Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
01/11/2023, 08:28
General
-
Target
NEAS.c8718472098037e21b06eb438383d199.exe
-
Size
176KB
-
MD5
c8718472098037e21b06eb438383d199
-
SHA1
79662541f4096124b4bd0064f51e777c830e1d3a
-
SHA256
548e1ed1773f589bcb85b9a1502fc39971ef309aeb57c1a8b853bbc09ade820e
-
SHA512
f62de22a43f23673fdaf84ff26d886eef2fa1342bd1d6b06963f5668484d2fbadc0cc808027f9264651883b583b26160d82d3140f599b26cacbf4cbc26de782b
-
SSDEEP
3072:q7MJX8AMkHCq+gMvu1cjENRZ9wmAOIayGsOOJF4EISi/i4gG4npAjmA39QQIckJI:qWXzNMvu1nTZ9EaUn4yjK99QQd
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Malware Backdoor - Berbew 64 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.c8718472098037e21b06eb438383d199.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.c8718472098037e21b06eb438383d199.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jnlbojee.exeC:\Windows\system32\Jnlbojee.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Knooej32.exeC:\Windows\system32\Knooej32.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Knalji32.exeC:\Windows\system32\Knalji32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kkeldnpi.exeC:\Windows\system32\Kkeldnpi.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kkgiimng.exeC:\Windows\system32\Kkgiimng.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kgninn32.exeC:\Windows\system32\Kgninn32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kqfngd32.exeC:\Windows\system32\Kqfngd32.exe8⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lmmolepp.exeC:\Windows\system32\Lmmolepp.exe9⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lknojl32.exeC:\Windows\system32\Lknojl32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lcjcnoej.exeC:\Windows\system32\Lcjcnoej.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lmbhgd32.exeC:\Windows\system32\Lmbhgd32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ljfhqh32.exeC:\Windows\system32\Ljfhqh32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Lndagg32.exeC:\Windows\system32\Lndagg32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Madjhb32.exeC:\Windows\system32\Madjhb32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Maggnali.exeC:\Windows\system32\Maggnali.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mkmkkjko.exeC:\Windows\system32\Mkmkkjko.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mjahlgpf.exeC:\Windows\system32\Mjahlgpf.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Megljppl.exeC:\Windows\system32\Megljppl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Meiioonj.exeC:\Windows\system32\Meiioonj.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nnbnhedj.exeC:\Windows\system32\Nnbnhedj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ngjbaj32.exeC:\Windows\system32\Ngjbaj32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmgjia32.exeC:\Windows\system32\Nmgjia32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nhmofj32.exeC:\Windows\system32\Nhmofj32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Naecop32.exeC:\Windows\system32\Naecop32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nhokljge.exeC:\Windows\system32\Nhokljge.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nagpeo32.exeC:\Windows\system32\Nagpeo32.exe14⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Lcnmin32.exeC:\Windows\system32\Lcnmin32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nlmdbh32.exeC:\Windows\system32\Nlmdbh32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ojbacd32.exeC:\Windows\system32\Ojbacd32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ohfami32.exeC:\Windows\system32\Ohfami32.exe3⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Oanfen32.exeC:\Windows\system32\Oanfen32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Odoogi32.exeC:\Windows\system32\Odoogi32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ojigdcll.exeC:\Windows\system32\Ojigdcll.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oeokal32.exeC:\Windows\system32\Oeokal32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Omjpeo32.exeC:\Windows\system32\Omjpeo32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Peahgl32.exeC:\Windows\system32\Peahgl32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Poimpapp.exeC:\Windows\system32\Poimpapp.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdfehh32.exeC:\Windows\system32\Pdfehh32.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Poliea32.exeC:\Windows\system32\Poliea32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdhbmh32.exeC:\Windows\system32\Pdhbmh32.exe13⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ponfka32.exeC:\Windows\system32\Ponfka32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdkoch32.exeC:\Windows\system32\Pdkoch32.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmcclm32.exeC:\Windows\system32\Pmcclm32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pldcjeia.exeC:\Windows\system32\Pldcjeia.exe17⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qaalblgi.exeC:\Windows\system32\Qaalblgi.exe18⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Qlgpod32.exeC:\Windows\system32\Qlgpod32.exe19⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Qhmqdemc.exeC:\Windows\system32\Qhmqdemc.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bnhenj32.exeC:\Windows\system32\Bnhenj32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bohbhmfm.exeC:\Windows\system32\Bohbhmfm.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bddjpd32.exeC:\Windows\system32\Bddjpd32.exe23⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bojomm32.exeC:\Windows\system32\Bojomm32.exe24⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Blnoga32.exeC:\Windows\system32\Blnoga32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bheplb32.exeC:\Windows\system32\Bheplb32.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Coohhlpe.exeC:\Windows\system32\Coohhlpe.exe27⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cleegp32.exeC:\Windows\system32\Cleegp32.exe28⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cbbnpg32.exeC:\Windows\system32\Cbbnpg32.exe29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Clgbmp32.exeC:\Windows\system32\Clgbmp32.exe30⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cfpffeaj.exeC:\Windows\system32\Cfpffeaj.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cbfgkffn.exeC:\Windows\system32\Cbfgkffn.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cdecgbfa.exeC:\Windows\system32\Cdecgbfa.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dokgdkeh.exeC:\Windows\system32\Dokgdkeh.exe34⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dfdpad32.exeC:\Windows\system32\Dfdpad32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dbkqfe32.exeC:\Windows\system32\Dbkqfe32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dkceokii.exeC:\Windows\system32\Dkceokii.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dfiildio.exeC:\Windows\system32\Dfiildio.exe38⤵
-
C:\Windows\SysWOW64\Dkfadkgf.exeC:\Windows\system32\Dkfadkgf.exe39⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dflfac32.exeC:\Windows\system32\Dflfac32.exe40⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Dijbno32.exeC:\Windows\system32\Dijbno32.exe41⤵
-
C:\Windows\SysWOW64\Dodjjimm.exeC:\Windows\system32\Dodjjimm.exe42⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dbbffdlq.exeC:\Windows\system32\Dbbffdlq.exe43⤵
-
C:\Windows\SysWOW64\Eiloco32.exeC:\Windows\system32\Eiloco32.exe44⤵
-
C:\Windows\SysWOW64\Eofgpikj.exeC:\Windows\system32\Eofgpikj.exe45⤵
-
C:\Windows\SysWOW64\Efpomccg.exeC:\Windows\system32\Efpomccg.exe46⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eiahnnph.exeC:\Windows\system32\Eiahnnph.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ekodjiol.exeC:\Windows\system32\Ekodjiol.exe48⤵
-
C:\Windows\SysWOW64\Eehicoel.exeC:\Windows\system32\Eehicoel.exe49⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ekaapi32.exeC:\Windows\system32\Ekaapi32.exe50⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eblimcdf.exeC:\Windows\system32\Eblimcdf.exe51⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Eifaim32.exeC:\Windows\system32\Eifaim32.exe52⤵
-
C:\Windows\SysWOW64\Enbjad32.exeC:\Windows\system32\Enbjad32.exe53⤵
-
C:\Windows\SysWOW64\Felbnn32.exeC:\Windows\system32\Felbnn32.exe54⤵
-
C:\Windows\SysWOW64\Fpbflg32.exeC:\Windows\system32\Fpbflg32.exe55⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Feoodn32.exeC:\Windows\system32\Feoodn32.exe56⤵
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Fmfgek32.exeC:\Windows\system32\Fmfgek32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fngcmcfe.exeC:\Windows\system32\Fngcmcfe.exe2⤵
-
C:\Windows\SysWOW64\Fealin32.exeC:\Windows\system32\Fealin32.exe3⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fpgpgfmh.exeC:\Windows\system32\Fpgpgfmh.exe4⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fechomko.exeC:\Windows\system32\Fechomko.exe5⤵
-
C:\Windows\SysWOW64\Fpimlfke.exeC:\Windows\system32\Fpimlfke.exe6⤵
-
C:\Windows\SysWOW64\Ffceip32.exeC:\Windows\system32\Ffceip32.exe7⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Flpmagqi.exeC:\Windows\system32\Flpmagqi.exe8⤵
-
C:\Windows\SysWOW64\Gehbjm32.exeC:\Windows\system32\Gehbjm32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Glbjggof.exeC:\Windows\system32\Glbjggof.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Gblbca32.exeC:\Windows\system32\Gblbca32.exe11⤵
-
C:\Windows\SysWOW64\Gifkpknp.exeC:\Windows\system32\Gifkpknp.exe12⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gppcmeem.exeC:\Windows\system32\Gppcmeem.exe13⤵
-
C:\Windows\SysWOW64\Gihgfk32.exeC:\Windows\system32\Gihgfk32.exe14⤵
-
C:\Windows\SysWOW64\Glgcbf32.exeC:\Windows\system32\Glgcbf32.exe15⤵
-
C:\Windows\SysWOW64\Gflhoo32.exeC:\Windows\system32\Gflhoo32.exe16⤵
-
C:\Windows\SysWOW64\Gmfplibd.exeC:\Windows\system32\Gmfplibd.exe17⤵
-
C:\Windows\SysWOW64\Goglcahb.exeC:\Windows\system32\Goglcahb.exe18⤵
-
C:\Windows\SysWOW64\Gimqajgh.exeC:\Windows\system32\Gimqajgh.exe19⤵
-
C:\Windows\SysWOW64\Gojiiafp.exeC:\Windows\system32\Gojiiafp.exe20⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hipmfjee.exeC:\Windows\system32\Hipmfjee.exe21⤵
-
C:\Windows\SysWOW64\Hpiecd32.exeC:\Windows\system32\Hpiecd32.exe22⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hfcnpn32.exeC:\Windows\system32\Hfcnpn32.exe23⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hlpfhe32.exeC:\Windows\system32\Hlpfhe32.exe24⤵
-
C:\Windows\SysWOW64\Hbjoeojc.exeC:\Windows\system32\Hbjoeojc.exe25⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hidgai32.exeC:\Windows\system32\Hidgai32.exe26⤵
-
C:\Windows\SysWOW64\Hpnoncim.exeC:\Windows\system32\Hpnoncim.exe27⤵
-
C:\Windows\SysWOW64\Hekgfj32.exeC:\Windows\system32\Hekgfj32.exe28⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hmbphg32.exeC:\Windows\system32\Hmbphg32.exe29⤵
-
C:\Windows\SysWOW64\Hfjdqmng.exeC:\Windows\system32\Hfjdqmng.exe30⤵
-
C:\Windows\SysWOW64\Hmdlmg32.exeC:\Windows\system32\Hmdlmg32.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hoeieolb.exeC:\Windows\system32\Hoeieolb.exe32⤵
-
C:\Windows\SysWOW64\Iepaaico.exeC:\Windows\system32\Iepaaico.exe33⤵
-
C:\Windows\SysWOW64\Ipeeobbe.exeC:\Windows\system32\Ipeeobbe.exe34⤵
-
C:\Windows\SysWOW64\Ibcaknbi.exeC:\Windows\system32\Ibcaknbi.exe35⤵
-
C:\Windows\SysWOW64\Iinjhh32.exeC:\Windows\system32\Iinjhh32.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ibfnqmpf.exeC:\Windows\system32\Ibfnqmpf.exe37⤵
-
C:\Windows\SysWOW64\Imkbnf32.exeC:\Windows\system32\Imkbnf32.exe38⤵
-
C:\Windows\SysWOW64\Iomoenej.exeC:\Windows\system32\Iomoenej.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Iefgbh32.exeC:\Windows\system32\Iefgbh32.exe40⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ilqoobdd.exeC:\Windows\system32\Ilqoobdd.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ickglm32.exeC:\Windows\system32\Ickglm32.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ieidhh32.exeC:\Windows\system32\Ieidhh32.exe43⤵
-
C:\Windows\SysWOW64\Ipoheakj.exeC:\Windows\system32\Ipoheakj.exe44⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jghpbk32.exeC:\Windows\system32\Jghpbk32.exe45⤵
-
C:\Windows\SysWOW64\Jleijb32.exeC:\Windows\system32\Jleijb32.exe46⤵
-
C:\Windows\SysWOW64\Jcoaglhk.exeC:\Windows\system32\Jcoaglhk.exe47⤵
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Jiiicf32.exeC:\Windows\system32\Jiiicf32.exe1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jofalmmp.exeC:\Windows\system32\Jofalmmp.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Jepjhg32.exeC:\Windows\system32\Jepjhg32.exe3⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kckqbj32.exeC:\Windows\system32\Kckqbj32.exe4⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Knqepc32.exeC:\Windows\system32\Knqepc32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kcpjnjii.exeC:\Windows\system32\Kcpjnjii.exe6⤵
-
C:\Windows\SysWOW64\Knenkbio.exeC:\Windows\system32\Knenkbio.exe7⤵
-
C:\Windows\SysWOW64\Kofkbk32.exeC:\Windows\system32\Kofkbk32.exe8⤵
-
C:\Windows\SysWOW64\Kjlopc32.exeC:\Windows\system32\Kjlopc32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Loighj32.exeC:\Windows\system32\Loighj32.exe10⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lnjgfb32.exeC:\Windows\system32\Lnjgfb32.exe11⤵
-
C:\Windows\SysWOW64\Lokdnjkg.exeC:\Windows\system32\Lokdnjkg.exe12⤵
-
C:\Windows\SysWOW64\Lnldla32.exeC:\Windows\system32\Lnldla32.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lcimdh32.exeC:\Windows\system32\Lcimdh32.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lmaamn32.exeC:\Windows\system32\Lmaamn32.exe15⤵
-
C:\Windows\SysWOW64\Lobjni32.exeC:\Windows\system32\Lobjni32.exe16⤵
-
C:\Windows\SysWOW64\Lncjlq32.exeC:\Windows\system32\Lncjlq32.exe17⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mcpcdg32.exeC:\Windows\system32\Mcpcdg32.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mmhgmmbf.exeC:\Windows\system32\Mmhgmmbf.exe19⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mcbpjg32.exeC:\Windows\system32\Mcbpjg32.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mnhdgpii.exeC:\Windows\system32\Mnhdgpii.exe21⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mqfpckhm.exeC:\Windows\system32\Mqfpckhm.exe22⤵
-
C:\Windows\SysWOW64\Mgphpe32.exeC:\Windows\system32\Mgphpe32.exe23⤵
-
C:\Windows\SysWOW64\Mgbefe32.exeC:\Windows\system32\Mgbefe32.exe24⤵
-
C:\Windows\SysWOW64\Mnmmboed.exeC:\Windows\system32\Mnmmboed.exe25⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Monjjgkb.exeC:\Windows\system32\Monjjgkb.exe26⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mfhbga32.exeC:\Windows\system32\Mfhbga32.exe27⤵
-
C:\Windows\SysWOW64\Nmbjcljl.exeC:\Windows\system32\Nmbjcljl.exe28⤵
-
C:\Windows\SysWOW64\Nclbpf32.exeC:\Windows\system32\Nclbpf32.exe29⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nnafno32.exeC:\Windows\system32\Nnafno32.exe30⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Npbceggm.exeC:\Windows\system32\Npbceggm.exe31⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nflkbanj.exeC:\Windows\system32\Nflkbanj.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nqbpojnp.exeC:\Windows\system32\Nqbpojnp.exe33⤵
-
C:\Windows\SysWOW64\Nfohgqlg.exeC:\Windows\system32\Nfohgqlg.exe34⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nadleilm.exeC:\Windows\system32\Nadleilm.exe35⤵
-
C:\Windows\SysWOW64\Ncchae32.exeC:\Windows\system32\Ncchae32.exe36⤵
-
C:\Windows\SysWOW64\Nmkmjjaa.exeC:\Windows\system32\Nmkmjjaa.exe37⤵
-
C:\Windows\SysWOW64\Ojomcopk.exeC:\Windows\system32\Ojomcopk.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Oplfkeob.exeC:\Windows\system32\Oplfkeob.exe39⤵
-
C:\Windows\SysWOW64\Offnhpfo.exeC:\Windows\system32\Offnhpfo.exe40⤵
-
C:\Windows\SysWOW64\Oakbehfe.exeC:\Windows\system32\Oakbehfe.exe41⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ogekbb32.exeC:\Windows\system32\Ogekbb32.exe42⤵
-
C:\Windows\SysWOW64\Oanokhdb.exeC:\Windows\system32\Oanokhdb.exe43⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oghghb32.exeC:\Windows\system32\Oghghb32.exe44⤵
-
C:\Windows\SysWOW64\Omdppiif.exeC:\Windows\system32\Omdppiif.exe45⤵
-
C:\Windows\SysWOW64\Ocohmc32.exeC:\Windows\system32\Ocohmc32.exe46⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ojhpimhp.exeC:\Windows\system32\Ojhpimhp.exe47⤵
-
C:\Windows\SysWOW64\Oabhfg32.exeC:\Windows\system32\Oabhfg32.exe48⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ohlqcagj.exeC:\Windows\system32\Ohlqcagj.exe49⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pmiikh32.exeC:\Windows\system32\Pmiikh32.exe50⤵
-
C:\Windows\SysWOW64\Phonha32.exeC:\Windows\system32\Phonha32.exe51⤵
-
C:\Windows\SysWOW64\Ppjbmc32.exeC:\Windows\system32\Ppjbmc32.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Pfdjinjo.exeC:\Windows\system32\Pfdjinjo.exe53⤵
-
C:\Windows\SysWOW64\Pmnbfhal.exeC:\Windows\system32\Pmnbfhal.exe54⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Phcgcqab.exeC:\Windows\system32\Phcgcqab.exe55⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pnmopk32.exeC:\Windows\system32\Pnmopk32.exe56⤵
-
C:\Windows\SysWOW64\Phfcipoo.exeC:\Windows\system32\Phfcipoo.exe57⤵
-
C:\Windows\SysWOW64\Pmblagmf.exeC:\Windows\system32\Pmblagmf.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qhhpop32.exeC:\Windows\system32\Qhhpop32.exe59⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qobhkjdi.exeC:\Windows\system32\Qobhkjdi.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qpcecb32.exeC:\Windows\system32\Qpcecb32.exe61⤵
-
C:\Windows\SysWOW64\Qodeajbg.exeC:\Windows\system32\Qodeajbg.exe62⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Qpeahb32.exeC:\Windows\system32\Qpeahb32.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Afpjel32.exeC:\Windows\system32\Afpjel32.exe64⤵
-
C:\Windows\SysWOW64\Aaenbd32.exeC:\Windows\system32\Aaenbd32.exe65⤵
-
C:\Windows\SysWOW64\Ahofoogd.exeC:\Windows\system32\Ahofoogd.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Amlogfel.exeC:\Windows\system32\Amlogfel.exe67⤵
-
C:\Windows\SysWOW64\Agdcpkll.exeC:\Windows\system32\Agdcpkll.exe68⤵
-
C:\Windows\SysWOW64\Ahdpjn32.exeC:\Windows\system32\Ahdpjn32.exe69⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Amqhbe32.exeC:\Windows\system32\Amqhbe32.exe70⤵
-
C:\Windows\SysWOW64\Bdmmeo32.exeC:\Windows\system32\Bdmmeo32.exe71⤵
-
C:\Windows\SysWOW64\Bkgeainn.exeC:\Windows\system32\Bkgeainn.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Baannc32.exeC:\Windows\system32\Baannc32.exe73⤵
-
C:\Windows\SysWOW64\Bgnffj32.exeC:\Windows\system32\Bgnffj32.exe74⤵
-
C:\Windows\SysWOW64\Bmhocd32.exeC:\Windows\system32\Bmhocd32.exe75⤵
-
C:\Windows\SysWOW64\Bdagpnbk.exeC:\Windows\system32\Bdagpnbk.exe76⤵
-
C:\Windows\SysWOW64\Bogkmgba.exeC:\Windows\system32\Bogkmgba.exe77⤵
-
C:\Windows\SysWOW64\Bphgeo32.exeC:\Windows\system32\Bphgeo32.exe78⤵
-
C:\Windows\SysWOW64\Bnlhncgi.exeC:\Windows\system32\Bnlhncgi.exe79⤵
-
C:\Windows\SysWOW64\Bhblllfo.exeC:\Windows\system32\Bhblllfo.exe80⤵
-
C:\Windows\SysWOW64\Boldhf32.exeC:\Windows\system32\Boldhf32.exe81⤵
-
C:\Windows\SysWOW64\Cpmapodj.exeC:\Windows\system32\Cpmapodj.exe82⤵
-
C:\Windows\SysWOW64\Ckbemgcp.exeC:\Windows\system32\Ckbemgcp.exe83⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cponen32.exeC:\Windows\system32\Cponen32.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cgifbhid.exeC:\Windows\system32\Cgifbhid.exe85⤵
-
C:\Windows\SysWOW64\Caojpaij.exeC:\Windows\system32\Caojpaij.exe86⤵
-
C:\Windows\SysWOW64\Cglbhhga.exeC:\Windows\system32\Cglbhhga.exe87⤵
-
C:\Windows\SysWOW64\Cnfkdb32.exeC:\Windows\system32\Cnfkdb32.exe88⤵
-
C:\Windows\SysWOW64\Chkobkod.exeC:\Windows\system32\Chkobkod.exe89⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cnhgjaml.exeC:\Windows\system32\Cnhgjaml.exe90⤵
-
C:\Windows\SysWOW64\Cgqlcg32.exeC:\Windows\system32\Cgqlcg32.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Dafppp32.exeC:\Windows\system32\Dafppp32.exe92⤵
-
C:\Windows\SysWOW64\Dhphmj32.exeC:\Windows\system32\Dhphmj32.exe93⤵
-
C:\Windows\SysWOW64\Dhbebj32.exeC:\Windows\system32\Dhbebj32.exe94⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dhdbhifj.exeC:\Windows\system32\Dhdbhifj.exe95⤵
-
C:\Windows\SysWOW64\Dnajppda.exeC:\Windows\system32\Dnajppda.exe96⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ddkbmj32.exeC:\Windows\system32\Ddkbmj32.exe97⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Doagjc32.exeC:\Windows\system32\Doagjc32.exe98⤵
-
C:\Windows\SysWOW64\Fqppci32.exeC:\Windows\system32\Fqppci32.exe99⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Figgdg32.exeC:\Windows\system32\Figgdg32.exe100⤵
-
C:\Windows\SysWOW64\Foapaa32.exeC:\Windows\system32\Foapaa32.exe101⤵
-
C:\Windows\SysWOW64\Fqbliicp.exeC:\Windows\system32\Fqbliicp.exe102⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Foclgq32.exeC:\Windows\system32\Foclgq32.exe103⤵
-
C:\Windows\SysWOW64\Fqeioiam.exeC:\Windows\system32\Fqeioiam.exe104⤵
-
C:\Windows\SysWOW64\Fkjmlaac.exeC:\Windows\system32\Fkjmlaac.exe105⤵
-
C:\Windows\SysWOW64\Finnef32.exeC:\Windows\system32\Finnef32.exe106⤵
-
C:\Windows\SysWOW64\Fkmjaa32.exeC:\Windows\system32\Fkmjaa32.exe107⤵
-
C:\Windows\SysWOW64\Fbgbnkfm.exeC:\Windows\system32\Fbgbnkfm.exe108⤵
-
C:\Windows\SysWOW64\Fgcjfbed.exeC:\Windows\system32\Fgcjfbed.exe109⤵
-
C:\Windows\SysWOW64\Gnnccl32.exeC:\Windows\system32\Gnnccl32.exe110⤵
-
C:\Windows\SysWOW64\Gegkpf32.exeC:\Windows\system32\Gegkpf32.exe111⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gnpphljo.exeC:\Windows\system32\Gnpphljo.exe112⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gejhef32.exeC:\Windows\system32\Gejhef32.exe113⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gpolbo32.exeC:\Windows\system32\Gpolbo32.exe114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gbnhoj32.exeC:\Windows\system32\Gbnhoj32.exe115⤵
-
C:\Windows\SysWOW64\Gihpkd32.exeC:\Windows\system32\Gihpkd32.exe116⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gpaihooo.exeC:\Windows\system32\Gpaihooo.exe117⤵
-
C:\Windows\SysWOW64\Gbpedjnb.exeC:\Windows\system32\Gbpedjnb.exe118⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ggmmlamj.exeC:\Windows\system32\Ggmmlamj.exe119⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gngeik32.exeC:\Windows\system32\Gngeik32.exe120⤵
-
C:\Windows\SysWOW64\Geanfelc.exeC:\Windows\system32\Geanfelc.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-