e73355e646bbfd9fa79481e29db92adf1c9812188d32c1479803f6700139fb82

Analysis

max time kernel
168s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e73355e646bbfd9fa79481e29db92adf1c9812188d32c1479803f6700139fb82.exe
Size

98KB
MD5

4eaca9eca40ae5aaf39a8168d250adb0
SHA1

2bf6b8d1c7fbba71b7c0cffbb784dca841bb99bd
SHA256

e73355e646bbfd9fa79481e29db92adf1c9812188d32c1479803f6700139fb82
SHA512

831aac44d2c1f16c038ae1368f15222990388bb3469577b793ba9762589fdadf7be6b9cc8f69691b3993da646c7a348399071187326e42a47008b9e7afcafb84
SSDEEP

768:x+lnNeZT3TLTqquEU6SlM5Hm2qRQMvag6gKK6aFGXIdQrfqF27OnV/1H56gn71st:x+LeNLTqZ6ScxMvT6g7GRfqgwUE1QZ+

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Icdoolge.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Gmggac32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Lcpledob.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Pdpmpdbd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Mfkkqmiq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Klgend32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Keakgpko.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Imhjlb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Mfofjk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Omgjhc32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Omkdcccb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ecjpfp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Kdgcne32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Iqfcbahb.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mjaodkmo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cqmgigfk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Jeanfkob.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mjnnmn32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ihpcinld.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Mjlalkmd.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qibmoa32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jagqfp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Jdnqgg32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Klgend32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Kdcicipb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Dhocqigp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ghipne32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Iiaggc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Mbamcm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Fjdajhbi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Fmejlcoj.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jhdcmf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Kinefp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ehapfiem.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Khbiello.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Lakfeodm.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hoglbc32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jlkfbe32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Koeajo32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Accfbokl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Gaadfkgc.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jfehed32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ggfglb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cdfgdf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Flodilma.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bfdodjhm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Nfcoekhe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Geqlhp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ionbcb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fmpaqd32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jnjednnp.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jaimko32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Kmlmlo32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jkomhhae.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kohnpoib.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Jfalhgni.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Hfklhhcl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Lejnmncd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Jmccnk32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Gngckfdj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ipbaol32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lhenai32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Jkomhhae.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Pmgcoaie.exe

Executes dropped EXE 64 IoCs

pid	Process
3172	Pdpmpdbd.exe
4512	Ageolo32.exe
4360	Aclpap32.exe
4116	Ajfhnjhq.exe
3828	Acnlgp32.exe
764	Accfbokl.exe
3916	Bfdodjhm.exe
1052	Bmpcfdmg.exe
2664	Beihma32.exe
208	Cfmajipb.exe
2208	Ceqnmpfo.exe
2516	Cfdhkhjj.exe
1428	Cjbpaf32.exe
368	Dhocqigp.exe
404	Ehapfiem.exe
332	Ehdmlhcj.exe
5080	Edknqiho.exe
3844	Eopbnbhd.exe
544	Ehiffh32.exe
4708	Emhldnkj.exe
4516	Fdbdah32.exe
4764	Fedmqk32.exe
4440	Fgeihcme.exe
3616	Fhdfbfdh.exe
1472	Fgjccb32.exe
3524	Ghipne32.exe
1032	Gaadfkgc.exe
4324	Gkjhoq32.exe
5056	Gdbmhf32.exe
5060	Gnkaalkd.exe
856	Gkobjpin.exe
2616	Ghbbcd32.exe
2316	Hffcmh32.exe
3160	Hoogfnnb.exe
3864	Hkehkocf.exe
3972	Hfklhhcl.exe
2520	Jkmgblok.exe
3876	Jfehed32.exe
1256	Jfgdkd32.exe
480	Kbnepe32.exe
2268	Kihnmohm.exe
1732	Kflnfcgg.exe
3384	Khmknk32.exe
1096	Keakgpko.exe
1636	Knlleepl.exe
4288	Lfealaol.exe
796	Lejnmncd.exe
3816	Lldfjh32.exe
3996	Lhkgoiqe.exe
2060	Leoghn32.exe
4208	Leadnm32.exe
3136	Elgaeolp.exe
5008	Ddifgk32.exe
2412	Ekcgkb32.exe
3948	Fbbicl32.exe
2672	Fqgedh32.exe
1316	Gbiockdj.exe
3724	Ggfglb32.exe
1460	Geldkfpi.exe
1520	Hppeim32.exe
3552	Ipbaol32.exe
1648	Iacngdgj.exe
2488	Ihpcinld.exe
744	Ibgdlg32.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Laffpi32.exe	Qcnjijoe.exe
File opened for modification	C:\Windows\SysWOW64\Iabodcnj.exe	Ilcjgm32.exe
File opened for modification	C:\Windows\SysWOW64\Flfjjkgi.exe	Fmejlcoj.exe
File created	C:\Windows\SysWOW64\Mjqjbn32.exe	Mknjgajl.exe
File created	C:\Windows\SysWOW64\Gejimf32.dll	Ocihgnam.exe
File created	C:\Windows\SysWOW64\Mfjlolpp.exe	Mjaodkmo.exe
File created	C:\Windows\SysWOW64\Edeanh32.dll	Mbamcm32.exe
File created	C:\Windows\SysWOW64\Biepfnpi.dll	Ihpcinld.exe
File opened for modification	C:\Windows\SysWOW64\Jehcfj32.exe	Jkcpia32.exe
File created	C:\Windows\SysWOW64\Kdffiinp.exe	Kmlmlo32.exe
File created	C:\Windows\SysWOW64\Aplgij32.dll	Gajibq32.exe
File created	C:\Windows\SysWOW64\Kdgcne32.exe	Kohnpoib.exe
File opened for modification	C:\Windows\SysWOW64\Omkdcccb.exe	Ojkkah32.exe
File opened for modification	C:\Windows\SysWOW64\Ionbcb32.exe	Ihdjfhhc.exe
File created	C:\Windows\SysWOW64\Gnoanl32.dll	Inhion32.exe
File opened for modification	C:\Windows\SysWOW64\Jfalhgni.exe	Jpgdlm32.exe
File created	C:\Windows\SysWOW64\Himnbjpd.dll	Hoogfnnb.exe
File created	C:\Windows\SysWOW64\Pbhgoh32.exe	Piocecgj.exe
File opened for modification	C:\Windows\SysWOW64\Pcgdhkem.exe	Pbhgoh32.exe
File created	C:\Windows\SysWOW64\Ifqoehhl.exe	Ioffhn32.exe
File opened for modification	C:\Windows\SysWOW64\Ofdhlh32.exe	Omkdcccb.exe
File opened for modification	C:\Windows\SysWOW64\Headon32.exe	Hoglbc32.exe
File created	C:\Windows\SysWOW64\Jdgjgh32.exe	Jnmbjnlm.exe
File created	C:\Windows\SysWOW64\Jiphebml.exe	Jfalhgni.exe
File created	C:\Windows\SysWOW64\Ehdmlhcj.exe	Ehapfiem.exe
File created	C:\Windows\SysWOW64\Iacngdgj.exe	Ipbaol32.exe
File opened for modification	C:\Windows\SysWOW64\Anjikoip.exe	Acdeneij.exe
File created	C:\Windows\SysWOW64\Mnjnokej.dll	Heohinog.exe
File created	C:\Windows\SysWOW64\Mgbpghdn.dll	Acnlgp32.exe
File opened for modification	C:\Windows\SysWOW64\Hffcmh32.exe	Ghbbcd32.exe
File created	C:\Windows\SysWOW64\Pmipdq32.exe	Pkkdhe32.exe
File opened for modification	C:\Windows\SysWOW64\Lbmqmi32.exe	Lkchpoka.exe
File created	C:\Windows\SysWOW64\Lkpnec32.exe	Kdffiinp.exe
File created	C:\Windows\SysWOW64\Kkcmfmhk.dll	Emhldnkj.exe
File created	C:\Windows\SysWOW64\Nlbdba32.exe	Nfcoekhe.exe
File opened for modification	C:\Windows\SysWOW64\Dkokbn32.exe	Cqmgigfk.exe
File created	C:\Windows\SysWOW64\Nclbalhj.dll	Flfjjkgi.exe
File created	C:\Windows\SysWOW64\Iaokdn32.exe	Ikechced.exe
File opened for modification	C:\Windows\SysWOW64\Gdbmhf32.exe	Gkjhoq32.exe
File created	C:\Windows\SysWOW64\Egfapa32.dll	Jfgdkd32.exe
File opened for modification	C:\Windows\SysWOW64\Hdokok32.exe	Haaocp32.exe
File opened for modification	C:\Windows\SysWOW64\Iolfmcbb.exe	Hhbnqi32.exe
File opened for modification	C:\Windows\SysWOW64\Hkehkocf.exe	Hoogfnnb.exe
File opened for modification	C:\Windows\SysWOW64\Hoepmd32.exe	Hlfcqh32.exe
File created	C:\Windows\SysWOW64\Oalfdbfa.dll	Ghipne32.exe
File created	C:\Windows\SysWOW64\Neahna32.dll	Hecadm32.exe
File created	C:\Windows\SysWOW64\Hlfcqh32.exe	Hdokok32.exe
File created	C:\Windows\SysWOW64\Foalam32.dll	Lfealaol.exe
File opened for modification	C:\Windows\SysWOW64\Ddifgk32.exe	Elgaeolp.exe
File created	C:\Windows\SysWOW64\Ihpcinld.exe	Iacngdgj.exe
File created	C:\Windows\SysWOW64\Anjikoip.exe	Acdeneij.exe
File created	C:\Windows\SysWOW64\Alhpkldp.exe	Akgcdc32.exe
File created	C:\Windows\SysWOW64\Ecjpfp32.exe	Dkokbn32.exe
File opened for modification	C:\Windows\SysWOW64\Ikmpcicg.exe	Iabodcnj.exe
File opened for modification	C:\Windows\SysWOW64\Gkdjaf32.exe	Gdkbdllj.exe
File opened for modification	C:\Windows\SysWOW64\Hppeim32.exe	Geldkfpi.exe
File created	C:\Windows\SysWOW64\Iheaqolo.exe	Hakidd32.exe
File opened for modification	C:\Windows\SysWOW64\Hdahek32.exe	Heohinog.exe
File created	C:\Windows\SysWOW64\Jijjfldq.dll	Bfdodjhm.exe
File created	C:\Windows\SysWOW64\Flfjjkgi.exe	Fmejlcoj.exe
File opened for modification	C:\Windows\SysWOW64\Ikechced.exe	Iehkpmgl.exe
File opened for modification	C:\Windows\SysWOW64\Glkdejcd.exe	Geqlhp32.exe
File created	C:\Windows\SysWOW64\Ekoeadll.dll	Lmcejbbd.exe
File created	C:\Windows\SysWOW64\Kmnkaeeg.dll	Jiphebml.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Fgjccb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Fbbicl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Pbhgoh32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jfalhgni.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Kdffiinp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Adnilfnl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dkokbn32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Gajibq32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Hhhkjj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Qlajkm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Fegiba32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ibgdlg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qeikficp.dll"	Ijngkf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Pmgcoaie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Akdfndpd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ggfglb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pehndh32.dll"	Jkcpia32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Fgjccb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qimdklek.dll"	Imhjlb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hmgbginj.dll"	Jqhphq32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ckggbk32.dll"	Iolfmcbb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bhagaamj.dll"	Khmknk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dciqifgc.dll"	Ioffhn32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Fhfenmbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jnmbjnlm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Iokkmq32.dll"	Qibmoa32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Haobnpkc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Hoepmd32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bmpcfdmg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Gkjhoq32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Hkehkocf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Biepfnpi.dll"	Ihpcinld.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mgieqpje.dll"	Jcgldl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Fjdajhbi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Cmdcap32.dll"	Ionbcb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Iemdkl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ajfhnjhq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Hddejjdo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Jdiglgbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Khimhefk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Eajhee32.dll"	Ikmpcicg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bbkbabje.dll"	Bcpdidol.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Hoogfnnb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dqceni32.dll"	Ilglgfjd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jmmepf32.dll"	Iheaqolo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jdembk32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Cfdhkhjj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jbfjlb32.dll"	Lhkgoiqe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Elgaeolp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bcpdidol.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Inhion32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Iefphb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Jdkdbgpd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ghbbcd32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ofgdcipq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Fkpdfdaa.dll"	Bkepeaaa.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Lanpml32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Qcnjijoe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jhkane32.dll"	Jmccnk32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Lcpledob.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ickihp32.dll"	Adnilfnl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Qlajkm32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Mahbck32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Mdfopf32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 3172	2300	e73355e646bbfd9fa79481e29db92adf1c9812188d32c1479803f6700139fb82.exe	82
PID 2300 wrote to memory of 3172	2300	e73355e646bbfd9fa79481e29db92adf1c9812188d32c1479803f6700139fb82.exe	82
PID 2300 wrote to memory of 3172	2300	e73355e646bbfd9fa79481e29db92adf1c9812188d32c1479803f6700139fb82.exe	82
PID 3172 wrote to memory of 4512	3172	Pdpmpdbd.exe	83
PID 3172 wrote to memory of 4512	3172	Pdpmpdbd.exe	83
PID 3172 wrote to memory of 4512	3172	Pdpmpdbd.exe	83
PID 4512 wrote to memory of 4360	4512	Ageolo32.exe	84
PID 4512 wrote to memory of 4360	4512	Ageolo32.exe	84
PID 4512 wrote to memory of 4360	4512	Ageolo32.exe	84
PID 4360 wrote to memory of 4116	4360	Aclpap32.exe	85
PID 4360 wrote to memory of 4116	4360	Aclpap32.exe	85
PID 4360 wrote to memory of 4116	4360	Aclpap32.exe	85
PID 4116 wrote to memory of 3828	4116	Ajfhnjhq.exe	86
PID 4116 wrote to memory of 3828	4116	Ajfhnjhq.exe	86
PID 4116 wrote to memory of 3828	4116	Ajfhnjhq.exe	86
PID 3828 wrote to memory of 764	3828	Acnlgp32.exe	87
PID 3828 wrote to memory of 764	3828	Acnlgp32.exe	87
PID 3828 wrote to memory of 764	3828	Acnlgp32.exe	87
PID 764 wrote to memory of 3916	764	Accfbokl.exe	88
PID 764 wrote to memory of 3916	764	Accfbokl.exe	88
PID 764 wrote to memory of 3916	764	Accfbokl.exe	88
PID 3916 wrote to memory of 1052	3916	Bfdodjhm.exe	89
PID 3916 wrote to memory of 1052	3916	Bfdodjhm.exe	89
PID 3916 wrote to memory of 1052	3916	Bfdodjhm.exe	89
PID 1052 wrote to memory of 2664	1052	Bmpcfdmg.exe	90
PID 1052 wrote to memory of 2664	1052	Bmpcfdmg.exe	90
PID 1052 wrote to memory of 2664	1052	Bmpcfdmg.exe	90
PID 2664 wrote to memory of 208	2664	Beihma32.exe	91
PID 2664 wrote to memory of 208	2664	Beihma32.exe	91
PID 2664 wrote to memory of 208	2664	Beihma32.exe	91
PID 208 wrote to memory of 2208	208	Cfmajipb.exe	92
PID 208 wrote to memory of 2208	208	Cfmajipb.exe	92
PID 208 wrote to memory of 2208	208	Cfmajipb.exe	92
PID 2208 wrote to memory of 2516	2208	Ceqnmpfo.exe	93
PID 2208 wrote to memory of 2516	2208	Ceqnmpfo.exe	93
PID 2208 wrote to memory of 2516	2208	Ceqnmpfo.exe	93
PID 2516 wrote to memory of 1428	2516	Cfdhkhjj.exe	94
PID 2516 wrote to memory of 1428	2516	Cfdhkhjj.exe	94
PID 2516 wrote to memory of 1428	2516	Cfdhkhjj.exe	94
PID 1428 wrote to memory of 368	1428	Cjbpaf32.exe	95
PID 1428 wrote to memory of 368	1428	Cjbpaf32.exe	95
PID 1428 wrote to memory of 368	1428	Cjbpaf32.exe	95
PID 368 wrote to memory of 404	368	Dhocqigp.exe	96
PID 368 wrote to memory of 404	368	Dhocqigp.exe	96
PID 368 wrote to memory of 404	368	Dhocqigp.exe	96
PID 404 wrote to memory of 332	404	Ehapfiem.exe	97
PID 404 wrote to memory of 332	404	Ehapfiem.exe	97
PID 404 wrote to memory of 332	404	Ehapfiem.exe	97
PID 332 wrote to memory of 5080	332	Ehdmlhcj.exe	98
PID 332 wrote to memory of 5080	332	Ehdmlhcj.exe	98
PID 332 wrote to memory of 5080	332	Ehdmlhcj.exe	98
PID 5080 wrote to memory of 3844	5080	Edknqiho.exe	99
PID 5080 wrote to memory of 3844	5080	Edknqiho.exe	99
PID 5080 wrote to memory of 3844	5080	Edknqiho.exe	99
PID 3844 wrote to memory of 544	3844	Eopbnbhd.exe	100
PID 3844 wrote to memory of 544	3844	Eopbnbhd.exe	100
PID 3844 wrote to memory of 544	3844	Eopbnbhd.exe	100
PID 544 wrote to memory of 4708	544	Ehiffh32.exe	101
PID 544 wrote to memory of 4708	544	Ehiffh32.exe	101
PID 544 wrote to memory of 4708	544	Ehiffh32.exe	101
PID 4708 wrote to memory of 4516	4708	Emhldnkj.exe	102
PID 4708 wrote to memory of 4516	4708	Emhldnkj.exe	102
PID 4708 wrote to memory of 4516	4708	Emhldnkj.exe	102
PID 4516 wrote to memory of 4764	4516	Fdbdah32.exe	103

C:\Users\Admin\AppData\Local\Temp\e73355e646bbfd9fa79481e29db92adf1c9812188d32c1479803f6700139fb82.exe
"C:\Users\Admin\AppData\Local\Temp\e73355e646bbfd9fa79481e29db92adf1c9812188d32c1479803f6700139fb82.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\SysWOW64\Pdpmpdbd.exe
  C:\Windows\system32\Pdpmpdbd.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3172
- - C:\Windows\SysWOW64\Ageolo32.exe
    C:\Windows\system32\Ageolo32.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4512
  - - C:\Windows\SysWOW64\Aclpap32.exe
      C:\Windows\system32\Aclpap32.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4360
    - - C:\Windows\SysWOW64\Ajfhnjhq.exe
        
        C:\Windows\system32\Ajfhnjhq.exe
        5⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4116
      - C:\Windows\SysWOW64\Acnlgp32.exe
        
        C:\Windows\system32\Acnlgp32.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3828
        
        C:\Windows\SysWOW64\Accfbokl.exe
        
        C:\Windows\system32\Accfbokl.exe
        7⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:764
        
        C:\Windows\SysWOW64\Bfdodjhm.exe
        
        C:\Windows\system32\Bfdodjhm.exe
        8⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3916
        
        C:\Windows\SysWOW64\Bmpcfdmg.exe
        
        C:\Windows\system32\Bmpcfdmg.exe
        9⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1052
        
        C:\Windows\SysWOW64\Beihma32.exe
        
        C:\Windows\system32\Beihma32.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2664
        
        C:\Windows\SysWOW64\Cfmajipb.exe
        
        C:\Windows\system32\Cfmajipb.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:208
        
        C:\Windows\SysWOW64\Ceqnmpfo.exe
        
        C:\Windows\system32\Ceqnmpfo.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2208
        
        C:\Windows\SysWOW64\Cfdhkhjj.exe
        
        C:\Windows\system32\Cfdhkhjj.exe
        13⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2516
        
        C:\Windows\SysWOW64\Cjbpaf32.exe
        
        C:\Windows\system32\Cjbpaf32.exe
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1428
        
        C:\Windows\SysWOW64\Dhocqigp.exe
        
        C:\Windows\system32\Dhocqigp.exe
        15⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:368
        
        C:\Windows\SysWOW64\Ehapfiem.exe
        
        C:\Windows\system32\Ehapfiem.exe
        16⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:404
        
        C:\Windows\SysWOW64\Ehdmlhcj.exe
        
        C:\Windows\system32\Ehdmlhcj.exe
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:332
        
        C:\Windows\SysWOW64\Edknqiho.exe
        
        C:\Windows\system32\Edknqiho.exe
        18⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5080
        
        C:\Windows\SysWOW64\Eopbnbhd.exe
        
        C:\Windows\system32\Eopbnbhd.exe
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3844
        
        C:\Windows\SysWOW64\Ehiffh32.exe
        
        C:\Windows\system32\Ehiffh32.exe
        20⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:544
        
        C:\Windows\SysWOW64\Emhldnkj.exe
        
        C:\Windows\system32\Emhldnkj.exe
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4708
        
        C:\Windows\SysWOW64\Fdbdah32.exe
        
        C:\Windows\system32\Fdbdah32.exe
        22⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4516
        
        C:\Windows\SysWOW64\Fedmqk32.exe
        
        C:\Windows\system32\Fedmqk32.exe
        23⤵
        Executes dropped EXE
        
        PID:4764
        
        C:\Windows\SysWOW64\Fgeihcme.exe
        
        C:\Windows\system32\Fgeihcme.exe
        24⤵
        Executes dropped EXE
        
        PID:4440
        
        C:\Windows\SysWOW64\Fhdfbfdh.exe
        
        C:\Windows\system32\Fhdfbfdh.exe
        25⤵
        Executes dropped EXE
        
        PID:3616
        
        C:\Windows\SysWOW64\Fgjccb32.exe
        
        C:\Windows\system32\Fgjccb32.exe
        26⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1472
        
        C:\Windows\SysWOW64\Ghipne32.exe
        
        C:\Windows\system32\Ghipne32.exe
        27⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3524
        
        C:\Windows\SysWOW64\Gaadfkgc.exe
        
        C:\Windows\system32\Gaadfkgc.exe
        28⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:1032
        
        C:\Windows\SysWOW64\Gkjhoq32.exe
        
        C:\Windows\system32\Gkjhoq32.exe
        29⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:4324
        
        C:\Windows\SysWOW64\Gdbmhf32.exe
        
        C:\Windows\system32\Gdbmhf32.exe
        30⤵
        Executes dropped EXE
        
        PID:5056
        
        C:\Windows\SysWOW64\Gnkaalkd.exe
        
        C:\Windows\system32\Gnkaalkd.exe
        31⤵
        Executes dropped EXE
        
        PID:5060
        
        C:\Windows\SysWOW64\Gkobjpin.exe
        
        C:\Windows\system32\Gkobjpin.exe
        32⤵
        Executes dropped EXE
        
        PID:856
        
        C:\Windows\SysWOW64\Ghbbcd32.exe
        
        C:\Windows\system32\Ghbbcd32.exe
        33⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:2616
        
        C:\Windows\SysWOW64\Hffcmh32.exe
        
        C:\Windows\system32\Hffcmh32.exe
        34⤵
        Executes dropped EXE
        
        PID:2316

C:\Windows\SysWOW64\Hoogfnnb.exe
C:\Windows\system32\Hoogfnnb.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
PID:3160
- C:\Windows\SysWOW64\Hkehkocf.exe
  C:\Windows\system32\Hkehkocf.exe
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:3864
- - C:\Windows\SysWOW64\Hfklhhcl.exe
    C:\Windows\system32\Hfklhhcl.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    PID:3972
  - - C:\Windows\SysWOW64\Jkmgblok.exe
      C:\Windows\system32\Jkmgblok.exe
      4⤵
      Executes dropped EXE
      PID:2520
    - - C:\Windows\SysWOW64\Jfehed32.exe
        
        C:\Windows\system32\Jfehed32.exe
        5⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3876
      - C:\Windows\SysWOW64\Jfgdkd32.exe
        
        C:\Windows\system32\Jfgdkd32.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1256
        
        C:\Windows\SysWOW64\Kbnepe32.exe
        
        C:\Windows\system32\Kbnepe32.exe
        7⤵
        Executes dropped EXE
        
        PID:480
        
        C:\Windows\SysWOW64\Kihnmohm.exe
        
        C:\Windows\system32\Kihnmohm.exe
        8⤵
        Executes dropped EXE
        
        PID:2268
        
        C:\Windows\SysWOW64\Kflnfcgg.exe
        
        C:\Windows\system32\Kflnfcgg.exe
        9⤵
        Executes dropped EXE
        
        PID:1732
        
        C:\Windows\SysWOW64\Khmknk32.exe
        
        C:\Windows\system32\Khmknk32.exe
        10⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3384
        
        C:\Windows\SysWOW64\Keakgpko.exe
        
        C:\Windows\system32\Keakgpko.exe
        11⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:1096
        
        C:\Windows\SysWOW64\Knlleepl.exe
        
        C:\Windows\system32\Knlleepl.exe
        12⤵
        Executes dropped EXE
        
        PID:1636
        
        C:\Windows\SysWOW64\Lfealaol.exe
        
        C:\Windows\system32\Lfealaol.exe
        13⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4288
        
        C:\Windows\SysWOW64\Lejnmncd.exe
        
        C:\Windows\system32\Lejnmncd.exe
        14⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:796
        
        C:\Windows\SysWOW64\Lldfjh32.exe
        
        C:\Windows\system32\Lldfjh32.exe
        15⤵
        Executes dropped EXE
        
        PID:3816
        
        C:\Windows\SysWOW64\Lhkgoiqe.exe
        
        C:\Windows\system32\Lhkgoiqe.exe
        16⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3996
        
        C:\Windows\SysWOW64\Leoghn32.exe
        
        C:\Windows\system32\Leoghn32.exe
        17⤵
        Executes dropped EXE
        
        PID:2060
        
        C:\Windows\SysWOW64\Leadnm32.exe
        
        C:\Windows\system32\Leadnm32.exe
        18⤵
        Executes dropped EXE
        
        PID:4208
        
        C:\Windows\SysWOW64\Elgaeolp.exe
        
        C:\Windows\system32\Elgaeolp.exe
        19⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:3136
        
        C:\Windows\SysWOW64\Ddifgk32.exe
        
        C:\Windows\system32\Ddifgk32.exe
        20⤵
        Executes dropped EXE
        
        PID:5008
        
        C:\Windows\SysWOW64\Ekcgkb32.exe
        
        C:\Windows\system32\Ekcgkb32.exe
        21⤵
        Executes dropped EXE
        
        PID:2412
        
        C:\Windows\SysWOW64\Fbbicl32.exe
        
        C:\Windows\system32\Fbbicl32.exe
        22⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3948
        
        C:\Windows\SysWOW64\Fqgedh32.exe
        
        C:\Windows\system32\Fqgedh32.exe
        23⤵
        Executes dropped EXE
        
        PID:2672
        
        C:\Windows\SysWOW64\Gbiockdj.exe
        
        C:\Windows\system32\Gbiockdj.exe
        24⤵
        Executes dropped EXE
        
        PID:1316
        
        C:\Windows\SysWOW64\Ggfglb32.exe
        
        C:\Windows\system32\Ggfglb32.exe
        25⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:3724
        
        C:\Windows\SysWOW64\Geldkfpi.exe
        
        C:\Windows\system32\Geldkfpi.exe
        26⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1460
        
        C:\Windows\SysWOW64\Hppeim32.exe
        
        C:\Windows\system32\Hppeim32.exe
        27⤵
        Executes dropped EXE
        
        PID:1520
        
        C:\Windows\SysWOW64\Ipbaol32.exe
        
        C:\Windows\system32\Ipbaol32.exe
        28⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3552
        
        C:\Windows\SysWOW64\Iacngdgj.exe
        
        C:\Windows\system32\Iacngdgj.exe
        29⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1648
        
        C:\Windows\SysWOW64\Ihpcinld.exe
        
        C:\Windows\system32\Ihpcinld.exe
        30⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:2488
        
        C:\Windows\SysWOW64\Ibgdlg32.exe
        
        C:\Windows\system32\Ibgdlg32.exe
        31⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:744
        
        C:\Windows\SysWOW64\Iefphb32.exe
        
        C:\Windows\system32\Iefphb32.exe
        32⤵
        Modifies registry class
        
        PID:348
        
        C:\Windows\SysWOW64\Jhgiim32.exe
        
        C:\Windows\system32\Jhgiim32.exe
        33⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\Jemfhacc.exe
        
        C:\Windows\system32\Jemfhacc.exe
        34⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\Johggfha.exe
        
        C:\Windows\system32\Johggfha.exe
        35⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\Khbiello.exe
        
        C:\Windows\system32\Khbiello.exe
        36⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:3112
        
        C:\Windows\SysWOW64\Kplmliko.exe
        
        C:\Windows\system32\Kplmliko.exe
        37⤵
        
        PID:956
        
        C:\Windows\SysWOW64\Kamjda32.exe
        
        C:\Windows\system32\Kamjda32.exe
        38⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\Kapfiqoj.exe
        
        C:\Windows\system32\Kapfiqoj.exe
        39⤵
        
        PID:484
        
        C:\Windows\SysWOW64\Kpccmhdg.exe
        
        C:\Windows\system32\Kpccmhdg.exe
        40⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\Lcclncbh.exe
        
        C:\Windows\system32\Lcclncbh.exe
        41⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\Lojmcdgl.exe
        
        C:\Windows\system32\Lojmcdgl.exe
        42⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\Lakfeodm.exe
        
        C:\Windows\system32\Lakfeodm.exe
        43⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4872
        
        C:\Windows\SysWOW64\Lhenai32.exe
        
        C:\Windows\system32\Lhenai32.exe
        44⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:1804
        
        C:\Windows\SysWOW64\Ljdkll32.exe
        
        C:\Windows\system32\Ljdkll32.exe
        45⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\Mfkkqmiq.exe
        
        C:\Windows\system32\Mfkkqmiq.exe
        46⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5100
        
        C:\Windows\SysWOW64\Mcoljagj.exe
        
        C:\Windows\system32\Mcoljagj.exe
        47⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\Mlhqcgnk.exe
        
        C:\Windows\system32\Mlhqcgnk.exe
        48⤵
        
        PID:680
        
        C:\Windows\SysWOW64\Mjlalkmd.exe
        
        C:\Windows\system32\Mjlalkmd.exe
        49⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4552
        
        C:\Windows\SysWOW64\Ocihgnam.exe
        
        C:\Windows\system32\Ocihgnam.exe
        50⤵
        Drops file in System32 directory
        
        PID:4920
        
        C:\Windows\SysWOW64\Ofgdcipq.exe
        
        C:\Windows\system32\Ofgdcipq.exe
        51⤵
        Modifies registry class
        
        PID:2444
        
        C:\Windows\SysWOW64\Ofjqihnn.exe
        
        C:\Windows\system32\Ofjqihnn.exe
        52⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\Oihmedma.exe
        
        C:\Windows\system32\Oihmedma.exe
        53⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\Pbcncibp.exe
        
        C:\Windows\system32\Pbcncibp.exe
        54⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\Piocecgj.exe
        
        C:\Windows\system32\Piocecgj.exe
        55⤵
        Drops file in System32 directory
        
        PID:2852
        
        C:\Windows\SysWOW64\Pbhgoh32.exe
        
        C:\Windows\system32\Pbhgoh32.exe
        56⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:3696
        
        C:\Windows\SysWOW64\Pcgdhkem.exe
        
        C:\Windows\system32\Pcgdhkem.exe
        57⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\Pmphaaln.exe
        
        C:\Windows\system32\Pmphaaln.exe
        58⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\Pciqnk32.exe
        
        C:\Windows\system32\Pciqnk32.exe
        59⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\Qclmck32.exe
        
        C:\Windows\system32\Qclmck32.exe
        60⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\Qcnjijoe.exe
        
        C:\Windows\system32\Qcnjijoe.exe
        61⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5064
        
        C:\Windows\SysWOW64\Laffpi32.exe
        
        C:\Windows\system32\Laffpi32.exe
        62⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\Flhoinbl.exe
        
        C:\Windows\system32\Flhoinbl.exe
        63⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\Adnilfnl.exe
        
        C:\Windows\system32\Adnilfnl.exe
        64⤵
        Modifies registry class
        
        PID:4696
        
        C:\Windows\SysWOW64\Imhjlb32.exe
        
        C:\Windows\system32\Imhjlb32.exe
        65⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:4412
        
        C:\Windows\SysWOW64\Ioffhn32.exe
        
        C:\Windows\system32\Ioffhn32.exe
        66⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1552
        
        C:\Windows\SysWOW64\Ifqoehhl.exe
        
        C:\Windows\system32\Ifqoehhl.exe
        67⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\Imjgbb32.exe
        
        C:\Windows\system32\Imjgbb32.exe
        68⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\Iqfcbahb.exe
        
        C:\Windows\system32\Iqfcbahb.exe
        69⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:3144
        
        C:\Windows\SysWOW64\Icdoolge.exe
        
        C:\Windows\system32\Icdoolge.exe
        70⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:3580
        
        C:\Windows\SysWOW64\Ijngkf32.exe
        
        C:\Windows\system32\Ijngkf32.exe
        71⤵
        Modifies registry class
        
        PID:4444
        
        C:\Windows\SysWOW64\Iiaggc32.exe
        
        C:\Windows\system32\Iiaggc32.exe
        72⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:880
        
        C:\Windows\SysWOW64\Jqhphq32.exe
        
        C:\Windows\system32\Jqhphq32.exe
        73⤵
        Modifies registry class
        
        PID:1276
        
        C:\Windows\SysWOW64\Jcgldl32.exe
        
        C:\Windows\system32\Jcgldl32.exe
        74⤵
        Modifies registry class
        
        PID:4308
        
        C:\Windows\SysWOW64\Jjqdafmp.exe
        
        C:\Windows\system32\Jjqdafmp.exe
        75⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\Hakidd32.exe
        
        C:\Windows\system32\Hakidd32.exe
        76⤵
        Drops file in System32 directory
        
        PID:1100
        
        C:\Windows\SysWOW64\Iheaqolo.exe
        
        C:\Windows\system32\Iheaqolo.exe
        77⤵
        Modifies registry class
        
        PID:1636
        
        C:\Windows\SysWOW64\Ilcjgm32.exe
        
        C:\Windows\system32\Ilcjgm32.exe
        78⤵
        Drops file in System32 directory
        
        PID:3688
        
        C:\Windows\SysWOW64\Iabodcnj.exe
        
        C:\Windows\system32\Iabodcnj.exe
        79⤵
        Drops file in System32 directory
        
        PID:2268
        
        C:\Windows\SysWOW64\Ikmpcicg.exe
        
        C:\Windows\system32\Ikmpcicg.exe
        80⤵
        Modifies registry class
        
        PID:3972
        
        C:\Windows\SysWOW64\Jkomhhae.exe
        
        C:\Windows\system32\Jkomhhae.exe
        81⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4956
        
        C:\Windows\SysWOW64\Jchaoe32.exe
        
        C:\Windows\system32\Jchaoe32.exe
        82⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\Jbkbkbfo.exe
        
        C:\Windows\system32\Jbkbkbfo.exe
        83⤵
        
        PID:704
        
        C:\Windows\SysWOW64\Jlafhkfe.exe
        
        C:\Windows\system32\Jlafhkfe.exe
        84⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\Jjefao32.exe
        
        C:\Windows\system32\Jjefao32.exe
        85⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\Jmccnk32.exe
        
        C:\Windows\system32\Jmccnk32.exe
        86⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:4764
        
        C:\Windows\SysWOW64\Jcmkjeko.exe
        
        C:\Windows\system32\Jcmkjeko.exe
        87⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\Mjaodkmo.exe
        
        C:\Windows\system32\Mjaodkmo.exe
        88⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:2296
        
        C:\Windows\SysWOW64\Mfjlolpp.exe
        
        C:\Windows\system32\Mfjlolpp.exe
        89⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\Mbamcm32.exe
        
        C:\Windows\system32\Mbamcm32.exe
        90⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:3952
        
        C:\Windows\SysWOW64\Mfofjk32.exe
        
        C:\Windows\system32\Mfofjk32.exe
        91⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4408
        
        C:\Windows\SysWOW64\Nfcoekhe.exe
        
        C:\Windows\system32\Nfcoekhe.exe
        92⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:4928
        
        C:\Windows\SysWOW64\Nlbdba32.exe
        
        C:\Windows\system32\Nlbdba32.exe
        93⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\Ofmbkipk.exe
        
        C:\Windows\system32\Ofmbkipk.exe
        94⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\Omgjhc32.exe
        
        C:\Windows\system32\Omgjhc32.exe
        95⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2660
        
        C:\Windows\SysWOW64\Ojkkah32.exe
        
        C:\Windows\system32\Ojkkah32.exe
        96⤵
        Drops file in System32 directory
        
        PID:4932
        
        C:\Windows\SysWOW64\Omkdcccb.exe
        
        C:\Windows\system32\Omkdcccb.exe
        97⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:2956
        
        C:\Windows\SysWOW64\Ofdhlh32.exe
        
        C:\Windows\system32\Ofdhlh32.exe
        98⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\Pmpmnb32.exe
        
        C:\Windows\system32\Pmpmnb32.exe
        99⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\Ppafpm32.exe
        
        C:\Windows\system32\Ppafpm32.exe
        100⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\Pmefiakh.exe
        
        C:\Windows\system32\Pmefiakh.exe
        101⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\Pmgcoaie.exe
        
        C:\Windows\system32\Pmgcoaie.exe
        102⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:3456
        
        C:\Windows\SysWOW64\Pdalkk32.exe
        
        C:\Windows\system32\Pdalkk32.exe
        103⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\Pkkdhe32.exe
        
        C:\Windows\system32\Pkkdhe32.exe
        104⤵
        Drops file in System32 directory
        
        PID:3520
        
        C:\Windows\SysWOW64\Pmipdq32.exe
        
        C:\Windows\system32\Pmipdq32.exe
        105⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\Qibmoa32.exe
        
        C:\Windows\system32\Qibmoa32.exe
        106⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:4532
        
        C:\Windows\SysWOW64\Qlajkm32.exe
        
        C:\Windows\system32\Qlajkm32.exe
        107⤵
        Modifies registry class
        
        PID:3348
        
        C:\Windows\SysWOW64\Akbjidbf.exe
        
        C:\Windows\system32\Akbjidbf.exe
        108⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\Akdfndpd.exe
        
        C:\Windows\system32\Akdfndpd.exe
        109⤵
        Modifies registry class
        
        PID:1344
        
        C:\Windows\SysWOW64\Akgcdc32.exe
        
        C:\Windows\system32\Akgcdc32.exe
        110⤵
        Drops file in System32 directory
        
        PID:4968
        
        C:\Windows\SysWOW64\Alhpkldp.exe
        
        C:\Windows\system32\Alhpkldp.exe
        111⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\Acdeneij.exe
        
        C:\Windows\system32\Acdeneij.exe
        112⤵
        Drops file in System32 directory
        
        PID:4980
        
        C:\Windows\SysWOW64\Anjikoip.exe
        
        C:\Windows\system32\Anjikoip.exe
        113⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\Bcinie32.exe
        
        C:\Windows\system32\Bcinie32.exe
        114⤵
        
        PID:1132
        
        C:\Windows\SysWOW64\Bpmobi32.exe
        
        C:\Windows\system32\Bpmobi32.exe
        115⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\Bkepeaaa.exe
        
        C:\Windows\system32\Bkepeaaa.exe
        116⤵
        Modifies registry class
        
        PID:3336
        
        C:\Windows\SysWOW64\Bcpdidol.exe
        
        C:\Windows\system32\Bcpdidol.exe
        117⤵
        Modifies registry class
        
        PID:4160
        
        C:\Windows\SysWOW64\Cmkehicj.exe
        
        C:\Windows\system32\Cmkehicj.exe
        118⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\Cdfgdf32.exe
        
        C:\Windows\system32\Cdfgdf32.exe
        119⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2076
        
        C:\Windows\SysWOW64\Ccigpbga.exe
        
        C:\Windows\system32\Ccigpbga.exe
        120⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\Cgecpa32.exe
        
        C:\Windows\system32\Cgecpa32.exe
        121⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\Cnokmkfh.exe
        
        C:\Windows\system32\Cnokmkfh.exe
        122⤵
        
        PID:456
        
        C:\Windows\SysWOW64\Cqmgigfk.exe
        
        C:\Windows\system32\Cqmgigfk.exe
        123⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:3980
        
        C:\Windows\SysWOW64\Dkokbn32.exe
        
        C:\Windows\system32\Dkokbn32.exe
        124⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:4376
        
        C:\Windows\SysWOW64\Ecjpfp32.exe
        
        C:\Windows\system32\Ecjpfp32.exe
        125⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4460
        
        C:\Windows\SysWOW64\Enaaiifb.exe
        
        C:\Windows\system32\Enaaiifb.exe
        126⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\Eenflbll.exe
        
        C:\Windows\system32\Eenflbll.exe
        127⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\Ecccmo32.exe
        
        C:\Windows\system32\Ecccmo32.exe
        128⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\Emlgedge.exe
        
        C:\Windows\system32\Emlgedge.exe
        129⤵
        
        PID:208
        
        C:\Windows\SysWOW64\Feella32.exe
        
        C:\Windows\system32\Feella32.exe
        130⤵
        
        PID:212
        
        C:\Windows\SysWOW64\Flodilma.exe
        
        C:\Windows\system32\Flodilma.exe
        131⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:808
        
        C:\Windows\SysWOW64\Fmpaqd32.exe
        
        C:\Windows\system32\Fmpaqd32.exe
        132⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4464
        
        C:\Windows\SysWOW64\Fegiba32.exe
        
        C:\Windows\system32\Fegiba32.exe
        133⤵
        Modifies registry class
        
        PID:1844
        
        C:\Windows\SysWOW64\Fhfenmbe.exe
        
        C:\Windows\system32\Fhfenmbe.exe
        134⤵
        Modifies registry class
        
        PID:1544
        
        C:\Windows\SysWOW64\Fjdajhbi.exe
        
        C:\Windows\system32\Fjdajhbi.exe
        135⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:1444
        
        C:\Windows\SysWOW64\Fejegaao.exe
        
        C:\Windows\system32\Fejegaao.exe
        136⤵
        
        PID:484
        
        C:\Windows\SysWOW64\Flcndk32.exe
        
        C:\Windows\system32\Flcndk32.exe
        137⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\Fmejlcoj.exe
        
        C:\Windows\system32\Fmejlcoj.exe
        138⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:4428
        
        C:\Windows\SysWOW64\Flfjjkgi.exe
        
        C:\Windows\system32\Flfjjkgi.exe
        139⤵
        Drops file in System32 directory
        
        PID:3068
        
        C:\Windows\SysWOW64\Gmggac32.exe
        
        C:\Windows\system32\Gmggac32.exe
        140⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2656
        
        C:\Windows\SysWOW64\Ghmkol32.exe
        
        C:\Windows\system32\Ghmkol32.exe
        141⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\Gngckfdj.exe
        
        C:\Windows\system32\Gngckfdj.exe
        142⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4784
        
        C:\Windows\SysWOW64\Geqlhp32.exe
        
        C:\Windows\system32\Geqlhp32.exe
        143⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:3216
        
        C:\Windows\SysWOW64\Glkdejcd.exe
        
        C:\Windows\system32\Glkdejcd.exe
        144⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\Gmlplbib.exe
        
        C:\Windows\system32\Gmlplbib.exe
        145⤵
        
        PID:680
        
        C:\Windows\SysWOW64\Gdfhil32.exe
        
        C:\Windows\system32\Gdfhil32.exe
        146⤵
        
        PID:392
        
        C:\Windows\SysWOW64\Gjpaffhl.exe
        
        C:\Windows\system32\Gjpaffhl.exe
        147⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\Gajibq32.exe
        
        C:\Windows\system32\Gajibq32.exe
        148⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:2280
        
        C:\Windows\SysWOW64\Ghdaokfe.exe
        
        C:\Windows\system32\Ghdaokfe.exe
        149⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\Gkbnkfei.exe
        
        C:\Windows\system32\Gkbnkfei.exe
        150⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\Gehbio32.exe
        
        C:\Windows\system32\Gehbio32.exe
        151⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\Gdkbdllj.exe
        
        C:\Windows\system32\Gdkbdllj.exe
        152⤵
        Drops file in System32 directory
        
        PID:4804
        
        C:\Windows\SysWOW64\Gkdjaf32.exe
        
        C:\Windows\system32\Gkdjaf32.exe
        153⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\Haobnpkc.exe
        
        C:\Windows\system32\Haobnpkc.exe
        154⤵
        Modifies registry class
        
        PID:2500
        
        C:\Windows\SysWOW64\Hhhkjj32.exe
        
        C:\Windows\system32\Hhhkjj32.exe
        155⤵
        Modifies registry class
        
        PID:1336
        
        C:\Windows\SysWOW64\Hmecba32.exe
        
        C:\Windows\system32\Hmecba32.exe
        156⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\Haaocp32.exe
        
        C:\Windows\system32\Haaocp32.exe
        157⤵
        Drops file in System32 directory
        
        PID:4708
        
        C:\Windows\SysWOW64\Hdokok32.exe
        
        C:\Windows\system32\Hdokok32.exe
        158⤵
        Drops file in System32 directory
        
        PID:2200
        
        C:\Windows\SysWOW64\Hlfcqh32.exe
        
        C:\Windows\system32\Hlfcqh32.exe
        159⤵
        Drops file in System32 directory
        
        PID:4368
        
        C:\Windows\SysWOW64\Hoepmd32.exe
        
        C:\Windows\system32\Hoepmd32.exe
        160⤵
        Modifies registry class
        
        PID:3400
        
        C:\Windows\SysWOW64\Heohinog.exe
        
        C:\Windows\system32\Heohinog.exe
        161⤵
        Drops file in System32 directory
        
        PID:1404
        
        C:\Windows\SysWOW64\Hdahek32.exe
        
        C:\Windows\system32\Hdahek32.exe
        162⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\Hoglbc32.exe
        
        C:\Windows\system32\Hoglbc32.exe
        163⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:1688
        
        C:\Windows\SysWOW64\Headon32.exe
        
        C:\Windows\system32\Headon32.exe
        164⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\Hddejjdo.exe
        
        C:\Windows\system32\Hddejjdo.exe
        165⤵
        Modifies registry class
        
        PID:5008
        
        C:\Windows\SysWOW64\Hoiihcde.exe
        
        C:\Windows\system32\Hoiihcde.exe
        166⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\Hecadm32.exe
        
        C:\Windows\system32\Hecadm32.exe
        167⤵
        Drops file in System32 directory
        
        PID:1460
        
        C:\Windows\SysWOW64\Hhbnqi32.exe
        
        C:\Windows\system32\Hhbnqi32.exe
        168⤵
        Drops file in System32 directory
        
        PID:216
        
        C:\Windows\SysWOW64\Iolfmcbb.exe
        
        C:\Windows\system32\Iolfmcbb.exe
        169⤵
        Modifies registry class
        
        PID:2156
        
        C:\Windows\SysWOW64\Iajbinaf.exe
        
        C:\Windows\system32\Iajbinaf.exe
        170⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\Ihdjfhhc.exe
        
        C:\Windows\system32\Ihdjfhhc.exe
        171⤵
        Drops file in System32 directory
        
        PID:2828
        
        C:\Windows\SysWOW64\Ionbcb32.exe
        
        C:\Windows\system32\Ionbcb32.exe
        172⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:3064
        
        C:\Windows\SysWOW64\Iehkpmgl.exe
        
        C:\Windows\system32\Iehkpmgl.exe
        173⤵
        Drops file in System32 directory
        
        PID:3384
        
        C:\Windows\SysWOW64\Ikechced.exe
        
        C:\Windows\system32\Ikechced.exe
        174⤵
        Drops file in System32 directory
        
        PID:2504
        
        C:\Windows\SysWOW64\Iaokdn32.exe
        
        C:\Windows\system32\Iaokdn32.exe
        175⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\Ildpbfmf.exe
        
        C:\Windows\system32\Ildpbfmf.exe
        176⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\Ioclnblj.exe
        
        C:\Windows\system32\Ioclnblj.exe
        177⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\Iemdkl32.exe
        
        C:\Windows\system32\Iemdkl32.exe
        178⤵
        Modifies registry class
        
        PID:4536
        
        C:\Windows\SysWOW64\Ilglgfjd.exe
        
        C:\Windows\system32\Ilglgfjd.exe
        179⤵
        Modifies registry class
        
        PID:5128
        
        C:\Windows\SysWOW64\Inhion32.exe
        
        C:\Windows\system32\Inhion32.exe
        180⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5144
        
        C:\Windows\SysWOW64\Ieoapl32.exe
        
        C:\Windows\system32\Ieoapl32.exe
        181⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\Jliimf32.exe
        
        C:\Windows\system32\Jliimf32.exe
        182⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\Jnjednnp.exe
        
        C:\Windows\system32\Jnjednnp.exe
        183⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5192
        
        C:\Windows\SysWOW64\Jeanfkob.exe
        
        C:\Windows\system32\Jeanfkob.exe
        184⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5208
        
        C:\Windows\SysWOW64\Jlkfbe32.exe
        
        C:\Windows\system32\Jlkfbe32.exe
        185⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5224
        
        C:\Windows\SysWOW64\Jnmbjnlm.exe
        
        C:\Windows\system32\Jnmbjnlm.exe
        186⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5240
        
        C:\Windows\SysWOW64\Jdgjgh32.exe
        
        C:\Windows\system32\Jdgjgh32.exe
        187⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\Jkqccbkf.exe
        
        C:\Windows\system32\Jkqccbkf.exe
        188⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\Jnoopm32.exe
        
        C:\Windows\system32\Jnoopm32.exe
        189⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\Jdiglgbg.exe
        
        C:\Windows\system32\Jdiglgbg.exe
        190⤵
        Modifies registry class
        
        PID:5328
        
        C:\Windows\SysWOW64\Jhdcmf32.exe
        
        C:\Windows\system32\Jhdcmf32.exe
        191⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5356
        
        C:\Windows\SysWOW64\Jkcpia32.exe
        
        C:\Windows\system32\Jkcpia32.exe
        192⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5384
        
        C:\Windows\SysWOW64\Jehcfj32.exe
        
        C:\Windows\system32\Jehcfj32.exe
        193⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\Jdkdbgpd.exe
        
        C:\Windows\system32\Jdkdbgpd.exe
        194⤵
        Modifies registry class
        
        PID:5432
        
        C:\Windows\SysWOW64\Jhgpbf32.exe
        
        C:\Windows\system32\Jhgpbf32.exe
        195⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\Jkeloa32.exe
        
        C:\Windows\system32\Jkeloa32.exe
        196⤵
        
        PID:5472

C:\Windows\SysWOW64\Jndhkmfe.exe
C:\Windows\system32\Jndhkmfe.exe
1⤵
PID:5500
- C:\Windows\SysWOW64\Jaodkk32.exe
  C:\Windows\system32\Jaodkk32.exe
  2⤵
  PID:5520
- - C:\Windows\SysWOW64\Jekpljgg.exe
    C:\Windows\system32\Jekpljgg.exe
    3⤵
    PID:5548
  - - C:\Windows\SysWOW64\Jdnqgg32.exe
      C:\Windows\system32\Jdnqgg32.exe
      4⤵
      Adds autorun key to be loaded by Explorer.exe on startup
      PID:5572
    - - C:\Windows\SysWOW64\Khimhefk.exe
        
        C:\Windows\system32\Khimhefk.exe
        5⤵
        Modifies registry class
        
        PID:5596
      - C:\Windows\SysWOW64\Kkhidaeo.exe
        
        C:\Windows\system32\Kkhidaeo.exe
        6⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\Klgend32.exe
        
        C:\Windows\system32\Klgend32.exe
        7⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5636
        
        C:\Windows\SysWOW64\Koeajo32.exe
        
        C:\Windows\system32\Koeajo32.exe
        8⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5652
        
        C:\Windows\SysWOW64\Kadnfkji.exe
        
        C:\Windows\system32\Kadnfkji.exe
        9⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\Kdbjbfjl.exe
        
        C:\Windows\system32\Kdbjbfjl.exe
        10⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\Klibdcjo.exe
        
        C:\Windows\system32\Klibdcjo.exe
        11⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\Kohnpoib.exe
        
        C:\Windows\system32\Kohnpoib.exe
        12⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5716
        
        C:\Windows\SysWOW64\Kdgcne32.exe
        
        C:\Windows\system32\Kdgcne32.exe
        13⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5732
        
        C:\Windows\SysWOW64\Kkaljpmd.exe
        
        C:\Windows\system32\Kkaljpmd.exe
        14⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\Kbkdgj32.exe
        
        C:\Windows\system32\Kbkdgj32.exe
        15⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\Kdipce32.exe
        
        C:\Windows\system32\Kdipce32.exe
        16⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\Lkchpoka.exe
        
        C:\Windows\system32\Lkchpoka.exe
        17⤵
        Drops file in System32 directory
        
        PID:5796
        
        C:\Windows\SysWOW64\Lbmqmi32.exe
        
        C:\Windows\system32\Lbmqmi32.exe
        18⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\Lmcejbbd.exe
        
        C:\Windows\system32\Lmcejbbd.exe
        19⤵
        Drops file in System32 directory
        
        PID:5828
        
        C:\Windows\SysWOW64\Lbpmbipk.exe
        
        C:\Windows\system32\Lbpmbipk.exe
        20⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\Lhjeoc32.exe
        
        C:\Windows\system32\Lhjeoc32.exe
        21⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\Locnlmoe.exe
        
        C:\Windows\system32\Locnlmoe.exe
        22⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\Qbekgknb.exe
        
        C:\Windows\system32\Qbekgknb.exe
        23⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\Qiocde32.exe
        
        C:\Windows\system32\Qiocde32.exe
        24⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\Jpgdlm32.exe
        
        C:\Windows\system32\Jpgdlm32.exe
        25⤵
        Drops file in System32 directory
        
        PID:6080
        
        C:\Windows\SysWOW64\Jfalhgni.exe
        
        C:\Windows\system32\Jfalhgni.exe
        26⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:6096
        
        C:\Windows\SysWOW64\Jiphebml.exe
        
        C:\Windows\system32\Jiphebml.exe
        27⤵
        Drops file in System32 directory
        
        PID:6112
        
        C:\Windows\SysWOW64\Jagqfp32.exe
        
        C:\Windows\system32\Jagqfp32.exe
        28⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6128
        
        C:\Windows\SysWOW64\Jdembk32.exe
        
        C:\Windows\system32\Jdembk32.exe
        29⤵
        Modifies registry class
        
        PID:5256
        
        C:\Windows\SysWOW64\Jjoeoedo.exe
        
        C:\Windows\system32\Jjoeoedo.exe
        30⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\Jaimko32.exe
        
        C:\Windows\system32\Jaimko32.exe
        31⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5344
        
        C:\Windows\SysWOW64\Kdalni32.exe
        
        C:\Windows\system32\Kdalni32.exe
        32⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\Kgphje32.exe
        
        C:\Windows\system32\Kgphje32.exe
        33⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\Kinefp32.exe
        
        C:\Windows\system32\Kinefp32.exe
        34⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5512
        
        C:\Windows\SysWOW64\Kaemgn32.exe
        
        C:\Windows\system32\Kaemgn32.exe
        35⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\Kphmbjhi.exe
        
        C:\Windows\system32\Kphmbjhi.exe
        36⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\Kdcicipb.exe
        
        C:\Windows\system32\Kdcicipb.exe
        37⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5912
        
        C:\Windows\SysWOW64\Kmlmlo32.exe
        
        C:\Windows\system32\Kmlmlo32.exe
        38⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5928
        
        C:\Windows\SysWOW64\Kdffiinp.exe
        
        C:\Windows\system32\Kdffiinp.exe
        39⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5944
        
        C:\Windows\SysWOW64\Lkpnec32.exe
        
        C:\Windows\system32\Lkpnec32.exe
        40⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\Lmnjan32.exe
        
        C:\Windows\system32\Lmnjan32.exe
        41⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\Lanpml32.exe
        
        C:\Windows\system32\Lanpml32.exe
        42⤵
        Modifies registry class
        
        PID:5992
        
        C:\Windows\SysWOW64\Lcpledob.exe
        
        C:\Windows\system32\Lcpledob.exe
        43⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:4284
        
        C:\Windows\SysWOW64\Lnepbm32.exe
        
        C:\Windows\system32\Lnepbm32.exe
        44⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\Ldohogfe.exe
        
        C:\Windows\system32\Ldohogfe.exe
        45⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\Lkiqla32.exe
        
        C:\Windows\system32\Lkiqla32.exe
        46⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\Lacihleo.exe
        
        C:\Windows\system32\Lacihleo.exe
        47⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\Mgpaqbcf.exe
        
        C:\Windows\system32\Mgpaqbcf.exe
        48⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\Mjnnmn32.exe
        
        C:\Windows\system32\Mjnnmn32.exe
        49⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2132
        
        C:\Windows\SysWOW64\Mddbjg32.exe
        
        C:\Windows\system32\Mddbjg32.exe
        50⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\Mknjgajl.exe
        
        C:\Windows\system32\Mknjgajl.exe
        51⤵
        Drops file in System32 directory
        
        PID:3392
        
        C:\Windows\SysWOW64\Mjqjbn32.exe
        
        C:\Windows\system32\Mjqjbn32.exe
        52⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\Mahbck32.exe
        
        C:\Windows\system32\Mahbck32.exe
        53⤵
        Modifies registry class
        
        PID:3440
        
        C:\Windows\SysWOW64\Mdfopf32.exe
        
        C:\Windows\system32\Mdfopf32.exe
        54⤵
        Modifies registry class
        
        PID:4468
        
        C:\Windows\SysWOW64\Mkpglqgj.exe
        
        C:\Windows\system32\Mkpglqgj.exe
        55⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\Mjcghm32.exe
        
        C:\Windows\system32\Mjcghm32.exe
        56⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\Mnochl32.exe
        
        C:\Windows\system32\Mnochl32.exe
        57⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\Majoikof.exe
        
        C:\Windows\system32\Majoikof.exe
        58⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\Mdhkefnj.exe
        
        C:\Windows\system32\Mdhkefnj.exe
        59⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\Mcklac32.exe
        
        C:\Windows\system32\Mcklac32.exe
        60⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\Mgggaamn.exe
        
        C:\Windows\system32\Mgggaamn.exe
        61⤵
        
        PID:480
        
        C:\Windows\SysWOW64\Mjednmla.exe
        
        C:\Windows\system32\Mjednmla.exe
        62⤵
        
        PID:1472
        
        C:\Windows\SysWOW64\Mallojmd.exe
        
        C:\Windows\system32\Mallojmd.exe
        63⤵
        
        PID:628
        
        C:\Windows\SysWOW64\Mjhqcmjo.exe
        
        C:\Windows\system32\Mjhqcmjo.exe
        64⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\Nqklfe32.exe
        
        C:\Windows\system32\Nqklfe32.exe
        65⤵
        
        PID:4956

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Accfbokl.exe

Filesize
98KB

MD5
dfd7766fb8cdfcf68b3ab8817b70ad89

SHA1
d966fe538675b8bfcc287eb7d7ceeec3ea5e65fd

SHA256
067c2db13f40442108281efae4b550f59ed336d949c91da7d03ec5b07a37c06b

SHA512
b5da478dafa9b4291d98bea9318ea3236572d836c9a27b0013e6138eb1251033edeacccb372b9595740efed48f8f995e74e4c5b179b2c14a920358d56fd2b808

Download Submit
C:\Windows\SysWOW64\Accfbokl.exe

Filesize
98KB

MD5
dfd7766fb8cdfcf68b3ab8817b70ad89

SHA1
d966fe538675b8bfcc287eb7d7ceeec3ea5e65fd

SHA256
067c2db13f40442108281efae4b550f59ed336d949c91da7d03ec5b07a37c06b

SHA512
b5da478dafa9b4291d98bea9318ea3236572d836c9a27b0013e6138eb1251033edeacccb372b9595740efed48f8f995e74e4c5b179b2c14a920358d56fd2b808

Download Submit
C:\Windows\SysWOW64\Aclpap32.exe

Filesize
98KB

MD5
35ae8f1a9ff8e1de26ed0170d4ce5d04

SHA1
575834a13da749263cd6a65b7dd7b8c406e68558

SHA256
2b3cf0900ca37b70caa7350681597d6a765b02c0e845d322e5247d932e93a100

SHA512
bb8e733c9d8036f9fdfe3d072737acb054a8f381505759483956960347e8ffcbaa7a4921b3df279dbddce421d6e795b9ff0794c8919b22c057e73eb1ad148106

Download Submit
C:\Windows\SysWOW64\Aclpap32.exe

Filesize
98KB

MD5
35ae8f1a9ff8e1de26ed0170d4ce5d04

SHA1
575834a13da749263cd6a65b7dd7b8c406e68558

SHA256
2b3cf0900ca37b70caa7350681597d6a765b02c0e845d322e5247d932e93a100

SHA512
bb8e733c9d8036f9fdfe3d072737acb054a8f381505759483956960347e8ffcbaa7a4921b3df279dbddce421d6e795b9ff0794c8919b22c057e73eb1ad148106

Download Submit
C:\Windows\SysWOW64\Acnlgp32.exe

Filesize
98KB

MD5
81947bb644c0456d89e6c1259659d954

SHA1
09ac930eeec1971b7fe52847503388dff9d21317

SHA256
ef69ec096420670569ae0c942875ace989bb51921d67cb825b6c0bc1d3c392f1

SHA512
1480bf6062f8196f5516cac06b0c1b811ad64cfdeefbc2181a7477fc838fb76016e8724ae2b638f1f94ca9d5544347b991d126126822345107010d2c4345f0d4

Download Submit
C:\Windows\SysWOW64\Acnlgp32.exe

Filesize
98KB

MD5
81947bb644c0456d89e6c1259659d954

SHA1
09ac930eeec1971b7fe52847503388dff9d21317

SHA256
ef69ec096420670569ae0c942875ace989bb51921d67cb825b6c0bc1d3c392f1

SHA512
1480bf6062f8196f5516cac06b0c1b811ad64cfdeefbc2181a7477fc838fb76016e8724ae2b638f1f94ca9d5544347b991d126126822345107010d2c4345f0d4

Download Submit
C:\Windows\SysWOW64\Ageolo32.exe

Filesize
98KB

MD5
ed0d9e04ae03709afd3f06662f1393d0

SHA1
0c487bbde1c9ddf05ac63fa7e34766a51855bf97

SHA256
780f38bc7d7afbb2608e98c8da066e25dd59cce22d7fb683259e50b50aa36a47

SHA512
002b6edc4fa49decd35a022ff4e03c575ccf73b071f3a24b6352243ef18474f2249b801955e11f6cefbdedc7ddcdccb726e0ea5faee834d37568df6b9fe459d1

Download Submit
C:\Windows\SysWOW64\Ageolo32.exe

Filesize
98KB

MD5
ed0d9e04ae03709afd3f06662f1393d0

SHA1
0c487bbde1c9ddf05ac63fa7e34766a51855bf97

SHA256
780f38bc7d7afbb2608e98c8da066e25dd59cce22d7fb683259e50b50aa36a47

SHA512
002b6edc4fa49decd35a022ff4e03c575ccf73b071f3a24b6352243ef18474f2249b801955e11f6cefbdedc7ddcdccb726e0ea5faee834d37568df6b9fe459d1

Download Submit
C:\Windows\SysWOW64\Ajfhnjhq.exe

Filesize
98KB

MD5
77e16938737c955a88bcf501cd2b4369

SHA1
c1ddf6e5fa2028226f88c50607462007917c9638

SHA256
cb51ec0fbd8f6ea2313fd5e9847a34242285cebec41a54a0a9b1350948d2984f

SHA512
0fadd00b4aab96d01af80fc3c8b5eb884cbec29a053a8e8cb795494cdb319527d43889ea789d0eb42beac298093a81c0a4d422c74eb7d99324e4a55359e73902

Download Submit
C:\Windows\SysWOW64\Ajfhnjhq.exe

Filesize
98KB

MD5
77e16938737c955a88bcf501cd2b4369

SHA1
c1ddf6e5fa2028226f88c50607462007917c9638

SHA256
cb51ec0fbd8f6ea2313fd5e9847a34242285cebec41a54a0a9b1350948d2984f

SHA512
0fadd00b4aab96d01af80fc3c8b5eb884cbec29a053a8e8cb795494cdb319527d43889ea789d0eb42beac298093a81c0a4d422c74eb7d99324e4a55359e73902

Download Submit
C:\Windows\SysWOW64\Beihma32.exe

Filesize
98KB

MD5
d222ae1dacfe288a92da594ad9581e81

SHA1
d7d2dd51bf271c758dbdeae658bef7c804b839a4

SHA256
c5b21e223152905719030cfc56de5c00146fbdd1d6b6a395889fd0efe8a2b19b

SHA512
0aa4e2421c6150710664554c09e6eab57c620a16ec03e6e8135f653eedc81ad4ec0a801ca38b0c1c869f8f5dbb371c151c639cb07dcb3c94369eb75b5fea111c

Download Submit
C:\Windows\SysWOW64\Beihma32.exe

Filesize
98KB

MD5
d222ae1dacfe288a92da594ad9581e81

SHA1
d7d2dd51bf271c758dbdeae658bef7c804b839a4

SHA256
c5b21e223152905719030cfc56de5c00146fbdd1d6b6a395889fd0efe8a2b19b

SHA512
0aa4e2421c6150710664554c09e6eab57c620a16ec03e6e8135f653eedc81ad4ec0a801ca38b0c1c869f8f5dbb371c151c639cb07dcb3c94369eb75b5fea111c

Download Submit
C:\Windows\SysWOW64\Bfdodjhm.exe

Filesize
98KB

MD5
c3f0cb2538860f932c56370a4a601729

SHA1
6de055678cf306a987ad71023d4bd76f80e04d1c

SHA256
554fc6f79f8e1cf0ccb90a34c454de63f86a7af71e7aa96c2c99d3209a4893b5

SHA512
42fdb891f759427c20c5789fd57260c4282ee2a3782852c91b73d58c933280540dc92885d3ccec8913c5fb80fba7327700b9d86fa91044d7ba284c3f9c4f92e3

Download Submit
C:\Windows\SysWOW64\Bfdodjhm.exe

Filesize
98KB

MD5
c3f0cb2538860f932c56370a4a601729

SHA1
6de055678cf306a987ad71023d4bd76f80e04d1c

SHA256
554fc6f79f8e1cf0ccb90a34c454de63f86a7af71e7aa96c2c99d3209a4893b5

SHA512
42fdb891f759427c20c5789fd57260c4282ee2a3782852c91b73d58c933280540dc92885d3ccec8913c5fb80fba7327700b9d86fa91044d7ba284c3f9c4f92e3

Download Submit
C:\Windows\SysWOW64\Bmpcfdmg.exe

Filesize
98KB

MD5
da90cce0e5b571219c19b65c4c95dc4a

SHA1
256aa68a77d5fd01ac6a2bb66f89fbb52216a381

SHA256
707d6dd9acd8226117a64dc6de900ef7d3ea73dbc3435789df1961f5f942225b

SHA512
67098f87075b70694c260845a306e96bd696fe397d9d5b0ef88855f25143eb3c086b14251eaf37c22f705b3eb7f8c6888cccfe591e589e9e2e6ef399affb4b1b

Download Submit
C:\Windows\SysWOW64\Bmpcfdmg.exe

Filesize
98KB

MD5
da90cce0e5b571219c19b65c4c95dc4a

SHA1
256aa68a77d5fd01ac6a2bb66f89fbb52216a381

SHA256
707d6dd9acd8226117a64dc6de900ef7d3ea73dbc3435789df1961f5f942225b

SHA512
67098f87075b70694c260845a306e96bd696fe397d9d5b0ef88855f25143eb3c086b14251eaf37c22f705b3eb7f8c6888cccfe591e589e9e2e6ef399affb4b1b

Download Submit
C:\Windows\SysWOW64\Ceqnmpfo.exe

Filesize
98KB

MD5
7c2a6b2088c07b1cb6eeb2b06baee861

SHA1
1165bef5b3a16d13a42bf76bbfcba7ceb60a3ee5

SHA256
ac6d5bc00fc85b5ab275fed06db6d0d1f592b9f33a0d0bcc64e7ffae9a9478a4

SHA512
6eb5c70295b8e5b15da70eca14ba7b5fdf8435df904ea33657660604fd97a5052a4cb693ac1a7a0069ce7e46cec770fd7e32dd08b42c91d836a4fc5c26701243

Download Submit
C:\Windows\SysWOW64\Ceqnmpfo.exe

Filesize
98KB

MD5
7c2a6b2088c07b1cb6eeb2b06baee861

SHA1
1165bef5b3a16d13a42bf76bbfcba7ceb60a3ee5

SHA256
ac6d5bc00fc85b5ab275fed06db6d0d1f592b9f33a0d0bcc64e7ffae9a9478a4

SHA512
6eb5c70295b8e5b15da70eca14ba7b5fdf8435df904ea33657660604fd97a5052a4cb693ac1a7a0069ce7e46cec770fd7e32dd08b42c91d836a4fc5c26701243

Download Submit
C:\Windows\SysWOW64\Cfdhkhjj.exe

Filesize
98KB

MD5
08b89d8d942a718c984e524a5e79b7fb

SHA1
15cf1725500495511e7f810437090e0efeb41a77

SHA256
4282f4b132382642341d78fa59f88afb34d4ab6ca1095b1d2066519ef1883c0f

SHA512
a7d2e5d277d20c646abdad297f029b5cd8651f355b0188c8278ace2198f4d961a0a1b61262113a8903df10cb1f0805016008b7eacbdee764dac1ba91d51b04c7

Download Submit
C:\Windows\SysWOW64\Cfdhkhjj.exe

Filesize
98KB

MD5
08b89d8d942a718c984e524a5e79b7fb

SHA1
15cf1725500495511e7f810437090e0efeb41a77

SHA256
4282f4b132382642341d78fa59f88afb34d4ab6ca1095b1d2066519ef1883c0f

SHA512
a7d2e5d277d20c646abdad297f029b5cd8651f355b0188c8278ace2198f4d961a0a1b61262113a8903df10cb1f0805016008b7eacbdee764dac1ba91d51b04c7

Download Submit
C:\Windows\SysWOW64\Cfmajipb.exe

Filesize
98KB

MD5
804855011e9cdbda82f75da410de98c6

SHA1
55ce49f0a21bee18b2aac1c4ddd430b39eecf2b3

SHA256
e15e34eada8be5f72abdf8d67bdeb56d1717e36fbba4c433ae8b22e934317ea0

SHA512
0bbd3fb4d85c8fa46590b6a56fd48c35752d2f35d731bf09048c57bb2eb989db941f0178f58b0aeafa7848db0c2ffd6192b74994b59646e4333d8851a0a5a8c1

Download Submit
C:\Windows\SysWOW64\Cfmajipb.exe

Filesize
98KB

MD5
804855011e9cdbda82f75da410de98c6

SHA1
55ce49f0a21bee18b2aac1c4ddd430b39eecf2b3

SHA256
e15e34eada8be5f72abdf8d67bdeb56d1717e36fbba4c433ae8b22e934317ea0

SHA512
0bbd3fb4d85c8fa46590b6a56fd48c35752d2f35d731bf09048c57bb2eb989db941f0178f58b0aeafa7848db0c2ffd6192b74994b59646e4333d8851a0a5a8c1

Download Submit
C:\Windows\SysWOW64\Cjbpaf32.exe

Filesize
98KB

MD5
49ef8168cfdcd377668eb6b946e8878f

SHA1
befcd6a1b3087b26dae471ef8105dab688389d17

SHA256
2870331a27ec7ca9a91dc7d275acadc422f29da1ba831aac96aaa2985ee251bd

SHA512
18c62b2b8be240b53d0ad57da513b10e0acde506badbea63a93479df72942560961e87164d325186f62e52095a215a7f274f6fc2ac7f874587982e8f7ab7d19d

Download Submit
C:\Windows\SysWOW64\Cjbpaf32.exe

Filesize
98KB

MD5
49ef8168cfdcd377668eb6b946e8878f

SHA1
befcd6a1b3087b26dae471ef8105dab688389d17

SHA256
2870331a27ec7ca9a91dc7d275acadc422f29da1ba831aac96aaa2985ee251bd

SHA512
18c62b2b8be240b53d0ad57da513b10e0acde506badbea63a93479df72942560961e87164d325186f62e52095a215a7f274f6fc2ac7f874587982e8f7ab7d19d

Download Submit
C:\Windows\SysWOW64\Dhocqigp.exe

Filesize
98KB

MD5
f158264a9bdafff0abe54bbffbd45556

SHA1
a467ef08555597ad3b8c66c223c6ad98ebbc733a

SHA256
8d8b34e848a1b8a4b19a9d02d9a016baf2b215d4d70e3199ff403430c8224658

SHA512
aafec3ce2d927f12337871447d7c0abc730c90f8352059c7f569c853780f667fedcda63ef20e68e8f8b84e6588891d03be78fc7cfa1962e00f76141876c4c920

Download Submit
C:\Windows\SysWOW64\Dhocqigp.exe

Filesize
98KB

MD5
f158264a9bdafff0abe54bbffbd45556

SHA1
a467ef08555597ad3b8c66c223c6ad98ebbc733a

SHA256
8d8b34e848a1b8a4b19a9d02d9a016baf2b215d4d70e3199ff403430c8224658

SHA512
aafec3ce2d927f12337871447d7c0abc730c90f8352059c7f569c853780f667fedcda63ef20e68e8f8b84e6588891d03be78fc7cfa1962e00f76141876c4c920

Download Submit
C:\Windows\SysWOW64\Edknqiho.exe

Filesize
98KB

MD5
78464537b6ec081af098b0dbc01720de

SHA1
3e1c896f048ce639f0ddeef4dbf1531d10441eb6

SHA256
5555ba38fa33437178e0260c3202114ae02f6e8dab98ecae5d7afd3db473c027

SHA512
a4b81a9654078b6a8f39280aac6a4443813ea4715b84002214043983981838d9d5a404b80a2261f0638d1693dd5fea8040fe4778af89b9de77063e83e2ae9ee5

Download Submit
C:\Windows\SysWOW64\Edknqiho.exe

Filesize
98KB

MD5
78464537b6ec081af098b0dbc01720de

SHA1
3e1c896f048ce639f0ddeef4dbf1531d10441eb6

SHA256
5555ba38fa33437178e0260c3202114ae02f6e8dab98ecae5d7afd3db473c027

SHA512
a4b81a9654078b6a8f39280aac6a4443813ea4715b84002214043983981838d9d5a404b80a2261f0638d1693dd5fea8040fe4778af89b9de77063e83e2ae9ee5

Download Submit
C:\Windows\SysWOW64\Ehapfiem.exe

Filesize
98KB

MD5
2f1fbf72acc0418d5233c83c521c13f2

SHA1
e56e07814f5890949638502441fa073189b36849

SHA256
412236f0f448c114692e5cf4b32da6abf5961a31f93eff08fd185086dd2ec234

SHA512
3e3c58d5a7486f35808b4c88e2b0945fddbb1e28f39695c9a2edca67b2eb904b0621f8bb31fb2b0df810f2cb06775769c1869085dae2e88f02c8e33d2eb667ad

Download Submit
C:\Windows\SysWOW64\Ehapfiem.exe

Filesize
98KB

MD5
2f1fbf72acc0418d5233c83c521c13f2

SHA1
e56e07814f5890949638502441fa073189b36849

SHA256
412236f0f448c114692e5cf4b32da6abf5961a31f93eff08fd185086dd2ec234

SHA512
3e3c58d5a7486f35808b4c88e2b0945fddbb1e28f39695c9a2edca67b2eb904b0621f8bb31fb2b0df810f2cb06775769c1869085dae2e88f02c8e33d2eb667ad

Download Submit
C:\Windows\SysWOW64\Ehdmlhcj.exe

Filesize
98KB

MD5
6e428e6f2c462da8ba8677104e15d8b4

SHA1
1d2aee7efa0ecfc7acfd5f9b8c2106fb9bda09e0

SHA256
e8e8e45c99aff533407cac6672f1581a80c591b012f37f73b61a810bdeccee34

SHA512
5b738fe1a8b1060743222c33e85d0886597fb8f278c1c389219228a1901c87b589f6ed2456022acd70ef54731bbf318c7b1d790b1150bc244c7edf275af86310

Download Submit
C:\Windows\SysWOW64\Ehdmlhcj.exe

Filesize
98KB

MD5
6e428e6f2c462da8ba8677104e15d8b4

SHA1
1d2aee7efa0ecfc7acfd5f9b8c2106fb9bda09e0

SHA256
e8e8e45c99aff533407cac6672f1581a80c591b012f37f73b61a810bdeccee34

SHA512
5b738fe1a8b1060743222c33e85d0886597fb8f278c1c389219228a1901c87b589f6ed2456022acd70ef54731bbf318c7b1d790b1150bc244c7edf275af86310

Download Submit
C:\Windows\SysWOW64\Ehiffh32.exe

Filesize
98KB

MD5
9b97de4379e5b4b74b10173f47ff4db7

SHA1
42cd9a425dd9163f8bf2d2606143d106f5d22a6c

SHA256
fb23c44a578cc01171c0eaafb0f784f3fb072fe1d5130a6bbfd6e969af53709f

SHA512
758e07650bda8c749bf24953ec1a3d2f6c64b4c4ec0ccdbb5abddcc59c1bd602b596bc5cfc479e3a79362de7bd554016b1735251c085b24850c81fadc07dbc3a

Download Submit
C:\Windows\SysWOW64\Ehiffh32.exe

Filesize
98KB

MD5
9b97de4379e5b4b74b10173f47ff4db7

SHA1
42cd9a425dd9163f8bf2d2606143d106f5d22a6c

SHA256
fb23c44a578cc01171c0eaafb0f784f3fb072fe1d5130a6bbfd6e969af53709f

SHA512
758e07650bda8c749bf24953ec1a3d2f6c64b4c4ec0ccdbb5abddcc59c1bd602b596bc5cfc479e3a79362de7bd554016b1735251c085b24850c81fadc07dbc3a

Download Submit
C:\Windows\SysWOW64\Emhldnkj.exe

Filesize
98KB

MD5
307127fae020fb0c0358a3da7d9def36

SHA1
8c380dac6e3fa4b0f1c2704f0ab87ae1663dd4d2

SHA256
f6e8126f241bb6908ec2e39d063341cc2305232cf01b93f74a3d9898c468a987

SHA512
31528822de53c46ee8a43b0f5c86cbce5421fed24c0c16508db539b93072594c81aef1ff71260581fea1cb9bdc45a907069779e8d0e5d04dda40f17e58b669f4

Download Submit
C:\Windows\SysWOW64\Emhldnkj.exe

Filesize
98KB

MD5
307127fae020fb0c0358a3da7d9def36

SHA1
8c380dac6e3fa4b0f1c2704f0ab87ae1663dd4d2

SHA256
f6e8126f241bb6908ec2e39d063341cc2305232cf01b93f74a3d9898c468a987

SHA512
31528822de53c46ee8a43b0f5c86cbce5421fed24c0c16508db539b93072594c81aef1ff71260581fea1cb9bdc45a907069779e8d0e5d04dda40f17e58b669f4

Download Submit
C:\Windows\SysWOW64\Eopbnbhd.exe

Filesize
98KB

MD5
766dd16831c5e5af9fc47b9ed96a0175

SHA1
4050031375218a65f4e083ebaea39dbbc6a564e3

SHA256
16d8e634c2e6a41f1110544353fb8cfad6a03b5a1867082d461e6c64b0e2aeac

SHA512
e6f1ca62d520ed7e3d77e8ea5a1f29feee6e2b405e1658c97fee0437854423ddac5604c3ab298516c0292e32a499235b675f185e220a3a773cb16a265aa1bbf5

Download Submit
C:\Windows\SysWOW64\Eopbnbhd.exe

Filesize
98KB

MD5
766dd16831c5e5af9fc47b9ed96a0175

SHA1
4050031375218a65f4e083ebaea39dbbc6a564e3

SHA256
16d8e634c2e6a41f1110544353fb8cfad6a03b5a1867082d461e6c64b0e2aeac

SHA512
e6f1ca62d520ed7e3d77e8ea5a1f29feee6e2b405e1658c97fee0437854423ddac5604c3ab298516c0292e32a499235b675f185e220a3a773cb16a265aa1bbf5

Download Submit
C:\Windows\SysWOW64\Fdbdah32.exe

Filesize
98KB

MD5
fbd7375962da6d75277b1511fe57f210

SHA1
e6ce602c8bc91db6ff164246752b06322be3fd41

SHA256
e77f2b02d7174f30d5a19f7a142410836a1e0b2d6c30a46b57713345ef73de6a

SHA512
8be63b9015f6bf3eafcb4db4c356b2f4499d1f97e1d660ca2c2fea4e5e5f66a760b9619bef3d9e6f23e8abd820cca9842bb2dbd42658d93900f4dc043528937c

Download Submit
C:\Windows\SysWOW64\Fdbdah32.exe

Filesize
98KB

MD5
fbd7375962da6d75277b1511fe57f210

SHA1
e6ce602c8bc91db6ff164246752b06322be3fd41

SHA256
e77f2b02d7174f30d5a19f7a142410836a1e0b2d6c30a46b57713345ef73de6a

SHA512
8be63b9015f6bf3eafcb4db4c356b2f4499d1f97e1d660ca2c2fea4e5e5f66a760b9619bef3d9e6f23e8abd820cca9842bb2dbd42658d93900f4dc043528937c

Download Submit
C:\Windows\SysWOW64\Fedmqk32.exe

Filesize
98KB

MD5
1a8a4d9615347c6d0191c74785ea258c

SHA1
010f10a0d11a1e48c3c6a99206340039a4d9e6bb

SHA256
ae766294550d38c2f8b8e332ea48f55c7400eb789b4e5c599cf19a5f7a6ec7c1

SHA512
ddd98d8ebbda2b7817d5deac3413653f99fd3b9c601a081b7a7c44fb679c6450e3605089886ba2f29e28705cec6813bce1b78cfe8116ca6c7aaf7be0712d1159

Download Submit
C:\Windows\SysWOW64\Fedmqk32.exe

Filesize
98KB

MD5
1a8a4d9615347c6d0191c74785ea258c

SHA1
010f10a0d11a1e48c3c6a99206340039a4d9e6bb

SHA256
ae766294550d38c2f8b8e332ea48f55c7400eb789b4e5c599cf19a5f7a6ec7c1

SHA512
ddd98d8ebbda2b7817d5deac3413653f99fd3b9c601a081b7a7c44fb679c6450e3605089886ba2f29e28705cec6813bce1b78cfe8116ca6c7aaf7be0712d1159

Download Submit
C:\Windows\SysWOW64\Fgeihcme.exe

Filesize
98KB

MD5
4bf80c18e4ebacf8329a3eafb50d4a91

SHA1
91ac536dfb483dba7dae88f795143d3cbf891cf8

SHA256
f182d1e65538943af482d02aaa9571127867ac26c2eef3249b00077da205063d

SHA512
af83658f5692c9b9acbc22420a440b8dffd6d0ebdfda0a23da8b6d7e0862945e1be0d1741ba84685a77b61c534ecad66dde1fb63e83dbfce834a9f31bbaa3ccc

Download Submit
C:\Windows\SysWOW64\Fgeihcme.exe

Filesize
98KB

MD5
4bf80c18e4ebacf8329a3eafb50d4a91

SHA1
91ac536dfb483dba7dae88f795143d3cbf891cf8

SHA256
f182d1e65538943af482d02aaa9571127867ac26c2eef3249b00077da205063d

SHA512
af83658f5692c9b9acbc22420a440b8dffd6d0ebdfda0a23da8b6d7e0862945e1be0d1741ba84685a77b61c534ecad66dde1fb63e83dbfce834a9f31bbaa3ccc

Download Submit
C:\Windows\SysWOW64\Fgjccb32.exe

Filesize
98KB

MD5
574f1d0628a79fc1999263aa7024d95e

SHA1
126c9c519f8a65587f5917a43c8bf0f7986a201c

SHA256
c1be8004a769abdf1face585c1e4e0d80e7978d606b7b73098181106b35569b4

SHA512
06230f4448b4eb9a71519fd257f1d4c0b75eaa17d251c43a6087b989eb9890beb41c0bcc708ccd1c8b4a16c9b661a7118bf2a4b4b469c4a3c130c34b7438a6b8

Download Submit
C:\Windows\SysWOW64\Fgjccb32.exe

Filesize
98KB

MD5
574f1d0628a79fc1999263aa7024d95e

SHA1
126c9c519f8a65587f5917a43c8bf0f7986a201c

SHA256
c1be8004a769abdf1face585c1e4e0d80e7978d606b7b73098181106b35569b4

SHA512
06230f4448b4eb9a71519fd257f1d4c0b75eaa17d251c43a6087b989eb9890beb41c0bcc708ccd1c8b4a16c9b661a7118bf2a4b4b469c4a3c130c34b7438a6b8

Download Submit
C:\Windows\SysWOW64\Fhdfbfdh.exe

Filesize
98KB

MD5
9b0b2ba924cdd0490a3196929fb28e09

SHA1
b97a99d3101bfd076dfb51e88d1f53a91cac80bc

SHA256
a603f9ce50340fd1f09cd19a170f94481339987e75c9e70df5a6917badd095c4

SHA512
b3384ceb876c25e37d1c70329a5a6c09d1991f40b1d7df3defeb4fab11b6fa7a106e81cddbfc312971ee58da14f542be7055470d35e6d4a0bf50543b3cc0ac9c

Download Submit
C:\Windows\SysWOW64\Fhdfbfdh.exe

Filesize
98KB

MD5
9b0b2ba924cdd0490a3196929fb28e09

SHA1
b97a99d3101bfd076dfb51e88d1f53a91cac80bc

SHA256
a603f9ce50340fd1f09cd19a170f94481339987e75c9e70df5a6917badd095c4

SHA512
b3384ceb876c25e37d1c70329a5a6c09d1991f40b1d7df3defeb4fab11b6fa7a106e81cddbfc312971ee58da14f542be7055470d35e6d4a0bf50543b3cc0ac9c

Download Submit
C:\Windows\SysWOW64\Gaadfkgc.exe

Filesize
98KB

MD5
57248b95990c298ee9ee42d77d3d86a1

SHA1
c9fe5af0133980e9f0656b8bb69d1db4d8de6b1d

SHA256
8f6eee0a1ec55faca712482fc5cdfb604a9565e83724e169ac7d2a3055e9aad4

SHA512
2c547200356218302c73e75932c8677f5b426884a1619f22e98c92c488b6ece5a8215b036f8e2304bdf3c29e5515782924bef2474ccca0e02cdfa0f5c984d317

Download Submit
C:\Windows\SysWOW64\Gaadfkgc.exe

Filesize
98KB

MD5
57248b95990c298ee9ee42d77d3d86a1

SHA1
c9fe5af0133980e9f0656b8bb69d1db4d8de6b1d

SHA256
8f6eee0a1ec55faca712482fc5cdfb604a9565e83724e169ac7d2a3055e9aad4

SHA512
2c547200356218302c73e75932c8677f5b426884a1619f22e98c92c488b6ece5a8215b036f8e2304bdf3c29e5515782924bef2474ccca0e02cdfa0f5c984d317

Download Submit
C:\Windows\SysWOW64\Gdbmhf32.exe

Filesize
98KB

MD5
411675a038870135998c4692b6721bd3

SHA1
9e4821d1340cf2a75bba25ae17d178997c9ac6d5

SHA256
1e716e3c760a64f9355834bdb8a1ecd0380863ad5c7f26cfd37e2ff95e63a51b

SHA512
a939d76fd915e6dde1ee51c80c74331bc7e2e2a6f0dd343f9d724d2af94665d911373a32151f0f95c4040a7b3141089b9debe110fb66f50922377f6f5cf9a339

Download Submit
C:\Windows\SysWOW64\Gdbmhf32.exe

Filesize
98KB

MD5
411675a038870135998c4692b6721bd3

SHA1
9e4821d1340cf2a75bba25ae17d178997c9ac6d5

SHA256
1e716e3c760a64f9355834bdb8a1ecd0380863ad5c7f26cfd37e2ff95e63a51b

SHA512
a939d76fd915e6dde1ee51c80c74331bc7e2e2a6f0dd343f9d724d2af94665d911373a32151f0f95c4040a7b3141089b9debe110fb66f50922377f6f5cf9a339

Download Submit
C:\Windows\SysWOW64\Ghbbcd32.exe

Filesize
98KB

MD5
03eb8109b3ecf1190820ac5eca7cd721

SHA1
7eb97edb4e7afb6ab54618493f4563f3e8df6bc8

SHA256
691c7d3edbd0a8ee38f0b88bb9421aa6362507e0159cec832ebe7250c0243d82

SHA512
0205a007ffe701a09f6cf08be4b2c1415e54d0440ab1dca6cd6bcf7a92dc067ca05163ac58869f4650058bd2bd16ae4063f0691b751657685d54cc1503f33a9c

Download Submit
C:\Windows\SysWOW64\Ghbbcd32.exe

Filesize
98KB

MD5
03eb8109b3ecf1190820ac5eca7cd721

SHA1
7eb97edb4e7afb6ab54618493f4563f3e8df6bc8

SHA256
691c7d3edbd0a8ee38f0b88bb9421aa6362507e0159cec832ebe7250c0243d82

SHA512
0205a007ffe701a09f6cf08be4b2c1415e54d0440ab1dca6cd6bcf7a92dc067ca05163ac58869f4650058bd2bd16ae4063f0691b751657685d54cc1503f33a9c

Download Submit
C:\Windows\SysWOW64\Ghipne32.exe

Filesize
98KB

MD5
d3dd958068884def83c1f32fcc31aa8f

SHA1
78f462321bbdb51b8a366fcca7609dc7414ac029

SHA256
35cf9e890c48d16cb58d4d71dc590d23bfe3206906d210fea8dae05742dbf6a8

SHA512
ecef5d1449997835f8db50d0f34c24ddf01be8bbc3bb4e42cd50c90b8c3da8867044cf14dd494f6042bdba04c15d519c8e875ab99c81eb312a7e47ece65e0120

Download Submit
C:\Windows\SysWOW64\Ghipne32.exe

Filesize
98KB

MD5
d3dd958068884def83c1f32fcc31aa8f

SHA1
78f462321bbdb51b8a366fcca7609dc7414ac029

SHA256
35cf9e890c48d16cb58d4d71dc590d23bfe3206906d210fea8dae05742dbf6a8

SHA512
ecef5d1449997835f8db50d0f34c24ddf01be8bbc3bb4e42cd50c90b8c3da8867044cf14dd494f6042bdba04c15d519c8e875ab99c81eb312a7e47ece65e0120

Download Submit
C:\Windows\SysWOW64\Gkjhoq32.exe

Filesize
98KB

MD5
074f0fb25a0ca5163955ef9bcc8c11ec

SHA1
dbfcd429d42bf3d268084e4d7cdfd4d86ee38205

SHA256
9f87ea428fd00cbb1c4846fcd8bb8e5063dbc1840051c9bcb1870342acd69b58

SHA512
e26c32af8e6eccc076160ee6ee5038118b7c6d414148ad347b96902a84a96be6b7a00e9ed6bb77769620b00baa13acd30a9ff2097b0e93bfaff7caa6765de4d5

Download Submit
C:\Windows\SysWOW64\Gkjhoq32.exe

Filesize
98KB

MD5
074f0fb25a0ca5163955ef9bcc8c11ec

SHA1
dbfcd429d42bf3d268084e4d7cdfd4d86ee38205

SHA256
9f87ea428fd00cbb1c4846fcd8bb8e5063dbc1840051c9bcb1870342acd69b58

SHA512
e26c32af8e6eccc076160ee6ee5038118b7c6d414148ad347b96902a84a96be6b7a00e9ed6bb77769620b00baa13acd30a9ff2097b0e93bfaff7caa6765de4d5

Download Submit
C:\Windows\SysWOW64\Gkobjpin.exe

Filesize
98KB

MD5
2a34a81729843e16ab50e38be2f343e0

SHA1
489d390621a9dfed620d6bbb894ebc258877ed00

SHA256
2ed3ee35747ae4f4cdfe22801d21df7b5e3863e2cd9748042011d1d73777d186

SHA512
5c29832b5b30b09fb496c9e307eb7f701e9894a3c87f6db893b7c6b3197b4930cba428d1e40e09e8776e933b55f5cd106c5a54675847cc6a9b7dbb6e64952a17

Download Submit
C:\Windows\SysWOW64\Gkobjpin.exe

Filesize
98KB

MD5
2a34a81729843e16ab50e38be2f343e0

SHA1
489d390621a9dfed620d6bbb894ebc258877ed00

SHA256
2ed3ee35747ae4f4cdfe22801d21df7b5e3863e2cd9748042011d1d73777d186

SHA512
5c29832b5b30b09fb496c9e307eb7f701e9894a3c87f6db893b7c6b3197b4930cba428d1e40e09e8776e933b55f5cd106c5a54675847cc6a9b7dbb6e64952a17

Download Submit
C:\Windows\SysWOW64\Gnkaalkd.exe

Filesize
98KB

MD5
480016a03866b8dc1d82508d88fffec6

SHA1
643c11024ffae16a97e45d23f60203a113c4b5b3

SHA256
8db6aeef179dd47d65af7fa4d8913d62fc06d0c3ddfac0fec22640ed1eddade4

SHA512
590e3cb2436c942f75e4dea54882d663f098eaf5e4762ce07dd50d33b7ca6565ecb31a53cac54b2b64748cc36b8b78656b1bb4c2a0c85ac1f6754eb1a260f43a

Download Submit
C:\Windows\SysWOW64\Gnkaalkd.exe

Filesize
98KB

MD5
480016a03866b8dc1d82508d88fffec6

SHA1
643c11024ffae16a97e45d23f60203a113c4b5b3

SHA256
8db6aeef179dd47d65af7fa4d8913d62fc06d0c3ddfac0fec22640ed1eddade4

SHA512
590e3cb2436c942f75e4dea54882d663f098eaf5e4762ce07dd50d33b7ca6565ecb31a53cac54b2b64748cc36b8b78656b1bb4c2a0c85ac1f6754eb1a260f43a

Download Submit
C:\Windows\SysWOW64\Pdpmpdbd.exe

Filesize
98KB

MD5
899a0a1945c75f21680495d37578ab82

SHA1
d00dd51feb295635b6809232963d62eb164a17ac

SHA256
4b021ffb7d0e1953d98eafd7224f49151663c8be1fb6cf6418ce8e598739a514

SHA512
56023795acafbb17ff92a8f3ec86c5634b3418038a807cd50882cc0c2864331739d2147d0537d97e7e3ea90f65c3e6a9c095c926705411e469213525dde427af

Download Submit
C:\Windows\SysWOW64\Pdpmpdbd.exe

Filesize
98KB

MD5
899a0a1945c75f21680495d37578ab82

SHA1
d00dd51feb295635b6809232963d62eb164a17ac

SHA256
4b021ffb7d0e1953d98eafd7224f49151663c8be1fb6cf6418ce8e598739a514

SHA512
56023795acafbb17ff92a8f3ec86c5634b3418038a807cd50882cc0c2864331739d2147d0537d97e7e3ea90f65c3e6a9c095c926705411e469213525dde427af

Download Submit
memory/208-178-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/332-208-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/368-203-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/404-206-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/480-280-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/544-211-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/764-159-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/796-293-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/856-260-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1032-256-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1052-176-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1096-290-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1256-279-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1316-312-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1428-202-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1460-320-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1472-251-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1520-321-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1636-291-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1648-323-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1732-282-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2060-296-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2208-179-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2268-281-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2300-302-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2300-132-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2316-264-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2412-309-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2516-180-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2520-276-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2616-263-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2664-177-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2672-311-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3136-300-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3160-265-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3172-151-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3384-283-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3524-252-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3552-322-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3616-249-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3724-313-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3816-294-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3828-157-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3844-210-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3864-266-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3876-278-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3916-175-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3948-310-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3972-275-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3996-295-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4116-154-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4208-298-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4288-292-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4324-257-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4360-153-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4440-248-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4512-152-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4516-246-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4708-245-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4764-247-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/5008-304-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/5056-258-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/5060-259-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/5080-209-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download