03c2820bef5a47808ea77008988e18e113d27f05eb22bb60ec51cd7fc730e0d6

Analysis

max time kernel
5s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2024 03:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c047d72336cd60473948a1c6470aab8.exe
Size

1.4MB
MD5

5c047d72336cd60473948a1c6470aab8
SHA1

4a2126daad2ff7e0a2672699765e415c2c537684
SHA256

03c2820bef5a47808ea77008988e18e113d27f05eb22bb60ec51cd7fc730e0d6
SHA512

0a97bb44086e4d5cca0772c87c1fa1578ad01e82c02f71fe13d0b5ec8cbbf849d98aeea332929b3fb7b995bd198553bcca19afa6b14401c006e9698e44376467
SSDEEP

24576:7UKkfJ71jmXD9Zxe5ZKFL+8nzVsPin5ICH/o+/1POEov9ZTpDGzlVep/dJOdPKl:7UxsCZKFlVsPinJhORvrFGzlV69

Score

7^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
4104	XP-AB9DB5FA.EXE
1056	XP-AB9DB5FA.EXE
2344	XP-AB9DB5FA.EXE
3600	XP-AB9DB5FA.EXE
2236	explorer.exe

Loads dropped DLL 38 IoCs

pid	Process
2096	5c047d72336cd60473948a1c6470aab8.exe
2096	5c047d72336cd60473948a1c6470aab8.exe
2096	5c047d72336cd60473948a1c6470aab8.exe
2096	XP-AB9DB5FA.EXE
2096	XP-AB9DB5FA.EXE
2096	XP-AB9DB5FA.EXE
2096	XP-AB9DB5FA.EXE
4104	XP-AB9DB5FA.EXE
4104	XP-AB9DB5FA.EXE
4104	XP-AB9DB5FA.EXE
4104	XP-AB9DB5FA.EXE
4104	XP-AB9DB5FA.EXE
4104	XP-AB9DB5FA.EXE
4104	XP-AB9DB5FA.EXE
1056	XP-AB9DB5FA.EXE
1056	XP-AB9DB5FA.EXE
1056	XP-AB9DB5FA.EXE
1056	XP-AB9DB5FA.EXE
1056	XP-AB9DB5FA.EXE
1056	XP-AB9DB5FA.EXE
1056	XP-AB9DB5FA.EXE
2344	XP-AB9DB5FA.EXE
2344	XP-AB9DB5FA.EXE
2344	XP-AB9DB5FA.EXE
2344	XP-AB9DB5FA.EXE
2344	XP-AB9DB5FA.EXE
2344	XP-AB9DB5FA.EXE
2344	XP-AB9DB5FA.EXE
3600	XP-AB9DB5FA.EXE
3600	XP-AB9DB5FA.EXE
3600	XP-AB9DB5FA.EXE
3600	XP-AB9DB5FA.EXE
3600	XP-AB9DB5FA.EXE
3600	XP-AB9DB5FA.EXE
3600	XP-AB9DB5FA.EXE
2236	explorer.exe
2236	explorer.exe
2236	explorer.exe

Writes to the Master Boot Record (MBR) 1 TTPs 5 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	XP-AB9DB5FA.EXE
File opened for modification	\??\PhysicalDrive0	XP-AB9DB5FA.EXE
File opened for modification	\??\PhysicalDrive0	XP-AB9DB5FA.EXE
File opened for modification	\??\PhysicalDrive0	XP-AB9DB5FA.EXE
File opened for modification	\??\PhysicalDrive0	XP-AB9DB5FA.EXE

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\XP-AB9DB5FA.EXE	XP-AB9DB5FA.EXE
File opened for modification	C:\Windows\SysWOW64\XP-AB9DB5FA.EXE	XP-AB9DB5FA.EXE

Modifies Internet Explorer settings 1 TTPs 12 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 44 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
4768	explorer.exe
3888	explorer.exe
1388	explorer.exe

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
2096	5c047d72336cd60473948a1c6470aab8.exe
2096	5c047d72336cd60473948a1c6470aab8.exe
2096	XP-AB9DB5FA.EXE
2096	XP-AB9DB5FA.EXE
2096	XP-AB9DB5FA.EXE
2096	XP-AB9DB5FA.EXE
4104	XP-AB9DB5FA.EXE
4104	XP-AB9DB5FA.EXE
4104	XP-AB9DB5FA.EXE
4104	XP-AB9DB5FA.EXE
4104	XP-AB9DB5FA.EXE
4104	XP-AB9DB5FA.EXE
1056	XP-AB9DB5FA.EXE
1056	XP-AB9DB5FA.EXE
3888	explorer.exe
3888	explorer.exe
1056	XP-AB9DB5FA.EXE
1056	XP-AB9DB5FA.EXE
1056	XP-AB9DB5FA.EXE
1056	XP-AB9DB5FA.EXE
4768	explorer.exe
4768	explorer.exe
2344	XP-AB9DB5FA.EXE
2344	XP-AB9DB5FA.EXE
2344	XP-AB9DB5FA.EXE
2344	XP-AB9DB5FA.EXE
2344	XP-AB9DB5FA.EXE
2344	XP-AB9DB5FA.EXE
3600	XP-AB9DB5FA.EXE
3600	XP-AB9DB5FA.EXE
1388	explorer.exe
1388	explorer.exe
3600	XP-AB9DB5FA.EXE
3600	XP-AB9DB5FA.EXE
3600	XP-AB9DB5FA.EXE
3600	XP-AB9DB5FA.EXE
2236	explorer.exe
2236	explorer.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 60	2096	XP-AB9DB5FA.EXE	89
PID 2096 wrote to memory of 60	2096	XP-AB9DB5FA.EXE	89
PID 2096 wrote to memory of 60	2096	XP-AB9DB5FA.EXE	89
PID 2096 wrote to memory of 4104	2096	XP-AB9DB5FA.EXE	92
PID 2096 wrote to memory of 4104	2096	XP-AB9DB5FA.EXE	92
PID 2096 wrote to memory of 4104	2096	XP-AB9DB5FA.EXE	92
PID 4104 wrote to memory of 948	4104	XP-AB9DB5FA.EXE	93
PID 4104 wrote to memory of 948	4104	XP-AB9DB5FA.EXE	93
PID 4104 wrote to memory of 948	4104	XP-AB9DB5FA.EXE	93
PID 4104 wrote to memory of 1056	4104	XP-AB9DB5FA.EXE	95
PID 4104 wrote to memory of 1056	4104	XP-AB9DB5FA.EXE	95
PID 4104 wrote to memory of 1056	4104	XP-AB9DB5FA.EXE	95
PID 1056 wrote to memory of 4900	1056	XP-AB9DB5FA.EXE	140
PID 1056 wrote to memory of 4900	1056	XP-AB9DB5FA.EXE	140
PID 1056 wrote to memory of 4900	1056	XP-AB9DB5FA.EXE	140
PID 1056 wrote to memory of 2344	1056	XP-AB9DB5FA.EXE	139
PID 1056 wrote to memory of 2344	1056	XP-AB9DB5FA.EXE	139
PID 1056 wrote to memory of 2344	1056	XP-AB9DB5FA.EXE	139
PID 2344 wrote to memory of 3452	2344	XP-AB9DB5FA.EXE	96
PID 2344 wrote to memory of 3452	2344	XP-AB9DB5FA.EXE	96
PID 2344 wrote to memory of 3452	2344	XP-AB9DB5FA.EXE	96
PID 2344 wrote to memory of 3600	2344	XP-AB9DB5FA.EXE	97
PID 2344 wrote to memory of 3600	2344	XP-AB9DB5FA.EXE	97
PID 2344 wrote to memory of 3600	2344	XP-AB9DB5FA.EXE	97
PID 3600 wrote to memory of 1120	3600	XP-AB9DB5FA.EXE	98
PID 3600 wrote to memory of 1120	3600	XP-AB9DB5FA.EXE	98
PID 3600 wrote to memory of 1120	3600	XP-AB9DB5FA.EXE	98
PID 3600 wrote to memory of 2236	3600	XP-AB9DB5FA.EXE	149
PID 3600 wrote to memory of 2236	3600	XP-AB9DB5FA.EXE	149
PID 3600 wrote to memory of 2236	3600	XP-AB9DB5FA.EXE	149

C:\Users\Admin\AppData\Local\Temp\5c047d72336cd60473948a1c6470aab8.exe
"C:\Users\Admin\AppData\Local\Temp\5c047d72336cd60473948a1c6470aab8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2096
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Users\Admin\AppData\Local\Temp\5c047d72336cd60473948a1c6470aab8
  2⤵
  PID:60
- C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
  C:\Windows\system32\XP-AB9DB5FA.EXE
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4104
- - C:\Windows\SysWOW64\explorer.exe
    explorer C:\Windows\SysWOW64\XP-AB9DB5FA
    3⤵
    PID:948
- - C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
    C:\Windows\system32\XP-AB9DB5FA.EXE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1056
  - - C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
      C:\Windows\system32\XP-AB9DB5FA.EXE
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2344
  - - C:\Windows\SysWOW64\explorer.exe
      explorer C:\Windows\SysWOW64\XP-AB9DB5FA
      4⤵
      PID:4900

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3888

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4768

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\XP-AB9DB5FA
1⤵
PID:3452

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
C:\Windows\system32\XP-AB9DB5FA.EXE
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Windows\SysWOW64\XP-AB9DB5FA
  2⤵
  PID:1120
- C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
  C:\Windows\system32\XP-AB9DB5FA.EXE
  2⤵
  PID:2236

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3432

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\XP-AB9DB5FA
1⤵
PID:2920

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2656

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\XP-AB9DB5FA
1⤵
PID:1532

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
C:\Windows\system32\XP-AB9DB5FA.EXE
1⤵
PID:376
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Windows\SysWOW64\XP-AB9DB5FA
  2⤵
  PID:1872
- C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
  C:\Windows\system32\XP-AB9DB5FA.EXE
  2⤵
  PID:2232

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1516

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
C:\Windows\system32\XP-AB9DB5FA.EXE
1⤵
PID:1288
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Windows\SysWOW64\XP-AB9DB5FA
  2⤵
  PID:3748
- C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
  C:\Windows\system32\XP-AB9DB5FA.EXE
  2⤵
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Windows\SysWOW64\explorer.exe
    explorer C:\Windows\SysWOW64\XP-AB9DB5FA
    3⤵
    PID:2084
- - C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
    C:\Windows\system32\XP-AB9DB5FA.EXE
    3⤵
    PID:1352
  - - C:\Windows\SysWOW64\explorer.exe
      explorer C:\Windows\SysWOW64\XP-AB9DB5FA
      4⤵
      PID:2760
  - - C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
      C:\Windows\system32\XP-AB9DB5FA.EXE
      4⤵
      PID:2680
    - - C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        5⤵
        
        PID:848
    - - C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        5⤵
        
        PID:3660
      - C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        6⤵
        
        PID:3792
      - C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        6⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        7⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        7⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        8⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        8⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        9⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        9⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        10⤵
        
        PID:460
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        10⤵
        
        PID:396
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        11⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        11⤵
        
        PID:856
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        12⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        12⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        13⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        13⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        14⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        14⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        15⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        15⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        16⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        16⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        17⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        17⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        18⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        18⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        19⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        19⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        20⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        20⤵
        
        PID:460
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        21⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        21⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        22⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        22⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        23⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        23⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        24⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        24⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        25⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        25⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        26⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        26⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        27⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        27⤵
        
        PID:396
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        28⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        28⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        29⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        29⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        30⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        30⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        31⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        31⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        32⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        32⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        33⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        33⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        34⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        34⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        35⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        35⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        36⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        36⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        37⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        37⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        38⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        38⤵
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2096
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        39⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        39⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        40⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        40⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        41⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        41⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        42⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        42⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        43⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        43⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        44⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        44⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        45⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        45⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        46⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        46⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        47⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        47⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        48⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        48⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        49⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        49⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        50⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        50⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        51⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        51⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        52⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        52⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        53⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        53⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        54⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        54⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        55⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        55⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        56⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        56⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        57⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        57⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        58⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        58⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        59⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        59⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        60⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        60⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        61⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        61⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        62⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        62⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        63⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        63⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        64⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        64⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        65⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        65⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        66⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        66⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        67⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        67⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        68⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        68⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        69⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        69⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        70⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        70⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        71⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        71⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        72⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        72⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        73⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        73⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        74⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        74⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        75⤵
        
        PID:9732
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        75⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        76⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        76⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        77⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        77⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        78⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        78⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        79⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        79⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        80⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        80⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        81⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        81⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        82⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        82⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        83⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        83⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        84⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        84⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        85⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        85⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        86⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        86⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        87⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        87⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        88⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        88⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        89⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        89⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        90⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        90⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        91⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        91⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        92⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        92⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        93⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        93⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        94⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        94⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        95⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        95⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        96⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        96⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        97⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        97⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        98⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        98⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        99⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        99⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        100⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        100⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        101⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        101⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        102⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        102⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        103⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        103⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        104⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        104⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        105⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        105⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        106⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        106⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        107⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        107⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        108⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        108⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        109⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        109⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        110⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        110⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        111⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        111⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        112⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        112⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        113⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        113⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        114⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        114⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        115⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        115⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        116⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        116⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        117⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        117⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        118⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        118⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        119⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        119⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        120⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        120⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        121⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        121⤵
        
        PID:11336
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        122⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        122⤵
        
        PID:988
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        123⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        123⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        124⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        124⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        125⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        125⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        126⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        126⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        127⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        127⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        128⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        128⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        129⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        129⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        130⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        130⤵
        
        PID:12328
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        131⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        131⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        132⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        132⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\XP-AB9DB5FA
        133⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
        
        C:\Windows\system32\XP-AB9DB5FA.EXE
        133⤵
        
        PID:13292

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:308

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2772

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\XP-AB9DB5FA
1⤵
PID:1032

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4252

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2408

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3188

C:\Windows\SysWOW64\XP-AB9DB5FA.EXE
C:\Windows\system32\XP-AB9DB5FA.EXE
1⤵
PID:1424

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1984

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5104

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4512

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2340

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2700

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:848

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1388

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1336

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5048

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1848

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5312

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5500

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5724

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5884

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6100

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5324

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5524

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5896

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5588

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5532

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5812

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3272

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5600

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6160

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6296

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6492

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6680

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6872

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7004

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5264

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5736

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6860

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6336

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5948

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6748

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5648

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:212

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6332

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7356

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7556

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7772

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7976

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8108

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4884

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7296

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7884

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7576

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1268

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7728

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7480

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6220

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7412

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6728

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6932

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8240

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8408

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8648

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8832

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8992

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9156

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8352

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8564

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8948

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7924

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6136

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8228

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1960

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6240

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9224

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9456

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9664

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9828

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10060

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9360

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7044

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10076

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9380

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3656

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9568

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10040

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9920

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9304

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9800

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10084

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1000

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7720

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10352

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10528

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10744

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10936

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:11168

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10304

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10560

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10948

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6180

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5808

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10424

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10552

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10844

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10384

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8452

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10464

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:10924

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:11360

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:11580

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:11788

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:11972

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:12172

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:11328

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:11700

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:12004

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7688

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6852

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:11436

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:11828

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:11124

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:11696

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:11820

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:11716

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8484

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:12348

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:12528

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:12748

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:12920

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:13096

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8676

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:12316

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:12448

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:12540

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:11676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\E_4\RegEx.fnr

Filesize
212KB

MD5
de4374d6912aa9a37db5c9c0c41609e9

SHA1
dfb02bd3db018ad6619bed58541595bac45e46c1

SHA256
45c9359d820ded199215895c3d12af6c10cb648d60dadd08fb2ae12a531ba6dc

SHA512
592eafab6fdaad75e29aafbce0d74408f11dcb2bcb7688af90bd35d69d5c4261030f0980cf5d4621aeb779e1518b7d30f322de4905c14e42ff02b389285b04ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\RegEx.fnr

Filesize
66KB

MD5
6bfe3d1ac43bf706e3fe32ad01759783

SHA1
6c735eb81e5bbb067df2692b2f6c7b6a87583fd6

SHA256
4f60528f346803329955a563b1d69235d5ccd964a597bc54242059eba67cd9cf

SHA512
b87544a56f0caade10272df2d6c1aa30069446b90e9336286273c431f6f1d247455ebb6c8dc434d37ae2e15f2bdef94296921bbdcaa09741d37672db5822d06b

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\com.run

Filesize
264KB

MD5
57f1f3e68be9f643b40efa43bda261a3

SHA1
2b7d1b8a8caf1ffa3e1bf30fd93a2dfd319055a8

SHA256
b3942aa50db9c8ed0c7353c75d1aa52c8c253d61503026aa793f75e7ccbac5d3

SHA512
3641ef8a2c1e82e482bfebc9876e58a64af87fdde0a48d2112036a038330d5d43c9807de2c7005ea31e3e6a7e8c7853e94b457e6727361c045f94108735844f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\com.run

Filesize
5KB

MD5
023d01010fb9789141235aae0b775964

SHA1
226a6223b2bb73feac796abd562105a689a7b293

SHA256
e3cb8bd17d779e497aef589393d31344c635a4787f96436393399581db996af9

SHA512
914079e20657283e7291795695394db5dc5f8e05ea151db15607465b13b9aabf56a6e0043d853f90b23de8efb76fa32342c5e4c44321fc1a23f6308c50275f79

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\com.run

Filesize
109KB

MD5
8ccf5e4fe15c50d46cd84fd3cfed948f

SHA1
864492818434823f2cbf68f6bb358a669246656f

SHA256
aee3a7e1919ac945e15792a6f4189bd602caa5da0d5df10f994749089ea36f45

SHA512
5637643b63d2d6eb500976f8fbc33c2159a4c7ee6100f830fd090b7d232c9a735109fe485a3e9313ae3f328b93638735162c13d3716765b9c2c1852747e39d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\dp1.fne

Filesize
112KB

MD5
051d51ef3bc46ab5a090e3bec2dbffe5

SHA1
d5199749b263840bb9214033d6fbbf1b886d0a34

SHA256
99c7206a18a91d2f01299bfcd64b0ae9abee9a564b0af68e643c2eb5cc70fe23

SHA512
9dbaa9200eb09689a1e9c2dfad8c55349363309e9427a0de978088d95eb5f9398776262576f0a543d278b094281dbac43a1cfc9bdd3352fe472dcad5e4187638

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\dp1.fne

Filesize
86KB

MD5
5b962013f1a2d3d865385ce5f189553a

SHA1
637a472f6f528b8e2228034e046be6e29acf4e44

SHA256
5a85877d9269939bf6111a3b6f655f72874caa28a733718177ca9117e91a5f23

SHA512
f5568e586998176077eec87898519d2ef948512d2d72c9d96a6506eecee594ac04bd875449a2c98c52a03c16274ac4012dad1830889f0fe8fdb094ca4fb9ede9

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\dp1.fne

Filesize
48KB

MD5
fc0cfc671d5c7e9fc948e1593f84854f

SHA1
78de21cab8e5529e70979d0bdaf47f3eb9bef205

SHA256
ccdbd1b8e809fec7fc02581b628bff497956d7984874098b46bf56670ba8ed9c

SHA512
6143153f1369db1176ede7a8b6641e272552ccb4dd7d07536b3c10ab7deb0aff853979c4ea11aa44df9f7141148e48130bbaeff428a9c51c9ff7de0f3c3ae496

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\eAPI.fne

Filesize
316KB

MD5
88890fa24f93b245a41d29abb80b1df4

SHA1
7ee95f6853612be1a460aa6211f09730d7aebd8c

SHA256
2d47c02d5f636da8e25aadb9a6e7360628c6d500f7c997da62490c1ab02f418b

SHA512
0ae2228ec40ecd33c3ceeeeed4d630fb79cca15981f13431bc5db78f3e5c4dd49161d14d8ee97aeae8466486d70dbbc47c9ae8c9523bcd5b7d00be7a4ddeddcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\eAPI.fne

Filesize
76KB

MD5
e9207c420f53a2313084ff705d8af2bb

SHA1
64a6067e8164ede632e66ee5f6e97315a8672d14

SHA256
75bb0c963edcf7cf0fb3e71ccfc8a7086e686810b92b1cf13e00ead8c4b01cd7

SHA512
f68d5ec2d254a4a3d7f21fe410581b09a75ff6749cbb42add3cd5b278385ad198391b13220133a1200b8dd2f9fdadd558bb257a48cebe9cb0ec59b38ea976047

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\eAPI.fne

Filesize
55KB

MD5
1a0e2b22adc266720f95a08fae9c929c

SHA1
97c52478f18132ec92c40cc7303de7c4470ec96e

SHA256
dc2e2e907fa1934550b9d5a69648bb551619fff5544e6fbb1dafc33d1f5be70b

SHA512
28e76d054d376d6fd836cf2e056a7ab58770f00018a981f5af03c8c1bac49c30ea15a6c146ef193b5cc2a443bf6dddcf4cf30e548aaf849b8f7095701aecf011

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\internet.fne

Filesize
180KB

MD5
5e517b1ea1c64321ea8cc96a7ea1c7fb

SHA1
d5835e2f4dd0bb9b7312f63a0c7a8270db41b042

SHA256
ff08e84f2fb55bf56c525eebab6657bc090b803bc35fb619c56c94a279245580

SHA512
45504afaf7769ef9f20ff7a3395537e1387e2932c8efc1ceccf2e24a2f00ccde324d1fe05ba65d4bf8c5a38e462797907bd2508f01869956935b83f918c31cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\internet.fne

Filesize
26KB

MD5
537f62dc3a953248e6ac5584ab9419ff

SHA1
805855abad5d2775da1dfbc04011e5cc8d4db902

SHA256
14b02c33b9d66cbe0b9a64a9d703435566157891f67dfa96fe1911d366ecb3d7

SHA512
f7ea2c6f1e9881d77facd48548df613b319fc4d648baaea45b2186947e11f9619abd129b47bd850d6c4bc17c5294ddfee5f9d4a1a85b74c5a76e0d526f289fdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\internet.fne

Filesize
31KB

MD5
7c542f549b8db7ac00a51966f7241872

SHA1
fbb8f1354a085505dc5788c8344c7be9694d260a

SHA256
b96a9301b4eb2d4a44c8def5943bbe3155f831c5878059035051668675895e06

SHA512
7146af2b1d441befa979d67e4c1cf893e368d63bee95757093cf8aa2161b329f4c8806170edac49b21a87065758b7a6dfae52285bad76a3d190006708e88bece

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
727KB

MD5
3432a1515e99c2edc9c8ad0dd467ff6e

SHA1
a8cc8ef82ea647dd7f2c5f52f06b8a297328a29a

SHA256
fea5081d7bcd736c1d420776ce7596521e139e7f0450fe5061863a2f131c8aec

SHA512
b0f6acd9c96c2d1bdc07ce951f49cb6f96c163550a6e0b86899ca19dbe760f4c29fade7232c10ab3594a50726b470b72c974cb0a221cbfec9f5c2f77a25ec502

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
1.0MB

MD5
5c794859ffac4b19ee012a2986f53cff

SHA1
2f97fe128108be7145633ea8697a5132fbf71146

SHA256
dd799e01c8ba36258795ec4fc896ead1ffb5ea87e765fa298cef64fd7ebfc1fd

SHA512
22e91f9d5a62938674d19c4e6cbfd78098a76921888c910d8aead89765709e5947e06ccba398461eb1903e4651e2d738fdb463a5deda893a08d0eb69fd0cdbd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
57KB

MD5
27ce3b5ed095684f6639382fa10c6d03

SHA1
88f1d606128d11823746a93c6d74344ba902bc63

SHA256
658a15efb6b377f359fffda60f8cf03caa83500a40b666b9b2af58f1ddf8d508

SHA512
2090b2c88f4eee7464ef5bdf37c6ff1acc62e1f5e208dd4c214631c66b0ab0973a8ae214eafbcb0722d6bfa5db74e935a6eb0b42c7b1b1c4e81e83d483a4dec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
41KB

MD5
951f3bc6e9ce458094ff6878be762ff3

SHA1
2084251ff9bf35a92d3c2b3edea83d97e5f885af

SHA256
4b237d49218b2e42d7599c49ab07430d20db52a5b91354230572f30c3ef499fa

SHA512
6beed03af14bab60444e8871d2d732d495d0f09fcb380a035db979ad794092ce6ab29dd66c48168231916f204f929eef03cb4b8c5d2bdd3284347967ac762214

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
929KB

MD5
97e74f55023714fdb9d8b9aaf21f06c6

SHA1
e6c3d08aa68339b7902480876f6afb687cd2d233

SHA256
fd023a21ad930546db85cc40e53e5c96e0c85e2200f763051847f55e981d9ab4

SHA512
8e2c0e2a97b7f5c8195d84163b97c25ca8eb0aefe1b4c3a05d05f7682fd79d79c35ddd7c1bc9599255dac1e0ce094584831bd0e57f9fc0486cda9c44f914452c

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
18KB

MD5
b812f63eee45cacfeaa8d63e86a89904

SHA1
f1e792652dfcdf70755e9bbe7e08f3be5b2e71c6

SHA256
88f6cb4343cb933d3b320706ccdddfdb393d1eaccb8b462774c020da2686688c

SHA512
225dbe5df1ef66312f5d543043cdec3efe07bd8d5e0d7addbe29cf7c392051d4f6d69af56ae8a24dbb71bf11cd666bc8b87d1a1c41e3b8af96b4a3b83f8e5658

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\shell.fne

Filesize
9KB

MD5
ea31b42e8d6e60f4b3e8f407484e56e8

SHA1
22cc3aba066a9b4ecfa350b6c05e51c5fd06279c

SHA256
d8d13457dfd581e4d1c16255413c6c253ef8203c7da4ecc054b6320167e41e57

SHA512
3ff59d2082a761c46f585b52e025be5d869e578ad0ab9e6916a0a581c8618761739a1ad253a7ed063c12e5b13868a747e8bf9db5fd97fde5d3a1355bbc0ee93b

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\shell.fne

Filesize
40KB

MD5
9900631cd16e385556a02cad93591982

SHA1
48daa5ac65d32607564024fad038b5388e8e1d16

SHA256
b37aeaea327e7679c828a15f00a5fe823ede2ddb020449878a412124f7dd007c

SHA512
e10fbba11819baf323c0eb5452109f8ad91eae7170e4cf76c7fb6fd01351a53f372320ffd6816abbef993501d55530e006cee609db0697b40660e29a4e49a051

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\shell.fne

Filesize
16KB

MD5
35cc434c2877dc7689664b43483b3986

SHA1
cc1346516a0305843f24002ebf25cf6688922ff3

SHA256
d61b8a1d12ef88d6d39e450f6470701db3cc234e44eee54cb808064d651be7b5

SHA512
5bf49a061b17a71ebcc0ab7d9797552bb3f5409b0e41dfe84d2772ad9bf792f08c62a92ec44807b07d27b5267533529b790d4a066ecf005b450ef9a5866d7812

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\spec.fne

Filesize
40KB

MD5
52880a21f618aa5f907b7dec0c539690

SHA1
f5dd95ee629a248d15e8337bdb7c1417dd80aeca

SHA256
22fa4e7c46787b4ae5baebae35a8a40c377da60c4375038100d6959fc2566e1b

SHA512
c7ab6137c0d6624feb3e76a2e8c77ded8c3f8ef8c244bd9de222da9f2cbbc047e78920bf4ffb9a3420afaf8a7ce4b5fdbc890991ec2cfb08a3e307d8666d97e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\spec.fne

Filesize
72KB

MD5
22a235d3cdf2a4895f708f3eb3a211eb

SHA1
44325f3de8331b2d5490cb77a5e2affd8ac68c3a

SHA256
64fc2784b4c6afc1d6369cab345b500938caa06355784e949cab4d6f49bf6fb1

SHA512
7eb53bb374c82f68713f163582e22f5f82369322bc2f9f73629516117095507a8d50d2c30ac84bf98d44632b6f20cffcd9affdaaa0ba9ff0f567b32f342e544f

Download Submit
C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

Filesize
63KB

MD5
1c88a48549250f7032a6276bc95687ea

SHA1
fa99b438830b8b798faecf8585777635fdea543d

SHA256
02ead1e696c0b593bffc5b49c2bb3f4b0c2fca7a9e7bc0abd5fcb0b0a7250c9b

SHA512
d63dd7d6d5d5369f8a71edb466e1de5a149f631e0fb14a34012a071e738d8de7008f39ae41c4ea506fe0dd8915a11b9feba0d2bf4f4e1a4823c5b799a933a513

Download Submit
C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

Filesize
218KB

MD5
4940048a361bf09ce0eb1ac223593ab3

SHA1
c3e1aa76554e5f0dc2294cb95fdbc62a2e44cbc0

SHA256
78370360ab8202e9d9c27567dd576a9ed3fd20490ad1aca9ab35f8359428df6b

SHA512
631c06c64c2df6e2007b31fd277e33182c1ff96578c4d99760756603e19cd3f12c4ac285ee317d077ee9b76c8ae7fbcde3e3f98d3f5c2dd6b37a9e0008ed2ba7

Download Submit
C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

Filesize
96KB

MD5
eb1f47f6727d6683f2b3696c4249fee2

SHA1
9171c5f5e96e4d6431002d9e5fa59a8299284e59

SHA256
fac52d1e504b818bdcd15e94da7bdaf4ecbea0878986f827eb2d463cdef598ad

SHA512
73423319d76c931506c5f7d546a5f27cfe42a91589ca697c10f7892633a5c002cd6e0ccca9c45da55dc9546e2896e9f901ec678bdda8f0bf889f55f7e1c7340f

Download Submit
C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

Filesize
88KB

MD5
60ba456478633ca592c699904b6776d6

SHA1
a2027e85bf289bb685e55ef4d82440896f09e902

SHA256
f391447e182b8ee44abdc6586c3572991cb5aa6802d7ff5f76829cd1b882c98c

SHA512
2b545b25eb07b86f1ff43ad9dd1ff1c7a40046d9056779b742de5985a0d1ccbc50f500c356842e30078c5b37a515ebac5c37f36f5c44f8cacd4397e69657940e

Download Submit
C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

Filesize
33KB

MD5
17cb3145d079c9b3b5ad257d66d617ed

SHA1
377d163f044b4b2fd11689b57f0c5ea772d97cde

SHA256
6e495717c9739092ce5eb0630d712704a9080663ffd5e4094bc57032994a0a93

SHA512
ccf9214d91321c5eccc718575f824066aa5307b148e0e98931f5e9e72f9792bb5ae3adc6b6831c3b1bde63cf4f6a9d1f81747ed5335c3e5f40ebc5e33e654f6d

Download Submit
C:\Windows\SysWOW64\XP-AB9DB5FA.EXE

Filesize
5KB

MD5
592a28c32e3eb5c259e23b0a4bf7ca41

SHA1
fefcb1322594b74a2c03329304b9f2e498c43e6a

SHA256
be3be3967bbe2391b3e04278a456f16638c62176745e6e6ab59a0640d2e9eafe

SHA512
220531d33ca2e5de2ccdf58875385b1ef90d51be663ecbd7a8db7e3239ba7dd55870173ab1396cbfc21f7d6320a68b35ffa5fc19ed60dc5c64cbe440de7db188

Download Submit
memory/376-168-0x0000000003080000-0x0000000003091000-memory.dmp

Filesize
68KB

Download
memory/376-158-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/376-167-0x0000000002490000-0x00000000024AE000-memory.dmp

Filesize
120KB

Download
memory/376-165-0x00000000021C0000-0x000000000220B000-memory.dmp

Filesize
300KB

Download
memory/376-163-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/1056-130-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1056-75-0x0000000002270000-0x00000000022BB000-memory.dmp

Filesize
300KB

Download
memory/1056-81-0x0000000002F60000-0x0000000002F71000-memory.dmp

Filesize
68KB

Download
memory/1056-61-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1056-71-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/1056-131-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/1056-74-0x0000000002270000-0x00000000022BB000-memory.dmp

Filesize
300KB

Download
memory/1056-80-0x00000000028B0000-0x00000000028CE000-memory.dmp

Filesize
120KB

Download
memory/1288-185-0x00000000021B0000-0x00000000021FB000-memory.dmp

Filesize
300KB

Download
memory/1424-155-0x00000000022C0000-0x000000000230B000-memory.dmp

Filesize
300KB

Download
memory/1424-154-0x00000000022C0000-0x000000000230B000-memory.dmp

Filesize
300KB

Download
memory/1424-153-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/1424-157-0x0000000002600000-0x0000000002611000-memory.dmp

Filesize
68KB

Download
memory/1424-156-0x00000000025D0000-0x00000000025EE000-memory.dmp

Filesize
120KB

Download
memory/1424-148-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2096-104-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2096-10-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2096-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2096-18-0x00000000023C0000-0x000000000240B000-memory.dmp

Filesize
300KB

Download
memory/2096-30-0x00000000029C0000-0x00000000029D1000-memory.dmp

Filesize
68KB

Download
memory/2096-29-0x0000000002880000-0x000000000289E000-memory.dmp

Filesize
120KB

Download
memory/2096-106-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2232-175-0x00000000020B0000-0x00000000020FB000-memory.dmp

Filesize
300KB

Download
memory/2232-177-0x00000000027F0000-0x000000000280E000-memory.dmp

Filesize
120KB

Download
memory/2232-169-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2232-174-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2232-178-0x0000000002810000-0x0000000002821000-memory.dmp

Filesize
68KB

Download
memory/2232-176-0x00000000020B0000-0x00000000020FB000-memory.dmp

Filesize
300KB

Download
memory/2236-180-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2236-133-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2236-141-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2236-179-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2236-143-0x0000000002370000-0x00000000023BB000-memory.dmp

Filesize
300KB

Download
memory/2236-145-0x0000000002F80000-0x0000000002F91000-memory.dmp

Filesize
68KB

Download
memory/2236-142-0x0000000002370000-0x00000000023BB000-memory.dmp

Filesize
300KB

Download
memory/2236-144-0x0000000002F60000-0x0000000002F7E000-memory.dmp

Filesize
120KB

Download
memory/2344-85-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2344-147-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2344-93-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2344-146-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2344-102-0x0000000002910000-0x000000000292E000-memory.dmp

Filesize
120KB

Download
memory/2344-103-0x0000000002930000-0x0000000002941000-memory.dmp

Filesize
68KB

Download
memory/2344-96-0x00000000022B0000-0x00000000022FB000-memory.dmp

Filesize
300KB

Download
memory/2344-97-0x00000000022B0000-0x00000000022FB000-memory.dmp

Filesize
300KB

Download
memory/3600-107-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3600-121-0x0000000002160000-0x00000000021AB000-memory.dmp

Filesize
300KB

Download
memory/3600-117-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/3600-128-0x00000000023D0000-0x00000000023EE000-memory.dmp

Filesize
120KB

Download
memory/3600-129-0x0000000002400000-0x0000000002411000-memory.dmp

Filesize
68KB

Download
memory/3600-164-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3600-166-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/3600-120-0x0000000002160000-0x00000000021AB000-memory.dmp

Filesize
300KB

Download
memory/4104-123-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/4104-122-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4104-59-0x0000000002280000-0x00000000022CB000-memory.dmp

Filesize
300KB

Download
memory/4104-57-0x00000000024E0000-0x00000000024FE000-memory.dmp

Filesize
120KB

Download
memory/4104-50-0x0000000002280000-0x00000000022CB000-memory.dmp

Filesize
300KB

Download
memory/4104-49-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/4104-58-0x0000000002500000-0x0000000002511000-memory.dmp

Filesize
68KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads