7dd4fd6b6a5f45bee6b53e266b6cbf734a11814301a88d0d4dfa608fae6ed0b6

Analysis

max time kernel
98s
max time network
99s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7dd4fd6b6a5f45bee6b53e266b6cbf734a11814301a88d0d4dfa608fae6ed0b6.exe
Size

44KB
MD5

8ea6e59478ab79f1e499f2d37a7fa82a
SHA1

cac1b390cb01d4129c9a323597ed7f2cf044905a
SHA256

7dd4fd6b6a5f45bee6b53e266b6cbf734a11814301a88d0d4dfa608fae6ed0b6
SHA512

9b2b2df81daf23f4e236ffc33f78ea81ae82e220c231860076eb848b94263850da2b630e512a2733bd61e416c1ba5db88f426d5e497cb6a9962fd0a0af91c882
SSDEEP

768:D3rnGHcFIKtK3y89pXdqKIsG4qTDMqR7AtmqDgfj70319irrHoSpEYW:TrGmt2y8kLDMqNANgX031i1iYW

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1496	h4ckdn1234.exe
1896	h4ckdn1234.exe
964	h4ckdn1234.exe
2004	h4ckdn1234.exe
1752	h4ckdn1234.exe
1664	h4ckdn1234.exe
1812	h4ckdn1234.exe
1880	h4ckdn1234.exe
1276	h4ckdn1234.exe
1604	h4ckdn1234.exe
1224	h4ckdn1234.exe
1800	h4ckdn1234.exe
608	h4ckdn1234.exe
748	h4ckdn1234.exe
1564	h4ckdn1234.exe
1140	h4ckdn1234.exe
1384	h4ckdn1234.exe
292	h4ckdn1234.exe
924	h4ckdn1234.exe
1932	h4ckdn1234.exe
1928	h4ckdn1234.exe
2008	h4ckdn1234.exe
1984	h4ckdn1234.exe
1720	h4ckdn1234.exe
584	h4ckdn1234.exe
1744	h4ckdn1234.exe
604	h4ckdn1234.exe
1056	h4ckdn1234.exe
668	h4ckdn1234.exe
1152	h4ckdn1234.exe
976	h4ckdn1234.exe
1112	h4ckdn1234.exe
1908	h4ckdn1234.exe
1640	h4ckdn1234.exe
2044	h4ckdn1234.exe
1104	h4ckdn1234.exe
1180	h4ckdn1234.exe
1724	h4ckdn1234.exe
576	h4ckdn1234.exe
1440	h4ckdn1234.exe
1620	h4ckdn1234.exe
1828	h4ckdn1234.exe
1460	h4ckdn1234.exe
1704	h4ckdn1234.exe
2064	h4ckdn1234.exe
2088	h4ckdn1234.exe
2112	h4ckdn1234.exe
2136	h4ckdn1234.exe
2160	h4ckdn1234.exe
2184	h4ckdn1234.exe
2204	h4ckdn1234.exe
2228	h4ckdn1234.exe
2252	h4ckdn1234.exe
2276	h4ckdn1234.exe
2296	h4ckdn1234.exe
2320	h4ckdn1234.exe
2340	h4ckdn1234.exe
2360	h4ckdn1234.exe
2380	h4ckdn1234.exe
2404	h4ckdn1234.exe
2424	h4ckdn1234.exe
2448	h4ckdn1234.exe
2472	h4ckdn1234.exe
2496	h4ckdn1234.exe

Loads dropped DLL 64 IoCs

pid	Process
656	7dd4fd6b6a5f45bee6b53e266b6cbf734a11814301a88d0d4dfa608fae6ed0b6.exe
656	7dd4fd6b6a5f45bee6b53e266b6cbf734a11814301a88d0d4dfa608fae6ed0b6.exe
1496	h4ckdn1234.exe
1496	h4ckdn1234.exe
1896	h4ckdn1234.exe
1896	h4ckdn1234.exe
964	h4ckdn1234.exe
964	h4ckdn1234.exe
2004	h4ckdn1234.exe
2004	h4ckdn1234.exe
1752	h4ckdn1234.exe
1752	h4ckdn1234.exe
1664	h4ckdn1234.exe
1664	h4ckdn1234.exe
1812	h4ckdn1234.exe
1812	h4ckdn1234.exe
1880	h4ckdn1234.exe
1880	h4ckdn1234.exe
1276	h4ckdn1234.exe
1276	h4ckdn1234.exe
1604	h4ckdn1234.exe
1604	h4ckdn1234.exe
1224	h4ckdn1234.exe
1224	h4ckdn1234.exe
1800	h4ckdn1234.exe
1800	h4ckdn1234.exe
608	h4ckdn1234.exe
608	h4ckdn1234.exe
748	h4ckdn1234.exe
748	h4ckdn1234.exe
1564	h4ckdn1234.exe
1564	h4ckdn1234.exe
1140	h4ckdn1234.exe
1140	h4ckdn1234.exe
1384	h4ckdn1234.exe
1384	h4ckdn1234.exe
292	h4ckdn1234.exe
292	h4ckdn1234.exe
924	h4ckdn1234.exe
924	h4ckdn1234.exe
1932	h4ckdn1234.exe
1932	h4ckdn1234.exe
1928	h4ckdn1234.exe
1928	h4ckdn1234.exe
2008	h4ckdn1234.exe
2008	h4ckdn1234.exe
1984	h4ckdn1234.exe
1984	h4ckdn1234.exe
1720	h4ckdn1234.exe
1720	h4ckdn1234.exe
584	h4ckdn1234.exe
584	h4ckdn1234.exe
1744	h4ckdn1234.exe
1744	h4ckdn1234.exe
604	h4ckdn1234.exe
604	h4ckdn1234.exe
1056	h4ckdn1234.exe
1056	h4ckdn1234.exe
668	h4ckdn1234.exe
668	h4ckdn1234.exe
1152	h4ckdn1234.exe
1152	h4ckdn1234.exe
976	h4ckdn1234.exe
976	h4ckdn1234.exe

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	7dd4fd6b6a5f45bee6b53e266b6cbf734a11814301a88d0d4dfa608fae6ed0b6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\h4ckdn1234 = "C:\\Windows\\system32\\h4ckdn1234.exe"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	h4ckdn1234.exe

Modifies WinLogon 2 TTPs 64 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Impersonate = "0"	h4ckdn1234.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Impersonate = "0"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Shutdown = "WLEShutdown"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Logon = "WLELogon"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234	h4ckdn1234.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Impersonate = "0"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234	h4ckdn1234.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Asynchronous = "0"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Logon = "WLELogon"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Logoff = "WLELogoff"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Unlock = "WLEUnlock"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\DllName = "h4ckdn1234.dll"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Logon = "WLELogon"	h4ckdn1234.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Impersonate = "0"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\StopScreenSaver = "WLEStopScreenSaver"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	h4ckdn1234.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Impersonate = "0"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\DllName = "h4ckdn1234.dll"	h4ckdn1234.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Asynchronous = "0"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Shutdown = "WLEShutdown"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Logon = "WLELogon"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Shutdown = "WLEShutdown"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\DllName = "h4ckdn1234.dll"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Shutdown = "WLEShutdown"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Shutdown = "WLEShutdown"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Logon = "WLELogon"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Unlock = "WLEUnlock"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\DllName = "h4ckdn1234.dll"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Logon = "WLELogon"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Lock = "WLELock"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Shutdown = "WLEShutdown"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Shutdown = "WLEShutdown"	h4ckdn1234.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Impersonate = "0"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\StartScreenSaver = "WLEStartScreenSaver"	h4ckdn1234.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Impersonate = "0"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Lock = "WLELock"	h4ckdn1234.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Asynchronous = "0"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Unlock = "WLEUnlock"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Lock = "WLELock"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\StartScreenSaver = "WLEStartScreenSaver"	h4ckdn1234.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Asynchronous = "0"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Logoff = "WLELogoff"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\StartScreenSaver = "WLEStartScreenSaver"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\DllName = "h4ckdn1234.dll"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Logoff = "WLELogoff"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\StartScreenSaver = "WLEStartScreenSaver"	h4ckdn1234.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Asynchronous = "0"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Logoff = "WLELogoff"	h4ckdn1234.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Asynchronous = "0"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\StartScreenSaver = "WLEStartScreenSaver"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Lock = "WLELock"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Startup = "WLEStartup"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Startup = "WLEStartup"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Shutdown = "WLEShutdown"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Shutdown = "WLEShutdown"	h4ckdn1234.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\Unlock = "WLEUnlock"	h4ckdn1234.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\h4ckdn1234\DllName = "h4ckdn1234.dll"	h4ckdn1234.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe
File created	C:\Windows\SysWOW64\h4ckdn1234.exe	h4ckdn1234.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 1496	656	7dd4fd6b6a5f45bee6b53e266b6cbf734a11814301a88d0d4dfa608fae6ed0b6.exe	27
PID 656 wrote to memory of 1496	656	7dd4fd6b6a5f45bee6b53e266b6cbf734a11814301a88d0d4dfa608fae6ed0b6.exe	27
PID 656 wrote to memory of 1496	656	7dd4fd6b6a5f45bee6b53e266b6cbf734a11814301a88d0d4dfa608fae6ed0b6.exe	27
PID 656 wrote to memory of 1496	656	7dd4fd6b6a5f45bee6b53e266b6cbf734a11814301a88d0d4dfa608fae6ed0b6.exe	27
PID 1496 wrote to memory of 1896	1496	h4ckdn1234.exe	28
PID 1496 wrote to memory of 1896	1496	h4ckdn1234.exe	28
PID 1496 wrote to memory of 1896	1496	h4ckdn1234.exe	28
PID 1496 wrote to memory of 1896	1496	h4ckdn1234.exe	28
PID 1896 wrote to memory of 964	1896	h4ckdn1234.exe	29
PID 1896 wrote to memory of 964	1896	h4ckdn1234.exe	29
PID 1896 wrote to memory of 964	1896	h4ckdn1234.exe	29
PID 1896 wrote to memory of 964	1896	h4ckdn1234.exe	29
PID 964 wrote to memory of 2004	964	h4ckdn1234.exe	30
PID 964 wrote to memory of 2004	964	h4ckdn1234.exe	30
PID 964 wrote to memory of 2004	964	h4ckdn1234.exe	30
PID 964 wrote to memory of 2004	964	h4ckdn1234.exe	30
PID 2004 wrote to memory of 1752	2004	h4ckdn1234.exe	31
PID 2004 wrote to memory of 1752	2004	h4ckdn1234.exe	31
PID 2004 wrote to memory of 1752	2004	h4ckdn1234.exe	31
PID 2004 wrote to memory of 1752	2004	h4ckdn1234.exe	31
PID 1752 wrote to memory of 1664	1752	h4ckdn1234.exe	32
PID 1752 wrote to memory of 1664	1752	h4ckdn1234.exe	32
PID 1752 wrote to memory of 1664	1752	h4ckdn1234.exe	32
PID 1752 wrote to memory of 1664	1752	h4ckdn1234.exe	32
PID 1664 wrote to memory of 1812	1664	h4ckdn1234.exe	33
PID 1664 wrote to memory of 1812	1664	h4ckdn1234.exe	33
PID 1664 wrote to memory of 1812	1664	h4ckdn1234.exe	33
PID 1664 wrote to memory of 1812	1664	h4ckdn1234.exe	33
PID 1812 wrote to memory of 1880	1812	h4ckdn1234.exe	34
PID 1812 wrote to memory of 1880	1812	h4ckdn1234.exe	34
PID 1812 wrote to memory of 1880	1812	h4ckdn1234.exe	34
PID 1812 wrote to memory of 1880	1812	h4ckdn1234.exe	34
PID 1880 wrote to memory of 1276	1880	h4ckdn1234.exe	35
PID 1880 wrote to memory of 1276	1880	h4ckdn1234.exe	35
PID 1880 wrote to memory of 1276	1880	h4ckdn1234.exe	35
PID 1880 wrote to memory of 1276	1880	h4ckdn1234.exe	35
PID 1276 wrote to memory of 1604	1276	h4ckdn1234.exe	36
PID 1276 wrote to memory of 1604	1276	h4ckdn1234.exe	36
PID 1276 wrote to memory of 1604	1276	h4ckdn1234.exe	36
PID 1276 wrote to memory of 1604	1276	h4ckdn1234.exe	36
PID 1604 wrote to memory of 1224	1604	h4ckdn1234.exe	37
PID 1604 wrote to memory of 1224	1604	h4ckdn1234.exe	37
PID 1604 wrote to memory of 1224	1604	h4ckdn1234.exe	37
PID 1604 wrote to memory of 1224	1604	h4ckdn1234.exe	37
PID 1224 wrote to memory of 1800	1224	h4ckdn1234.exe	38
PID 1224 wrote to memory of 1800	1224	h4ckdn1234.exe	38
PID 1224 wrote to memory of 1800	1224	h4ckdn1234.exe	38
PID 1224 wrote to memory of 1800	1224	h4ckdn1234.exe	38
PID 1800 wrote to memory of 608	1800	h4ckdn1234.exe	39
PID 1800 wrote to memory of 608	1800	h4ckdn1234.exe	39
PID 1800 wrote to memory of 608	1800	h4ckdn1234.exe	39
PID 1800 wrote to memory of 608	1800	h4ckdn1234.exe	39
PID 608 wrote to memory of 748	608	h4ckdn1234.exe	40
PID 608 wrote to memory of 748	608	h4ckdn1234.exe	40
PID 608 wrote to memory of 748	608	h4ckdn1234.exe	40
PID 608 wrote to memory of 748	608	h4ckdn1234.exe	40
PID 748 wrote to memory of 1564	748	h4ckdn1234.exe	41
PID 748 wrote to memory of 1564	748	h4ckdn1234.exe	41
PID 748 wrote to memory of 1564	748	h4ckdn1234.exe	41
PID 748 wrote to memory of 1564	748	h4ckdn1234.exe	41
PID 1564 wrote to memory of 1140	1564	h4ckdn1234.exe	42
PID 1564 wrote to memory of 1140	1564	h4ckdn1234.exe	42
PID 1564 wrote to memory of 1140	1564	h4ckdn1234.exe	42
PID 1564 wrote to memory of 1140	1564	h4ckdn1234.exe	42

C:\Users\Admin\AppData\Local\Temp\7dd4fd6b6a5f45bee6b53e266b6cbf734a11814301a88d0d4dfa608fae6ed0b6.exe
"C:\Users\Admin\AppData\Local\Temp\7dd4fd6b6a5f45bee6b53e266b6cbf734a11814301a88d0d4dfa608fae6ed0b6.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:656
- C:\Windows\SysWOW64\h4ckdn1234.exe
  C:\Windows\system32\h4ckdn1234.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies WinLogon
  - Suspicious use of WriteProcessMemory
  PID:1496
- - C:\Windows\SysWOW64\h4ckdn1234.exe
    C:\Windows\system32\h4ckdn1234.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:1896
  - - C:\Windows\SysWOW64\h4ckdn1234.exe
      C:\Windows\system32\h4ckdn1234.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:964
    - - C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:2004
      - C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1752
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1664
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1812
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1880
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1276
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies WinLogon
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1604
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1224
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1800
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:608
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:748
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies WinLogon
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1564
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1140
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1384
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:292
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies WinLogon
        
        PID:924
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies WinLogon
        
        PID:1932
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:1928
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies WinLogon
        
        PID:2008
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies WinLogon
        
        PID:1984
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1720
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:584
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1744
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:604
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1056
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:668
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1152
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:976
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        33⤵
        Executes dropped EXE
        Modifies WinLogon
        
        PID:1112
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        34⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1908
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        35⤵
        Executes dropped EXE
        Modifies WinLogon
        
        PID:1640
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        36⤵
        Executes dropped EXE
        
        PID:2044
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        37⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1104
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        38⤵
        Executes dropped EXE
        
        PID:1180
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        39⤵
        Executes dropped EXE
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:1724
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        40⤵
        Executes dropped EXE
        
        PID:576
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        41⤵
        Executes dropped EXE
        
        PID:1440
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        42⤵
        Executes dropped EXE
        
        PID:1620
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        43⤵
        Executes dropped EXE
        
        PID:1828
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        44⤵
        Executes dropped EXE
        
        PID:1460
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        45⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:1704
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        46⤵
        Executes dropped EXE
        
        PID:2064
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        47⤵
        Executes dropped EXE
        
        PID:2088
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        48⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2112
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        49⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2136
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        50⤵
        Executes dropped EXE
        
        PID:2160
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        51⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:2184
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        52⤵
        Executes dropped EXE
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:2204
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        53⤵
        Executes dropped EXE
        
        PID:2228
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        54⤵
        Executes dropped EXE
        
        PID:2252
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        55⤵
        Executes dropped EXE
        Modifies WinLogon
        
        PID:2276
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        56⤵
        Executes dropped EXE
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:2296
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        57⤵
        Executes dropped EXE
        
        PID:2320
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        58⤵
        Executes dropped EXE
        Modifies WinLogon
        
        PID:2340
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2360
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        60⤵
        Executes dropped EXE
        
        PID:2380
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        61⤵
        Executes dropped EXE
        Modifies WinLogon
        
        PID:2404
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        62⤵
        Executes dropped EXE
        
        PID:2424
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        63⤵
        Executes dropped EXE
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:2448
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        64⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2472
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        65⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:2496
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        66⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        67⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:2540
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        68⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        69⤵
        Adds Run key to start application
        
        PID:2580
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        70⤵
        Adds Run key to start application
        
        PID:2600
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        71⤵
        Modifies WinLogon
        
        PID:2616
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        72⤵
        Drops file in System32 directory
        
        PID:2640
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        73⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        74⤵
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:2680
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        75⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        76⤵
        Adds Run key to start application
        
        PID:2720
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        77⤵
        Adds Run key to start application
        Modifies WinLogon
        
        PID:2740
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        78⤵
        Modifies WinLogon
        
        PID:2756
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        79⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        80⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        81⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        82⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        83⤵
        Adds Run key to start application
        Modifies WinLogon
        
        PID:2852
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        84⤵
        Modifies WinLogon
        
        PID:2872
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        85⤵
        Drops file in System32 directory
        
        PID:2892
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        86⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:2912
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        87⤵
        Drops file in System32 directory
        
        PID:2932
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        88⤵
        Adds Run key to start application
        
        PID:2952
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        89⤵
        Adds Run key to start application
        Modifies WinLogon
        
        PID:2972
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        90⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        91⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        92⤵
        Modifies WinLogon
        
        PID:3028
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        93⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        94⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        95⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        96⤵
        Modifies WinLogon
        
        PID:2120
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        97⤵
        Drops file in System32 directory
        
        PID:2168
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        98⤵
        Adds Run key to start application
        
        PID:2216
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        99⤵
        Modifies WinLogon
        
        PID:2284
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        100⤵
        Drops file in System32 directory
        
        PID:2356
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        101⤵
        Adds Run key to start application
        
        PID:2388
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        102⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:2436
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        103⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        104⤵
        Modifies WinLogon
        
        PID:2632
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        105⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        106⤵
        Drops file in System32 directory
        
        PID:2828
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        107⤵
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:2928
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        108⤵
        Drops file in System32 directory
        
        PID:3024
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        109⤵
        Drops file in System32 directory
        
        PID:2200
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        110⤵
        Modifies WinLogon
        
        PID:2468
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        111⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:2904
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        112⤵
        Modifies WinLogon
        
        PID:3076
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        113⤵
        Drops file in System32 directory
        
        PID:3096
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        114⤵
        Adds Run key to start application
        Modifies WinLogon
        
        PID:3116
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        115⤵
        Adds Run key to start application
        Modifies WinLogon
        
        PID:3136
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        116⤵
        Modifies WinLogon
        
        PID:3156
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        117⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        118⤵
        Adds Run key to start application
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:3196
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        119⤵
        Adds Run key to start application
        Modifies WinLogon
        
        PID:3220
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        120⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        121⤵
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:3260
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        122⤵
        Drops file in System32 directory
        
        PID:3280
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        123⤵
        Adds Run key to start application
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:3300
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        124⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        125⤵
        Drops file in System32 directory
        
        PID:3340
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        126⤵
        Adds Run key to start application
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:3364
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        127⤵
        Adds Run key to start application
        Modifies WinLogon
        
        PID:3388
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        128⤵
        Drops file in System32 directory
        
        PID:3404
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        129⤵
        Adds Run key to start application
        
        PID:3428
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        130⤵
        Adds Run key to start application
        
        PID:3444
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        131⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:3468
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        132⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        133⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:3504
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        134⤵
        Drops file in System32 directory
        
        PID:3524
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        135⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        136⤵
        Adds Run key to start application
        
        PID:3564
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        137⤵
        Adds Run key to start application
        
        PID:3584
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        138⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        139⤵
        Adds Run key to start application
        
        PID:3624
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        140⤵
        Drops file in System32 directory
        
        PID:3644
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        141⤵
        Adds Run key to start application
        
        PID:3664
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        142⤵
        Adds Run key to start application
        Modifies WinLogon
        
        PID:3684
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        143⤵
        Adds Run key to start application
        
        PID:3700
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        144⤵
        Modifies WinLogon
        
        PID:3720
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        145⤵
        Adds Run key to start application
        
        PID:3740
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        146⤵
        Modifies WinLogon
        
        PID:3764
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        147⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        148⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        149⤵
        Drops file in System32 directory
        
        PID:3820
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        150⤵
        Modifies WinLogon
        
        PID:3840
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        151⤵
        Drops file in System32 directory
        
        PID:3860
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        152⤵
        Adds Run key to start application
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:3884
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        153⤵
        Adds Run key to start application
        
        PID:3908
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        154⤵
        Modifies WinLogon
        
        PID:3928
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        155⤵
        Modifies WinLogon
        
        PID:3948
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        156⤵
        Modifies WinLogon
        
        PID:3964
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        157⤵
        Adds Run key to start application
        
        PID:3988
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        158⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        159⤵
        Adds Run key to start application
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:4024
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        160⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        161⤵
        Drops file in System32 directory
        
        PID:4060
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        162⤵
        Drops file in System32 directory
        
        PID:4084
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        163⤵
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:3112
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        164⤵
        Drops file in System32 directory
        
        PID:3192
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        165⤵
        Adds Run key to start application
        Modifies WinLogon
        
        PID:3400
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        166⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        167⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:3656
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        168⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        169⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        170⤵
        Adds Run key to start application
        
        PID:3960
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        171⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        172⤵
        Adds Run key to start application
        
        PID:3712
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        173⤵
        Adds Run key to start application
        Modifies WinLogon
        
        PID:3620
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        174⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        175⤵
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:4144
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        176⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        177⤵
        Drops file in System32 directory
        
        PID:4184
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        178⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        179⤵
        Adds Run key to start application
        
        PID:4224
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        180⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4248
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        181⤵
        Adds Run key to start application
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:4276
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        182⤵
        Drops file in System32 directory
        
        PID:4296
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        183⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        184⤵
        Drops file in System32 directory
        
        PID:4332
        
        C:\Windows\SysWOW64\h4ckdn1234.exe
        
        C:\Windows\system32\h4ckdn1234.exe
        185⤵
        
        PID:4348

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
C:\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
\Windows\SysWOW64\h4ckdn1234.exe

Filesize
29KB

MD5
040d3b0971da4a2f130cc550c0b2530b

SHA1
172c514b82e97980bac7e87510e91cb3f5603e71

SHA256
34d73e75ff5860e7877343e76c1cf712b768ee65f2bc6159dcca09efb270af68

SHA512
39d25bf3c9aa6a22c3af28a2d6ee2ae917661b536d29af4551a94b9d32e4ec7712bed3e656240d979ed6f85403ff480b5a7c6e84c134990b30b8329ffce33293

Download Submit
memory/656-54-0x0000000075131000-0x0000000075133000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads