Hdhdlbpk.exeC:\Windows\system32\Hdhdlbpk.exe39⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hlpmmpam.exeC:\Windows\system32\Hlpmmpam.exe40⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Haleefoe.exeC:\Windows\system32\Haleefoe.exe41⤵
-
C:\Windows\SysWOW64\Hginnmml.exeC:\Windows\system32\Hginnmml.exe42⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Imcfjg32.exeC:\Windows\system32\Imcfjg32.exe43⤵
-
C:\Windows\SysWOW64\Idmnga32.exeC:\Windows\system32\Idmnga32.exe44⤵
-
C:\Windows\SysWOW64\Iijfoh32.exeC:\Windows\system32\Iijfoh32.exe45⤵
-
C:\Windows\SysWOW64\Ipdolbbj.exeC:\Windows\system32\Ipdolbbj.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ikicikap.exeC:\Windows\system32\Ikicikap.exe47⤵
-
C:\Windows\SysWOW64\Ilkpac32.exeC:\Windows\system32\Ilkpac32.exe48⤵
-
C:\Windows\SysWOW64\Icdhnn32.exeC:\Windows\system32\Icdhnn32.exe49⤵
-
C:\Windows\SysWOW64\Ijopjhfh.exeC:\Windows\system32\Ijopjhfh.exe50⤵
-
C:\Windows\SysWOW64\Iokhcodo.exeC:\Windows\system32\Iokhcodo.exe51⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iloilcci.exeC:\Windows\system32\Iloilcci.exe52⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ionehnbm.exeC:\Windows\system32\Ionehnbm.exe53⤵
-
C:\Windows\SysWOW64\Jfhmehji.exeC:\Windows\system32\Jfhmehji.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jlaeab32.exeC:\Windows\system32\Jlaeab32.exe55⤵
-
C:\Windows\SysWOW64\Jaonji32.exeC:\Windows\system32\Jaonji32.exe56⤵
-
C:\Windows\SysWOW64\Jhhfgcgj.exeC:\Windows\system32\Jhhfgcgj.exe57⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jdogldmo.exeC:\Windows\system32\Jdogldmo.exe58⤵
-
C:\Windows\SysWOW64\Jkioho32.exeC:\Windows\system32\Jkioho32.exe59⤵
-
C:\Windows\SysWOW64\Jqfhqe32.exeC:\Windows\system32\Jqfhqe32.exe60⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jgppmpjp.exeC:\Windows\system32\Jgppmpjp.exe61⤵
-
C:\Windows\SysWOW64\Jbedkhie.exeC:\Windows\system32\Jbedkhie.exe62⤵
-
C:\Windows\SysWOW64\Jcgqbq32.exeC:\Windows\system32\Jcgqbq32.exe63⤵
-
C:\Windows\SysWOW64\Jnlepioj.exeC:\Windows\system32\Jnlepioj.exe64⤵
-
C:\Windows\SysWOW64\Kcimhpma.exeC:\Windows\system32\Kcimhpma.exe65⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kmabqf32.exeC:\Windows\system32\Kmabqf32.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kckjmpko.exeC:\Windows\system32\Kckjmpko.exe67⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kihbfg32.exeC:\Windows\system32\Kihbfg32.exe68⤵
-
C:\Windows\SysWOW64\Kqokgd32.exeC:\Windows\system32\Kqokgd32.exe69⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kjhopjqi.exeC:\Windows\system32\Kjhopjqi.exe70⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kkilgb32.exeC:\Windows\system32\Kkilgb32.exe71⤵
-
C:\Windows\SysWOW64\Kfopdk32.exeC:\Windows\system32\Kfopdk32.exe72⤵
-
C:\Windows\SysWOW64\Kmhhae32.exeC:\Windows\system32\Kmhhae32.exe73⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kfaljjdj.exeC:\Windows\system32\Kfaljjdj.exe74⤵
-
C:\Windows\SysWOW64\Kioiffcn.exeC:\Windows\system32\Kioiffcn.exe75⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lbhmok32.exeC:\Windows\system32\Lbhmok32.exe76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lgdfgbhf.exeC:\Windows\system32\Lgdfgbhf.exe77⤵
-
C:\Windows\SysWOW64\Lnnndl32.exeC:\Windows\system32\Lnnndl32.exe78⤵
-
C:\Windows\SysWOW64\Lehfafgp.exeC:\Windows\system32\Lehfafgp.exe79⤵
-
C:\Windows\SysWOW64\Ljeoimeg.exeC:\Windows\system32\Ljeoimeg.exe80⤵
-
C:\Windows\SysWOW64\Laogfg32.exeC:\Windows\system32\Laogfg32.exe81⤵
-
C:\Windows\SysWOW64\Lgiobadq.exeC:\Windows\system32\Lgiobadq.exe82⤵
-
C:\Windows\SysWOW64\Ljgkom32.exeC:\Windows\system32\Ljgkom32.exe83⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lpddgd32.exeC:\Windows\system32\Lpddgd32.exe84⤵
-
C:\Windows\SysWOW64\Lhklha32.exeC:\Windows\system32\Lhklha32.exe85⤵
-
C:\Windows\SysWOW64\Lmhdph32.exeC:\Windows\system32\Lmhdph32.exe86⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mcbmmbhb.exeC:\Windows\system32\Mcbmmbhb.exe87⤵
-
C:\Windows\SysWOW64\Mjlejl32.exeC:\Windows\system32\Mjlejl32.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mlmaad32.exeC:\Windows\system32\Mlmaad32.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mddibb32.exeC:\Windows\system32\Mddibb32.exe90⤵
-
C:\Windows\SysWOW64\Meffjjln.exeC:\Windows\system32\Meffjjln.exe91⤵
-
C:\Windows\SysWOW64\Mpkjgckc.exeC:\Windows\system32\Mpkjgckc.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mfebdm32.exeC:\Windows\system32\Mfebdm32.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Mpngmb32.exeC:\Windows\system32\Mpngmb32.exe94⤵
-
C:\Windows\SysWOW64\Mifkfhpa.exeC:\Windows\system32\Mifkfhpa.exe95⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Mldgbcoe.exeC:\Windows\system32\Mldgbcoe.exe96⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mbopon32.exeC:\Windows\system32\Mbopon32.exe97⤵
-
C:\Windows\SysWOW64\Mhkhgd32.exeC:\Windows\system32\Mhkhgd32.exe98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nkjdcp32.exeC:\Windows\system32\Nkjdcp32.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ndbile32.exeC:\Windows\system32\Ndbile32.exe100⤵
-
C:\Windows\SysWOW64\Ngqeha32.exeC:\Windows\system32\Ngqeha32.exe101⤵
-
C:\Windows\SysWOW64\Nmjmekan.exeC:\Windows\system32\Nmjmekan.exe102⤵
-
C:\Windows\SysWOW64\Nhpabdqd.exeC:\Windows\system32\Nhpabdqd.exe103⤵
-
C:\Windows\SysWOW64\Nmmjjk32.exeC:\Windows\system32\Nmmjjk32.exe104⤵
-
C:\Windows\SysWOW64\Ncjbba32.exeC:\Windows\system32\Ncjbba32.exe105⤵
-
C:\Windows\SysWOW64\Nmogpj32.exeC:\Windows\system32\Nmogpj32.exe106⤵
-
C:\Windows\SysWOW64\Nejkdm32.exeC:\Windows\system32\Nejkdm32.exe107⤵
-
C:\Windows\SysWOW64\Nobpmb32.exeC:\Windows\system32\Nobpmb32.exe108⤵
-
C:\Windows\SysWOW64\Oemhjlha.exeC:\Windows\system32\Oemhjlha.exe109⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oihdjk32.exeC:\Windows\system32\Oihdjk32.exe110⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ocqhcqgk.exeC:\Windows\system32\Ocqhcqgk.exe111⤵
-
C:\Windows\SysWOW64\Ohmalgeb.exeC:\Windows\system32\Ohmalgeb.exe112⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oafedmlb.exeC:\Windows\system32\Oafedmlb.exe113⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Olkjaflh.exeC:\Windows\system32\Olkjaflh.exe114⤵
-
C:\Windows\SysWOW64\Odfofhic.exeC:\Windows\system32\Odfofhic.exe115⤵
-
C:\Windows\SysWOW64\Ogekbchg.exeC:\Windows\system32\Ogekbchg.exe116⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Odiklh32.exeC:\Windows\system32\Odiklh32.exe117⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ojfcdo32.exeC:\Windows\system32\Ojfcdo32.exe118⤵
-
C:\Windows\SysWOW64\Pqplqile.exeC:\Windows\system32\Pqplqile.exe119⤵
-
C:\Windows\SysWOW64\Pncljmko.exeC:\Windows\system32\Pncljmko.exe120⤵
-
C:\Windows\SysWOW64\Pdndggcl.exeC:\Windows\system32\Pdndggcl.exe121⤵
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-