ba5a8dd2be75dce0340f33b1d035f5667b4dd07b9759330c5f317efe96f1ef3a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-03-2024 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba5a8dd2be75dce0340f33b1d035f5667b4dd07b9759330c5f317efe96f1ef3a.exe
Size

110KB
MD5

1ceb5ac3b4490a4f2486a7c2f34e8996
SHA1

1df9763b068391a41efe3f2bd0fad26cdc63c263
SHA256

ba5a8dd2be75dce0340f33b1d035f5667b4dd07b9759330c5f317efe96f1ef3a
SHA512

37bbd8db8ed1d4894a3da5d986b231d355b52a4ff0010f18ee070a120813ddb78ce955ddd8b945504bd4ef5fab2d4a6407a5e70f90a1b28dd42adde8f6fd3972
SSDEEP

1536:hqhAodrNwA3oJ+DjOBZ+JtsccXErLU2LuQS2BOWvI6dIjVjJ8FPws2LTH:WfKA3okDjKEVuQS2BPvvdcJEPwlb

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Coqncejg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Geanfelc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ooibkpmi.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bdlfjh32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ephbhd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Hpnoncim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ibhkfm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lnoaaaad.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Npepkf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ckbncapd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Epffbd32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Egegjn32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Egcaod32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hehdfdek.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Inebjihf.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jbccge32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Lplfcf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Omdieb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Damfao32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Finnef32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cibain32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Mpeiie32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Qcnjijoe.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bbaclegm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Gfjkjo32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nnfpinmi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ofmdio32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qaqegecm.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ilkoim32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dddllkbf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Qamago32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Qiiflaoo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Pnplfj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ibcjqgnm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Dknnoofg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cdpcal32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Geoapenf.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Epffbd32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mfenglqf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Glbjggof.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fnbcgn32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qfmfefni.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Eqmlccdi.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Llodgnja.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ppgegd32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bahdob32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ebkbbmqj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bmidnm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ebaplnie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Apeknk32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bpjmph32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Impliekg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ggfglb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ejlnfjbd.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jocefm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kpoalo32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mnegbp32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Doagjc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Oflmnh32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Impliekg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Llodgnja.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mfkkqmiq.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Enopghee.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pfdjinjo.exe

Executes dropped EXE 64 IoCs

pid	Process
3248	Glbjggof.exe
1012	Gfjkjo32.exe
1028	Glgcbf32.exe
3468	Geohklaa.exe
1576	Gmimai32.exe
4744	Hipmfjee.exe
2856	Hefnkkkj.exe
1168	Hffken32.exe
3628	Hpnoncim.exe
4968	Hoclopne.exe
1612	Hlglidlo.exe
2460	Iepaaico.exe
3500	Illfdc32.exe
2016	Igajal32.exe
4884	Ibhkfm32.exe
2972	Impliekg.exe
4312	Jcmdaljn.exe
4240	Jocefm32.exe
1084	Jpcapp32.exe
3796	Jebfng32.exe
3472	Jedccfqg.exe
2596	Kpjgaoqm.exe
2356	Kpmdfonj.exe
2836	Kpoalo32.exe
816	Kodnmkap.exe
4680	Kofkbk32.exe
112	Lljklo32.exe
3592	Lfbped32.exe
4396	Lokdnjkg.exe
4732	Llodgnja.exe
3668	Lnoaaaad.exe
4952	Ljeafb32.exe
1324	Lncjlq32.exe
3620	Mnegbp32.exe
2448	Mmkdcm32.exe
3260	Mokmdh32.exe
2212	Monjjgkb.exe
500	Nopfpgip.exe
3128	Nmdgikhi.exe
788	Npepkf32.exe
1868	Nnfpinmi.exe
2988	Ngndaccj.exe
2336	Nagiji32.exe
1728	Nfcabp32.exe
4472	Oplfkeob.exe
5128	Onmfimga.exe
5168	Ofhknodl.exe
5212	Opqofe32.exe
5248	Ojfcdnjc.exe
5296	Ofmdio32.exe
5336	Oabhfg32.exe
5376	Ppgegd32.exe
5416	Pnifekmd.exe
5460	Pfdjinjo.exe
5504	Pplobcpp.exe
5544	Pnmopk32.exe
5592	Pnplfj32.exe
5632	Pdmdnadc.exe
5676	Qaqegecm.exe
5724	Qmgelf32.exe
5764	Afpjel32.exe
5804	Aaenbd32.exe
5856	Aoioli32.exe
5896	Aajhndkb.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Baegibae.exe	Bkibgh32.exe
File created	C:\Windows\SysWOW64\Bgelgi32.exe	Bahdob32.exe
File created	C:\Windows\SysWOW64\Anafep32.dll	Mledmg32.exe
File opened for modification	C:\Windows\SysWOW64\Pmphaaln.exe	Piocecgj.exe
File opened for modification	C:\Windows\SysWOW64\Bpjmph32.exe	Bmidnm32.exe
File created	C:\Windows\SysWOW64\Dnbdlf32.dll	Llodgnja.exe
File created	C:\Windows\SysWOW64\Egilaj32.dll	Qmgelf32.exe
File created	C:\Windows\SysWOW64\Bkamodje.dll	Bkibgh32.exe
File opened for modification	C:\Windows\SysWOW64\Foclgq32.exe	Fndpmndl.exe
File opened for modification	C:\Windows\SysWOW64\Gbnhoj32.exe	Gkdpbpih.exe
File opened for modification	C:\Windows\SysWOW64\Jhgiim32.exe	Ipkdek32.exe
File created	C:\Windows\SysWOW64\Lphdhn32.dll	Jpegkj32.exe
File created	C:\Windows\SysWOW64\Mfkkqmiq.exe	Lpochfji.exe
File created	C:\Windows\SysWOW64\Ngndaccj.exe	Nnfpinmi.exe
File created	C:\Windows\SysWOW64\Cnffoibg.dll	Ofmdio32.exe
File created	C:\Windows\SysWOW64\Fncibg32.exe	Fdkdibjp.exe
File created	C:\Windows\SysWOW64\Fdpnda32.exe	Fncibg32.exe
File created	C:\Windows\SysWOW64\Lncjlq32.exe	Ljeafb32.exe
File created	C:\Windows\SysWOW64\Figgdg32.exe	Fnbcgn32.exe
File created	C:\Windows\SysWOW64\Ebaplnie.exe	Dglkoeio.exe
File opened for modification	C:\Windows\SysWOW64\Kidben32.exe	Kplmliko.exe
File created	C:\Windows\SysWOW64\Dodebo32.dll	Ckdkhq32.exe
File opened for modification	C:\Windows\SysWOW64\Epffbd32.exe	Ejlnfjbd.exe
File opened for modification	C:\Windows\SysWOW64\Onmfimga.exe	Oplfkeob.exe
File created	C:\Windows\SysWOW64\Ckgohf32.exe	Cdmfllhn.exe
File created	C:\Windows\SysWOW64\Joekag32.exe	Jihbip32.exe
File created	C:\Windows\SysWOW64\Jhplpl32.exe	Jbccge32.exe
File created	C:\Windows\SysWOW64\Ekljpm32.exe	Epffbd32.exe
File created	C:\Windows\SysWOW64\Doagjc32.exe	Damfao32.exe
File created	C:\Windows\SysWOW64\Nqgnfcmm.dll	Egcaod32.exe
File opened for modification	C:\Windows\SysWOW64\Bgelgi32.exe	Bahdob32.exe
File created	C:\Windows\SysWOW64\Inclga32.dll	Hhaggp32.exe
File opened for modification	C:\Windows\SysWOW64\Kiphjo32.exe	Jhplpl32.exe
File created	C:\Windows\SysWOW64\Ipimhnjc.dll	Qcnjijoe.exe
File created	C:\Windows\SysWOW64\Fklcgk32.exe	Fdpnda32.exe
File created	C:\Windows\SysWOW64\Ofhknodl.exe	Onmfimga.exe
File created	C:\Windows\SysWOW64\Mkfefigf.dll	Pdmdnadc.exe
File created	C:\Windows\SysWOW64\Jicchk32.dll	Laiipofp.exe
File opened for modification	C:\Windows\SysWOW64\Ooibkpmi.exe	Nfqnbjfi.exe
File created	C:\Windows\SysWOW64\Ddmhhd32.exe	Dncpkjoc.exe
File opened for modification	C:\Windows\SysWOW64\Fncibg32.exe	Fdkdibjp.exe
File opened for modification	C:\Windows\SysWOW64\Gddgpqbe.exe	Fnjocf32.exe
File created	C:\Windows\SysWOW64\Jifecp32.exe	Jblmgf32.exe
File opened for modification	C:\Windows\SysWOW64\Kolabf32.exe	Kiphjo32.exe
File opened for modification	C:\Windows\SysWOW64\Fndpmndl.exe	Figgdg32.exe
File created	C:\Windows\SysWOW64\Kpqfid32.dll	Gkdpbpih.exe
File opened for modification	C:\Windows\SysWOW64\Laiipofp.exe	Lpgmhg32.exe
File opened for modification	C:\Windows\SysWOW64\Mqjbddpl.exe	Mfenglqf.exe
File created	C:\Windows\SysWOW64\Pmphaaln.exe	Piocecgj.exe
File created	C:\Windows\SysWOW64\Hnflfgji.dll	Cnaaib32.exe
File created	C:\Windows\SysWOW64\Eoepebho.exe	Ebaplnie.exe
File created	C:\Windows\SysWOW64\Aplaoj32.exe	Apjdikqd.exe
File created	C:\Windows\SysWOW64\Bahdob32.exe	Baegibae.exe
File opened for modification	C:\Windows\SysWOW64\Jeocna32.exe	Joekag32.exe
File created	C:\Windows\SysWOW64\Dqnjgl32.exe	Dolmodpi.exe
File opened for modification	C:\Windows\SysWOW64\Jihbip32.exe	Jppnpjel.exe
File created	C:\Windows\SysWOW64\Jgddkelm.dll	Bahdob32.exe
File created	C:\Windows\SysWOW64\Gkdpbpih.exe	Gbkkik32.exe
File created	C:\Windows\SysWOW64\Jblmgf32.exe	Jhgiim32.exe
File created	C:\Windows\SysWOW64\Jbccge32.exe	Jpegkj32.exe
File created	C:\Windows\SysWOW64\Mpeiie32.exe	Mcaipa32.exe
File opened for modification	C:\Windows\SysWOW64\Ofmdio32.exe	Ojfcdnjc.exe
File opened for modification	C:\Windows\SysWOW64\Afpjel32.exe	Qmgelf32.exe
File created	C:\Windows\SysWOW64\Ogakfe32.dll	Pplobcpp.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
8584	8460	WerFault.exe	328

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hiaafn32.dll"	Gfjkjo32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jcmdaljn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Npepkf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bgelgi32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dglkoeio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qgjamboa.dll"	Iepaaico.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Mokmdh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Egilaj32.dll"	Qmgelf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ilkoim32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jppnpjel.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jongga32.dll"	ba5a8dd2be75dce0340f33b1d035f5667b4dd07b9759330c5f317efe96f1ef3a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Kpmdfonj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Fndpmndl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Inclga32.dll"	Hhaggp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Jifecp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ngcglo32.dll"	Jihbip32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Odanidih.dll"	Eqmlccdi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mlelal32.dll"	Igajal32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pkbcikkp.dll"	Mfkkqmiq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Mledmg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mlmadjhb.dll"	Piocecgj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Cajdjn32.dll"	Kpmdfonj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Egcaod32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Lpgmhg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hpceplkl.dll"	Hnbeeiji.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qfgllk32.dll"	Hlglidlo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ghojbq32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Mqjbddpl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bmdkcnie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Enopghee.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Eqmlccdi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Jocefm32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jpcapp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ifenan32.dll"	Jedccfqg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jgddkelm.dll"	Bahdob32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Chdialdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jifecp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bpldbefn.dll"	Ooibkpmi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Iheocj32.dll"	Pimfpc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Qiiflaoo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jedccfqg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Doagjc32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Hifmmb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gflonn32.dll"	Ofjqihnn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dahfkimd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Gfjkjo32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Kofkbk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Pdmdnadc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Imffkelf.dll"	Eoepebho.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Gbkkik32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Jppnpjel.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Klhhpb32.dll"	Oqklkbbi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Apeknk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dooaccfg.dll"	Ckbncapd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Cmgqpkip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gkdinefi.dll"	Ebaplnie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mnknop32.dll"	Joekag32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Nphnbpql.dll"	Koajmepf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Cgogbi32.dll"	Lplfcf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Likage32.dll"	Omdieb32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Opbean32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dikifc32.dll"	Ddmhhd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Doagjc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hpaoan32.dll"	Finnef32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 3248	3528	ba5a8dd2be75dce0340f33b1d035f5667b4dd07b9759330c5f317efe96f1ef3a.exe	95
PID 3528 wrote to memory of 3248	3528	ba5a8dd2be75dce0340f33b1d035f5667b4dd07b9759330c5f317efe96f1ef3a.exe	95
PID 3528 wrote to memory of 3248	3528	ba5a8dd2be75dce0340f33b1d035f5667b4dd07b9759330c5f317efe96f1ef3a.exe	95
PID 3248 wrote to memory of 1012	3248	Glbjggof.exe	96
PID 3248 wrote to memory of 1012	3248	Glbjggof.exe	96
PID 3248 wrote to memory of 1012	3248	Glbjggof.exe	96
PID 1012 wrote to memory of 1028	1012	Gfjkjo32.exe	97
PID 1012 wrote to memory of 1028	1012	Gfjkjo32.exe	97
PID 1012 wrote to memory of 1028	1012	Gfjkjo32.exe	97
PID 1028 wrote to memory of 3468	1028	Glgcbf32.exe	98
PID 1028 wrote to memory of 3468	1028	Glgcbf32.exe	98
PID 1028 wrote to memory of 3468	1028	Glgcbf32.exe	98
PID 3468 wrote to memory of 1576	3468	Geohklaa.exe	100
PID 3468 wrote to memory of 1576	3468	Geohklaa.exe	100
PID 3468 wrote to memory of 1576	3468	Geohklaa.exe	100
PID 1576 wrote to memory of 4744	1576	Gmimai32.exe	101
PID 1576 wrote to memory of 4744	1576	Gmimai32.exe	101
PID 1576 wrote to memory of 4744	1576	Gmimai32.exe	101
PID 4744 wrote to memory of 2856	4744	Hipmfjee.exe	102
PID 4744 wrote to memory of 2856	4744	Hipmfjee.exe	102
PID 4744 wrote to memory of 2856	4744	Hipmfjee.exe	102
PID 2856 wrote to memory of 1168	2856	Hefnkkkj.exe	103
PID 2856 wrote to memory of 1168	2856	Hefnkkkj.exe	103
PID 2856 wrote to memory of 1168	2856	Hefnkkkj.exe	103
PID 1168 wrote to memory of 3628	1168	Hffken32.exe	104
PID 1168 wrote to memory of 3628	1168	Hffken32.exe	104
PID 1168 wrote to memory of 3628	1168	Hffken32.exe	104
PID 3628 wrote to memory of 4968	3628	Hpnoncim.exe	105
PID 3628 wrote to memory of 4968	3628	Hpnoncim.exe	105
PID 3628 wrote to memory of 4968	3628	Hpnoncim.exe	105
PID 4968 wrote to memory of 1612	4968	Hoclopne.exe	106
PID 4968 wrote to memory of 1612	4968	Hoclopne.exe	106
PID 4968 wrote to memory of 1612	4968	Hoclopne.exe	106
PID 1612 wrote to memory of 2460	1612	Hlglidlo.exe	107
PID 1612 wrote to memory of 2460	1612	Hlglidlo.exe	107
PID 1612 wrote to memory of 2460	1612	Hlglidlo.exe	107
PID 2460 wrote to memory of 3500	2460	Iepaaico.exe	108
PID 2460 wrote to memory of 3500	2460	Iepaaico.exe	108
PID 2460 wrote to memory of 3500	2460	Iepaaico.exe	108
PID 3500 wrote to memory of 2016	3500	Illfdc32.exe	109
PID 3500 wrote to memory of 2016	3500	Illfdc32.exe	109
PID 3500 wrote to memory of 2016	3500	Illfdc32.exe	109
PID 2016 wrote to memory of 4884	2016	Igajal32.exe	110
PID 2016 wrote to memory of 4884	2016	Igajal32.exe	110
PID 2016 wrote to memory of 4884	2016	Igajal32.exe	110
PID 4884 wrote to memory of 2972	4884	Ibhkfm32.exe	112
PID 4884 wrote to memory of 2972	4884	Ibhkfm32.exe	112
PID 4884 wrote to memory of 2972	4884	Ibhkfm32.exe	112
PID 2972 wrote to memory of 4312	2972	Impliekg.exe	113
PID 2972 wrote to memory of 4312	2972	Impliekg.exe	113
PID 2972 wrote to memory of 4312	2972	Impliekg.exe	113
PID 4312 wrote to memory of 4240	4312	Jcmdaljn.exe	114
PID 4312 wrote to memory of 4240	4312	Jcmdaljn.exe	114
PID 4312 wrote to memory of 4240	4312	Jcmdaljn.exe	114
PID 4240 wrote to memory of 1084	4240	Jocefm32.exe	115
PID 4240 wrote to memory of 1084	4240	Jocefm32.exe	115
PID 4240 wrote to memory of 1084	4240	Jocefm32.exe	115
PID 1084 wrote to memory of 3796	1084	Jpcapp32.exe	116
PID 1084 wrote to memory of 3796	1084	Jpcapp32.exe	116
PID 1084 wrote to memory of 3796	1084	Jpcapp32.exe	116
PID 3796 wrote to memory of 3472	3796	Jebfng32.exe	117
PID 3796 wrote to memory of 3472	3796	Jebfng32.exe	117
PID 3796 wrote to memory of 3472	3796	Jebfng32.exe	117
PID 3472 wrote to memory of 2596	3472	Jedccfqg.exe	118

C:\Users\Admin\AppData\Local\Temp\ba5a8dd2be75dce0340f33b1d035f5667b4dd07b9759330c5f317efe96f1ef3a.exe
"C:\Users\Admin\AppData\Local\Temp\ba5a8dd2be75dce0340f33b1d035f5667b4dd07b9759330c5f317efe96f1ef3a.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Windows\SysWOW64\Glbjggof.exe
  C:\Windows\system32\Glbjggof.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3248
- - C:\Windows\SysWOW64\Gfjkjo32.exe
    C:\Windows\system32\Gfjkjo32.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1012
  - - C:\Windows\SysWOW64\Glgcbf32.exe
      C:\Windows\system32\Glgcbf32.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1028
    - - C:\Windows\SysWOW64\Geohklaa.exe
        
        C:\Windows\system32\Geohklaa.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3468
      - C:\Windows\SysWOW64\Gmimai32.exe
        
        C:\Windows\system32\Gmimai32.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1576
        
        C:\Windows\SysWOW64\Hipmfjee.exe
        
        C:\Windows\system32\Hipmfjee.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4744
        
        C:\Windows\SysWOW64\Hefnkkkj.exe
        
        C:\Windows\system32\Hefnkkkj.exe
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2856
        
        C:\Windows\SysWOW64\Hffken32.exe
        
        C:\Windows\system32\Hffken32.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1168
        
        C:\Windows\SysWOW64\Hpnoncim.exe
        
        C:\Windows\system32\Hpnoncim.exe
        10⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3628
        
        C:\Windows\SysWOW64\Hoclopne.exe
        
        C:\Windows\system32\Hoclopne.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4968
        
        C:\Windows\SysWOW64\Hlglidlo.exe
        
        C:\Windows\system32\Hlglidlo.exe
        12⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1612
        
        C:\Windows\SysWOW64\Iepaaico.exe
        
        C:\Windows\system32\Iepaaico.exe
        13⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2460
        
        C:\Windows\SysWOW64\Illfdc32.exe
        
        C:\Windows\system32\Illfdc32.exe
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3500
        
        C:\Windows\SysWOW64\Igajal32.exe
        
        C:\Windows\system32\Igajal32.exe
        15⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2016
        
        C:\Windows\SysWOW64\Ibhkfm32.exe
        
        C:\Windows\system32\Ibhkfm32.exe
        16⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4884
        
        C:\Windows\SysWOW64\Impliekg.exe
        
        C:\Windows\system32\Impliekg.exe
        17⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2972
        
        C:\Windows\SysWOW64\Jcmdaljn.exe
        
        C:\Windows\system32\Jcmdaljn.exe
        18⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4312
        
        C:\Windows\SysWOW64\Jocefm32.exe
        
        C:\Windows\system32\Jocefm32.exe
        19⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4240
        
        C:\Windows\SysWOW64\Jpcapp32.exe
        
        C:\Windows\system32\Jpcapp32.exe
        20⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1084
        
        C:\Windows\SysWOW64\Jebfng32.exe
        
        C:\Windows\system32\Jebfng32.exe
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3796
        
        C:\Windows\SysWOW64\Jedccfqg.exe
        
        C:\Windows\system32\Jedccfqg.exe
        22⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3472
        
        C:\Windows\SysWOW64\Kpjgaoqm.exe
        
        C:\Windows\system32\Kpjgaoqm.exe
        23⤵
        Executes dropped EXE
        
        PID:2596
        
        C:\Windows\SysWOW64\Kpmdfonj.exe
        
        C:\Windows\system32\Kpmdfonj.exe
        24⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2356
        
        C:\Windows\SysWOW64\Kpoalo32.exe
        
        C:\Windows\system32\Kpoalo32.exe
        25⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:2836
        
        C:\Windows\SysWOW64\Kodnmkap.exe
        
        C:\Windows\system32\Kodnmkap.exe
        26⤵
        Executes dropped EXE
        
        PID:816
        
        C:\Windows\SysWOW64\Kofkbk32.exe
        
        C:\Windows\system32\Kofkbk32.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4680
        
        C:\Windows\SysWOW64\Lljklo32.exe
        
        C:\Windows\system32\Lljklo32.exe
        28⤵
        Executes dropped EXE
        
        PID:112
        
        C:\Windows\SysWOW64\Lfbped32.exe
        
        C:\Windows\system32\Lfbped32.exe
        29⤵
        Executes dropped EXE
        
        PID:3592
        
        C:\Windows\SysWOW64\Lokdnjkg.exe
        
        C:\Windows\system32\Lokdnjkg.exe
        30⤵
        Executes dropped EXE
        
        PID:4396
        
        C:\Windows\SysWOW64\Llodgnja.exe
        
        C:\Windows\system32\Llodgnja.exe
        31⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4732
        
        C:\Windows\SysWOW64\Lnoaaaad.exe
        
        C:\Windows\system32\Lnoaaaad.exe
        32⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3668
        
        C:\Windows\SysWOW64\Ljeafb32.exe
        
        C:\Windows\system32\Ljeafb32.exe
        33⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4952
        
        C:\Windows\SysWOW64\Lncjlq32.exe
        
        C:\Windows\system32\Lncjlq32.exe
        34⤵
        Executes dropped EXE
        
        PID:1324
        
        C:\Windows\SysWOW64\Mnegbp32.exe
        
        C:\Windows\system32\Mnegbp32.exe
        35⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3620
        
        C:\Windows\SysWOW64\Mmkdcm32.exe
        
        C:\Windows\system32\Mmkdcm32.exe
        36⤵
        Executes dropped EXE
        
        PID:2448
        
        C:\Windows\SysWOW64\Mokmdh32.exe
        
        C:\Windows\system32\Mokmdh32.exe
        37⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3260
        
        C:\Windows\SysWOW64\Monjjgkb.exe
        
        C:\Windows\system32\Monjjgkb.exe
        38⤵
        Executes dropped EXE
        
        PID:2212
        
        C:\Windows\SysWOW64\Nopfpgip.exe
        
        C:\Windows\system32\Nopfpgip.exe
        39⤵
        Executes dropped EXE
        
        PID:500
        
        C:\Windows\SysWOW64\Nmdgikhi.exe
        
        C:\Windows\system32\Nmdgikhi.exe
        40⤵
        Executes dropped EXE
        
        PID:3128
        
        C:\Windows\SysWOW64\Npepkf32.exe
        
        C:\Windows\system32\Npepkf32.exe
        41⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:788
        
        C:\Windows\SysWOW64\Nnfpinmi.exe
        
        C:\Windows\system32\Nnfpinmi.exe
        42⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1868
        
        C:\Windows\SysWOW64\Ngndaccj.exe
        
        C:\Windows\system32\Ngndaccj.exe
        43⤵
        Executes dropped EXE
        
        PID:2988
        
        C:\Windows\SysWOW64\Nagiji32.exe
        
        C:\Windows\system32\Nagiji32.exe
        44⤵
        Executes dropped EXE
        
        PID:2336
        
        C:\Windows\SysWOW64\Nfcabp32.exe
        
        C:\Windows\system32\Nfcabp32.exe
        45⤵
        Executes dropped EXE
        
        PID:1728
        
        C:\Windows\SysWOW64\Oplfkeob.exe
        
        C:\Windows\system32\Oplfkeob.exe
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4472
        
        C:\Windows\SysWOW64\Onmfimga.exe
        
        C:\Windows\system32\Onmfimga.exe
        47⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5128
        
        C:\Windows\SysWOW64\Ofhknodl.exe
        
        C:\Windows\system32\Ofhknodl.exe
        48⤵
        Executes dropped EXE
        
        PID:5168
        
        C:\Windows\SysWOW64\Opqofe32.exe
        
        C:\Windows\system32\Opqofe32.exe
        49⤵
        Executes dropped EXE
        
        PID:5212
        
        C:\Windows\SysWOW64\Ojfcdnjc.exe
        
        C:\Windows\system32\Ojfcdnjc.exe
        50⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5248
        
        C:\Windows\SysWOW64\Ofmdio32.exe
        
        C:\Windows\system32\Ofmdio32.exe
        51⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5296
        
        C:\Windows\SysWOW64\Oabhfg32.exe
        
        C:\Windows\system32\Oabhfg32.exe
        52⤵
        Executes dropped EXE
        
        PID:5336
        
        C:\Windows\SysWOW64\Ppgegd32.exe
        
        C:\Windows\system32\Ppgegd32.exe
        53⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:5376
        
        C:\Windows\SysWOW64\Pnifekmd.exe
        
        C:\Windows\system32\Pnifekmd.exe
        54⤵
        Executes dropped EXE
        
        PID:5416
        
        C:\Windows\SysWOW64\Pfdjinjo.exe
        
        C:\Windows\system32\Pfdjinjo.exe
        55⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:5460
        
        C:\Windows\SysWOW64\Pplobcpp.exe
        
        C:\Windows\system32\Pplobcpp.exe
        56⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5504
        
        C:\Windows\SysWOW64\Pnmopk32.exe
        
        C:\Windows\system32\Pnmopk32.exe
        57⤵
        Executes dropped EXE
        
        PID:5544
        
        C:\Windows\SysWOW64\Pnplfj32.exe
        
        C:\Windows\system32\Pnplfj32.exe
        58⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:5592
        
        C:\Windows\SysWOW64\Pdmdnadc.exe
        
        C:\Windows\system32\Pdmdnadc.exe
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:5632
        
        C:\Windows\SysWOW64\Qaqegecm.exe
        
        C:\Windows\system32\Qaqegecm.exe
        60⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:5676
        
        C:\Windows\SysWOW64\Qmgelf32.exe
        
        C:\Windows\system32\Qmgelf32.exe
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:5724
        
        C:\Windows\SysWOW64\Afpjel32.exe
        
        C:\Windows\system32\Afpjel32.exe
        62⤵
        Executes dropped EXE
        
        PID:5764
        
        C:\Windows\SysWOW64\Aaenbd32.exe
        
        C:\Windows\system32\Aaenbd32.exe
        63⤵
        Executes dropped EXE
        
        PID:5804
        
        C:\Windows\SysWOW64\Aoioli32.exe
        
        C:\Windows\system32\Aoioli32.exe
        64⤵
        Executes dropped EXE
        
        PID:5856
        
        C:\Windows\SysWOW64\Aajhndkb.exe
        
        C:\Windows\system32\Aajhndkb.exe
        65⤵
        Executes dropped EXE
        
        PID:5896
        
        C:\Windows\SysWOW64\Aggpfkjj.exe
        
        C:\Windows\system32\Aggpfkjj.exe
        66⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\Apodoq32.exe
        
        C:\Windows\system32\Apodoq32.exe
        67⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\Aopemh32.exe
        
        C:\Windows\system32\Aopemh32.exe
        68⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\Apaadpng.exe
        
        C:\Windows\system32\Apaadpng.exe
        69⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\Bmeandma.exe
        
        C:\Windows\system32\Bmeandma.exe
        70⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\Bkibgh32.exe
        
        C:\Windows\system32\Bkibgh32.exe
        71⤵
        Drops file in System32 directory
        
        PID:5124
        
        C:\Windows\SysWOW64\Baegibae.exe
        
        C:\Windows\system32\Baegibae.exe
        72⤵
        Drops file in System32 directory
        
        PID:5156
        
        C:\Windows\SysWOW64\Bahdob32.exe
        
        C:\Windows\system32\Bahdob32.exe
        73⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:5240
        
        C:\Windows\SysWOW64\Bgelgi32.exe
        
        C:\Windows\system32\Bgelgi32.exe
        74⤵
        Modifies registry class
        
        PID:5312
        
        C:\Windows\SysWOW64\Chdialdl.exe
        
        C:\Windows\system32\Chdialdl.exe
        75⤵
        Modifies registry class
        
        PID:5352
        
        C:\Windows\SysWOW64\Cnaaib32.exe
        
        C:\Windows\system32\Cnaaib32.exe
        76⤵
        Drops file in System32 directory
        
        PID:5456
        
        C:\Windows\SysWOW64\Chfegk32.exe
        
        C:\Windows\system32\Chfegk32.exe
        77⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\Coqncejg.exe
        
        C:\Windows\system32\Coqncejg.exe
        78⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5576
        
        C:\Windows\SysWOW64\Cdmfllhn.exe
        
        C:\Windows\system32\Cdmfllhn.exe
        79⤵
        Drops file in System32 directory
        
        PID:5604
        
        C:\Windows\SysWOW64\Ckgohf32.exe
        
        C:\Windows\system32\Ckgohf32.exe
        80⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\Cdpcal32.exe
        
        C:\Windows\system32\Cdpcal32.exe
        81⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5800
        
        C:\Windows\SysWOW64\Cpfcfmlp.exe
        
        C:\Windows\system32\Cpfcfmlp.exe
        82⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\Cklhcfle.exe
        
        C:\Windows\system32\Cklhcfle.exe
        83⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\Dddllkbf.exe
        
        C:\Windows\system32\Dddllkbf.exe
        84⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6008
        
        C:\Windows\SysWOW64\Dojqjdbl.exe
        
        C:\Windows\system32\Dojqjdbl.exe
        85⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\Ddgibkpc.exe
        
        C:\Windows\system32\Ddgibkpc.exe
        86⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\Dolmodpi.exe
        
        C:\Windows\system32\Dolmodpi.exe
        87⤵
        Drops file in System32 directory
        
        PID:5264
        
        C:\Windows\SysWOW64\Dqnjgl32.exe
        
        C:\Windows\system32\Dqnjgl32.exe
        88⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\Damfao32.exe
        
        C:\Windows\system32\Damfao32.exe
        89⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5588
        
        C:\Windows\SysWOW64\Doagjc32.exe
        
        C:\Windows\system32\Doagjc32.exe
        90⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5692
        
        C:\Windows\SysWOW64\Dglkoeio.exe
        
        C:\Windows\system32\Dglkoeio.exe
        91⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5784
        
        C:\Windows\SysWOW64\Ebaplnie.exe
        
        C:\Windows\system32\Ebaplnie.exe
        92⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:5960
        
        C:\Windows\SysWOW64\Eoepebho.exe
        
        C:\Windows\system32\Eoepebho.exe
        93⤵
        Modifies registry class
        
        PID:6100
        
        C:\Windows\SysWOW64\Ehndnh32.exe
        
        C:\Windows\system32\Ehndnh32.exe
        94⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\Ebfign32.exe
        
        C:\Windows\system32\Ebfign32.exe
        95⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\Egcaod32.exe
        
        C:\Windows\system32\Egcaod32.exe
        96⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:5448
        
        C:\Windows\SysWOW64\Ebifmm32.exe
        
        C:\Windows\system32\Ebifmm32.exe
        97⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\Ebkbbmqj.exe
        
        C:\Windows\system32\Ebkbbmqj.exe
        98⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5936
        
        C:\Windows\SysWOW64\Fnbcgn32.exe
        
        C:\Windows\system32\Fnbcgn32.exe
        99⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:3052
        
        C:\Windows\SysWOW64\Figgdg32.exe
        
        C:\Windows\system32\Figgdg32.exe
        100⤵
        Drops file in System32 directory
        
        PID:5304
        
        C:\Windows\SysWOW64\Fndpmndl.exe
        
        C:\Windows\system32\Fndpmndl.exe
        101⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5520
        
        C:\Windows\SysWOW64\Foclgq32.exe
        
        C:\Windows\system32\Foclgq32.exe
        102⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\Fkjmlaac.exe
        
        C:\Windows\system32\Fkjmlaac.exe
        103⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\Finnef32.exe
        
        C:\Windows\system32\Finnef32.exe
        104⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:1212
        
        C:\Windows\SysWOW64\Fgcjfbed.exe
        
        C:\Windows\system32\Fgcjfbed.exe
        105⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\Gbiockdj.exe
        
        C:\Windows\system32\Gbiockdj.exe
        106⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\Ggfglb32.exe
        
        C:\Windows\system32\Ggfglb32.exe
        107⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6220
        
        C:\Windows\SysWOW64\Gbkkik32.exe
        
        C:\Windows\system32\Gbkkik32.exe
        108⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6276
        
        C:\Windows\SysWOW64\Gkdpbpih.exe
        
        C:\Windows\system32\Gkdpbpih.exe
        109⤵
        Drops file in System32 directory
        
        PID:6328
        
        C:\Windows\SysWOW64\Gbnhoj32.exe
        
        C:\Windows\system32\Gbnhoj32.exe
        110⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\Ggkqgaol.exe
        
        C:\Windows\system32\Ggkqgaol.exe
        111⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\Geoapenf.exe
        
        C:\Windows\system32\Geoapenf.exe
        112⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6476
        
        C:\Windows\SysWOW64\Glhimp32.exe
        
        C:\Windows\system32\Glhimp32.exe
        113⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\Geanfelc.exe
        
        C:\Windows\system32\Geanfelc.exe
        114⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6568
        
        C:\Windows\SysWOW64\Ghojbq32.exe
        
        C:\Windows\system32\Ghojbq32.exe
        115⤵
        Modifies registry class
        
        PID:6612
        
        C:\Windows\SysWOW64\Hnibokbd.exe
        
        C:\Windows\system32\Hnibokbd.exe
        116⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\Hhaggp32.exe
        
        C:\Windows\system32\Hhaggp32.exe
        117⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6716
        
        C:\Windows\SysWOW64\Hhdcmp32.exe
        
        C:\Windows\system32\Hhdcmp32.exe
        118⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\Hnnljj32.exe
        
        C:\Windows\system32\Hnnljj32.exe
        119⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\Hehdfdek.exe
        
        C:\Windows\system32\Hehdfdek.exe
        120⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6880
        
        C:\Windows\SysWOW64\Hlblcn32.exe
        
        C:\Windows\system32\Hlblcn32.exe
        121⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\Hifmmb32.exe
        
        C:\Windows\system32\Hifmmb32.exe
        122⤵
        Modifies registry class
        
        PID:6972
        
        C:\Windows\SysWOW64\Hnbeeiji.exe
        
        C:\Windows\system32\Hnbeeiji.exe
        123⤵
        Modifies registry class
        
        PID:7020
        
        C:\Windows\SysWOW64\Hihibbjo.exe
        
        C:\Windows\system32\Hihibbjo.exe
        124⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\Inebjihf.exe
        
        C:\Windows\system32\Inebjihf.exe
        125⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7108
        
        C:\Windows\SysWOW64\Ibcjqgnm.exe
        
        C:\Windows\system32\Ibcjqgnm.exe
        126⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5220
        
        C:\Windows\SysWOW64\Ilkoim32.exe
        
        C:\Windows\system32\Ilkoim32.exe
        127⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6256
        
        C:\Windows\SysWOW64\Iahgad32.exe
        
        C:\Windows\system32\Iahgad32.exe
        128⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\Iolhkh32.exe
        
        C:\Windows\system32\Iolhkh32.exe
        129⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\Iefphb32.exe
        
        C:\Windows\system32\Iefphb32.exe
        130⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\Ipkdek32.exe
        
        C:\Windows\system32\Ipkdek32.exe
        131⤵
        Drops file in System32 directory
        
        PID:6564
        
        C:\Windows\SysWOW64\Jhgiim32.exe
        
        C:\Windows\system32\Jhgiim32.exe
        132⤵
        Drops file in System32 directory
        
        PID:6660
        
        C:\Windows\SysWOW64\Jblmgf32.exe
        
        C:\Windows\system32\Jblmgf32.exe
        133⤵
        Drops file in System32 directory
        
        PID:6764
        
        C:\Windows\SysWOW64\Jifecp32.exe
        
        C:\Windows\system32\Jifecp32.exe
        134⤵
        Modifies registry class
        
        PID:6864
        
        C:\Windows\SysWOW64\Jppnpjel.exe
        
        C:\Windows\system32\Jppnpjel.exe
        135⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6908
        
        C:\Windows\SysWOW64\Jihbip32.exe
        
        C:\Windows\system32\Jihbip32.exe
        136⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6980
        
        C:\Windows\SysWOW64\Joekag32.exe
        
        C:\Windows\system32\Joekag32.exe
        137⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7048
        
        C:\Windows\SysWOW64\Jeocna32.exe
        
        C:\Windows\system32\Jeocna32.exe
        138⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\Jpegkj32.exe
        
        C:\Windows\system32\Jpegkj32.exe
        139⤵
        Drops file in System32 directory
        
        PID:2932
        
        C:\Windows\SysWOW64\Jbccge32.exe
        
        C:\Windows\system32\Jbccge32.exe
        140⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:6288
        
        C:\Windows\SysWOW64\Jhplpl32.exe
        
        C:\Windows\system32\Jhplpl32.exe
        141⤵
        Drops file in System32 directory
        
        PID:6456
        
        C:\Windows\SysWOW64\Kiphjo32.exe
        
        C:\Windows\system32\Kiphjo32.exe
        142⤵
        Drops file in System32 directory
        
        PID:6516
        
        C:\Windows\SysWOW64\Kolabf32.exe
        
        C:\Windows\system32\Kolabf32.exe
        143⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\Kplmliko.exe
        
        C:\Windows\system32\Kplmliko.exe
        144⤵
        Drops file in System32 directory
        
        PID:6808
        
        C:\Windows\SysWOW64\Kidben32.exe
        
        C:\Windows\system32\Kidben32.exe
        145⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\Koajmepf.exe
        
        C:\Windows\system32\Koajmepf.exe
        146⤵
        Modifies registry class
        
        PID:7056
        
        C:\Windows\SysWOW64\Kabcopmg.exe
        
        C:\Windows\system32\Kabcopmg.exe
        147⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\Lhnhajba.exe
        
        C:\Windows\system32\Lhnhajba.exe
        148⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\Lafmjp32.exe
        
        C:\Windows\system32\Lafmjp32.exe
        149⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\Lpgmhg32.exe
        
        C:\Windows\system32\Lpgmhg32.exe
        150⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6840
        
        C:\Windows\SysWOW64\Laiipofp.exe
        
        C:\Windows\system32\Laiipofp.exe
        151⤵
        Drops file in System32 directory
        
        PID:7044
        
        C:\Windows\SysWOW64\Lomjicei.exe
        
        C:\Windows\system32\Lomjicei.exe
        152⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\Lplfcf32.exe
        
        C:\Windows\system32\Lplfcf32.exe
        153⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6576
        
        C:\Windows\SysWOW64\Lancko32.exe
        
        C:\Windows\system32\Lancko32.exe
        154⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\Lpochfji.exe
        
        C:\Windows\system32\Lpochfji.exe
        155⤵
        Drops file in System32 directory
        
        PID:6204
        
        C:\Windows\SysWOW64\Mfkkqmiq.exe
        
        C:\Windows\system32\Mfkkqmiq.exe
        156⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6636
        
        C:\Windows\SysWOW64\Mledmg32.exe
        
        C:\Windows\system32\Mledmg32.exe
        157⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7164
        
        C:\Windows\SysWOW64\Mjidgkog.exe
        
        C:\Windows\system32\Mjidgkog.exe
        158⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\Mcaipa32.exe
        
        C:\Windows\system32\Mcaipa32.exe
        159⤵
        Drops file in System32 directory
        
        PID:6508
        
        C:\Windows\SysWOW64\Mpeiie32.exe
        
        C:\Windows\system32\Mpeiie32.exe
        160⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6556
        
        C:\Windows\SysWOW64\Mfenglqf.exe
        
        C:\Windows\system32\Mfenglqf.exe
        161⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:7204
        
        C:\Windows\SysWOW64\Mqjbddpl.exe
        
        C:\Windows\system32\Mqjbddpl.exe
        162⤵
        Modifies registry class
        
        PID:7248
        
        C:\Windows\SysWOW64\Nfnamjhk.exe
        
        C:\Windows\system32\Nfnamjhk.exe
        163⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\Nmhijd32.exe
        
        C:\Windows\system32\Nmhijd32.exe
        164⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\Nofefp32.exe
        
        C:\Windows\system32\Nofefp32.exe
        165⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\Nfqnbjfi.exe
        
        C:\Windows\system32\Nfqnbjfi.exe
        166⤵
        Drops file in System32 directory
        
        PID:7420
        
        C:\Windows\SysWOW64\Ooibkpmi.exe
        
        C:\Windows\system32\Ooibkpmi.exe
        167⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7472
        
        C:\Windows\SysWOW64\Ookoaokf.exe
        
        C:\Windows\system32\Ookoaokf.exe
        168⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\Ojqcnhkl.exe
        
        C:\Windows\system32\Ojqcnhkl.exe
        169⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\Oqklkbbi.exe
        
        C:\Windows\system32\Oqklkbbi.exe
        170⤵
        Modifies registry class
        
        PID:7608
        
        C:\Windows\SysWOW64\Ofjqihnn.exe
        
        C:\Windows\system32\Ofjqihnn.exe
        171⤵
        Modifies registry class
        
        PID:7648
        
        C:\Windows\SysWOW64\Omdieb32.exe
        
        C:\Windows\system32\Omdieb32.exe
        172⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7684
        
        C:\Windows\SysWOW64\Opbean32.exe
        
        C:\Windows\system32\Opbean32.exe
        173⤵
        Modifies registry class
        
        PID:7732
        
        C:\Windows\SysWOW64\Oflmnh32.exe
        
        C:\Windows\system32\Oflmnh32.exe
        174⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7776
        
        C:\Windows\SysWOW64\Ppdbgncl.exe
        
        C:\Windows\system32\Ppdbgncl.exe
        175⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\Pimfpc32.exe
        
        C:\Windows\system32\Pimfpc32.exe
        176⤵
        Modifies registry class
        
        PID:7856
        
        C:\Windows\SysWOW64\Piocecgj.exe
        
        C:\Windows\system32\Piocecgj.exe
        177⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7904
        
        C:\Windows\SysWOW64\Pmphaaln.exe
        
        C:\Windows\system32\Pmphaaln.exe
        178⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\Pciqnk32.exe
        
        C:\Windows\system32\Pciqnk32.exe
        179⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\Qamago32.exe
        
        C:\Windows\system32\Qamago32.exe
        180⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8032
        
        C:\Windows\SysWOW64\Qiiflaoo.exe
        
        C:\Windows\system32\Qiiflaoo.exe
        181⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:8080
        
        C:\Windows\SysWOW64\Qcnjijoe.exe
        
        C:\Windows\system32\Qcnjijoe.exe
        182⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:8124
        
        C:\Windows\SysWOW64\Qfmfefni.exe
        
        C:\Windows\system32\Qfmfefni.exe
        183⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8176
        
        C:\Windows\SysWOW64\Apeknk32.exe
        
        C:\Windows\system32\Apeknk32.exe
        184⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7216
        
        C:\Windows\SysWOW64\Afockelf.exe
        
        C:\Windows\system32\Afockelf.exe
        185⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\Ajmladbl.exe
        
        C:\Windows\system32\Ajmladbl.exe
        186⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\Apjdikqd.exe
        
        C:\Windows\system32\Apjdikqd.exe
        187⤵
        Drops file in System32 directory
        
        PID:7452
        
        C:\Windows\SysWOW64\Aplaoj32.exe
        
        C:\Windows\system32\Aplaoj32.exe
        188⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\Bmbnnn32.exe
        
        C:\Windows\system32\Bmbnnn32.exe
        189⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\Bdlfjh32.exe
        
        C:\Windows\system32\Bdlfjh32.exe
        190⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7668
        
        C:\Windows\SysWOW64\Bmdkcnie.exe
        
        C:\Windows\system32\Bmdkcnie.exe
        191⤵
        Modifies registry class
        
        PID:7704
        
        C:\Windows\SysWOW64\Bbaclegm.exe
        
        C:\Windows\system32\Bbaclegm.exe
        192⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7784
        
        C:\Windows\SysWOW64\Biklho32.exe
        
        C:\Windows\system32\Biklho32.exe
        193⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\Bdapehop.exe
        
        C:\Windows\system32\Bdapehop.exe
        194⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\Bmidnm32.exe
        
        C:\Windows\system32\Bmidnm32.exe
        195⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:7984
        
        C:\Windows\SysWOW64\Bpjmph32.exe
        
        C:\Windows\system32\Bpjmph32.exe
        196⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8048
        
        C:\Windows\SysWOW64\Cibain32.exe
        
        C:\Windows\system32\Cibain32.exe
        197⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8108
        
        C:\Windows\SysWOW64\Ckbncapd.exe
        
        C:\Windows\system32\Ckbncapd.exe
        198⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7188
        
        C:\Windows\SysWOW64\Ckdkhq32.exe
        
        C:\Windows\system32\Ckdkhq32.exe
        199⤵
        Drops file in System32 directory
        
        PID:7276
        
        C:\Windows\SysWOW64\Ckggnp32.exe
        
        C:\Windows\system32\Ckggnp32.exe
        200⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\Ccblbb32.exe
        
        C:\Windows\system32\Ccblbb32.exe
        201⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\Cmgqpkip.exe
        
        C:\Windows\system32\Cmgqpkip.exe
        202⤵
        Modifies registry class
        
        PID:7640
        
        C:\Windows\SysWOW64\Dknnoofg.exe
        
        C:\Windows\system32\Dknnoofg.exe
        203⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7712
        
        C:\Windows\SysWOW64\Dahfkimd.exe
        
        C:\Windows\system32\Dahfkimd.exe
        204⤵
        Modifies registry class
        
        PID:7848
        
        C:\Windows\SysWOW64\Dggkipii.exe
        
        C:\Windows\system32\Dggkipii.exe
        205⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\Dncpkjoc.exe
        
        C:\Windows\system32\Dncpkjoc.exe
        206⤵
        Drops file in System32 directory
        
        PID:8104
        
        C:\Windows\SysWOW64\Ddmhhd32.exe
        
        C:\Windows\system32\Ddmhhd32.exe
        207⤵
        Modifies registry class
        
        PID:7212
        
        C:\Windows\SysWOW64\Eaaiahei.exe
        
        C:\Windows\system32\Eaaiahei.exe
        208⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\Ecbeip32.exe
        
        C:\Windows\system32\Ecbeip32.exe
        209⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\Ejlnfjbd.exe
        
        C:\Windows\system32\Ejlnfjbd.exe
        210⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:7720
        
        C:\Windows\SysWOW64\Epffbd32.exe
        
        C:\Windows\system32\Epffbd32.exe
        211⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:7896
        
        C:\Windows\SysWOW64\Ekljpm32.exe
        
        C:\Windows\system32\Ekljpm32.exe
        212⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\Ephbhd32.exe
        
        C:\Windows\system32\Ephbhd32.exe
        213⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7256
        
        C:\Windows\SysWOW64\Ecgodpgb.exe
        
        C:\Windows\system32\Ecgodpgb.exe
        214⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\Enlcahgh.exe
        
        C:\Windows\system32\Enlcahgh.exe
        215⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\Egegjn32.exe
        
        C:\Windows\system32\Egegjn32.exe
        216⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7160
        
        C:\Windows\SysWOW64\Enopghee.exe
        
        C:\Windows\system32\Enopghee.exe
        217⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7764
        
        C:\Windows\SysWOW64\Eqmlccdi.exe
        
        C:\Windows\system32\Eqmlccdi.exe
        218⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7504
        
        C:\Windows\SysWOW64\Fkcpql32.exe
        
        C:\Windows\system32\Fkcpql32.exe
        219⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\Fdkdibjp.exe
        
        C:\Windows\system32\Fdkdibjp.exe
        220⤵
        Drops file in System32 directory
        
        PID:8220
        
        C:\Windows\SysWOW64\Fncibg32.exe
        
        C:\Windows\system32\Fncibg32.exe
        221⤵
        Drops file in System32 directory
        
        PID:8264
        
        C:\Windows\SysWOW64\Fdpnda32.exe
        
        C:\Windows\system32\Fdpnda32.exe
        222⤵
        Drops file in System32 directory
        
        PID:8312
        
        C:\Windows\SysWOW64\Fklcgk32.exe
        
        C:\Windows\system32\Fklcgk32.exe
        223⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\Fnjocf32.exe
        
        C:\Windows\system32\Fnjocf32.exe
        224⤵
        Drops file in System32 directory
        
        PID:8412
        
        C:\Windows\SysWOW64\Gddgpqbe.exe
        
        C:\Windows\system32\Gddgpqbe.exe
        225⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 412
        226⤵
        Program crash
        
        PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 8460 -ip 8460
1⤵
PID:8484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3932 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:8164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Aggpfkjj.exe

Filesize
110KB

MD5
c4d0e6520ab762e33df8ff5fae571445

SHA1
9533f3c2b5cd421391e915284530bafe58c5950c

SHA256
bfa3c872e0e58d378d3409afb2ead1e2d79cb34650d8e54bd03a8ab755acdb24

SHA512
b04a5169d6382a2928b42b24994761cd4b79ad719110d0f7acd6bf0cade45ea4db9fc2eb1bc5ba0d04b50a748cd9693b0b5ec8b48c20779e3069db40feaa37c7

Download Submit
C:\Windows\SysWOW64\Baegibae.exe

Filesize
110KB

MD5
35535f41a4bc87cd4bf2263bc179cd78

SHA1
9c22ff329de8e2a15753e4ea88596756a14aeca5

SHA256
f4538276071f51d5a9e0968d1ef11cc44534a7aa66f8d144cbf07aa4b67af780

SHA512
0bd753938254996e6e5d3279f3282dc4540878ab2c1350ce6ea181b0deaadf8d02961cca6fb61d7c6ef2af39266ea4c619ada2b6509839e3fc39e010ced72820

Download Submit
C:\Windows\SysWOW64\Ccblbb32.exe

Filesize
110KB

MD5
90509e2180fc9e17388c1fb8c856aee2

SHA1
159f041333d5938dced8340dbff9b5fe06a668ce

SHA256
2c40412fabaf745d9b2a68eed6d8086e79c5387156654df2fb7ce59905daf10c

SHA512
53e89dacc9b0139d1b3447f56eab43c5ccb17ee945a1d8842f98b7d03b9f6024889987717ac0c9c332ebf1f86449120cec902a8983656cf5f67ba3b41cf456a2

Download Submit
C:\Windows\SysWOW64\Cklhcfle.exe

Filesize
110KB

MD5
008bda2b1d5828833173184482b6144a

SHA1
79234e1ab11e7fa4c31c3df718c51f41a8c23f79

SHA256
c5f451dd786ee429cfde18b678bc4708b9ddba1361b393950ed5390d38cb2625

SHA512
1bdf818cedf5635e50cd8bc93ce822ffe5ba17b5822c55652ffcb1d5090ae42cdfb5eee161c804e544f5014755c9d8c2990d70d8f74ddfe2b486439a9552793e

Download Submit
C:\Windows\SysWOW64\Fkcpql32.exe

Filesize
110KB

MD5
50c150cbe0de4a004272a90642560735

SHA1
290562a8058d51e3568dc05a4c4607910bdcf57b

SHA256
c93e519539b6d4c9f5c9376ac2d3fe851925fb64e3c61f1253a98f96b188615a

SHA512
459d54e06ed2fad50d4f5ccc48404bb5ee6321fec9df240d7f73b26e8237d7e4795ccbff7f0c0ad13a06578b8a7f49700b4ea6d077c240898a220473c688990c

Download Submit
C:\Windows\SysWOW64\Geohklaa.exe

Filesize
110KB

MD5
088c9b07176b1d75ef5f4f2b93ff06f4

SHA1
079f93bdf367088fd7ac960442989252972bab8f

SHA256
a984ef1fe6a60badfe3ae96ce8f62ea0377e2bc4e7512e9885f645fae137a82d

SHA512
c3aba08d14a358a1e5e190a592524a1683eabbe353717eac6ebfe13b5e599c23a42eb0e8e48d495fec2eb6f67bf013a6381bb7bea9bd1fb606bf5549c00ee4c9

Download Submit
C:\Windows\SysWOW64\Gfjkjo32.exe

Filesize
110KB

MD5
db0f58f2be356b948a4fbbacb6cb52e6

SHA1
53e5e4066ac6a836ccd8e56ca17cc5f61840261e

SHA256
7a77043ad12b6e11d8c695a97c7c8649d0dbb748580809cbb7a3125481da791c

SHA512
c184c788856cfa6951d1ba77c3e7aef02f7e9a4c036630d6d879717a9a2462b347278a6c658a8626a9a98c4378c5cf2137fe13f302c240a04bf72d5fff63aabc

Download Submit
C:\Windows\SysWOW64\Glbjggof.exe

Filesize
110KB

MD5
254e93e2edee467769fdd739698cc5d8

SHA1
27885033387a8aa619244e6b21b20f6c2edbbf84

SHA256
08a2a160424352ea1ffc503e156102f8307442f2fd3765597b804428ab3d857d

SHA512
33754806d6fddbdcd54f9623bcc84f0dd1374800ee7f9d35188ed005a329bd92ec72a3fd1127252df1b729606ab8306b8fec446f04a191c30e88ede98a3b5fe3

Download Submit
C:\Windows\SysWOW64\Glgcbf32.exe

Filesize
110KB

MD5
9108111fbc2f930913bdb4db01e5a37f

SHA1
ab9f06a3d2c55b26dcb5c168911a319653844f84

SHA256
dfd8cc64d7f15263ab4eb7fc5eba42ae60526dfac0cdf52cb99e98b6757308bb

SHA512
34ab3a6e9583bbc5cd1a7a70dc8b5264a383e972eb71996472f487c20f5a06a71bb5c49a80c6dc0f3e3593f4db556dcbf01cd4d435e7656760e2bcee451b8eaf

Download Submit
C:\Windows\SysWOW64\Gmimai32.exe

Filesize
110KB

MD5
00bedc05e8dffbb803dfba7e5d4666b8

SHA1
869bfcf2a822131ab501eda826b03f8e31f2bfd8

SHA256
a8456f4a2455d7d4da9207fcaba76103faaa51741d4b2323bfe2bc709472e906

SHA512
275c021d9c8164d7202c20659c17ab2b69df174085ff1e8447a30d6f87303fc60200c78ba7bdfa4add1188377db15687a5ac878895f34aae7ade8e4256af2c38

Download Submit
C:\Windows\SysWOW64\Hefnkkkj.exe

Filesize
110KB

MD5
c94475e290de5bfb5be51cbea8ac0727

SHA1
fd29bc9bac3274fb852b9d1f49b05309c483291a

SHA256
c9d344363bad9c2082f4127e6c80b0a8c31242c91ad00f1ace4127e81a9a5e05

SHA512
d5ce984cbb8f5370ba88ad171c281642cfb8eb417d3b2275d48ff04328d70a528c00d88b5c56bbaab0660a87ba177e0613eed214d7e7fc893ca4f2e073687153

Download Submit
C:\Windows\SysWOW64\Hffken32.exe

Filesize
110KB

MD5
64cba409114139ae9eb37a8b347095be

SHA1
5d39531dd607cc53774b1de9b6d4c091ec5d652e

SHA256
b42c27c6061afbbd43529417e2c5e9cc9f9d284f3ae9ad630a92ff89cfc82d25

SHA512
afc66f9e2d35602ff9b0467a1cac182b05d85eba051174babe9f78230791126bafb8dfa92871965bc94fb28c8a4861b4267ab033cbee88cac76275258b3d3aa6

Download Submit
C:\Windows\SysWOW64\Hipmfjee.exe

Filesize
110KB

MD5
33b42514d648ca96f4c5276d737233e2

SHA1
8c93c98592658027fce312c8bc0fb1d8d286682e

SHA256
48c970b0c49a7b87766259f362cca85174060f096d5ee953f3dd27bb71c20717

SHA512
49e561a348f64ae0d791e3d7e00a80aa17b37428fd98692a42e5efae2047fda50e80b1d86da5ffa0297f49d99efb7ff168bc53d1563702e8176684ccc94f09ab

Download Submit
C:\Windows\SysWOW64\Hlglidlo.exe

Filesize
110KB

MD5
97097693b07fd24aefd9a19be7715774

SHA1
95421503ee23a84529438d398e3420ff76b5d603

SHA256
a3de55698655adc554fc9fd521b19d7bfff7ee37f0f44bdb62a15fa9d7c97689

SHA512
54dceb98674ea571d1f3c188b4f2a0e8005b593230db1f5d8a7d64cadcd17a46c329a39ec291b391cf74ec8cc13244792746b994ce9f0780e995ca16f5ffc874

Download Submit
C:\Windows\SysWOW64\Hoclopne.exe

Filesize
110KB

MD5
f9965bf596c30adb0db2ca1fc16933fa

SHA1
48caaa7a55b6a2906113f78a18131419533c689d

SHA256
5e2b7a67631118b2ffbdb98195153daeb425e5e2f5f23132740ca4d6a50c6908

SHA512
45b76efc2cbf4632c857b410110466909e7a09df5c8c72385a4256b8f645bf343cfd239359c99a9ce9a9984901104c56a9d45ea254762618075fbaf55d0082f4

Download Submit
C:\Windows\SysWOW64\Hpnoncim.exe

Filesize
110KB

MD5
198c67f999961041e3f4d8c33b71dffc

SHA1
52684c0f126dd34ae9940f2b32ef0b76bca07453

SHA256
6947f8dd0de0d71fcb9693ebf804f88e10861b2fea767d7687eee102efcebf57

SHA512
4728b7d7410e49f8ef1313c559ffdbd303d3cbf58dc4ea6221a441bdbde962fcfa1001bd1802bdf1b957d6a0d7f9a580f8562130b84660211ff07a238effa595

Download Submit
C:\Windows\SysWOW64\Ibhkfm32.exe

Filesize
110KB

MD5
bcf47b66b46210f8c7c1b873dc4f8cf1

SHA1
5fe7e39afc4232652e73793847972495816b5fb1

SHA256
febc39786adefc078c6ea5247a835f9178b02e7f784bd287191466cf7e205b78

SHA512
821e489985ec828c86fbd5ff125d9920baa9d51997c1c84d827d7d695d83d420c6e28a87bffdafbbd50200ab5775eb26f0e31ee7b197e30f9a13568655f2eb88

Download Submit
C:\Windows\SysWOW64\Iepaaico.exe

Filesize
110KB

MD5
64b757abe811693416ea85e5ae1faab1

SHA1
8d75d8941877a417998d9edae899398ac8d17f25

SHA256
8bb58650dd842b4433a8e5f0e4b9f5aff0a890a6a09d16e20763fc60a3051219

SHA512
33292e1f6c242e73999dfc318ddf04070ec5043fb39d73ae2e3996766816ff68f81ae3671b70c0f9ce3c459d0e36fb999e393a054f8b227b4454744e7d09211e

Download Submit
C:\Windows\SysWOW64\Igajal32.exe

Filesize
110KB

MD5
1c1b14f3a3287506c7c9227043b40cd8

SHA1
e493c328be33fd4ad275a6575154df3897a964a7

SHA256
b5f5bf7645bac0909aab85929e7c11c04a65b6f3347b3584463c0ebaf1feb541

SHA512
a69c874bea89cfbf3a48b6386988104732c290fa1db9ce67c49d1ae9180a78dc60833aa9012d9ab7d4bb1c9d3d5ed886f0374fdf08ba6846ab71aeb3b890117b

Download Submit
C:\Windows\SysWOW64\Illfdc32.exe

Filesize
110KB

MD5
bb3a39d0ab4a5dfb657488e8354bd6ce

SHA1
52defb6a2fbdee9bcba36329638c00a815d5ea92

SHA256
b6fd4f4d565a08df4e889bbb7e054de4f291378c3b8a387e3546ab368b64cb8c

SHA512
c30fbbfb3825a1ba5b7c8e7ed2fd01296e4f3626da4dcd3a0e0e0b0af30b006800c90257b493808dc4e6f31f9c0879ada3b90d6ef596f0abff66924d98221189

Download Submit
C:\Windows\SysWOW64\Impliekg.exe

Filesize
110KB

MD5
d9772d44f520919f9e80deb62f860cd2

SHA1
5b8f18c0bf0933b6e49f3b710b7f9b0816033bbe

SHA256
98b327c9412b8863f5c98335b2bb66033f3a71a259a9078d2df4603e8e263e26

SHA512
7eab5a989d2a0935cc3263d49e9acd5b576ffd206f3a1e0af206ed5a26444130ed9cd9d570248e130006150376584506ccb2794a35208187e8284073d148f1d2

Download Submit
C:\Windows\SysWOW64\Jcmdaljn.exe

Filesize
110KB

MD5
62c1d501643da02f580a9faaba5c0736

SHA1
ce17d633fccafab77dfc108501a0e3939086740f

SHA256
46764d9c56a383488c0685badcfbba9830ee47c4b911d8d45209e09c7fe6bb56

SHA512
75ca603d1d8b71f1e19729644b91f6258a4a6859071f39d6075c88225201518832d7991756ce7c5d6af334536984f098ec1bc3b030bc6da3905f3763a10023c5

Download Submit
C:\Windows\SysWOW64\Jebfng32.exe

Filesize
110KB

MD5
da4e8d1a53cf6e91f9b71735dd2a1209

SHA1
7aa56a7ca24a31b738b1eae950e842c9f010f85b

SHA256
127d40885f9eb53bb8435064a3e7da38c68f6bc3294dd64517a29ff7158cf721

SHA512
c9121a25daf5a53a675d6bcdbeb764dcc1bac5a3d6ae3986282208fd783f551928a5abaaf5b0675af1295754f8ff77f975beade33ce603850d59f0f28be95208

Download Submit
C:\Windows\SysWOW64\Jedccfqg.exe

Filesize
110KB

MD5
1bc7c9af80b76e24573ddb0a92e8d11a

SHA1
cbcfdc6d27210b67a838ec3cda7f370d76021782

SHA256
b032326e45fb53912dca88275090bce7951e69746a3cd5f29278a2db9536f4b8

SHA512
6a7a753e10d898beede09f4aec40e7783b783684cd080f5df361133d7c008f29a2f1ab8edd08f27ea44fc1195e91b053a49d847089a3cfe5c230b3eae39b62b6

Download Submit
C:\Windows\SysWOW64\Jocefm32.exe

Filesize
110KB

MD5
27ef1615f99fd63dde5f75b9e0a9f215

SHA1
4f60375779a0c755f9ec1a1d525926a0b330e933

SHA256
0205e64b319cda3a9876f7274bce9470ddbe0f46f959ae5580868441ff7429e4

SHA512
ca5cc006959e5c0019027024a788d6f30ead15318288b9659bcab2ad503755486362b0b6d9a5ae74f33c025a115ee101a32e76620e56a1f1ca692df590dcdad2

Download Submit
C:\Windows\SysWOW64\Jpcapp32.exe

Filesize
110KB

MD5
61f113c7b73560938e6592d5705d9930

SHA1
a52e3ed782faa96afd46bf330959b7070f124d5f

SHA256
6abca4600bef965d967dd0176a8305713f941663cc6856f5487d96f7f08a1290

SHA512
1c768da364686e594afceac9366bf5e96d5641374d9f36ff1eebbf82460f29dbb1c611501ed97adf9e32f2a8290b172faeef18b10221b5b9bc0e2b5f8b761c72

Download Submit
C:\Windows\SysWOW64\Kodnmkap.exe

Filesize
110KB

MD5
ab46c0520c5054d664142380d2d7b1dd

SHA1
a6b91eab99f7051ca283415a553ba75044450cd5

SHA256
e3b041ad3bec9e062acafb318f6bd742077453c20f9d14cd7d0f77dbb8817d67

SHA512
240d40d33cf6fb82794e002a463de004935ea18789f1abf26a610a06059236c213cd2b31703e855bb43b33d280eb0374c45e8c7e2dcbe34e592265eaa190231f

Download Submit
C:\Windows\SysWOW64\Kofkbk32.exe

Filesize
110KB

MD5
637e5c8398ea91cb1aa32f9a12fb5600

SHA1
ff62e6470852711a93e4333d5769949dba8b46b5

SHA256
023ffa8e99945bb5ff9160281d5ac444a2709e000e4b0f8e44f18cea96e6535c

SHA512
c9dda138fdc164f4af7dc3484c4cf2bcd27d98328d0cce1358277e480653ad9232dcf4b55dfb970b6c1bf1a8cb92ae4da51cba5658a65cdd4145a0cc081e5e27

Download Submit
C:\Windows\SysWOW64\Kpjgaoqm.exe

Filesize
110KB

MD5
c9c5b06ed9920f0cac0604d23a0d21ad

SHA1
0db9a95a99b1d284c2b6f9d2c59ee9154f41cef9

SHA256
a5781048db5e8d1e16f87932ff20c3cb00a6e340e14b72c59ad55b802b752864

SHA512
2695346136f5745ae1583ef9de150de186b68617d796d069ae7abe7379128cde1c8693b0b369298e105b628c3c449acf547841872aced16c18344b0311309886

Download Submit
C:\Windows\SysWOW64\Kpmdfonj.exe

Filesize
110KB

MD5
34bb0b21be97a4a571746726a6d52360

SHA1
9173cc32a1c74752e5e8d547e688a0c356feebfc

SHA256
3c0f7e671e09a59c18f41f987c94b58ff6e1815abed1f2592f69988bc68bf2a1

SHA512
664f3e8b542e5c6a618e00bf39942409400289da7f6eb3f2f065a269ff9a5b6421f2a6a03c76458e4ac8d85d91183a332f027681b3772e812c34d45860ed580b

Download Submit
C:\Windows\SysWOW64\Kpoalo32.exe

Filesize
110KB

MD5
b0ebba7bacf608be74af4cfb113d078e

SHA1
ec0df439d7c17e3a681140ab98c40ac660c8d91d

SHA256
52c73ffc3b63c8c68ba6dff154dbb23cbdfd89469a99aa51301934c37c69492c

SHA512
8c1e65d7331199d020956bb99a91acd11a47817783beaeb4fce40cfdde48282c2b4f155cb7cecb876be46254df38868557535a2e2992f0ba4716df261f532bde

Download Submit
C:\Windows\SysWOW64\Lfbped32.exe

Filesize
110KB

MD5
5c834c497971874a2057128f97df9b64

SHA1
e6fd7a1fc64e494740ddd50a71e3418e44e664d6

SHA256
55adea08e452b1f85ab73b9bb5dc99953bb404b0928eb3074667b4c2ba5489e8

SHA512
64cd356a3b33c48a8dff12f7b165b9474e2c3da62cd78997ae5b5a624c7324552976a07b21dfd6766285d7414babe6c91e1dd7d919a24ca51451c81968b52bbb

Download Submit
C:\Windows\SysWOW64\Ljeafb32.exe

Filesize
110KB

MD5
d1aa8b514ac325c7b5ef193a93120439

SHA1
8b88f2196b5590275d76966f72eb51272626c0bd

SHA256
022d5fd3574967533313f17b216c1de828d1d3773812a98f71b7edd8c1261695

SHA512
96e5f3d0fbe4e210e9b9dd6a0adb5a73abb1e64626217e460092b139dc651ae3023074f7c91680852b2cc84644dd78f60cba889bde6ad7db1174dd43dd4ef3b7

Download Submit
C:\Windows\SysWOW64\Lljklo32.exe

Filesize
110KB

MD5
3f0284762bd28f79f7866bf1fac63e85

SHA1
105e19e184aacff3b626170ae3fa1a90246f1460

SHA256
d9ade7bbd70227e110b054af9913b7921dd3f36438682ccad4cba8edb41630f9

SHA512
43cf498f1c4c4a9abdac2789dfd677d9fa84063ebfb0095d1d69f97522c87440f769c2920379d80a45a7ac9a159811d68dbfb8342086af86c15ccd595ffc4400

Download Submit
C:\Windows\SysWOW64\Llodgnja.exe

Filesize
110KB

MD5
4aa05bbaf923f1e12f4e2bf25edc1ea5

SHA1
1d0ddb6d1fd3236dc9ed224c065e184ac4916474

SHA256
9cb0c5618d384699813af28a6100416ddf2d03b61ad6e9be25264d7760fadd6a

SHA512
6f45e32d770f1d2f48a1e8f78f6436b1ba3b13bb48d0d142a0eb31999c7e00e5593640a7a8bd17a892fa0116faff7e111c399122b6bf46e20c24ded77a52f782

Download Submit
C:\Windows\SysWOW64\Lnoaaaad.exe

Filesize
110KB

MD5
af0314a1aa8445f098973cd808b6b898

SHA1
1127479d177d56d6ad9660804f26aae07ad78ca6

SHA256
9903a84ac1793ba22850877b9514aba58f1a7c2ceba49a792c3ae40932c2ee19

SHA512
1fe0b217b4c837768caa3eac8b56f215de2cc4966c5a4ba194cbc933cb9f6eb2713224113e38c7479b6a027e694eaa6cd02518a78f85e3e7429f7e204b8b91ec

Download Submit
C:\Windows\SysWOW64\Lokdnjkg.exe

Filesize
110KB

MD5
fd1f54fff0cd54f043849600bd192cb2

SHA1
2b1af1b94e7101ac7a80f44acb4821b890f720d2

SHA256
4a022b7dc017a9f8aec2b7fad1cbbeb24d4f1227b5d113de3f90112ea2c9fe27

SHA512
5ed622c11b52cf23733cb36159422a8dcfe5da550a3ea299f99a0d2bc409f257f5f997c456419b511fa35f614d10a01b3bd448090478715554363ce8cd73b60d

Download Submit
C:\Windows\SysWOW64\Mpeiie32.exe

Filesize
110KB

MD5
9fffb3130af09e6b1dba5df4eca21ec1

SHA1
cc911ada73a537e1757042fbebfdd3b637a70680

SHA256
511f7c987cbb4949a58159483c77ab29ec84201e3e644dfbb09ee989232bea57

SHA512
b2c44a5ec497d5e9efe2d67d1553da5893466eabe563b1c38e21c6f506da718390c79461a5933bece99d0030e37238c200d1694d62850ebbfce90b16cf0dfafe

Download Submit
C:\Windows\SysWOW64\Qaqegecm.exe

Filesize
110KB

MD5
3bb89d8b854ffb1a8443c85f7033b029

SHA1
0a3d923a2bf99b4db76a5e89a377436e31aaf4ec

SHA256
38c6ce2cdb92fcaacd120691599a39263eb3f55f91b714abfcb468ed6686e194

SHA512
ad3c121ae778b3177b19c080ca46e15fee30e1dec3a283bf2a47ee79a4a741051e2837ce4cbef23816db45daaf8cd90a5d99c215262e785e0234374fe65557da

Download Submit
memory/112-218-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/500-294-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/788-306-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/816-202-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1012-17-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1028-25-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1084-153-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1168-64-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1324-264-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1576-41-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1612-90-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1728-330-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1868-312-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2016-114-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2212-288-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2336-324-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2356-185-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2448-276-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2460-97-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2596-178-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2836-194-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2856-56-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2972-130-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2988-318-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3128-300-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3248-8-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3260-282-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3468-32-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3472-170-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3500-106-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3528-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3528-80-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3528-1-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3592-226-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3620-270-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3628-72-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3668-250-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3796-161-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4240-145-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4312-137-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4384-1565-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4396-234-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4472-336-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4680-210-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4732-241-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4744-48-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4884-121-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4952-257-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4968-81-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5128-342-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5168-348-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5212-354-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5248-360-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5296-366-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5336-372-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5376-378-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5416-384-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5460-390-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5504-396-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5544-402-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5592-408-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5632-414-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5676-425-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5724-427-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5764-433-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7504-1560-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7644-1566-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7700-1558-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7764-1561-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/8312-1553-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/8412-1550-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/8460-1548-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads