68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

Analysis

max time kernel
152s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 08:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe
Size

17KB
MD5

7cae83c0c667f4687cd7b305c31c3240
SHA1

864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4
SHA256

68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b
SHA512

5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873
SSDEEP

192:lfMn88sslYEWz9gsB/nTFVu13l2VjqNKct5qoRug78pT7CIq4X:deHP4RgMTru1IxJSr8pT75q4X

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1432	mswgm.exe
1644	mswgm.exe
1564	mswgm.exe
1104	mswgm.exe
1116	mswgm.exe
664	mswgm.exe
1820	mswgm.exe
1008	mswgm.exe
1732	mswgm.exe
1740	mswgm.exe
1928	mswgm.exe
2028	mswgm.exe
1996	mswgm.exe
1060	mswgm.exe
1832	mswgm.exe
2000	mswgm.exe
796	mswgm.exe
1592	mswgm.exe
1148	mswgm.exe
1432	mswgm.exe
1416	mswgm.exe
1640	mswgm.exe
1232	mswgm.exe
520	mswgm.exe
1440	mswgm.exe
964	mswgm.exe
824	mswgm.exe
1688	mswgm.exe
856	mswgm.exe
988	mswgm.exe
300	mswgm.exe
1812	mswgm.exe
1144	mswgm.exe
1452	mswgm.exe
1500	mswgm.exe
984	mswgm.exe
1004	mswgm.exe
1188	mswgm.exe
588	mswgm.exe
1256	mswgm.exe
1868	mswgm.exe
1504	mswgm.exe
1760	mswgm.exe
1284	mswgm.exe
280	mswgm.exe
1632	mswgm.exe
1544	mswgm.exe
1796	mswgm.exe
1432	mswgm.exe
1524	mswgm.exe
880	mswgm.exe
360	mswgm.exe
1560	mswgm.exe
1880	mswgm.exe
1824	mswgm.exe
792	mswgm.exe
1820	mswgm.exe
2032	mswgm.exe
1220	mswgm.exe
1208	mswgm.exe
2044	mswgm.exe
1156	mswgm.exe
604	mswgm.exe
1464	mswgm.exe

Sets file execution options in registry 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger = "0"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger = "0"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger = "0"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger = "0"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger = "0"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger = "0"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger = "0"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "0"	mswgm.exe

Loads dropped DLL 64 IoCs

pid	Process
1148	68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe
1148	68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe
1432	mswgm.exe
1432	mswgm.exe
1644	mswgm.exe
1644	mswgm.exe
1564	mswgm.exe
1564	mswgm.exe
1104	mswgm.exe
1104	mswgm.exe
1116	mswgm.exe
1116	mswgm.exe
664	mswgm.exe
664	mswgm.exe
1820	mswgm.exe
1820	mswgm.exe
1008	mswgm.exe
1008	mswgm.exe
1732	mswgm.exe
1732	mswgm.exe
1740	mswgm.exe
1740	mswgm.exe
1928	mswgm.exe
1928	mswgm.exe
2028	mswgm.exe
2028	mswgm.exe
1996	mswgm.exe
1996	mswgm.exe
1060	mswgm.exe
1060	mswgm.exe
1832	mswgm.exe
1832	mswgm.exe
2000	mswgm.exe
2000	mswgm.exe
796	mswgm.exe
796	mswgm.exe
1592	mswgm.exe
1592	mswgm.exe
1148	mswgm.exe
1148	mswgm.exe
1432	mswgm.exe
1432	mswgm.exe
1416	mswgm.exe
1416	mswgm.exe
1640	mswgm.exe
1640	mswgm.exe
1232	mswgm.exe
1232	mswgm.exe
520	mswgm.exe
520	mswgm.exe
1440	mswgm.exe
1440	mswgm.exe
964	mswgm.exe
964	mswgm.exe
824	mswgm.exe
824	mswgm.exe
1688	mswgm.exe
1688	mswgm.exe
856	mswgm.exe
856	mswgm.exe
988	mswgm.exe
988	mswgm.exe
300	mswgm.exe
300	mswgm.exe

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Manage Process = "C:\\Windows\\system32\\mswgm.exe"	mswgm.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe
File opened for modification	C:\Windows\SysWOW64\mswgm.exe	68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe
File created	C:\Windows\SysWOW64\mswgm.exe	mswgm.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\IEFP = "C:\\Windows\\SysWOW64\\mswgm.exe"	mswgm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security	mswgm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 1432	1148	68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe	26
PID 1148 wrote to memory of 1432	1148	68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe	26
PID 1148 wrote to memory of 1432	1148	68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe	26
PID 1148 wrote to memory of 1432	1148	68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe	26
PID 1432 wrote to memory of 1644	1432	mswgm.exe	27
PID 1432 wrote to memory of 1644	1432	mswgm.exe	27
PID 1432 wrote to memory of 1644	1432	mswgm.exe	27
PID 1432 wrote to memory of 1644	1432	mswgm.exe	27
PID 1644 wrote to memory of 1564	1644	mswgm.exe	28
PID 1644 wrote to memory of 1564	1644	mswgm.exe	28
PID 1644 wrote to memory of 1564	1644	mswgm.exe	28
PID 1644 wrote to memory of 1564	1644	mswgm.exe	28
PID 1564 wrote to memory of 1104	1564	mswgm.exe	29
PID 1564 wrote to memory of 1104	1564	mswgm.exe	29
PID 1564 wrote to memory of 1104	1564	mswgm.exe	29
PID 1564 wrote to memory of 1104	1564	mswgm.exe	29
PID 1104 wrote to memory of 1116	1104	mswgm.exe	30
PID 1104 wrote to memory of 1116	1104	mswgm.exe	30
PID 1104 wrote to memory of 1116	1104	mswgm.exe	30
PID 1104 wrote to memory of 1116	1104	mswgm.exe	30
PID 1116 wrote to memory of 664	1116	mswgm.exe	31
PID 1116 wrote to memory of 664	1116	mswgm.exe	31
PID 1116 wrote to memory of 664	1116	mswgm.exe	31
PID 1116 wrote to memory of 664	1116	mswgm.exe	31
PID 664 wrote to memory of 1820	664	mswgm.exe	32
PID 664 wrote to memory of 1820	664	mswgm.exe	32
PID 664 wrote to memory of 1820	664	mswgm.exe	32
PID 664 wrote to memory of 1820	664	mswgm.exe	32
PID 1820 wrote to memory of 1008	1820	mswgm.exe	33
PID 1820 wrote to memory of 1008	1820	mswgm.exe	33
PID 1820 wrote to memory of 1008	1820	mswgm.exe	33
PID 1820 wrote to memory of 1008	1820	mswgm.exe	33
PID 1008 wrote to memory of 1732	1008	mswgm.exe	34
PID 1008 wrote to memory of 1732	1008	mswgm.exe	34
PID 1008 wrote to memory of 1732	1008	mswgm.exe	34
PID 1008 wrote to memory of 1732	1008	mswgm.exe	34
PID 1732 wrote to memory of 1740	1732	mswgm.exe	35
PID 1732 wrote to memory of 1740	1732	mswgm.exe	35
PID 1732 wrote to memory of 1740	1732	mswgm.exe	35
PID 1732 wrote to memory of 1740	1732	mswgm.exe	35
PID 1740 wrote to memory of 1928	1740	mswgm.exe	36
PID 1740 wrote to memory of 1928	1740	mswgm.exe	36
PID 1740 wrote to memory of 1928	1740	mswgm.exe	36
PID 1740 wrote to memory of 1928	1740	mswgm.exe	36
PID 1928 wrote to memory of 2028	1928	mswgm.exe	37
PID 1928 wrote to memory of 2028	1928	mswgm.exe	37
PID 1928 wrote to memory of 2028	1928	mswgm.exe	37
PID 1928 wrote to memory of 2028	1928	mswgm.exe	37
PID 2028 wrote to memory of 1996	2028	mswgm.exe	38
PID 2028 wrote to memory of 1996	2028	mswgm.exe	38
PID 2028 wrote to memory of 1996	2028	mswgm.exe	38
PID 2028 wrote to memory of 1996	2028	mswgm.exe	38
PID 1996 wrote to memory of 1060	1996	mswgm.exe	39
PID 1996 wrote to memory of 1060	1996	mswgm.exe	39
PID 1996 wrote to memory of 1060	1996	mswgm.exe	39
PID 1996 wrote to memory of 1060	1996	mswgm.exe	39
PID 1060 wrote to memory of 1832	1060	mswgm.exe	40
PID 1060 wrote to memory of 1832	1060	mswgm.exe	40
PID 1060 wrote to memory of 1832	1060	mswgm.exe	40
PID 1060 wrote to memory of 1832	1060	mswgm.exe	40
PID 1832 wrote to memory of 2000	1832	mswgm.exe	41
PID 1832 wrote to memory of 2000	1832	mswgm.exe	41
PID 1832 wrote to memory of 2000	1832	mswgm.exe	41
PID 1832 wrote to memory of 2000	1832	mswgm.exe	41

C:\Users\Admin\AppData\Local\Temp\68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe
"C:\Users\Admin\AppData\Local\Temp\68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b.exe"
1⤵
- Sets file execution options in registry
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Windows\SysWOW64\mswgm.exe
  C:\Windows\system32\mswgm.exe
  2⤵
  - Executes dropped EXE
  - Sets file execution options in registry
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1432
- - C:\Windows\SysWOW64\mswgm.exe
    C:\Windows\system32\mswgm.exe
    3⤵
    - Executes dropped EXE
    - Sets file execution options in registry
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in System32 directory
    - Modifies Internet Explorer settings
    - Suspicious use of WriteProcessMemory
    PID:1644
  - - C:\Windows\SysWOW64\mswgm.exe
      C:\Windows\system32\mswgm.exe
      4⤵
      Executes dropped EXE
      Sets file execution options in registry
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:1564
    - - C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        Suspicious use of WriteProcessMemory
        
        PID:1104
      - C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        6⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        Suspicious use of WriteProcessMemory
        
        PID:1116
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies Internet Explorer settings
        Suspicious use of WriteProcessMemory
        
        PID:664
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        Suspicious use of WriteProcessMemory
        
        PID:1820
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        9⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        Suspicious use of WriteProcessMemory
        
        PID:1008
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        10⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        Suspicious use of WriteProcessMemory
        
        PID:1732
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        11⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1740
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        12⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Drops file in System32 directory
        Modifies Internet Explorer settings
        Suspicious use of WriteProcessMemory
        
        PID:1928
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies Internet Explorer settings
        Suspicious use of WriteProcessMemory
        
        PID:2028
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies Internet Explorer settings
        Suspicious use of WriteProcessMemory
        
        PID:1996
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies Internet Explorer settings
        Suspicious use of WriteProcessMemory
        
        PID:1060
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1832
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:2000
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        18⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        
        PID:796
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1592
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:1148
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        21⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Adds Run key to start application
        Modifies Internet Explorer settings
        
        PID:1432
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        22⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1416
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        23⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1640
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        24⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1232
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        25⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:520
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1440
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        27⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:964
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        28⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:824
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        29⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Adds Run key to start application
        Modifies Internet Explorer settings
        
        PID:1688
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        30⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:856
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        31⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:988
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        32⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:300
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        33⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1812
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        34⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies Internet Explorer settings
        
        PID:1144
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1452
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        36⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies Internet Explorer settings
        
        PID:1500
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        37⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:984
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        38⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1004
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        39⤵
        Executes dropped EXE
        Sets file execution options in registry
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1188
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        40⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:588
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        41⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1256
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        42⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1868
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        43⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1504
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        44⤵
        Executes dropped EXE
        Sets file execution options in registry
        Drops file in System32 directory
        
        PID:1760
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        45⤵
        Executes dropped EXE
        Sets file execution options in registry
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1284
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        46⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:280
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        47⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1632
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        48⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1544
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        49⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies Internet Explorer settings
        
        PID:1796
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        50⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1432
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        51⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1524
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        52⤵
        Executes dropped EXE
        Sets file execution options in registry
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:880
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        53⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:360
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        54⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1560
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        55⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1880
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        56⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1824
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        57⤵
        Executes dropped EXE
        Sets file execution options in registry
        Modifies Internet Explorer settings
        
        PID:792
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        58⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1820
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        59⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:2032
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        60⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1220
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        61⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1208
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        62⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        
        PID:2044
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        63⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1156
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        64⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies Internet Explorer settings
        
        PID:604
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        65⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1464
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        66⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1652
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        67⤵
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1772
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        68⤵
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:2028
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        69⤵
        Adds Run key to start application
        Modifies Internet Explorer settings
        
        PID:1004
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        70⤵
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1624
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        71⤵
        Sets file execution options in registry
        Modifies Internet Explorer settings
        
        PID:1712
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        72⤵
        Sets file execution options in registry
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1980
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        73⤵
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:940
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        74⤵
        Adds Run key to start application
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1832
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        75⤵
        Sets file execution options in registry
        
        PID:1804
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        76⤵
        Sets file execution options in registry
        Drops file in System32 directory
        Modifies Internet Explorer settings
        
        PID:1760
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        77⤵
        Drops file in System32 directory
        
        PID:1828
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        78⤵
        Adds Run key to start application
        Modifies Internet Explorer settings
        
        PID:1964
        
        C:\Windows\SysWOW64\mswgm.exe
        
        C:\Windows\system32\mswgm.exe
        79⤵
        Modifies Internet Explorer settings
        
        PID:1792

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
C:\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
\Windows\SysWOW64\mswgm.exe

Filesize
17KB

MD5
7cae83c0c667f4687cd7b305c31c3240

SHA1
864d843cf1877e48ddcc75ecbc2fe9f2a5816bc4

SHA256
68d31d1354ac983f8a6036bba9f8653084642dc24d408cec21450661c9da6e5b

SHA512
5694b6b59988d06844be79b9e2745ad98c97fa8794fcab6552d26d229c9f3ed3753906a4d8406e083973f39e6757089bd5c046dd675cad32ad294de86a4b2873

Download Submit
memory/300-236-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/300-238-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/520-211-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/520-213-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/664-102-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/664-98-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/824-223-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/856-229-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/856-231-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/964-220-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/988-234-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1008-116-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1008-112-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1060-154-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1060-159-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1104-84-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1104-89-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1116-91-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1116-96-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1144-245-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1144-243-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1148-55-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1148-60-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1148-54-0x0000000075F81000-0x0000000075F83000-memory.dmp

Filesize
8KB

Download
memory/1148-189-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1148-185-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1232-209-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1232-207-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1416-201-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1416-199-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1432-67-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1432-192-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1432-63-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1432-196-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1440-215-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1440-217-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1452-248-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1500-250-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1564-81-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1564-77-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1592-182-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1592-178-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1640-205-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1640-203-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1644-74-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1644-70-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1688-227-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1688-225-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1732-119-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1732-123-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1740-126-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1740-131-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1812-241-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1820-110-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1820-105-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1832-161-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1832-166-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1928-138-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1928-133-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1996-147-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1996-152-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2000-168-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2000-172-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2028-140-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2028-144-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads