5fb609916ec1b892e31422c6d6eb376b4e0bcfcc61d8cc76069faf8cf2451821

Analysis

max time kernel
68s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37d142c567ef0316a2083d929cb8fa25.exe
Size

72KB
MD5

37d142c567ef0316a2083d929cb8fa25
SHA1

52a9c0be59b032e0e7aa98b0a519f2fd01ee0fb2
SHA256

5fb609916ec1b892e31422c6d6eb376b4e0bcfcc61d8cc76069faf8cf2451821
SHA512

2b29cee9207d1a311ff6472073ddabb5ff5310f026379045607732d3f84d0334f712288b2e0c5dadc03051cd5759fe5ca9b483d311e164897a0fa744850fc860
SSDEEP

1536:nQKeJ5YQx8k+fmTZDZpYuu7Z6BicRw2zvbu/1AQftI3w103CQUI:ngnxsfGDRuljcLmAuI3K

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4944	mdmi386.exe
1356	mdmi386.exe
1724	mdmi386.exe
2660	mdmi386.exe
4524	mdmi386.exe
4100	mdmi386.exe
2432	mdmi386.exe
2140	mdmi386.exe
3564	mdmi386.exe
1800	mdmi386.exe
3124	mdmi386.exe
3560	mdmi386.exe
1104	mdmi386.exe
2868	mdmi386.exe
4732	mdmi386.exe
4372	mdmi386.exe
744	mdmi386.exe
1732	mdmi386.exe
4332	mdmi386.exe
3396	mdmi386.exe
1604	mdmi386.exe
4516	mdmi386.exe
3500	mdmi386.exe
736	mdmi386.exe
1940	mdmi386.exe
1904	mdmi386.exe
552	mdmi386.exe
1292	mdmi386.exe
3132	mdmi386.exe
3996	mdmi386.exe
2292	mdmi386.exe
756	mdmi386.exe
3184	mdmi386.exe
3948	mdmi386.exe
3544	mdmi386.exe
5112	mdmi386.exe
4860	mdmi386.exe
4876	mdmi386.exe
4964	Conhost.exe
4784	mdmi386.exe
1508	mdmi386.exe
2752	mdmi386.exe
4288	mdmi386.exe
4324	mdmi386.exe
912	mdmi386.exe
3652	mdmi386.exe
4900	mdmi386.exe
3700	mdmi386.exe
1040	mdmi386.exe
1360	mdmi386.exe
4820	mdmi386.exe
4960	mdmi386.exe
5104	mdmi386.exe
2340	mdmi386.exe
4708	mdmi386.exe
2920	mdmi386.exe
4100	mdmi386.exe
2988	mdmi386.exe
1144	mdmi386.exe
876	mdmi386.exe
2240	mdmi386.exe
2976	mdmi386.exe
3664	mdmi386.exe
4308	mdmi386.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\mdmi386.exe	37d142c567ef0316a2083d929cb8fa25.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 4944	5104	37d142c567ef0316a2083d929cb8fa25.exe	91
PID 5104 wrote to memory of 4944	5104	37d142c567ef0316a2083d929cb8fa25.exe	91
PID 5104 wrote to memory of 4944	5104	37d142c567ef0316a2083d929cb8fa25.exe	91
PID 4944 wrote to memory of 1356	4944	mdmi386.exe	92
PID 4944 wrote to memory of 1356	4944	mdmi386.exe	92
PID 4944 wrote to memory of 1356	4944	mdmi386.exe	92
PID 1356 wrote to memory of 1724	1356	mdmi386.exe	93
PID 1356 wrote to memory of 1724	1356	mdmi386.exe	93
PID 1356 wrote to memory of 1724	1356	mdmi386.exe	93
PID 1724 wrote to memory of 2660	1724	mdmi386.exe	94
PID 1724 wrote to memory of 2660	1724	mdmi386.exe	94
PID 1724 wrote to memory of 2660	1724	mdmi386.exe	94
PID 2660 wrote to memory of 4524	2660	mdmi386.exe	95
PID 2660 wrote to memory of 4524	2660	mdmi386.exe	95
PID 2660 wrote to memory of 4524	2660	mdmi386.exe	95
PID 4524 wrote to memory of 4100	4524	mdmi386.exe	147
PID 4524 wrote to memory of 4100	4524	mdmi386.exe	147
PID 4524 wrote to memory of 4100	4524	mdmi386.exe	147
PID 4100 wrote to memory of 2432	4100	mdmi386.exe	97
PID 4100 wrote to memory of 2432	4100	mdmi386.exe	97
PID 4100 wrote to memory of 2432	4100	mdmi386.exe	97
PID 2432 wrote to memory of 2140	2432	mdmi386.exe	128
PID 2432 wrote to memory of 2140	2432	mdmi386.exe	128
PID 2432 wrote to memory of 2140	2432	mdmi386.exe	128
PID 2140 wrote to memory of 3564	2140	mdmi386.exe	98
PID 2140 wrote to memory of 3564	2140	mdmi386.exe	98
PID 2140 wrote to memory of 3564	2140	mdmi386.exe	98
PID 3564 wrote to memory of 1800	3564	mdmi386.exe	99
PID 3564 wrote to memory of 1800	3564	mdmi386.exe	99
PID 3564 wrote to memory of 1800	3564	mdmi386.exe	99
PID 1800 wrote to memory of 3124	1800	mdmi386.exe	100
PID 1800 wrote to memory of 3124	1800	mdmi386.exe	100
PID 1800 wrote to memory of 3124	1800	mdmi386.exe	100
PID 3124 wrote to memory of 3560	3124	mdmi386.exe	127
PID 3124 wrote to memory of 3560	3124	mdmi386.exe	127
PID 3124 wrote to memory of 3560	3124	mdmi386.exe	127
PID 3560 wrote to memory of 1104	3560	mdmi386.exe	126
PID 3560 wrote to memory of 1104	3560	mdmi386.exe	126
PID 3560 wrote to memory of 1104	3560	mdmi386.exe	126
PID 1104 wrote to memory of 2868	1104	mdmi386.exe	125
PID 1104 wrote to memory of 2868	1104	mdmi386.exe	125
PID 1104 wrote to memory of 2868	1104	mdmi386.exe	125
PID 2868 wrote to memory of 4732	2868	mdmi386.exe	101
PID 2868 wrote to memory of 4732	2868	mdmi386.exe	101
PID 2868 wrote to memory of 4732	2868	mdmi386.exe	101
PID 4732 wrote to memory of 4372	4732	mdmi386.exe	103
PID 4732 wrote to memory of 4372	4732	mdmi386.exe	103
PID 4732 wrote to memory of 4372	4732	mdmi386.exe	103
PID 4372 wrote to memory of 744	4372	mdmi386.exe	104
PID 4372 wrote to memory of 744	4372	mdmi386.exe	104
PID 4372 wrote to memory of 744	4372	mdmi386.exe	104
PID 744 wrote to memory of 1732	744	mdmi386.exe	105
PID 744 wrote to memory of 1732	744	mdmi386.exe	105
PID 744 wrote to memory of 1732	744	mdmi386.exe	105
PID 1732 wrote to memory of 4332	1732	mdmi386.exe	106
PID 1732 wrote to memory of 4332	1732	mdmi386.exe	106
PID 1732 wrote to memory of 4332	1732	mdmi386.exe	106
PID 4332 wrote to memory of 3396	4332	mdmi386.exe	124
PID 4332 wrote to memory of 3396	4332	mdmi386.exe	124
PID 4332 wrote to memory of 3396	4332	mdmi386.exe	124
PID 3396 wrote to memory of 1604	3396	mdmi386.exe	123
PID 3396 wrote to memory of 1604	3396	mdmi386.exe	123
PID 3396 wrote to memory of 1604	3396	mdmi386.exe	123
PID 1604 wrote to memory of 4516	1604	mdmi386.exe	164

C:\Users\Admin\AppData\Local\Temp\37d142c567ef0316a2083d929cb8fa25.exe
"C:\Users\Admin\AppData\Local\Temp\37d142c567ef0316a2083d929cb8fa25.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4944
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1356
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1724
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2660
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4524
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2432
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2140

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3564
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1800
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3124
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:3560

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  - Executes dropped EXE
  PID:4372
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:744
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1732
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4332
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3396
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        9⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        10⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        11⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        12⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        13⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        14⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        15⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        16⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        17⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        18⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        19⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        20⤵
        
        PID:1296

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:4516
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:3500
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    - Executes dropped EXE
    PID:736

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:552
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  - Executes dropped EXE
  PID:1292

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:3132
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:3996

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:756
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:3184
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:2744
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:1584
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:4452
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:2344
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        9⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        10⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        11⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        12⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        13⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        14⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        15⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        16⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        17⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        18⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        19⤵
        Drops file in System32 directory
        
        PID:2060
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        20⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        21⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        22⤵
        
        PID:4444

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:3948
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:3544

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
PID:5112
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:4860
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    - Executes dropped EXE
    PID:4876
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:4964

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
PID:2292

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
PID:1904

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1940

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1604

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:2572
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:948
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:768
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:4888
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        Drops file in System32 directory
        
        PID:2536
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        9⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        10⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        11⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        12⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        13⤵
        
        PID:4780

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
PID:1104

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
PID:4784
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:1508
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:2752

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
PID:912
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:3652
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:4900
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:3700
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:1040
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        9⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5104
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        10⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        11⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        12⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        12⤵
        
        PID:1512

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
PID:4324

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
PID:4288

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4100
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  - Executes dropped EXE
  PID:2988
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    - Executes dropped EXE
    PID:1144
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      Executes dropped EXE
      PID:876

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2240
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:2976
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:3664
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:4308
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:3584
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        
        PID:628
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        9⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        10⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        11⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        12⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        13⤵
        Executes dropped EXE
        
        PID:4516
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        14⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        15⤵
        Drops file in System32 directory
        
        PID:1540
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        16⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        17⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        18⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        19⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        20⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:552
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        22⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        23⤵
        Drops file in System32 directory
        
        PID:4336
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        24⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        25⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        26⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        27⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        28⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        29⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        30⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        31⤵
        Executes dropped EXE
        
        PID:4860
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        32⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        33⤵
        
        PID:384
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        34⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        35⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        36⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        37⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        38⤵
        
        PID:396
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        39⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        40⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        41⤵
        Executes dropped EXE
        
        PID:3652
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        42⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        43⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        44⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        45⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        46⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        47⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        48⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        49⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        50⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        51⤵
        Executes dropped EXE
        
        PID:2340
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        52⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        53⤵
        Executes dropped EXE
        
        PID:2920
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        54⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        55⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        56⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        31⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        32⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        33⤵
        
        PID:556
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        34⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        35⤵
        
        PID:4288
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:396
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:4876
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:2872
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:1360

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:1432
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:3848
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:2420
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1104
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:3560
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        Executes dropped EXE
        
        PID:3664
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        9⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:4372
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        11⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        12⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        13⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        14⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        15⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        16⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        17⤵
        
        PID:404
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        18⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        19⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        20⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        21⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        22⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        23⤵
        
        PID:220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        24⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3996
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        25⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        26⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        27⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        28⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        29⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        30⤵
        Executes dropped EXE
        
        PID:3184
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        31⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        32⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        33⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        34⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        35⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        36⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        37⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        38⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        39⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        40⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        41⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        42⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        43⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        44⤵
        
        PID:4508

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:4652
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:4132
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:3612

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:2288

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:4832
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:4776
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:1900
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:4080
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        Executes dropped EXE
        
        PID:4960
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4708

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:1856
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:3124
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:3644
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:2012
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:1108
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        
        PID:3872

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:1104
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:4308
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:3584
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:4224
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:744
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:628
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        9⤵
        
        PID:4332

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
- Executes dropped EXE
PID:3948
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  - Executes dropped EXE
  PID:3544
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:2500
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:4272
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:4420
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        9⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        10⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        11⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        12⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        13⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        14⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        15⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        16⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        17⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        18⤵
        Executes dropped EXE
        
        PID:1040
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        19⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        20⤵
        Executes dropped EXE
        
        PID:1360
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        21⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        22⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        23⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        24⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        25⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        26⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        27⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        28⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        29⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        30⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        31⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        32⤵
        Drops file in System32 directory
        
        PID:3848
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        33⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        30⤵
        Drops file in System32 directory
        
        PID:2920
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        31⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        32⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        33⤵
        Drops file in System32 directory
        
        PID:3664
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        34⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        35⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        36⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        37⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        38⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        39⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        40⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        41⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        42⤵
        Drops file in System32 directory
        
        PID:1528
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        43⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        44⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        45⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        46⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        47⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        48⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        49⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        50⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        51⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        52⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        53⤵
        
        PID:552
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        54⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        55⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        56⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        57⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        58⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        59⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        60⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        61⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        62⤵
        Drops file in System32 directory
        
        PID:3164
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        63⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        64⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        65⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        41⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        42⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        43⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        44⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        45⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        46⤵
        Drops file in System32 directory
        
        PID:1860
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        47⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        48⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        49⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        50⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        51⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        52⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        53⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        54⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        55⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        56⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        57⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        58⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        59⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        60⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        61⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        62⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        63⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        64⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        65⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        66⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        67⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        68⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        69⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        70⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        71⤵
        
        PID:876
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        72⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        73⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        74⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        75⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        76⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        77⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        78⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        31⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        32⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        33⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        34⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        35⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        36⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        37⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        38⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        39⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        40⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        41⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        42⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        43⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        44⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        45⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        46⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        47⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        48⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        49⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        50⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        51⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        52⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        53⤵
        
        PID:220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        54⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        55⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        56⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        57⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        58⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        59⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        60⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        21⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        22⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        23⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        24⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        25⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        26⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        27⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        28⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        29⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        30⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        31⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        32⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        33⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        34⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        35⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        36⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        37⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        38⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        39⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        40⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        41⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        42⤵
        Drops file in System32 directory
        
        PID:3520
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        43⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        44⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        45⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        46⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        47⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        48⤵
        
        PID:404
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        49⤵
        
        PID:756
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        50⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        51⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        52⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        53⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        54⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        55⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        56⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        57⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        58⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        59⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        60⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        61⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        62⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        63⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        64⤵
        Drops file in System32 directory
        
        PID:4884
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        65⤵
        
        PID:912
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        66⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        67⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        68⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        69⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        70⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        71⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        72⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        73⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        74⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        75⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        76⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        77⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        78⤵
        
        PID:2920

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
- Executes dropped EXE
PID:4964

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:4732
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:3872
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:2036

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:880
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  - Executes dropped EXE
  PID:4308
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:3580
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:4372
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:2536
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        9⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        10⤵
        
        PID:404
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        11⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        12⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        13⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        14⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        15⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        16⤵
        
        PID:552
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        17⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        18⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        19⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        20⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        21⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        22⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        23⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        24⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        25⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        26⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        27⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        28⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2752
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        29⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        30⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        31⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        32⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        33⤵
        Executes dropped EXE
        
        PID:4900
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        34⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        35⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        36⤵
        Executes dropped EXE
        
        PID:3700
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        37⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        38⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        39⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        40⤵
        Executes dropped EXE
        
        PID:4820
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        41⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        42⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        43⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        44⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        45⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        46⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        47⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        48⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        49⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        50⤵
        
        PID:948
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        51⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        52⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        53⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        54⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        55⤵
        
        PID:380
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        56⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        57⤵
        
        PID:744
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        58⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        59⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        60⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        61⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        62⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        61⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        62⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        63⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        64⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        65⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        66⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        67⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        68⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        69⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        70⤵
        
        PID:552
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        71⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        72⤵
        
        PID:228
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        73⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        74⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        75⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        76⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        77⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        78⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        79⤵
        
        PID:396
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        80⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        81⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        82⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        83⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        84⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        85⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        86⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        87⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        88⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        89⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        90⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        91⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        92⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        93⤵
        Drops file in System32 directory
        
        PID:1432
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        94⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        95⤵
        
        PID:948
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        96⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        97⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        98⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        99⤵
        
        PID:880
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        100⤵
        
        PID:380
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        101⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        102⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        103⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        104⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        105⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        106⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        107⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        108⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        109⤵
        
        PID:756
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        107⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        108⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        109⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        110⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        111⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        112⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        113⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        114⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        115⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        116⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        117⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        118⤵
        Drops file in System32 directory
        
        PID:2816
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        119⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        120⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        121⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        122⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        123⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        124⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        125⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        126⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        127⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        128⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        129⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        130⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        131⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        132⤵
        Drops file in System32 directory
        
        PID:4652
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        133⤵
        
        PID:912
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        134⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        135⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        136⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        137⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        138⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        139⤵
        Drops file in System32 directory
        
        PID:2288
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        140⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        141⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        142⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        143⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        144⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        145⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        146⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        147⤵
        
        PID:876
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        148⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        149⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        150⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        151⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        152⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        153⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        154⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        78⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        79⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        80⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        81⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        82⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        83⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        84⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        85⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        86⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        87⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        88⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        89⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        90⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        91⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        92⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        93⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        94⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        95⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        96⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        97⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        98⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        99⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        100⤵
        Drops file in System32 directory
        
        PID:3136
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        101⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        102⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        103⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        104⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        105⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        106⤵
        Drops file in System32 directory
        
        PID:4028
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        107⤵
        
        PID:404
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        108⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        109⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        110⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        87⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        88⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        89⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        90⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        91⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        92⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        93⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        94⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        95⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        96⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        97⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        98⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        99⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        100⤵
        Drops file in System32 directory
        
        PID:3580
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        101⤵
        
        PID:744
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        102⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        103⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        104⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        105⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        106⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        107⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        108⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        109⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        110⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        111⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        112⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        113⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        114⤵
        
        PID:228
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        115⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        116⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        117⤵
        
        PID:384
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        118⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        119⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        120⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        121⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        122⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        123⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        112⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        113⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        114⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        115⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        116⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        117⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        118⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        119⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        120⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        121⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        122⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        123⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        124⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        125⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        126⤵
        Drops file in System32 directory
        
        PID:3528
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        127⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        128⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        129⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        130⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        131⤵
        Drops file in System32 directory
        
        PID:3652
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        132⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        133⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        134⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        135⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        136⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        137⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        138⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        139⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        140⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        141⤵
        Drops file in System32 directory
        
        PID:4732
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        142⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        143⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        144⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        145⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        146⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        147⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        148⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        149⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        150⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        151⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        152⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        153⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        134⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        135⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        136⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        137⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        138⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        139⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        140⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        124⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        105⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        106⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        107⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        108⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        109⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        110⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        111⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        77⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        78⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        79⤵
        
        PID:912
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        80⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        81⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        82⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        83⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        84⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        85⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        86⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        87⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        88⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        89⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        90⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        91⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        92⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        93⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        94⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        95⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        96⤵
        
        PID:948
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        97⤵
        Drops file in System32 directory
        
        PID:4232
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        98⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        99⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        100⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        101⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        102⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        103⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        63⤵
        
        PID:220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        64⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        65⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        66⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        67⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        68⤵
        
        PID:384
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        69⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        70⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        67⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        68⤵
        
        PID:384
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        69⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        70⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        71⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        72⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        73⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        74⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        75⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        76⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        77⤵
        
        PID:912
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        78⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        79⤵
        Drops file in System32 directory
        
        PID:4344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        80⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        81⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        82⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        83⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        84⤵
        Drops file in System32 directory
        
        PID:3652
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        75⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        76⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        77⤵
        
        PID:996
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        78⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        79⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        80⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        15⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        16⤵
        
        PID:220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        17⤵
        
        PID:552
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        18⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        19⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        20⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        21⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        22⤵
        
        PID:384
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        23⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        24⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        25⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        26⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        27⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        25⤵
        
        PID:996
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        26⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        27⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        28⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        29⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        30⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        31⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        32⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        33⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        34⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        35⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        36⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        37⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        38⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        39⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        40⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        41⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        42⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        43⤵
        
        PID:844
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        44⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        45⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        46⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        47⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        48⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        49⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        50⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        51⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        52⤵
        
        PID:744
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        53⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        54⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        55⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        56⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        57⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        58⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        59⤵
        Drops file in System32 directory
        
        PID:756
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        60⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        61⤵
        
        PID:1584

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
PID:628

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:1860
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:1904
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:3268
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:220
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:2828
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        
        PID:552
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        9⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        10⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        11⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        12⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        13⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        14⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        15⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        16⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        17⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        18⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        19⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        20⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        21⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        22⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        23⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        24⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        25⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        26⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        27⤵
        Drops file in System32 directory
        
        PID:5036
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        28⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        29⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        30⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        31⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        32⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        33⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        34⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        35⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        36⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        37⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        38⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        39⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        40⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        41⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        42⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        43⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        44⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        45⤵
        
        PID:380
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        46⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        47⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        48⤵
        
        PID:744
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        49⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        50⤵
        
        PID:736
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        51⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        15⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        16⤵
        
        PID:220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        17⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        18⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        19⤵
        
        PID:552
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        20⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        21⤵
        
        PID:228
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        22⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        23⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        24⤵
        
        PID:556
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        25⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        26⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        27⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        28⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        29⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        30⤵
        
        PID:996
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        31⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        32⤵
        
        PID:396
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        33⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        34⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        35⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        36⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        37⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        38⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        39⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        40⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        41⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        42⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        43⤵
        
        PID:876
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        44⤵
        
        PID:2844

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:4984

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:5072
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:1356
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:1900
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:4192
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:4660

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:1364
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:4136
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:3652
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:4488
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:4820
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        9⤵
        
        PID:844
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        10⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        11⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        12⤵
        Drops file in System32 directory
        
        PID:3560
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        13⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        14⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        15⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        16⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        17⤵
        
        PID:380
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        18⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        19⤵
        
        PID:736
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        20⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        21⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        15⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        16⤵
        Drops file in System32 directory
        
        PID:2616
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        17⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        18⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        19⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        20⤵
        
        PID:744
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        21⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        22⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        23⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        24⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        25⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        26⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        27⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        28⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        29⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        30⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        31⤵
        
        PID:220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        32⤵
        Drops file in System32 directory
        
        PID:228
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        33⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        34⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        35⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        36⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        37⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        38⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        39⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        40⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        41⤵
        Drops file in System32 directory
        
        PID:4104
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        42⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        43⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        44⤵
        Drops file in System32 directory
        
        PID:1360
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        45⤵
        Drops file in System32 directory
        
        PID:4344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        46⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        47⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        48⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        49⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        50⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        51⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        52⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        53⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        54⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        55⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        56⤵
        
        PID:208
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        57⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        58⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        59⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        60⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        61⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        62⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        63⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        64⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        65⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        66⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        67⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        68⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        69⤵
        
        PID:744
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        70⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        71⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        72⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        73⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        74⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        75⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        76⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        77⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        78⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        79⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        80⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        81⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        82⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        83⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        84⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        85⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        86⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        87⤵
        
        PID:4772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\mdmi386.exe

Filesize
59KB

MD5
773c0ea0f3da9cc689190bfb52a940a9

SHA1
f4655fc73d8d90136a9884dbf0d848e48a0448d9

SHA256
ec9435b041fff8042605f334aa3e3643a6e728e682daa55c636150f288b623f8

SHA512
c106e425a24bccd57dafa361f57ca8286f2bbc6e90431b3d7669655b02326debbb261f5ac32dd9e944111660513334bea6a4dea011d31aa3b02cf09785ac2f13

Download Submit
C:\Windows\SysWOW64\mdmi386.exe

Filesize
9KB

MD5
fe573f050970ff7a082d34a8ebbbf948

SHA1
b76de083c051bf4f1816e9c44cd55cc2fb160456

SHA256
6c9467966867d7c4e16b268e36b7b6dc88d2dd8796ee098c80874c895dbbc281

SHA512
dbf589d803c5d06a9238229ba3563c9e6d378213ed7863789d2e6efb9f07fdb5ecfae38511fdcf0302d7ee41a8ab4729f64b96a08e6a60744e3b1834b64999ac

Download Submit
C:\Windows\SysWOW64\mdmi386.exe

Filesize
72KB

MD5
37d142c567ef0316a2083d929cb8fa25

SHA1
52a9c0be59b032e0e7aa98b0a519f2fd01ee0fb2

SHA256
5fb609916ec1b892e31422c6d6eb376b4e0bcfcc61d8cc76069faf8cf2451821

SHA512
2b29cee9207d1a311ff6472073ddabb5ff5310f026379045607732d3f84d0334f712288b2e0c5dadc03051cd5759fe5ca9b483d311e164897a0fa744850fc860

Download Submit
memory/552-92-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/552-99-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/736-85-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/744-61-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/756-112-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/912-155-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/1040-165-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/1104-50-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/1292-98-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/1356-8-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/1356-18-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/1508-140-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/1508-143-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/1604-76-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/1724-15-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/1732-64-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/1800-39-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/1904-96-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/1904-90-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/1940-88-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/2140-32-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/2292-109-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/2432-29-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/2660-44-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/2660-20-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/2752-144-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/2868-52-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3124-41-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3124-83-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3132-102-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3132-106-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3184-115-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3184-121-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3396-73-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3500-81-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3544-124-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3560-46-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3564-38-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3652-156-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3700-164-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3948-117-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/3996-105-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4100-26-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4288-148-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4324-151-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4332-70-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4332-67-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4372-58-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4516-77-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4524-22-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4524-24-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4732-54-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4732-95-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4732-56-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4784-139-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4860-129-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4876-136-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4900-161-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4944-13-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/4964-133-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/5104-2-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/5104-16-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/5104-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/5104-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/5112-125-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads