844f174440af181e2dddc43a472053f754d80fc312366dd63f2278f8e5bc625f

Analysis

max time kernel
136s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a3dc2e0b15cf61b8308066b41171875.exe
Size

89KB
MD5

3a3dc2e0b15cf61b8308066b41171875
SHA1

974be0049b3b305bbcb6f4d61e103c18a41f5e7c
SHA256

844f174440af181e2dddc43a472053f754d80fc312366dd63f2278f8e5bc625f
SHA512

90f8dbba6d9e052da9c2be0ee9d72ac35afe51b6ab91117a960f191007f278ed9871bf376acb51c69fc992313f6f73ddb74f7bf87cb9af5c113ee9d5fd844397
SSDEEP

1536:D0GazZad8Qroy3pM5zpkopTnHGjKFW3KC2x26feC+2eE/SIx4NCch1y3VWA:DldTMym5zp1pTH+KvzZx10aAA

Score

1^/10

Malware Config

Signatures

C:\Users\Admin\AppData\Local\Temp\3a3dc2e0b15cf61b8308066b41171875.exe
"C:\Users\Admin\AppData\Local\Temp\3a3dc2e0b15cf61b8308066b41171875.exe"
1⤵
PID:2136
- C:\Windows\SysWOW64\secsjczn.exe
  C:\Windows\system32\secsjczn.exe 516 "C:\Users\Admin\AppData\Local\Temp\3a3dc2e0b15cf61b8308066b41171875.exe"
  2⤵
  PID:1792

C:\Windows\SysWOW64\ipsdouhk.exe
C:\Windows\system32\ipsdouhk.exe 508 "C:\Windows\SysWOW64\secsjczn.exe"
1⤵
PID:2244
- C:\Windows\SysWOW64\secnmfun.exe
  C:\Windows\system32\secnmfun.exe 524 "C:\Windows\SysWOW64\ipsdouhk.exe"
  2⤵
  PID:2616

C:\Windows\SysWOW64\netgjidc.exe
C:\Windows\system32\netgjidc.exe 544 "C:\Windows\SysWOW64\capedsrx.exe"
1⤵
PID:1460
- C:\Windows\SysWOW64\cmdxeclk.exe
  C:\Windows\system32\cmdxeclk.exe 556 "C:\Windows\SysWOW64\netgjidc.exe"
  2⤵
  PID:2636

C:\Windows\SysWOW64\xmlvgfus.exe
C:\Windows\system32\xmlvgfus.exe 548 "C:\Windows\SysWOW64\cmdxeclk.exe"
1⤵
PID:1120
- C:\Windows\SysWOW64\cliulkmr.exe
  C:\Windows\system32\cliulkmr.exe 552 "C:\Windows\SysWOW64\xmlvgfus.exe"
  2⤵
  PID:2332

C:\Windows\SysWOW64\ialbvyil.exe
C:\Windows\system32\ialbvyil.exe 576 "C:\Windows\SysWOW64\syswndmg.exe"
1⤵
PID:972
- C:\Windows\SysWOW64\xmlllido.exe
  C:\Windows\system32\xmlllido.exe 580 "C:\Windows\SysWOW64\ialbvyil.exe"
  2⤵
  PID:1176
- - C:\Windows\SysWOW64\advfryoa.exe
    C:\Windows\system32\advfryoa.exe 584 "C:\Windows\SysWOW64\xmlllido.exe"
    3⤵
    PID:1452
  - - C:\Windows\SysWOW64\syselaxb.exe
      C:\Windows\system32\syselaxb.exe 588 "C:\Windows\SysWOW64\advfryoa.exe"
      4⤵
      PID:2672
    - - C:\Windows\SysWOW64\capyriin.exe
        
        C:\Windows\system32\capyriin.exe 592 "C:\Windows\SysWOW64\syselaxb.exe"
        5⤵
        
        PID:1720
      - C:\Windows\SysWOW64\conljgor.exe
        
        C:\Windows\system32\conljgor.exe 604 "C:\Windows\SysWOW64\capyriin.exe"
        6⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\conzkvmy.exe
        
        C:\Windows\system32\conzkvmy.exe 596 "C:\Windows\SysWOW64\conljgor.exe"
        7⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\secxeyvy.exe
        
        C:\Windows\system32\secxeyvy.exe 600 "C:\Windows\SysWOW64\conzkvmy.exe"
        8⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\regtfqdt.exe
        
        C:\Windows\system32\regtfqdt.exe 608 "C:\Windows\SysWOW64\secxeyvy.exe"
        9⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\cmdrplrk.exe
        
        C:\Windows\system32\cmdrplrk.exe 612 "C:\Windows\SysWOW64\regtfqdt.exe"
        10⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\xmlprnzk.exe
        
        C:\Windows\system32\xmlprnzk.exe 616 "C:\Windows\SysWOW64\cmdrplrk.exe"
        11⤵
        
        PID:2528

C:\Windows\SysWOW64\xmljllxi.exe
C:\Windows\system32\xmljllxi.exe 640 "C:\Windows\SysWOW64\xmlukwha.exe"
1⤵
PID:1108
- C:\Windows\SysWOW64\autzfogq.exe
  C:\Windows\system32\autzfogq.exe 632 "C:\Windows\SysWOW64\xmljllxi.exe"
  2⤵
  PID:2312
- - C:\Windows\SysWOW64\sysbldru.exe
    C:\Windows\system32\sysbldru.exe 636 "C:\Windows\SysWOW64\autzfogq.exe"
    3⤵
    PID:2052
  - - C:\Windows\SysWOW64\igfodtxy.exe
      C:\Windows\system32\igfodtxy.exe 620 "C:\Windows\SysWOW64\sysbldru.exe"
      4⤵
      PID:240
    - - C:\Windows\SysWOW64\apizsdsb.exe
        
        C:\Windows\system32\apizsdsb.exe 648 "C:\Windows\SysWOW64\igfodtxy.exe"
        5⤵
        
        PID:1936
      - C:\Windows\SysWOW64\cappngbk.exe
        
        C:\Windows\system32\cappngbk.exe 652 "C:\Windows\SysWOW64\apizsdsb.exe"
        6⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\comgijjk.exe
        
        C:\Windows\system32\comgijjk.exe 656 "C:\Windows\SysWOW64\cappngbk.exe"
        7⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\igfellss.exe
        
        C:\Windows\system32\igfellss.exe 660 "C:\Windows\SysWOW64\comgijjk.exe"
        8⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\igfslbiz.exe
        
        C:\Windows\system32\igfslbiz.exe 672 "C:\Windows\SysWOW64\igfellss.exe"
        9⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\autxmwmf.exe
        
        C:\Windows\system32\autxmwmf.exe 664 "C:\Windows\SysWOW64\igfslbiz.exe"
        10⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\netzbghi.exe
        
        C:\Windows\system32\netzbghi.exe 680 "C:\Windows\SysWOW64\autxmwmf.exe"
        11⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\fxskqrvl.exe
        
        C:\Windows\system32\fxskqrvl.exe 668 "C:\Windows\SysWOW64\netzbghi.exe"
        12⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\apiozmzy.exe
        
        C:\Windows\system32\apiozmzy.exe 676 "C:\Windows\SysWOW64\fxskqrvl.exe"
        13⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\drvzowmb.exe
        
        C:\Windows\system32\drvzowmb.exe 684 "C:\Windows\SysWOW64\apiozmzy.exe"
        14⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\dllpjzub.exe
        
        C:\Windows\system32\dllpjzub.exe 688 "C:\Windows\SysWOW64\drvzowmb.exe"
        15⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\regombdj.exe
        
        C:\Windows\system32\regombdj.exe 692 "C:\Windows\SysWOW64\dllpjzub.exe"
        16⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\igfisrwo.exe
        
        C:\Windows\system32\igfisrwo.exe 696 "C:\Windows\SysWOW64\regombdj.exe"
        17⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\wingmmfw.exe
        
        C:\Windows\system32\wingmmfw.exe 704 "C:\Windows\SysWOW64\igfisrwo.exe"
        18⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\winmnjve.exe
        
        C:\Windows\system32\winmnjve.exe 624 "C:\Windows\SysWOW64\wingmmfw.exe"
        19⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\netlimem.exe
        
        C:\Windows\system32\netlimem.exe 716 "C:\Windows\SysWOW64\winmnjve.exe"
        20⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\ipsyzbji.exe
        
        C:\Windows\system32\ipsyzbji.exe 708 "C:\Windows\SysWOW64\netlimem.exe"
        21⤵
        
        PID:568
        
        C:\Windows\SysWOW64\secapmfl.exe
        
        C:\Windows\system32\secapmfl.exe 712 "C:\Windows\SysWOW64\ipsyzbji.exe"
        22⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\clizkpnt.exe
        
        C:\Windows\system32\clizkpnt.exe 720 "C:\Windows\SysWOW64\secapmfl.exe"
        23⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\fxspmrwb.exe
        
        C:\Windows\system32\fxspmrwb.exe 724 "C:\Windows\SysWOW64\clizkpnt.exe"
        24⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\conaccjw.exe
        
        C:\Windows\system32\conaccjw.exe 504 "C:\Windows\SysWOW64\fxspmrwb.exe"
        25⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\secrxese.exe
        
        C:\Windows\system32\secrxese.exe 700 "C:\Windows\SysWOW64\conaccjw.exe"
        26⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\drvtdudr.exe
        
        C:\Windows\system32\drvtdudr.exe 736 "C:\Windows\SysWOW64\secrxese.exe"
        27⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\dlljgpur.exe
        
        C:\Windows\system32\dlljgpur.exe 748 "C:\Windows\SysWOW64\drvtdudr.exe"
        28⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\coniarcz.exe
        
        C:\Windows\system32\coniarcz.exe 752 "C:\Windows\SysWOW64\dlljgpur.exe"
        29⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\advkqcqc.exe
        
        C:\Windows\system32\advkqcqc.exe 740 "C:\Windows\SysWOW64\coniarcz.exe"
        30⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\autvfmdf.exe
        
        C:\Windows\system32\autvfmdf.exe 760 "C:\Windows\SysWOW64\advkqcqc.exe"
        31⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\cliliptf.exe
        
        C:\Windows\system32\cliliptf.exe 744 "C:\Windows\SysWOW64\autvfmdf.exe"
        32⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\ialcdsco.exe
        
        C:\Windows\system32\ialcdsco.exe 768 "C:\Windows\SysWOW64\cliliptf.exe"
        33⤵
        
        PID:320
        
        C:\Windows\SysWOW64\conejhna.exe
        
        C:\Windows\system32\conejhna.exe 772 "C:\Windows\SysWOW64\ialcdsco.exe"
        34⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\sysraxtw.exe
        
        C:\Windows\system32\sysraxtw.exe 756 "C:\Windows\SysWOW64\conejhna.exe"
        35⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\combqhgz.exe
        
        C:\Windows\system32\combqhgz.exe 764 "C:\Windows\SysWOW64\sysraxtw.exe"
        36⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\cmdvwxsm.exe
        
        C:\Windows\system32\cmdvwxsm.exe 784 "C:\Windows\SysWOW64\combqhgz.exe"
        37⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\xmlursau.exe
        
        C:\Windows\system32\xmlursau.exe 776 "C:\Windows\SysWOW64\cmdvwxsm.exe"
        38⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\autkluru.exe
        
        C:\Windows\system32\autkluru.exe 728 "C:\Windows\SysWOW64\xmlursau.exe"
        39⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\clijoxac.exe
        
        C:\Windows\system32\clijoxac.exe 788 "C:\Windows\SysWOW64\autkluru.exe"
        40⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\clippuqj.exe
        
        C:\Windows\system32\clippuqj.exe 800 "C:\Windows\SysWOW64\clijoxac.exe"
        41⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\igfwtsai.exe
        
        C:\Windows\system32\igfwtsai.exe 804 "C:\Windows\SysWOW64\clippuqj.exe"
        42⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\adveeahs.exe
        
        C:\Windows\system32\adveeahs.exe 808 "C:\Windows\SysWOW64\igfwtsai.exe"
        43⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\netdrxzr.exe
        
        C:\Windows\system32\netdrxzr.exe 792 "C:\Windows\SysWOW64\adveeahs.exe"
        44⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\cmdtcfya.exe
        
        C:\Windows\system32\cmdtcfya.exe 796 "C:\Windows\SysWOW64\netdrxzr.exe"
        45⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\ipsebkvc.exe
        
        C:\Windows\system32\ipsebkvc.exe 812 "C:\Windows\SysWOW64\cmdtcfya.exe"
        46⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\advxxxfq.exe
        
        C:\Windows\system32\advxxxfq.exe 816 "C:\Windows\SysWOW64\ipsebkvc.exe"
        47⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\netxkvpp.exe
        
        C:\Windows\system32\netxkvpp.exe 780 "C:\Windows\SysWOW64\advxxxfq.exe"
        48⤵
        
        PID:480
        
        C:\Windows\SysWOW64\cmdmvdwy.exe
        
        C:\Windows\system32\cmdmvdwy.exe 832 "C:\Windows\SysWOW64\netxkvpp.exe"
        49⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\autujvqv.exe
        
        C:\Windows\system32\autujvqv.exe 836 "C:\Windows\SysWOW64\cmdmvdwy.exe"
        50⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\xmlrrddo.exe
        
        C:\Windows\system32\xmlrrddo.exe 732 "C:\Windows\SysWOW64\autujvqv.exe"
        51⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\neteisir.exe
        
        C:\Windows\system32\neteisir.exe 820 "C:\Windows\SysWOW64\xmlrrddo.exe"
        52⤵
        
        PID:796

C:\Windows\SysWOW64\xmlukwha.exe
C:\Windows\system32\xmlukwha.exe 628 "C:\Windows\SysWOW64\clihsybf.exe"
1⤵
PID:1404

C:\Windows\SysWOW64\clihsybf.exe
C:\Windows\system32\clihsybf.exe 520 "C:\Windows\SysWOW64\netgmqis.exe"
1⤵
PID:1684

C:\Windows\SysWOW64\netgmqis.exe
C:\Windows\system32\netgmqis.exe 512 "C:\Windows\SysWOW64\xmlprnzk.exe"
1⤵
PID:2796

C:\Windows\SysWOW64\syswndmg.exe
C:\Windows\system32\syswndmg.exe 572 "C:\Windows\SysWOW64\secmysrc.exe"
1⤵
PID:1540

C:\Windows\SysWOW64\secmysrc.exe
C:\Windows\system32\secmysrc.exe 564 "C:\Windows\SysWOW64\convdpiu.exe"
1⤵
PID:2340

C:\Windows\SysWOW64\convdpiu.exe
C:\Windows\system32\convdpiu.exe 560 "C:\Windows\SysWOW64\fxslffvr.exe"
1⤵
PID:1728

C:\Windows\SysWOW64\fxslffvr.exe
C:\Windows\system32\fxslffvr.exe 568 "C:\Windows\SysWOW64\cliulkmr.exe"
1⤵
PID:676

C:\Windows\SysWOW64\capedsrx.exe
C:\Windows\system32\capedsrx.exe 536 "C:\Windows\SysWOW64\apioipjp.exe"
1⤵
PID:2696

C:\Windows\SysWOW64\netzlvdk.exe
C:\Windows\system32\netzlvdk.exe 432 "C:\Windows\SysWOW64\neteisir.exe"
1⤵
PID:1916
- C:\Windows\SysWOW64\fxscafrn.exe
  C:\Windows\system32\fxscafrn.exe 460 "C:\Windows\SysWOW64\netzlvdk.exe"
  2⤵
  PID:2360
- - C:\Windows\SysWOW64\dlluqlvd.exe
    C:\Windows\system32\dlluqlvd.exe 464 "C:\Windows\SysWOW64\fxscafrn.exe"
    3⤵
    PID:3000
  - - C:\Windows\SysWOW64\dllqtnqd.exe
      C:\Windows\system32\dllqtnqd.exe 436 "C:\Windows\SysWOW64\dlluqlvd.exe"
      4⤵
      PID:2544
    - - C:\Windows\SysWOW64\comkzvkq.exe
        
        C:\Windows\system32\comkzvkq.exe 472 "C:\Windows\SysWOW64\dllqtnqd.exe"
        5⤵
        
        PID:2496
      - C:\Windows\SysWOW64\netqpyfo.exe
        
        C:\Windows\system32\netqpyfo.exe 440 "C:\Windows\SysWOW64\comkzvkq.exe"
        6⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\cmdgkbno.exe
        
        C:\Windows\system32\cmdgkbno.exe 480 "C:\Windows\SysWOW64\netqpyfo.exe"
        7⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\advrigkp.exe
        
        C:\Windows\system32\advrigkp.exe 484 "C:\Windows\SysWOW64\cmdgkbno.exe"
        8⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\commavql.exe
        
        C:\Windows\system32\commavql.exe 864 "C:\Windows\SysWOW64\advrigkp.exe"
        9⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\conyzbnn.exe
        
        C:\Windows\system32\conyzbnn.exe 884 "C:\Windows\SysWOW64\commavql.exe"
        10⤵
        
        PID:932
        
        C:\Windows\SysWOW64\apinkjux.exe
        
        C:\Windows\system32\apinkjux.exe 876 "C:\Windows\SysWOW64\conyzbnn.exe"
        11⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\cmdjltcr.exe
        
        C:\Windows\system32\cmdjltcr.exe 880 "C:\Windows\SysWOW64\apinkjux.exe"
        12⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\nethcwqi.exe
        
        C:\Windows\system32\nethcwqi.exe 888 "C:\Windows\SysWOW64\cmdjltcr.exe"
        13⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\comjidbm.exe
        
        C:\Windows\system32\comjidbm.exe 900 "C:\Windows\SysWOW64\nethcwqi.exe"
        14⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\apiwathq.exe
        
        C:\Windows\system32\apiwathq.exe 892 "C:\Windows\SysWOW64\comjidbm.exe"
        15⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\capuvwqy.exe
        
        C:\Windows\system32\capuvwqy.exe 896 "C:\Windows\SysWOW64\apiwathq.exe"
        16⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\dllxkglt.exe
        
        C:\Windows\system32\dllxkglt.exe 868 "C:\Windows\SysWOW64\capuvwqy.exe"
        17⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\ialhaqyx.exe
        
        C:\Windows\system32\ialhaqyx.exe 908 "C:\Windows\SysWOW64\dllxkglt.exe"
        18⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\cmdbwlis.exe
        
        C:\Windows\system32\cmdbwlis.exe 912 "C:\Windows\SysWOW64\ialhaqyx.exe"
        19⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\drvoobno.exe
        
        C:\Windows\system32\drvoobno.exe 924 "C:\Windows\SysWOW64\cmdbwlis.exe"
        20⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\netejeww.exe
        
        C:\Windows\system32\netejeww.exe 916 "C:\Windows\SysWOW64\drvoobno.exe"
        21⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\fxspyora.exe
        
        C:\Windows\system32\fxspyora.exe 920 "C:\Windows\SysWOW64\netejeww.exe"
        22⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\regjewde.exe
        
        C:\Windows\system32\regjewde.exe 928 "C:\Windows\SysWOW64\fxspyora.exe"
        23⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\seciqtnd.exe
        
        C:\Windows\system32\seciqtnd.exe 932 "C:\Windows\SysWOW64\regjewde.exe"
        24⤵
        
        PID:800
        
        C:\Windows\SysWOW64\capycbuu.exe
        
        C:\Windows\system32\capycbuu.exe 936 "C:\Windows\SysWOW64\seciqtnd.exe"
        25⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\cmdjagjo.exe
        
        C:\Windows\system32\cmdjagjo.exe 948 "C:\Windows\SysWOW64\capycbuu.exe"
        26⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\comcxbtc.exe
        
        C:\Windows\system32\comcxbtc.exe 952 "C:\Windows\SysWOW64\cmdjagjo.exe"
        27⤵
        
        PID:844
        
        C:\Windows\SysWOW64\xmlpfwxp.exe
        
        C:\Windows\system32\xmlpfwxp.exe 940 "C:\Windows\SysWOW64\comcxbtc.exe"
        28⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\winrvhss.exe
        
        C:\Windows\system32\winrvhss.exe 944 "C:\Windows\SysWOW64\xmlpfwxp.exe"
        29⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\netiqjas.exe
        
        C:\Windows\system32\netiqjas.exe 872 "C:\Windows\SysWOW64\winrvhss.exe"
        30⤵
        
        PID:880
        
        C:\Windows\SysWOW64\reggkejb.exe
        
        C:\Windows\system32\reggkejb.exe 968 "C:\Windows\SysWOW64\netiqjas.exe"
        31⤵
        
        PID:840
        
        C:\Windows\SysWOW64\ipsjiowe.exe
        
        C:\Windows\system32\ipsjiowe.exe 960 "C:\Windows\SysWOW64\reggkejb.exe"
        32⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\drvhdrfm.exe
        
        C:\Windows\system32\drvhdrfm.exe 964 "C:\Windows\SysWOW64\ipsjiowe.exe"
        33⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\cmdghpxd.exe
        
        C:\Windows\system32\cmdghpxd.exe 904 "C:\Windows\SysWOW64\drvhdrfm.exe"
        34⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\conwaxwu.exe
        
        C:\Windows\system32\conwaxwu.exe 984 "C:\Windows\SysWOW64\cmdghpxd.exe"
        35⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\autveuot.exe
        
        C:\Windows\system32\autveuot.exe 976 "C:\Windows\SysWOW64\conwaxwu.exe"
        36⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\apibwxdc.exe
        
        C:\Windows\system32\apibwxdc.exe 992 "C:\Windows\SysWOW64\autveuot.exe"
        37⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\cliaaunb.exe
        
        C:\Windows\system32\cliaaunb.exe 996 "C:\Windows\SysWOW64\apibwxdc.exe"
        38⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\apinrkte.exe
        
        C:\Windows\system32\apinrkte.exe 980 "C:\Windows\SysWOW64\cliaaunb.exe"
        39⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\capyhuoi.exe
        
        C:\Windows\system32\capyhuoi.exe 444 "C:\Windows\SysWOW64\apinrkte.exe"
        40⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\dllzppfn.exe
        
        C:\Windows\system32\dllzppfn.exe 448 "C:\Windows\SysWOW64\capyhuoi.exe"
        41⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\conlnuin.exe
        
        C:\Windows\system32\conlnuin.exe 496 "C:\Windows\SysWOW64\dllzppfn.exe"
        42⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\windvnca.exe
        
        C:\Windows\system32\windvnca.exe 452 "C:\Windows\SysWOW64\conlnuin.exe"
        43⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\cmdljfoy.exe
        
        C:\Windows\system32\cmdljfoy.exe 500 "C:\Windows\SysWOW64\windvnca.exe"
        44⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\dllycniz.exe
        
        C:\Windows\system32\dllycniz.exe 456 "C:\Windows\SysWOW64\cmdljfoy.exe"
        45⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\capxqcfe.exe
        
        C:\Windows\system32\capxqcfe.exe 476 "C:\Windows\SysWOW64\dllycniz.exe"
        46⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\cmdhisya.exe
        
        C:\Windows\system32\cmdhisya.exe 488 "C:\Windows\SysWOW64\capxqcfe.exe"
        47⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\comzhsmp.exe
        
        C:\Windows\system32\comzhsmp.exe 848 "C:\Windows\SysWOW64\cmdhisya.exe"
        48⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\sysyvikl.exe
        
        C:\Windows\system32\sysyvikl.exe 492 "C:\Windows\SysWOW64\comzhsmp.exe"
        49⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\secjiasj.exe
        
        C:\Windows\system32\secjiasj.exe 644 "C:\Windows\SysWOW64\sysyvikl.exe"
        50⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\nettaykf.exe
        
        C:\Windows\system32\nettaykf.exe 824 "C:\Windows\SysWOW64\secjiasj.exe"
        51⤵
        
        PID:544
        
        C:\Windows\SysWOW64\clivgfwr.exe
        
        C:\Windows\system32\clivgfwr.exe 828 "C:\Windows\SysWOW64\nettaykf.exe"
        52⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\drvgqikq.exe
        
        C:\Windows\system32\drvgqikq.exe 840 "C:\Windows\SysWOW64\clivgfwr.exe"
        53⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\cliqhgcm.exe
        
        C:\Windows\system32\cliqhgcm.exe 844 "C:\Windows\SysWOW64\drvgqikq.exe"
        54⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\wingmsya.exe
        
        C:\Windows\system32\wingmsya.exe 852 "C:\Windows\SysWOW64\cliqhgcm.exe"
        55⤵
        
        PID:588
        
        C:\Windows\SysWOW64\apihlteh.exe
        
        C:\Windows\system32\apihlteh.exe 856 "C:\Windows\SysWOW64\wingmsya.exe"
        56⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\advolqjd.exe
        
        C:\Windows\system32\advolqjd.exe 860 "C:\Windows\SysWOW64\apihlteh.exe"
        57⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\igfsvdap.exe
        
        C:\Windows\system32\igfsvdap.exe 956 "C:\Windows\SysWOW64\advolqjd.exe"
        58⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\conheoht.exe
        
        C:\Windows\system32\conheoht.exe 972 "C:\Windows\SysWOW64\igfsvdap.exe"
        59⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\cmdlobym.exe
        
        C:\Windows\system32\cmdlobym.exe 988 "C:\Windows\SysWOW64\conheoht.exe"
        60⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\drvukwbh.exe
        
        C:\Windows\system32\drvukwbh.exe 1000 "C:\Windows\SysWOW64\cmdlobym.exe"
        61⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\capwqdmm.exe
        
        C:\Windows\system32\capwqdmm.exe 1032 "C:\Windows\SysWOW64\drvukwbh.exe"
        62⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\advixbda.exe
        
        C:\Windows\system32\advixbda.exe 1004 "C:\Windows\SysWOW64\capwqdmm.exe"
        63⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\autsprww.exe
        
        C:\Windows\system32\autsprww.exe 1008 "C:\Windows\SysWOW64\advixbda.exe"
        64⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\regsjrws.exe
        
        C:\Windows\system32\regsjrws.exe 1012 "C:\Windows\SysWOW64\autsprww.exe"
        65⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\ipsdybkv.exe
        
        C:\Windows\system32\ipsdybkv.exe 1016 "C:\Windows\SysWOW64\regsjrws.exe"
        66⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\ialbcmzf.exe
        
        C:\Windows\system32\ialbcmzf.exe 1020 "C:\Windows\SysWOW64\ipsdybkv.exe"
        67⤵
        
        PID:324
        
        C:\Windows\SysWOW64\conviukr.exe
        
        C:\Windows\system32\conviukr.exe 1056 "C:\Windows\SysWOW64\ialbcmzf.exe"
        68⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\caprexvc.exe
        
        C:\Windows\system32\caprexvc.exe 1028 "C:\Windows\SysWOW64\conviukr.exe"
        69⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\capfwmlk.exe
        
        C:\Windows\system32\capfwmlk.exe 1064 "C:\Windows\SysWOW64\caprexvc.exe"
        70⤵
        
        PID:452
        
        C:\Windows\SysWOW64\conwwsch.exe
        
        C:\Windows\system32\conwwsch.exe 1036 "C:\Windows\SysWOW64\capfwmlk.exe"
        71⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\apieisjy.exe
        
        C:\Windows\system32\apieisjy.exe 1124 "C:\Windows\SysWOW64\conwwsch.exe"
        72⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\comsriaa.exe
        
        C:\Windows\system32\comsriaa.exe 1040 "C:\Windows\SysWOW64\apieisjy.exe"
        73⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\dlllpjoh.exe
        
        C:\Windows\system32\dlllpjoh.exe 1044 "C:\Windows\SysWOW64\comsriaa.exe"
        74⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\advvnbil.exe
        
        C:\Windows\system32\advvnbil.exe 1048 "C:\Windows\SysWOW64\dlllpjoh.exe"
        75⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\drvlzjhc.exe
        
        C:\Windows\system32\drvlzjhc.exe 1052 "C:\Windows\SysWOW64\advvnbil.exe"
        76⤵
        
        PID:1192

C:\Windows\SysWOW64\apioipjp.exe
C:\Windows\system32\apioipjp.exe 532 "C:\Windows\SysWOW64\igfdlfnm.exe"
1⤵
PID:944

C:\Windows\SysWOW64\igfdlfnm.exe
C:\Windows\system32\igfdlfnm.exe 540 "C:\Windows\SysWOW64\cmdavuaj.exe"
1⤵
PID:2492

C:\Windows\SysWOW64\cmdavuaj.exe
C:\Windows\system32\cmdavuaj.exe 528 "C:\Windows\SysWOW64\secnmfun.exe"
1⤵
PID:2704

C:\Windows\SysWOW64\conbcuwl.exe
C:\Windows\system32\conbcuwl.exe 1060 "C:\Windows\SysWOW64\drvlzjhc.exe"
1⤵
PID:1180
- C:\Windows\SysWOW64\igfdibhy.exe
  C:\Windows\system32\igfdibhy.exe 1092 "C:\Windows\SysWOW64\conbcuwl.exe"
  2⤵
  PID:3048
- - C:\Windows\SysWOW64\fxsqquhk.exe
    C:\Windows\system32\fxsqquhk.exe 1068 "C:\Windows\SysWOW64\igfdibhy.exe"
    3⤵
    PID:2540
  - - C:\Windows\SysWOW64\ipsgtwqk.exe
      C:\Windows\system32\ipsgtwqk.exe 1100 "C:\Windows\SysWOW64\fxsqquhk.exe"
      4⤵
      PID:1852

C:\Windows\SysWOW64\capbzwky.exe
C:\Windows\system32\capbzwky.exe 1072 "C:\Windows\SysWOW64\ipsgtwqk.exe"
1⤵
PID:1640
- C:\Windows\SysWOW64\convpeii.exe
  C:\Windows\system32\convpeii.exe 1076 "C:\Windows\SysWOW64\capbzwky.exe"
  2⤵
  PID:2168
- - C:\Windows\SysWOW64\sysehczn.exe
    C:\Windows\system32\sysehczn.exe 1080 "C:\Windows\SysWOW64\convpeii.exe"
    3⤵
    PID:272
  - - C:\Windows\SysWOW64\dllpfagq.exe
      C:\Windows\system32\dllpfagq.exe 1084 "C:\Windows\SysWOW64\sysehczn.exe"
      4⤵
      PID:1304
    - - C:\Windows\SysWOW64\dlldypwx.exe
        
        C:\Windows\system32\dlldypwx.exe 1088 "C:\Windows\SysWOW64\dllpfagq.exe"
        5⤵
        
        PID:1980
      - C:\Windows\SysWOW64\winpdcnn.exe
        
        C:\Windows\system32\winpdcnn.exe 1096 "C:\Windows\SysWOW64\dlldypwx.exe"
        6⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\xmlntfql.exe
        
        C:\Windows\system32\xmlntfql.exe 1104 "C:\Windows\SysWOW64\winpdcnn.exe"
        7⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\reglwqxu.exe
        
        C:\Windows\system32\reglwqxu.exe 1108 "C:\Windows\SysWOW64\xmlntfql.exe"
        8⤵
        
        PID:788
        
        C:\Windows\SysWOW64\igfncyjg.exe
        
        C:\Windows\system32\igfncyjg.exe 1112 "C:\Windows\SysWOW64\reglwqxu.exe"
        9⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\ipsypget.exe
        
        C:\Windows\system32\ipsypget.exe 1116 "C:\Windows\SysWOW64\igfncyjg.exe"
        10⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\cmdbxvna.exe
        
        C:\Windows\system32\cmdbxvna.exe 1148 "C:\Windows\SysWOW64\ipsypget.exe"
        11⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\sysqqtfi.exe
        
        C:\Windows\system32\sysqqtfi.exe 1120 "C:\Windows\SysWOW64\cmdbxvna.exe"
        12⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\cmdhlwoq.exe
        
        C:\Windows\system32\cmdhlwoq.exe 1128 "C:\Windows\SysWOW64\sysqqtfi.exe"
        13⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\secrhoob.exe
        
        C:\Windows\system32\secrhoob.exe 1132 "C:\Windows\SysWOW64\cmdhlwoq.exe"
        14⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\secfimmi.exe
        
        C:\Windows\system32\secfimmi.exe 1164 "C:\Windows\SysWOW64\secrhoob.exe"
        15⤵
        
        PID:3068

C:\Windows\SysWOW64\fxspzkku.exe
C:\Windows\system32\fxspzkku.exe 1136 "C:\Windows\SysWOW64\secfimmi.exe"
1⤵
PID:948
- C:\Windows\SysWOW64\conznsqs.exe
  C:\Windows\system32\conznsqs.exe 1140 "C:\Windows\SysWOW64\fxspzkku.exe"
  2⤵
  PID:652
- - C:\Windows\SysWOW64\apiyquza.exe
    C:\Windows\system32\apiyquza.exe 1144 "C:\Windows\SysWOW64\conznsqs.exe"
    3⤵
    PID:1824
  - - C:\Windows\SysWOW64\igfdkulx.exe
      C:\Windows\system32\igfdkulx.exe 1152 "C:\Windows\SysWOW64\apiyquza.exe"
      4⤵
      PID:1060
    - - C:\Windows\SysWOW64\wintnxcf.exe
        
        C:\Windows\system32\wintnxcf.exe 1184 "C:\Windows\SysWOW64\igfdkulx.exe"
        5⤵
        
        PID:1100
      - C:\Windows\SysWOW64\conndngf.exe
        
        C:\Windows\system32\conndngf.exe 1156 "C:\Windows\SysWOW64\wintnxcf.exe"
        6⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\ipspjvrs.exe
        
        C:\Windows\system32\ipspjvrs.exe 1192 "C:\Windows\SysWOW64\conndngf.exe"
        7⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\ialwddrx.exe
        
        C:\Windows\system32\ialwddrx.exe 1160 "C:\Windows\SysWOW64\ipspjvrs.exe"
        8⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\advvyghf.exe
        
        C:\Windows\system32\advvyghf.exe 1172 "C:\Windows\SysWOW64\ialwddrx.exe"
        9⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\netpevyz.exe
        
        C:\Windows\system32\netpevyz.exe 1168 "C:\Windows\SysWOW64\advvyghf.exe"
        10⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\drvuvyuq.exe
        
        C:\Windows\system32\drvuvyuq.exe 1208 "C:\Windows\SysWOW64\netpevyz.exe"
        11⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\igflxjig.exe
        
        C:\Windows\system32\igflxjig.exe 1176 "C:\Windows\SysWOW64\drvuvyuq.exe"
        12⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\coneuwsc.exe
        
        C:\Windows\system32\coneuwsc.exe 1216 "C:\Windows\SysWOW64\igflxjig.exe"
        13⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\advsubvr.exe
        
        C:\Windows\system32\advsubvr.exe 1180 "C:\Windows\SysWOW64\coneuwsc.exe"
        14⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\secuargd.exe
        
        C:\Windows\system32\secuargd.exe 1220 "C:\Windows\SysWOW64\advsubvr.exe"
        15⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\comdjpyw.exe
        
        C:\Windows\system32\comdjpyw.exe 1188 "C:\Windows\SysWOW64\secuargd.exe"
        16⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\iallvxff.exe
        
        C:\Windows\system32\iallvxff.exe 1196 "C:\Windows\SysWOW64\comdjpyw.exe"
        17⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\conrlzgm.exe
        
        C:\Windows\system32\conrlzgm.exe 1200 "C:\Windows\SysWOW64\iallvxff.exe"
        18⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\secpgcpu.exe
        
        C:\Windows\system32\secpgcpu.exe 1240 "C:\Windows\SysWOW64\conrlzgm.exe"
        19⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\winmokgc.exe
        
        C:\Windows\system32\winmokgc.exe 1204 "C:\Windows\SysWOW64\secpgcpu.exe"
        20⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\autguaag.exe
        
        C:\Windows\system32\autguaag.exe 1252 "C:\Windows\SysWOW64\winmokgc.exe"
        21⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\ialrqsaz.exe
        
        C:\Windows\system32\ialrqsaz.exe 1212 "C:\Windows\SysWOW64\autguaag.exe"
        22⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\reglwiml.exe
        
        C:\Windows\system32\reglwiml.exe 1256 "C:\Windows\SysWOW64\ialrqsaz.exe"
        23⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\drvapqyk.exe
        
        C:\Windows\system32\drvapqyk.exe 1224 "C:\Windows\SysWOW64\reglwiml.exe"
        24⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\capcvgjp.exe
        
        C:\Windows\system32\capcvgjp.exe 1264 "C:\Windows\SysWOW64\drvapqyk.exe"
        25⤵
        
        PID:608
        
        C:\Windows\SysWOW64\xmlufgkk.exe
        
        C:\Windows\system32\xmlufgkk.exe 1228 "C:\Windows\SysWOW64\capcvgjp.exe"
        26⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\seckqorc.exe
        
        C:\Windows\system32\seckqorc.exe 1272 "C:\Windows\SysWOW64\xmlufgkk.exe"
        27⤵
        
        PID:1892

C:\Windows\SysWOW64\igftimhz.exe
C:\Windows\system32\igftimhz.exe 1232 "C:\Windows\SysWOW64\seckqorc.exe"
1⤵
PID:2828
- C:\Windows\SysWOW64\sysaujsy.exe
  C:\Windows\system32\sysaujsy.exe 1236 "C:\Windows\SysWOW64\igftimhz.exe"
  2⤵
  PID:784

C:\Windows\SysWOW64\cmduahrs.exe
C:\Windows\system32\cmduahrs.exe 1244 "C:\Windows\SysWOW64\sysaujsy.exe"
1⤵
PID:2824
- C:\Windows\SysWOW64\dllarbfj.exe
  C:\Windows\system32\dllarbfj.exe 1288 "C:\Windows\SysWOW64\cmduahrs.exe"
  2⤵
  PID:572
- - C:\Windows\SysWOW64\concezdd.exe
    C:\Windows\system32\concezdd.exe 1248 "C:\Windows\SysWOW64\dllarbfj.exe"
    3⤵
    PID:1920
  - - C:\Windows\SysWOW64\ipswkppp.exe
      C:\Windows\system32\ipswkppp.exe 1296 "C:\Windows\SysWOW64\concezdd.exe"
      4⤵
      PID:2440
    - - C:\Windows\SysWOW64\apibbrqo.exe
        
        C:\Windows\system32\apibbrqo.exe 1260 "C:\Windows\SysWOW64\ipswkppp.exe"
        5⤵
        
        PID:848
      - C:\Windows\SysWOW64\capawuzw.exe
        
        C:\Windows\system32\capawuzw.exe 1304 "C:\Windows\SysWOW64\apibbrqo.exe"
        6⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\ialujsyy.exe
        
        C:\Windows\system32\ialujsyy.exe 1268 "C:\Windows\SysWOW64\capawuzw.exe"
        7⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\conwpijc.exe
        
        C:\Windows\system32\conwpijc.exe 1312 "C:\Windows\SysWOW64\ialujsyy.exe"
        8⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\igftxqjk.exe
        
        C:\Windows\system32\igftxqjk.exe 1276 "C:\Windows\SysWOW64\conwpijc.exe"
        9⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\winrssrs.exe
        
        C:\Windows\system32\winrssrs.exe 1300 "C:\Windows\SysWOW64\igftxqjk.exe"
        10⤵
        
        PID:1456

C:\Windows\SysWOW64\sysozaja.exe
C:\Windows\system32\sysozaja.exe 1280 "C:\Windows\SysWOW64\winrssrs.exe"
1⤵
PID:2476
- C:\Windows\SysWOW64\cmdecdsi.exe
  C:\Windows\system32\cmdecdsi.exe 1328 "C:\Windows\SysWOW64\sysozaja.exe"
  2⤵
  PID:2744
- - C:\Windows\SysWOW64\ialksgth.exe
    C:\Windows\system32\ialksgth.exe 1284 "C:\Windows\SysWOW64\cmdecdsi.exe"
    3⤵
    PID:1480
  - - C:\Windows\SysWOW64\conmyvft.exe
      C:\Windows\system32\conmyvft.exe 1340 "C:\Windows\SysWOW64\ialksgth.exe"
      4⤵
      PID:2456

C:\Windows\SysWOW64\netcbgaj.exe
C:\Windows\system32\netcbgaj.exe 1292 "C:\Windows\SysWOW64\conmyvft.exe"
1⤵
PID:768
- C:\Windows\SysWOW64\cliehwmw.exe
  C:\Windows\system32\cliehwmw.exe 1308 "C:\Windows\SysWOW64\netcbgaj.exe"
  2⤵
  PID:1900
- - C:\Windows\SysWOW64\ipshvomo.exe
    C:\Windows\system32\ipshvomo.exe 1316 "C:\Windows\SysWOW64\cliehwmw.exe"
    3⤵
    PID:1992
  - - C:\Windows\SysWOW64\drvxqrdo.exe
      C:\Windows\system32\drvxqrdo.exe 1352 "C:\Windows\SysWOW64\ipshvomo.exe"
      4⤵
      PID:1744

C:\Windows\SysWOW64\comlypgm.exe
C:\Windows\system32\comlypgm.exe 1320 "C:\Windows\SysWOW64\drvxqrdo.exe"
1⤵
PID:1688
- C:\Windows\SysWOW64\igfktrpu.exe
  C:\Windows\system32\igfktrpu.exe 1360 "C:\Windows\SysWOW64\comlypgm.exe"
  2⤵
  PID:2580
- - C:\Windows\SysWOW64\winegpno.exe
    C:\Windows\system32\winegpno.exe 1324 "C:\Windows\SysWOW64\igfktrpu.exe"
    3⤵
    PID:2200
  - - C:\Windows\SysWOW64\autgnfza.exe
      C:\Windows\system32\autgnfza.exe 1368 "C:\Windows\SysWOW64\winegpno.exe"
      4⤵
      PID:2700

C:\Windows\SysWOW64\ialjbxzl.exe
C:\Windows\system32\ialjbxzl.exe 1332 "C:\Windows\SysWOW64\autgnfza.exe"
1⤵
PID:1636
- C:\Windows\SysWOW64\reglhfly.exe
  C:\Windows\system32\reglhfly.exe 1336 "C:\Windows\SysWOW64\ialjbxzl.exe"
  2⤵
  PID:2976
- - C:\Windows\SysWOW64\fxsfsfso.exe
    C:\Windows\system32\fxsfsfso.exe 1344 "C:\Windows\SysWOW64\reglhfly.exe"
    3⤵
    PID:2356
  - - C:\Windows\SysWOW64\ipswniax.exe
      C:\Windows\system32\ipswniax.exe 1384 "C:\Windows\SysWOW64\fxsfsfso.exe"
      4⤵
      PID:1828
    - - C:\Windows\SysWOW64\drvyayzr.exe
        
        C:\Windows\system32\drvyayzr.exe 1348 "C:\Windows\SysWOW64\ipswniax.exe"
        5⤵
        
        PID:1064
      - C:\Windows\SysWOW64\ipsbqewi.exe
        
        C:\Windows\system32\ipsbqewi.exe 1392 "C:\Windows\SysWOW64\drvyayzr.exe"
        6⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\xmlyymoq.exe
        
        C:\Windows\system32\xmlyymoq.exe 1356 "C:\Windows\SysWOW64\ipsbqewi.exe"
        7⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\autotowy.exe
        
        C:\Windows\system32\autotowy.exe 1380 "C:\Windows\SysWOW64\xmlyymoq.exe"
        8⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\fxszphxr.exe
        
        C:\Windows\system32\fxszphxr.exe 1364 "C:\Windows\SysWOW64\autotowy.exe"
        9⤵
        
        PID:1084

C:\Windows\SysWOW64\fxsnkfjk.exe
C:\Windows\system32\fxsnkfjk.exe 1372 "C:\Windows\SysWOW64\advxhunu.exe"
1⤵
PID:2708
- C:\Windows\SysWOW64\regpquux.exe
  C:\Windows\system32\regpquux.exe 1388 "C:\Windows\SysWOW64\fxsnkfjk.exe"
  2⤵
  PID:2112
- - C:\Windows\SysWOW64\fxseoiko.exe
    C:\Windows\system32\fxseoiko.exe 1396 "C:\Windows\SysWOW64\regpquux.exe"
    3⤵
    PID:936
  - - C:\Windows\SysWOW64\reggupws.exe
      C:\Windows\system32\reggupws.exe 1424 "C:\Windows\SysWOW64\fxseoiko.exe"
      4⤵
      PID:1768
    - - C:\Windows\SysWOW64\regxhnhn.exe
        
        C:\Windows\system32\regxhnhn.exe 1400 "C:\Windows\SysWOW64\reggupws.exe"
        5⤵
        
        PID:2740
      - C:\Windows\SysWOW64\ialqeiqa.exe
        
        C:\Windows\system32\ialqeiqa.exe 1432 "C:\Windows\SysWOW64\regxhnhn.exe"
        6⤵
        
        PID:892
        
        C:\Windows\SysWOW64\secgpyca.exe
        
        C:\Windows\system32\secgpyca.exe 1404 "C:\Windows\SysWOW64\ialqeiqa.exe"
        7⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\secmpnah.exe
        
        C:\Windows\system32\secmpnah.exe 1440 "C:\Windows\SysWOW64\secgpyca.exe"
        8⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\clifuqpl.exe
        
        C:\Windows\system32\clifuqpl.exe 1408 "C:\Windows\SysWOW64\secmpnah.exe"
        9⤵
        
        PID:900
        
        C:\Windows\SysWOW64\nethaybx.exe
        
        C:\Windows\system32\nethaybx.exe 1448 "C:\Windows\SysWOW64\clifuqpl.exe"
        10⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\fxsnqjcv.exe
        
        C:\Windows\system32\fxsnqjcv.exe 1412 "C:\Windows\SysWOW64\nethaybx.exe"
        11⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\apirregj.exe
        
        C:\Windows\system32\apirregj.exe 1456 "C:\Windows\SysWOW64\fxsnqjcv.exe"
        12⤵
        
        PID:344
        
        C:\Windows\SysWOW64\comoielw.exe
        
        C:\Windows\system32\comoielw.exe 1416 "C:\Windows\SysWOW64\apirregj.exe"
        13⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\cmdiomfb.exe
        
        C:\Windows\system32\cmdiomfb.exe 1460 "C:\Windows\SysWOW64\comoielw.exe"
        14⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\drvgqwtz.exe
        
        C:\Windows\system32\drvgqwtz.exe 1420 "C:\Windows\SysWOW64\cmdiomfb.exe"
        15⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\capawmml.exe
        
        C:\Windows\system32\capawmml.exe 1472 "C:\Windows\SysWOW64\drvgqwtz.exe"
        16⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\ialllfmw.exe
        
        C:\Windows\system32\ialllfmw.exe 1428 "C:\Windows\SysWOW64\capawmml.exe"
        17⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\ipstenln.exe
        
        C:\Windows\system32\ipstenln.exe 1480 "C:\Windows\SysWOW64\ialllfmw.exe"
        18⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\fxsxdcrj.exe
        
        C:\Windows\system32\fxsxdcrj.exe 1436 "C:\Windows\SysWOW64\ipstenln.exe"
        19⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\cliduffr.exe
        
        C:\Windows\system32\cliduffr.exe 1488 "C:\Windows\SysWOW64\fxsxdcrj.exe"
        20⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\seckgkdg.exe
        
        C:\Windows\system32\seckgkdg.exe 1444 "C:\Windows\SysWOW64\cliduffr.exe"
        21⤵
        
        PID:2820

C:\Windows\SysWOW64\capjcdqr.exe
C:\Windows\system32\capjcdqr.exe 1452 "C:\Windows\SysWOW64\apihxfrp.exe"
1⤵
PID:2372
- C:\Windows\SysWOW64\netlisbv.exe
  C:\Windows\system32\netlisbv.exe 1504 "C:\Windows\SysWOW64\capjcdqr.exe"
  2⤵
  PID:2188
- - C:\Windows\SysWOW64\advfwqax.exe
    C:\Windows\system32\advfwqax.exe 1464 "C:\Windows\SysWOW64\netlisbv.exe"
    3⤵
    PID:1812
  - - C:\Windows\SysWOW64\winvhqhh.exe
      C:\Windows\system32\winvhqhh.exe 1512 "C:\Windows\SysWOW64\advfwqax.exe"
      4⤵
      PID:2380

C:\Windows\SysWOW64\capaybin.exe
C:\Windows\system32\capaybin.exe 1468 "C:\Windows\SysWOW64\winvhqhh.exe"
1⤵
PID:2760
- C:\Windows\SysWOW64\sysuejts.exe
  C:\Windows\system32\sysuejts.exe 1492 "C:\Windows\SysWOW64\capaybin.exe"
  2⤵
  PID:2452
- - C:\Windows\SysWOW64\comavtvy.exe
    C:\Windows\system32\comavtvy.exe 1476 "C:\Windows\SysWOW64\sysuejts.exe"
    3⤵
    PID:2392
  - - C:\Windows\SysWOW64\xmlmdord.exe
      C:\Windows\system32\xmlmdord.exe 1528 "C:\Windows\SysWOW64\comavtvy.exe"
      4⤵
      PID:1984

C:\Windows\SysWOW64\clipshrw.exe
C:\Windows\system32\clipshrw.exe 1484 "C:\Windows\SysWOW64\xmlmdord.exe"
1⤵
PID:3012
- C:\Windows\SysWOW64\netrgolb.exe
  C:\Windows\system32\netrgolb.exe 1536 "C:\Windows\SysWOW64\clipshrw.exe"
  2⤵
  PID:752
- - C:\Windows\SysWOW64\fxswwzeh.exe
    C:\Windows\system32\fxswwzeh.exe 1500 "C:\Windows\SysWOW64\netrgolb.exe"
    3⤵
    PID:2920
  - - C:\Windows\SysWOW64\ialeihlr.exe
      C:\Windows\system32\ialeihlr.exe 1508 "C:\Windows\SysWOW64\fxswwzeh.exe"
      4⤵
      PID:1560
    - - C:\Windows\SysWOW64\fxsnkxpb.exe
        
        C:\Windows\system32\fxsnkxpb.exe 1516 "C:\Windows\SysWOW64\ialeihlr.exe"
        5⤵
        
        PID:2004
      - C:\Windows\SysWOW64\regpqnbg.exe
        
        C:\Windows\system32\regpqnbg.exe 1520 "C:\Windows\SysWOW64\fxsnkxpb.exe"
        6⤵
        
        PID:1612

C:\Windows\SysWOW64\netobsyu.exe
C:\Windows\system32\netobsyu.exe 1524 "C:\Windows\SysWOW64\regpqnbg.exe"
1⤵
PID:2940
- C:\Windows\SysWOW64\regnwvhd.exe
  C:\Windows\system32\regnwvhd.exe 1556 "C:\Windows\SysWOW64\netobsyu.exe"
  2⤵
  PID:2144
- - C:\Windows\SysWOW64\autagfpk.exe
    C:\Windows\system32\autagfpk.exe 1532 "C:\Windows\SysWOW64\regnwvhd.exe"
    3⤵
    PID:688
  - - C:\Windows\SysWOW64\secgqaeb.exe
      C:\Windows\system32\secgqaeb.exe 1568 "C:\Windows\SysWOW64\autagfpk.exe"
      4⤵
      PID:1036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\capedsrx.exe

Filesize
17KB

MD5
ccf8faec91d641aa9fa35a0a51bb3557

SHA1
fdd07082847f7f828ad1cf8d234c27150bf37ee5

SHA256
3558bde4f61f2746f1e187cfad66269a0ecf49e6b4ebc31f53b85f8fa0b94815

SHA512
439eba5bc33b6b7d9c76d6f626976224a1d57141cbc81169636769d00b9ef7a659c10cc132764db4b7f24e9dd7198c843330d6cf4afbf0f2b650a71d7ab5b520

Download Submit
C:\Windows\SysWOW64\capedsrx.exe

Filesize
6KB

MD5
65dd8598a10a0301203b960b49bef065

SHA1
95e13b7e52357c4bcaa741d458daf5c7b28a68d6

SHA256
2f56a07be250bc26ac8baa7bdfa4bd3270a7dc313735adcadda952dc28819c15

SHA512
e8b844b367de6899630ae77130d0b6381a98ae1c30794f3cc6b77546b14bf6ccc6dadbdff95fc73707a13ba26f632a7782988e4d8fd36388950afaf825e72b4c

Download Submit
C:\Windows\SysWOW64\cliulkmr.exe

Filesize
26KB

MD5
25725d54e624143c6d31213850e71f2e

SHA1
304c2803d3906e18e135805bf425556555b1c635

SHA256
178ceb974a2eb103c348557d6e4c8d8d4b5749244924dc9700c09a6902418da4

SHA512
35f4b9002bb4a771496a2ceda73074362cd8cca56d7f84db5cd3cadb0d4e49a72ff1aafaec7653a9a9c8b6993a7fe042c6ee8fb6b917d92193f9b8b966dde307

Download Submit
C:\Windows\SysWOW64\cmdavuaj.exe

Filesize
16KB

MD5
8d9d350ebc58f39564be79ee565ac7bc

SHA1
b554c064d72d69e94b76c8a5538387e109cf4243

SHA256
26720361f5aee9d91783a697c090f0dbb9f81dd66aba873c60357f1a3cbe9719

SHA512
a49ecacb5aa8d27999da038b0e883a5dd449922ca6dfffa38cae35d7bf381d7bcf391cee0278b4967364292f71afcae43d60c0a0d737a14fd64150bdb909c136

Download Submit
C:\Windows\SysWOW64\cmdxeclk.exe

Filesize
16KB

MD5
085af171344a4d3fd7ed55f3ae4fb043

SHA1
962ae1095906fd93885047b334fa82135861cb86

SHA256
1699c858893c9c6eb361d3d04adc172547e59be51cdb8ede898cba84de7416e1

SHA512
1820912225bf806ac62a9862a301fe3c561a9c4daf85bf3f01065c1b756bd081cd77886df4b8b1e52d9431756d75d8a06349ae144017e6b0f54edd4bcb828ee6

Download Submit
C:\Windows\SysWOW64\convdpiu.exe

Filesize
21KB

MD5
06b8ea8e4453803211686699c127ad73

SHA1
3a913fa12a08d67dc4d5420fdd5cca96fba9ce35

SHA256
15a5ed65d771d77521cb822829f2b31c5b4ccd65ab3a785c56cecae6aa17a2b6

SHA512
410fb0e3286b3c536ac17b281b1b47f5644a9758da5d2bee1292df847685d0b64dae5bdc764b9a99f9997fceac3e7bfde3d1cec161adb380f487b8631cda6306

Download Submit
C:\Windows\SysWOW64\convdpiu.exe

Filesize
50KB

MD5
57be8e6e518e2e2464826f6984d9bcd0

SHA1
5b6164182e47a49dee00d5c60defd87a4e25e350

SHA256
36e5a13f656954a8b46c29d7ff8f6e69ab6fbe55c180870684d99ceb99a4bd92

SHA512
092e53fe9cdb43a701da081a509461e2707244974498c8638fb9f0defbb9ee809f59da46b72b4903a3439e04226f63f5e3a3d1750f9ed188617149d92f444753

Download Submit
C:\Windows\SysWOW64\fxslffvr.exe

Filesize
63KB

MD5
857c0de2c3bc33e8bba76403eaced58f

SHA1
0b0d81b7e302b23beaebe0fbe8966f17a0d73438

SHA256
85569cec0996d5810b715ef11f810c6bec4ab6064e5ebf7323261794dd2ba9fc

SHA512
0f7b1d872e501cc222ae62659b267281041c78b9159039b5dba61557b52da3fc9fad9016e1f8deda4f95b2cec65dc00fde4d0302a22312c951239cae9bee0153

Download Submit
C:\Windows\SysWOW64\ialbvyil.exe

Filesize
66KB

MD5
e5b68dc58e8b7a0ab44def2a893bc156

SHA1
7de0d7322bc0b52a5c5265b5304d45d06b026a4b

SHA256
6c282b9a2a30ee4c521c3fbdef944113f444b416b0b8afa1b6bcd4040ba8b8f4

SHA512
31c7e4c05a660eba8061e94dbd6bb548b6a1bcd01c112799365ac6304ee7cccce96f51c61f0c352bb244a4410838fabc8b5318472b6281e68dc7b8bf8049f4a4

Download Submit
C:\Windows\SysWOW64\igfdlfnm.exe

Filesize
23KB

MD5
8898538cbd8596d858dc5879da0735ba

SHA1
0fa72b48a2fc6a42d0c15f2a9cdcc11d527a0e57

SHA256
a4fd57795ff93eddc8c3a87a6908838f7ef348563be3cb376d747d9dbf24676a

SHA512
1fa44573f4ee0ceacc00cf66ed4ba36e0ed4d4ed02599a23662d72396bf57cb6111e7c311cae18d5e9e293a1f3cae509bc8e44c8557c4981cc0f2f565a4d0e75

Download Submit
C:\Windows\SysWOW64\netgjidc.exe

Filesize
49KB

MD5
fee866aaa201d9ad32ce5b058b6e9d71

SHA1
fd0e175675f1e864af7fac8911537e10bb309b6a

SHA256
7d1f8d1196fd9cfbc8599f02226eea96e08baad3b84e12e5302c6705af4ea990

SHA512
b55dc20e81601c07dc822e10f54c86fec26f95b8c6fd1678ecac5c112c7cdd355dc87a4cb02bf4f1a3780a0f966708f85b049bbbcb19499ea8959711579b7461

Download Submit
C:\Windows\SysWOW64\secmysrc.exe

Filesize
5KB

MD5
82dba29dfe4abbbaf3d39bb155ee7354

SHA1
a7772e39cbb2955185318bd43b12080ba3f39c65

SHA256
4adac6a31b18b75641f4d967152a72cf9d7a14468b1556bde06cb62447883b4a

SHA512
93eef1b522b980803ac85a947761c7afda559605e9b813b220d5be5dc3fd7f5e9b7ad6679cce17bea6cab469c1b272de47cc098c91fc677d72d18b67d72a8848

Download Submit
C:\Windows\SysWOW64\secnmfun.exe

Filesize
9KB

MD5
9bb8d1248e1820085c7049787b5fbe0b

SHA1
2c035e321d45daa28904221e69ce90cb675d297f

SHA256
1b2f82b39197761514f59a934b6e39ebdb27d92c0da459169bc6531f1adaa5b5

SHA512
8c584d0b18f76ad336a0d701b77fd9490969c44e5bcf90a5042fe80ae85907dd9055a8139c6457da093c6dae991e7d1975946b0e1b197f9f97317b875732b458

Download Submit
C:\Windows\SysWOW64\secnmfun.exe

Filesize
17KB

MD5
0a15216a387975797913d3256f69b025

SHA1
ef0c2cd1062ba63f709200835f76e5617ecafdaa

SHA256
a6fecefc86f15793386c15b87e5e97cea6c84bdb52d38a24f11e03eca2939d21

SHA512
802f35c3f0264d00d131b7c84e5e06b2213f4917d09095913f22efa10b22c8ddcfb4910658be14b7b6c5730d01c7c762ea550fddc586b1c29c21819b652f0d55

Download Submit
C:\Windows\SysWOW64\secsjczn.exe

Filesize
24KB

MD5
6433d3a393eb6a7345497d1ad1b7704f

SHA1
ed27e073219802ffc741adf42e85c5034eea1c6a

SHA256
f224ab9597e9d84408812083d0ad0c6f90663da59cf84d4a00c3741ac0c5d2fe

SHA512
13c90831e88bc76e9f483a9749c9b8710cf4dde94409a36abaa3b108788d815d8f4e8f177974c0d44420168d2df0f75f38fafd6467a2262980ad64f8b67f9d13

Download Submit
C:\Windows\SysWOW64\secsjczn.exe

Filesize
1KB

MD5
bf1042572d20f6069b8578126b075ea6

SHA1
33abc6e316c30307aa6f90238d92071c27487c40

SHA256
09182cf87eb6d1bf36ad05e62cf78a2aedddb719f00e048ffbf13856adc8b3e3

SHA512
911d952304d7ea1454cf2350e86b2fc6264cbc0dec9694ecf4abbc3259f14005eda09ff435291611cc702ed3a816e6dbe93cfb7db775549e4a0a9ac2813ed778

Download Submit
C:\Windows\SysWOW64\syswndmg.exe

Filesize
52KB

MD5
0f91898af1910080dc85a540b3d7ce42

SHA1
79bbae6e4a8c224a605883b1f3473d32ecf5325f

SHA256
7442af525d289c6c6635de03d6918712fc119b3f3fd65f8e116c26bc4533eb50

SHA512
f079c5c0f0100fcfbf0b6e1527201eb0908b519fb53461e6a2c2b4fe470817631f2705cd2c65aa8260f3119168e96727ba3511231ca2d0c3d91ef4da4a1b3e78

Download Submit
C:\Windows\SysWOW64\syswndmg.exe

Filesize
89KB

MD5
3a3dc2e0b15cf61b8308066b41171875

SHA1
974be0049b3b305bbcb6f4d61e103c18a41f5e7c

SHA256
844f174440af181e2dddc43a472053f754d80fc312366dd63f2278f8e5bc625f

SHA512
90f8dbba6d9e052da9c2be0ee9d72ac35afe51b6ab91117a960f191007f278ed9871bf376acb51c69fc992313f6f73ddb74f7bf87cb9af5c113ee9d5fd844397

Download Submit
C:\Windows\SysWOW64\xmlvgfus.exe

Filesize
86KB

MD5
9eaad5341f651471e1367f1e01e1cfac

SHA1
86e9bc1b0f1c35b6238e927f4cef9964a3369602

SHA256
fe06c0312c1eda4c2aa6c0c5041ecc45e23cc0f9b96638c2d4d83fb7f398b1de

SHA512
17b336c68f3d2c8755cd4bd0d5873f3a9255e90a21428717379a9c84f922ab0f246de545da3aec3c2783291fc5717aa37d94d8e7e6128ff8c212d16041d198ba

Download Submit
\Windows\SysWOW64\capedsrx.exe

Filesize
37KB

MD5
5315a5bdd442c2374a4548c130ec0803

SHA1
dc6d7073274f389f2e5e4c98ee510f7159400b2d

SHA256
0566492c91ef7b53a248719248f648f15f8df25ef5addebc5099f7083dd44cec

SHA512
113a628009b61ccdae38ecb231249cf56c7de2db2c7f546612c102c623a4d8353a50e0c0c58f63c17a70e03bf0c7af5838e1f1bc075b8df72ebc04d20afdb44b

Download Submit
\Windows\SysWOW64\capedsrx.exe

Filesize
58KB

MD5
5a83b974da71fe1cffd7fb9107e60465

SHA1
073d18d73f8b1a7a99ca13df3a98eac429719c9e

SHA256
fbc9cedbafbaff222e991b2920dd6b9f96326689c4437f5869c5f845b0625f67

SHA512
a0250be8863528ce9f08a795fb0ae84447d615a1c967878ec8fee0a13915504bace39bec12811e26ff4d0cffeca79719583da0e2d13a9ddeca0501e2b54e6764

Download Submit
\Windows\SysWOW64\cliulkmr.exe

Filesize
5KB

MD5
9bbb6e17c3e206d99f0a3bfb7a61c6e4

SHA1
b2ab2f281dc681cea1101996c2f9913885d8ca2b

SHA256
c59f419e07ecaba43afc459ebdad54a1ba0d542843fac60a31d8eae274ef4efa

SHA512
3922ff180646f195edbdec61ec786a192e9ae80d19fa5c83ea1c7b29ac372eb871605e3d983266fae93b48859452778ba09943020f79117be5bb013166d6c547

Download Submit
\Windows\SysWOW64\cmdavuaj.exe

Filesize
38KB

MD5
721a5a321b41ba220bd8fa978a5020d1

SHA1
f073d53cbbad8d866966a8ff273f89affa4e0aa4

SHA256
212a6de28f8a21a0c8fa9bde9465dd44c8a49beee4ed52465b6505e99d303b66

SHA512
d8cc3c9e15b06ee4604c9d029d59dba3ec813e129f00f108e124ecd7fb76f77d32d55cd1707720768af52adcb3bb661a12eb2a411310577edb9d24d6d685c935

Download Submit
\Windows\SysWOW64\cmdxeclk.exe

Filesize
16KB

MD5
0b251238fc00a302a56656e28b130497

SHA1
fa0f307c05e372a81a8422dff02d29fdbf214107

SHA256
1c369b8008951a0b0871066363fff55694e40332b6d0459d0cfe2f21401bfa70

SHA512
211dda828c96d4e85b8f80787fe758317d644f263d4b9ac5d58507f14e611d5b4365ef9b9030d241568fa910c19bc47ced60bcbdcb2178569deb0d698922cc95

Download Submit
\Windows\SysWOW64\convdpiu.exe

Filesize
33KB

MD5
e223ee858457ad912c1f830d33dd0177

SHA1
73a406a6d260fc1db15b970644da2eba0f8acdea

SHA256
6f313197a67b79c9712df35bab3cf3638401759dabf80f8849c64978d66dffac

SHA512
5067d0bd7bc2971021d6ae71d4650dae176628f5babd2891120647b7e61ad767ac0e4864a68c07b131a011231c47dfd61ac8ef3ec0b6e571afbc346c43977903

Download Submit
\Windows\SysWOW64\convdpiu.exe

Filesize
17KB

MD5
7e10ecf40c2d0fe3503c10137d303996

SHA1
8f19a3a207c9e0181d69da686578b9cb1b2aedfd

SHA256
64d357b2e4fbf7e3643209e3cfff818eba43c2d3057cfddb4f3aed64ea6b8dee

SHA512
f5526484d2ff5802fb12229bc6ab28a40173794a05f699b24d59b9c29da6fffe40f36ddd59dea431a929b7223102a520f1dbb20e9f6d5be443c66d2bdecc3b8f

Download Submit
\Windows\SysWOW64\fxslffvr.exe

Filesize
40KB

MD5
536b4eb27f9609f170aabbdc403af976

SHA1
71716d461236b79423c8df49faa9d5bc1d262ce3

SHA256
9e4c435ca9aee76387ca403c4bace2f4b70db95cbd68d8779a9999187bc88c78

SHA512
7df90dfd7d3b443f77f31c239ee32d6894fcb6524d7d181440b9d67d97be5317994c3741a3b06a880deb861eb7a885ae73c3748133fbfc01133fb70921670e21

Download Submit
\Windows\SysWOW64\ialbvyil.exe

Filesize
5KB

MD5
745614121c939d54b2c6355b5c91ced4

SHA1
406feb33e864695e9eb7ad79439454e4de986b1e

SHA256
75987f2834052c7fed342e97b8c1847643a4a8081e0b8acaa9d86e15acb4423f

SHA512
1f2baf062858371b1df124de7c0a6340652bf1f9e397fddb2c7a74e967e2f4b49227b51512ff59c278f64bc18f3f25273d38b01a4794d089bbb34763b6f5d213

Download Submit
\Windows\SysWOW64\ialbvyil.exe

Filesize
29KB

MD5
8ce50696b24e4cf0f52031f3427249dc

SHA1
7266d0383bb324bbc50979eb4ba1386b9ffb6163

SHA256
4c9f379316791992573adc180dbaed6a9862f161b64190e402e468c42f9fcbd1

SHA512
80788a9b0854f6fa745d3f2348bb6b3d5b00d2ee7469556e10f30d6bcdf05c1b458b3c0a2c9fa66a245cdf8ddfb6834bf390f61d068a66083dfb2f824807666c

Download Submit
\Windows\SysWOW64\ipsdouhk.exe

Filesize
9KB

MD5
b302b1d1c108bf2839e125496a0d1849

SHA1
4b4f53fe5236b44ccc11529cd858d480a1a7a71b

SHA256
6ea1d935a275f5460d125d28168c93295f3b0c27577fdc34cdd1711a14e3dde0

SHA512
ea9d8511caea30f6bab4f114a78c39910cb66ebc92ec11bd2d115b4ae8c70a94ac0373241e2e5733a36a4dea1e27d51586f69610f4973a802ab49cf4bed91d2d

Download Submit
\Windows\SysWOW64\netgjidc.exe

Filesize
68KB

MD5
c35869b14091184ea8b9c53f925a40b5

SHA1
5f30cbd005377b680a79d87d015cf5d4ba6366ff

SHA256
1200f87bda35f7b6902fe3808f865129b3d721663a5a1a8397b3253b7523d56b

SHA512
2f5a601dca80ffaccdc671aaf7fefd4ffade792fa669d61224e5f71acc9048f49dec759a2dc14b1dd135521eaae5ee920fe97060e3a7963b170d27ebe80bae57

Download Submit
\Windows\SysWOW64\netgjidc.exe

Filesize
43KB

MD5
05df474132510b7a4889d95d48a9f4ba

SHA1
837fd579f43a5400cc4d7ac9bbc9aa8b149a2fe2

SHA256
0bbabc6f9fae1bb524885450ad077c138a301432513e4887bbe42abf7ad423f7

SHA512
fd193a8e18f802954d12fb1d7876c1b3a1c1c543261d2a3d34b23dabe05e026df886b1d141e76a45849e54f468f4d94bc0451fc4d79c7a1d9f2a0e3efb843886

Download Submit
\Windows\SysWOW64\secmysrc.exe

Filesize
32KB

MD5
ae38d9b34cb991784d356ac445eb54a2

SHA1
05298a7a20eadb1a89f1ba80fff885494f8be164

SHA256
3a80a8eae382fff2ad00244e1d4fcda5ea3b25ae809e85e6f3391091694d6ab1

SHA512
2624a0acbe3601c62042af90a93ed8e5d6786da749a8742ce233134f786c2a3535e4a2aeb1c89146acbb74d56a2016b7a6d265d38fe812bb84619f9b9af468ad

Download Submit
\Windows\SysWOW64\secnmfun.exe

Filesize
28KB

MD5
d5ba0fabff225008629a73b092fdeefa

SHA1
f20adf04696555ddca1848505736baa86a07e282

SHA256
63b8f6f5efd8bf3edb2654f7d7dcfe8ad70992efc6a268b80412c2cef658f5bb

SHA512
3eab37878b450ef66dbc93611dd83ab63cf154809472b7d714d29ff4fbb638be802ddf2234cb3eda7f723e7921d150268ba29b05883e58907106ba8d9f2c7146

Download Submit
\Windows\SysWOW64\xmlvgfus.exe

Filesize
18KB

MD5
cfbe5593d560a4c3d92aea804f22b05f

SHA1
4ef699ffb8400adf579a9cd29dda92cecc10352a

SHA256
a6af0a30432a46ab85034484d8998b529314689426fb7532ccf04312deb36fd4

SHA512
c190c33af2f346de0720108f0caf7c5c6c2cf1c9b8ae119654d8efa118d97169f97806a6f9f2de16e1f0b5b8123e2e7b2d1a6a70efbb49f05d478766eeb82c70

Download Submit
\Windows\SysWOW64\xmlvgfus.exe

Filesize
60KB

MD5
0d5c0beb8940173bd7e011a49aa17028

SHA1
126ed928b792884384d08ff9a7b5ea7ecd361d5b

SHA256
3950fd916ec548316cea7c58d1bc7d2baa50af41fe1dc064ecf557bff46af059

SHA512
f4951c4b3c6b25fe6a5e8fdde44e7b1de85ce18e5a75f94abf615d6f2a2bdd90c8f75caaf0b5a201defebeab9b27105819af45d17080fba8f395b9ec41088d99

Download Submit
memory/240-376-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/320-660-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/568-540-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/676-166-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/676-150-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/676-149-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/944-75-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/944-90-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/972-208-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/972-207-0x0000000002600000-0x0000000002686000-memory.dmp

Filesize
536KB

Download
memory/1092-670-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1108-335-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1108-334-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1108-344-0x0000000002790000-0x0000000002816000-memory.dmp

Filesize
536KB

Download
memory/1108-343-0x0000000002790000-0x0000000002816000-memory.dmp

Filesize
536KB

Download
memory/1108-346-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1120-135-0x0000000002330000-0x00000000023B6000-memory.dmp

Filesize
536KB

Download
memory/1120-138-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1176-216-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1200-416-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1232-530-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1404-323-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1404-336-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1404-333-0x0000000002430000-0x00000000024B6000-memory.dmp

Filesize
536KB

Download
memory/1420-571-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1428-512-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1452-223-0x0000000000820000-0x00000000008A6000-memory.dmp

Filesize
536KB

Download
memory/1452-215-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1452-225-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1460-114-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1460-111-0x0000000002440000-0x00000000024C6000-memory.dmp

Filesize
536KB

Download
memory/1540-199-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1540-186-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1544-550-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1620-406-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1684-325-0x00000000023C0000-0x0000000002446000-memory.dmp

Filesize
536KB

Download
memory/1684-315-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1684-324-0x00000000023C0000-0x0000000002446000-memory.dmp

Filesize
536KB

Download
memory/1684-326-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1720-233-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1720-242-0x0000000000560000-0x00000000005E6000-memory.dmp

Filesize
536KB

Download
memory/1720-245-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1728-162-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1728-176-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1748-521-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1792-27-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1792-14-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1792-13-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1844-474-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1896-396-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1936-387-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1972-493-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2052-366-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2136-17-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2136-1-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/2136-0-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2136-11-0x00000000005D0000-0x0000000000656000-memory.dmp

Filesize
536KB

Download
memory/2136-15-0x00000000005D0000-0x0000000000656000-memory.dmp

Filesize
536KB

Download
memory/2196-446-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2244-37-0x00000000027D0000-0x0000000002856000-memory.dmp

Filesize
536KB

Download
memory/2244-41-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2264-602-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2304-560-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2312-356-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2320-503-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2332-136-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2332-152-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2332-148-0x00000000025E0000-0x0000000002666000-memory.dmp

Filesize
536KB

Download
memory/2340-189-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2340-187-0x0000000002760000-0x00000000027E6000-memory.dmp

Filesize
536KB

Download
memory/2340-174-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2348-455-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2396-650-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2492-76-0x0000000002780000-0x0000000002806000-memory.dmp

Filesize
536KB

Download
memory/2492-78-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2528-292-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2528-304-0x00000000026A0000-0x0000000002726000-memory.dmp

Filesize
536KB

Download
memory/2528-306-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2528-293-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/2528-305-0x00000000026A0000-0x0000000002726000-memory.dmp

Filesize
536KB

Download
memory/2536-282-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2536-283-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/2536-296-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2536-295-0x00000000023D0000-0x0000000002456000-memory.dmp

Filesize
536KB

Download
memory/2536-294-0x00000000023D0000-0x0000000002456000-memory.dmp

Filesize
536KB

Download
memory/2552-436-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2596-591-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2616-53-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2616-39-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2636-125-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2636-112-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2644-620-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2656-254-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2656-262-0x0000000002710000-0x0000000002796000-memory.dmp

Filesize
536KB

Download
memory/2656-264-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2672-234-0x00000000026F0000-0x0000000002776000-memory.dmp

Filesize
536KB

Download
memory/2672-224-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2672-232-0x00000000026F0000-0x0000000002776000-memory.dmp

Filesize
536KB

Download
memory/2672-235-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2696-101-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2696-88-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2704-51-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2704-65-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2704-63-0x0000000000630000-0x00000000006B6000-memory.dmp

Filesize
536KB

Download
memory/2712-640-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2732-274-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2732-271-0x0000000002630000-0x00000000026B6000-memory.dmp

Filesize
536KB

Download
memory/2732-263-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2772-284-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2772-291-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/2772-281-0x0000000002740000-0x00000000027C6000-memory.dmp

Filesize
536KB

Download
memory/2772-272-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2772-273-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/2796-316-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2796-314-0x0000000002390000-0x0000000002416000-memory.dmp

Filesize
536KB

Download
memory/2796-313-0x0000000002390000-0x0000000002416000-memory.dmp

Filesize
536KB

Download
memory/2796-303-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2808-484-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2888-581-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2912-255-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2912-253-0x0000000002540000-0x00000000025C6000-memory.dmp

Filesize
536KB

Download
memory/2912-252-0x0000000002540000-0x00000000025C6000-memory.dmp

Filesize
536KB

Download
memory/2912-243-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2912-244-0x0000000000020000-0x0000000000030000-memory.dmp

Filesize
64KB

Download
memory/2952-465-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2964-610-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2980-630-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/3004-426-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads