Malware Analysis Report

2025-08-05 12:47

Sample ID 240122-m7bwlaeggj
Target 6f835b6c3057fcc816392c3b72740345
SHA256 55cea4bf97f08c33c864615a119c6b4ffc090069bbb7b4d64d2c7dd0e19dad59
Tags
metasploit backdoor trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

55cea4bf97f08c33c864615a119c6b4ffc090069bbb7b4d64d2c7dd0e19dad59

Threat Level: Known bad

The file 6f835b6c3057fcc816392c3b72740345 was found to be: Known bad.

Malicious Activity Summary

metasploit backdoor trojan upx

MetaSploit

UPX packed file

Loads dropped DLL

Checks computer location settings

Deletes itself

Executes dropped EXE

Maps connected drives based on registry

Suspicious use of SetThreadContext

Drops file in System32 directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-22 11:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-22 11:05

Reported

2024-01-22 11:08

Platform

win7-20231215-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Maps connected drives based on registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3060 set thread context of 2220 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 2848 set thread context of 2600 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2016 set thread context of 3032 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1080 set thread context of 2828 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1780 set thread context of 1952 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2504 set thread context of 1784 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2984 set thread context of 1904 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2312 set thread context of 2044 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1392 set thread context of 1516 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2644 set thread context of 1720 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1500 set thread context of 1592 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1244 set thread context of 2516 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2712 set thread context of 2604 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2636 set thread context of 2108 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 772 set thread context of 1460 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2888 set thread context of 2932 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1736 set thread context of 1988 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2332 set thread context of 2352 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2216 set thread context of 2240 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1972 set thread context of 1788 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1356 set thread context of 1696 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2460 set thread context of 2276 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 964 set thread context of 2164 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2748 set thread context of 2672 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 848 set thread context of 2716 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3060 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 3060 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 3060 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 3060 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 3060 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 3060 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 3060 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 2220 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2220 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2220 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2220 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2848 wrote to memory of 2600 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2848 wrote to memory of 2600 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2848 wrote to memory of 2600 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2848 wrote to memory of 2600 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2848 wrote to memory of 2600 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2848 wrote to memory of 2600 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2848 wrote to memory of 2600 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2600 wrote to memory of 2016 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2600 wrote to memory of 2016 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2600 wrote to memory of 2016 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2600 wrote to memory of 2016 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2016 wrote to memory of 3032 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2016 wrote to memory of 3032 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2016 wrote to memory of 3032 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2016 wrote to memory of 3032 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2016 wrote to memory of 3032 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2016 wrote to memory of 3032 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2016 wrote to memory of 3032 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3032 wrote to memory of 1080 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3032 wrote to memory of 1080 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3032 wrote to memory of 1080 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3032 wrote to memory of 1080 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1080 wrote to memory of 2828 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1080 wrote to memory of 2828 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1080 wrote to memory of 2828 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1080 wrote to memory of 2828 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1080 wrote to memory of 2828 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1080 wrote to memory of 2828 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1080 wrote to memory of 2828 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2828 wrote to memory of 1780 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2828 wrote to memory of 1780 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2828 wrote to memory of 1780 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2828 wrote to memory of 1780 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1780 wrote to memory of 1952 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1780 wrote to memory of 1952 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1780 wrote to memory of 1952 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1780 wrote to memory of 1952 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1780 wrote to memory of 1952 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1780 wrote to memory of 1952 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1780 wrote to memory of 1952 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1952 wrote to memory of 2504 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1952 wrote to memory of 2504 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1952 wrote to memory of 2504 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1952 wrote to memory of 2504 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2504 wrote to memory of 1784 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2504 wrote to memory of 1784 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2504 wrote to memory of 1784 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2504 wrote to memory of 1784 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2504 wrote to memory of 1784 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2504 wrote to memory of 1784 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2504 wrote to memory of 1784 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1784 wrote to memory of 2984 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1784 wrote to memory of 2984 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe

"C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe"

C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe

"C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe"

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Users\Admin\AppData\Local\Temp\6F835B~1.EXE

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Users\Admin\AppData\Local\Temp\6F835B~1.EXE

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

Network

N/A

Files

memory/2220-0-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2220-2-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2220-4-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2220-6-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2220-8-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2220-9-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2220-10-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2220-11-0x0000000000400000-0x0000000000466000-memory.dmp

\Windows\SysWOW64\igfxdw32.exe

MD5 6f835b6c3057fcc816392c3b72740345
SHA1 1101247576532083c6b3a87ff52fc9ccd588668a
SHA256 55cea4bf97f08c33c864615a119c6b4ffc090069bbb7b4d64d2c7dd0e19dad59
SHA512 a4d583ea616c8b0e48edc6b74b419ff637e2f8b29cc98179e76ecf08968b4fb56ac2b4ceb7cb45626f444a2157fe64f78037389bfe084c5e633e50977c1ec533

memory/2220-22-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2600-34-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2600-36-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2600-35-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2600-40-0x0000000000400000-0x0000000000466000-memory.dmp

memory/3032-51-0x0000000000400000-0x0000000000466000-memory.dmp

memory/3032-53-0x0000000000400000-0x0000000000466000-memory.dmp

memory/3032-52-0x0000000000400000-0x0000000000466000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3032-58-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2828-69-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2828-71-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2828-70-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2828-75-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1952-87-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1952-93-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1784-113-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1904-131-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2044-149-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1516-167-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1720-186-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1592-198-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2516-210-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2604-222-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2108-234-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1460-246-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2932-258-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1988-270-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2352-280-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2352-285-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2240-297-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1788-309-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1696-319-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1696-324-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2276-336-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2164-348-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2672-360-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2716-372-0x0000000000400000-0x0000000000466000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-22 11:05

Reported

2024-01-22 11:08

Platform

win10v2004-20231222-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\igfxdw32.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\SysWOW64\igfxdw32.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\ C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File created C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A
File opened for modification C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2180 set thread context of 4124 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 2260 set thread context of 1456 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3996 set thread context of 4400 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4508 set thread context of 1452 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4884 set thread context of 4576 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4032 set thread context of 4380 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4192 set thread context of 852 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3708 set thread context of 2380 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4232 set thread context of 4404 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 5080 set thread context of 1972 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4612 set thread context of 3112 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3408 set thread context of 2768 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 220 set thread context of 1856 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 856 set thread context of 4292 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1380 set thread context of 4528 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4160 set thread context of 1860 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 900 set thread context of 3944 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2988 set thread context of 1924 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2492 set thread context of 2544 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2180 set thread context of 3180 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2552 set thread context of 4412 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2476 set thread context of 4748 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2260 set thread context of 5112 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1464 set thread context of 2044 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 220 set thread context of 1656 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2316 set thread context of 1192 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 816 set thread context of 4196 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3108 set thread context of 4336 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2816 set thread context of 4332 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1324 set thread context of 4724 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2940 set thread context of 764 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2832 set thread context of 3532 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\igfxdw32.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A
N/A N/A C:\Windows\SysWOW64\igfxdw32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2180 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 2180 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 2180 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 2180 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 2180 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 2180 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 2180 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe
PID 4124 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4124 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4124 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2260 wrote to memory of 1456 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2260 wrote to memory of 1456 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2260 wrote to memory of 1456 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2260 wrote to memory of 1456 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2260 wrote to memory of 1456 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2260 wrote to memory of 1456 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 2260 wrote to memory of 1456 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1456 wrote to memory of 3996 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1456 wrote to memory of 3996 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1456 wrote to memory of 3996 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3996 wrote to memory of 4400 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3996 wrote to memory of 4400 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3996 wrote to memory of 4400 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3996 wrote to memory of 4400 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3996 wrote to memory of 4400 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3996 wrote to memory of 4400 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 3996 wrote to memory of 4400 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4400 wrote to memory of 4508 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4400 wrote to memory of 4508 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4400 wrote to memory of 4508 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4508 wrote to memory of 1452 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4508 wrote to memory of 1452 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4508 wrote to memory of 1452 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4508 wrote to memory of 1452 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4508 wrote to memory of 1452 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4508 wrote to memory of 1452 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4508 wrote to memory of 1452 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1452 wrote to memory of 4884 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1452 wrote to memory of 4884 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 1452 wrote to memory of 4884 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4884 wrote to memory of 4576 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4884 wrote to memory of 4576 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4884 wrote to memory of 4576 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4884 wrote to memory of 4576 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4884 wrote to memory of 4576 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4884 wrote to memory of 4576 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4884 wrote to memory of 4576 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4576 wrote to memory of 4032 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4576 wrote to memory of 4032 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4576 wrote to memory of 4032 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4032 wrote to memory of 4380 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4032 wrote to memory of 4380 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4032 wrote to memory of 4380 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4032 wrote to memory of 4380 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4032 wrote to memory of 4380 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4032 wrote to memory of 4380 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4032 wrote to memory of 4380 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4380 wrote to memory of 4192 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4380 wrote to memory of 4192 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4380 wrote to memory of 4192 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4192 wrote to memory of 852 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4192 wrote to memory of 852 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4192 wrote to memory of 852 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe
PID 4192 wrote to memory of 852 N/A C:\Windows\SysWOW64\igfxdw32.exe C:\Windows\SysWOW64\igfxdw32.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe

"C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe"

C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe

"C:\Users\Admin\AppData\Local\Temp\6f835b6c3057fcc816392c3b72740345.exe"

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Users\Admin\AppData\Local\Temp\6F835B~1.EXE

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Users\Admin\AppData\Local\Temp\6F835B~1.EXE

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

C:\Windows\SysWOW64\igfxdw32.exe

"C:\Windows\system32\igfxdw32.exe" C:\Windows\SysWOW64\igfxdw32.exe

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 190.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp

Files

memory/4124-0-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4124-2-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4124-3-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4124-4-0x0000000000400000-0x0000000000466000-memory.dmp

C:\Windows\SysWOW64\igfxdw32.exe

MD5 6f835b6c3057fcc816392c3b72740345
SHA1 1101247576532083c6b3a87ff52fc9ccd588668a
SHA256 55cea4bf97f08c33c864615a119c6b4ffc090069bbb7b4d64d2c7dd0e19dad59
SHA512 a4d583ea616c8b0e48edc6b74b419ff637e2f8b29cc98179e76ecf08968b4fb56ac2b4ceb7cb45626f444a2157fe64f78037389bfe084c5e633e50977c1ec533

memory/4124-38-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1456-44-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1456-46-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4400-54-0x0000000000400000-0x0000000000466000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4400-57-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1452-64-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1452-66-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4576-73-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4576-75-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4380-81-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4380-84-0x0000000000400000-0x0000000000466000-memory.dmp

memory/852-91-0x0000000000400000-0x0000000000466000-memory.dmp

memory/852-93-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2380-100-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2380-102-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4404-108-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4404-111-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1972-117-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1972-120-0x0000000000400000-0x0000000000466000-memory.dmp

memory/3112-127-0x0000000000400000-0x0000000000466000-memory.dmp

memory/3112-132-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2768-137-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2768-142-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1856-147-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1856-152-0x0000000000400000-0x0000000000466000-memory.dmp

C:\Windows\SysWOW64\igfxdw32.exe

MD5 c4d7d368dc6789c39ee24ea1e3ae35c6
SHA1 f61398ccd12d25b0af39ec0b7cf3d4eb534716aa
SHA256 44cf290a8c1f46c2d056da35c62a647044c837c8811dadbd16593b8ddb9c8256
SHA512 d84b1eb946ca0862a833f156c4a245e9084bca59fdb6089ff12fa950dde169db1d989cd0b9621e346ebda70db84824f409c9927c82ae34e0ba82047ed3fed6dd

memory/4292-158-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4292-163-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4528-168-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4528-173-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1860-178-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1860-183-0x0000000000400000-0x0000000000466000-memory.dmp

memory/3944-188-0x0000000000400000-0x0000000000466000-memory.dmp

memory/3944-193-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1924-199-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1924-203-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2544-209-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2544-213-0x0000000000400000-0x0000000000466000-memory.dmp

memory/3180-219-0x0000000000400000-0x0000000000466000-memory.dmp

memory/3180-223-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4412-229-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4412-233-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4748-238-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4748-243-0x0000000000400000-0x0000000000466000-memory.dmp

memory/5112-249-0x0000000000400000-0x0000000000466000-memory.dmp

memory/5112-253-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2044-257-0x0000000000400000-0x0000000000466000-memory.dmp

memory/2044-261-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1656-265-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1656-269-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1192-273-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1192-277-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4196-282-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4196-285-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4336-289-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4336-293-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4332-297-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4332-301-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4724-306-0x0000000000400000-0x0000000000466000-memory.dmp

memory/4724-309-0x0000000000400000-0x0000000000466000-memory.dmp

memory/764-313-0x0000000000400000-0x0000000000466000-memory.dmp

memory/764-317-0x0000000000400000-0x0000000000466000-memory.dmp

memory/3532-322-0x0000000000400000-0x0000000000466000-memory.dmp

memory/3532-325-0x0000000000400000-0x0000000000466000-memory.dmp