63e5438e8df52cc1282c2f33fa85fb338191bc72653843586961eeac8b63c04a

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63e5438e8df52cc1282c2f33fa85fb338191bc72653843586961eeac8b63c04a.exe
Size

295KB
MD5

abcb7dc7a57f9f491e1511d9179c422a
SHA1

492159e888d11ca9fbe3f97302cc71dbb928ebe9
SHA256

63e5438e8df52cc1282c2f33fa85fb338191bc72653843586961eeac8b63c04a
SHA512

85067b638cd4b6fbc355a6a33fef8ea7b8b6d9fbc2a2aec3b41f278c6c6ce398594c9e9ce0488fcd4ac311c3df9708a595518987979b9609db5d124086b84577
SSDEEP

3072:UE2W/jZRB1BuOPwzBtQ1UkY1UkVHe1rUtst76UtoUtFVgtRQ2c+tlB5xpWJLM77N:DX1RbVIdy1PY1PRe19V+tbFOLM77OLY

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Nfcabp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Afpjel32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dgjoif32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ekjded32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Aidehpea.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Cmedjl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Gbnoiqdq.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kcmmhj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fjocbhbo.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nbphglbe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Oqklkbbi.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Obnehj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Amfobp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Fijdjfdb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Kabcopmg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Dncpkjoc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Mjodla32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Bdeiqgkj.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Babcil32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Iipfmggc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Lgpoihnl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Afpjel32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Bkibgh32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Enopghee.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Glgcbf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Eklajcmc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Dnajppda.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mqhfoebo.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pbcncibp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Enlcahgh.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jllokajf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Lqhdbm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Dakikoom.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jahqiaeb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Qapnmopa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Johnamkm.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lobjni32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fkjfakng.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Glgcbf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Nmjfodne.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Binhnomg.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cmbgdl32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mjodla32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ipdndloi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Hldiinke.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cnaaib32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bigbmpco.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ebimgcfi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Pplobcpp.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Njbgmjgl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Bkmeha32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Edihdb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	63e5438e8df52cc1282c2f33fa85fb338191bc72653843586961eeac8b63c04a.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ebimgcfi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Acccdj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dmennnni.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Jeapcq32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Dgeenfog.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Foclgq32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Klbnajqc.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Klekfinp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ncchae32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Caageq32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Kcmmhj32.exe

Executes dropped EXE 64 IoCs

pid	Process
4384	Dmohno32.exe
2444	Dmennnni.exe
3960	Dfnbgc32.exe
4032	Eofgpikj.exe
3160	Eeelnp32.exe
4592	Ebimgcfi.exe
3020	Eblimcdf.exe
3664	Felbnn32.exe
5064	Fflohaij.exe
1300	Fngcmcfe.exe
1656	Fiodpl32.exe
4820	Gejopl32.exe
3708	Gbnoiqdq.exe
4388	Glgcbf32.exe
4400	Gikdkj32.exe
4088	Gojiiafp.exe
1640	Hlnjbedi.exe
3540	Hlpfhe32.exe
1788	Hidgai32.exe
2628	Hbohpn32.exe
1664	Hlglidlo.exe
4356	Iliinc32.exe
1644	Illfdc32.exe
3056	Iipfmggc.exe
2664	Iefgbh32.exe
2992	Iplkpa32.exe
2356	Jcmdaljn.exe
688	Jocefm32.exe
3292	Jpcapp32.exe
4784	Johnamkm.exe
4468	Jllokajf.exe
3476	Jgbchj32.exe
5032	Kpmdfonj.exe
1584	Keimof32.exe
4252	Kcmmhj32.exe
1076	Kncaec32.exe
3360	Kjjbjd32.exe
908	Lljklo32.exe
736	Lgpoihnl.exe
2252	Lqhdbm32.exe
3680	Lnldla32.exe
644	Ljceqb32.exe
776	Ljeafb32.exe
4656	Lobjni32.exe
2280	Mmfkhmdi.exe
5132	Mgloefco.exe
5172	Mqdcnl32.exe
5212	Mjlhgaqp.exe
5256	Mjodla32.exe
5296	Mqimikfj.exe
5344	Mmpmnl32.exe
5400	Mcifkf32.exe
5440	Nclbpf32.exe
5488	Njhgbp32.exe
5528	Nqbpojnp.exe
5564	Nnfpinmi.exe
5608	Ncchae32.exe
5656	Nagiji32.exe
5696	Nfcabp32.exe
5736	Oplfkeob.exe
5776	Ompfej32.exe
5856	Ofhknodl.exe
5888	Phajna32.exe
5936	Pplobcpp.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Ekcgkb32.exe	Enpfan32.exe
File opened for modification	C:\Windows\SysWOW64\Iondqhpl.exe	Ibgdlg32.exe
File created	C:\Windows\SysWOW64\Kpccmhdg.exe	Kabcopmg.exe
File created	C:\Windows\SysWOW64\Bpemfc32.dll	Lcfidb32.exe
File created	C:\Windows\SysWOW64\Ipdbmgdb.dll	Loofnccf.exe
File opened for modification	C:\Windows\SysWOW64\Gbnoiqdq.exe	Gejopl32.exe
File created	C:\Windows\SysWOW64\Qfkqjmdg.exe	Phfcipoo.exe
File opened for modification	C:\Windows\SysWOW64\Iliinc32.exe	Hlglidlo.exe
File created	C:\Windows\SysWOW64\Iipfmggc.exe	Illfdc32.exe
File created	C:\Windows\SysWOW64\Eklajcmc.exe	Ekjded32.exe
File created	C:\Windows\SysWOW64\Nbjnhape.dll	Hlblcn32.exe
File opened for modification	C:\Windows\SysWOW64\Klekfinp.exe	Kekbjo32.exe
File created	C:\Windows\SysWOW64\Nnndji32.dll	Ofckhj32.exe
File created	C:\Windows\SysWOW64\Hojncj32.dll	Eblimcdf.exe
File created	C:\Windows\SysWOW64\Hidgai32.exe	Hlpfhe32.exe
File created	C:\Windows\SysWOW64\Pmhbqbae.exe	Pbcncibp.exe
File created	C:\Windows\SysWOW64\Jlikkkhn.exe	Jbagbebm.exe
File created	C:\Windows\SysWOW64\Pgdhilkd.dll	Jlikkkhn.exe
File opened for modification	C:\Windows\SysWOW64\Lcfidb32.exe	Lohqnd32.exe
File opened for modification	C:\Windows\SysWOW64\Ofckhj32.exe	Nmjfodne.exe
File created	C:\Windows\SysWOW64\Omfekbdh.exe	Oflmnh32.exe
File opened for modification	C:\Windows\SysWOW64\Ppnenlka.exe	Pfepdg32.exe
File created	C:\Windows\SysWOW64\Qikoka32.dll	Gikdkj32.exe
File opened for modification	C:\Windows\SysWOW64\Gicgpelg.exe	Fkofga32.exe
File created	C:\Windows\SysWOW64\Inpoggcb.dll	Qbajeg32.exe
File created	C:\Windows\SysWOW64\Bfkbfd32.exe	Bigbmpco.exe
File created	C:\Windows\SysWOW64\Cgfbbb32.exe	Cajjjk32.exe
File created	C:\Windows\SysWOW64\Ebimgcfi.exe	Eeelnp32.exe
File created	C:\Windows\SysWOW64\Kbblcj32.dll	Ebimgcfi.exe
File created	C:\Windows\SysWOW64\Ogeacidl.dll	Fkjmlaac.exe
File created	C:\Windows\SysWOW64\Anafep32.dll	Mcoljagj.exe
File opened for modification	C:\Windows\SysWOW64\Mqhfoebo.exe	Mjnnbk32.exe
File created	C:\Windows\SysWOW64\Nqaiecjd.exe	Nbphglbe.exe
File created	C:\Windows\SysWOW64\Iheocj32.dll	Pmhbqbae.exe
File created	C:\Windows\SysWOW64\Ddmhhd32.exe	Dncpkjoc.exe
File created	C:\Windows\SysWOW64\Ddipic32.dll	Hlnjbedi.exe
File created	C:\Windows\SysWOW64\Mqdcnl32.exe	Mgloefco.exe
File created	C:\Windows\SysWOW64\Laiimcij.dll	Lpochfji.exe
File opened for modification	C:\Windows\SysWOW64\Pfepdg32.exe	Paihlpfi.exe
File created	C:\Windows\SysWOW64\Acccdj32.exe	Acqgojmb.exe
File created	C:\Windows\SysWOW64\Aidehpea.exe	Abjmkf32.exe
File opened for modification	C:\Windows\SysWOW64\Bjhkmbho.exe	Bmdkcnie.exe
File created	C:\Windows\SysWOW64\Efehkimj.dll	Dickplko.exe
File created	C:\Windows\SysWOW64\Mioaanec.dll	Aopemh32.exe
File created	C:\Windows\SysWOW64\Ieagmcmq.exe	Ipdndloi.exe
File created	C:\Windows\SysWOW64\Fkgillpj.exe	Fgiaemic.exe
File created	C:\Windows\SysWOW64\Ecpfpo32.dll	Bpfkpp32.exe
File opened for modification	C:\Windows\SysWOW64\Ggmmlamj.exe	Gndick32.exe
File opened for modification	C:\Windows\SysWOW64\Lohqnd32.exe	Kpccmhdg.exe
File opened for modification	C:\Windows\SysWOW64\Nhhdnf32.exe	Nqmojd32.exe
File created	C:\Windows\SysWOW64\Mpagaf32.dll	Pjoppf32.exe
File opened for modification	C:\Windows\SysWOW64\Ckidcpjl.exe	Cmedjl32.exe
File created	C:\Windows\SysWOW64\Ndnljbeg.dll	Lnldla32.exe
File created	C:\Windows\SysWOW64\Npldbgic.dll	Mqdcnl32.exe
File opened for modification	C:\Windows\SysWOW64\Bgpcliao.exe	Bpfkpp32.exe
File opened for modification	C:\Windows\SysWOW64\Nqaiecjd.exe	Nbphglbe.exe
File opened for modification	C:\Windows\SysWOW64\Ebimgcfi.exe	Eeelnp32.exe
File opened for modification	C:\Windows\SysWOW64\Pplobcpp.exe	Phajna32.exe
File created	C:\Windows\SysWOW64\Kpmmljnd.dll	Jhkbdmbg.exe
File created	C:\Windows\SysWOW64\Lkpemq32.dll	Jbagbebm.exe
File created	C:\Windows\SysWOW64\Mjlalkmd.exe	Mbdiknlb.exe
File opened for modification	C:\Windows\SysWOW64\Nfnamjhk.exe	Nqaiecjd.exe
File created	C:\Windows\SysWOW64\Gipbmd32.dll	Nqaiecjd.exe
File opened for modification	C:\Windows\SysWOW64\Dncpkjoc.exe	Dcnlnaom.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
9064	8940	WerFault.exe	338

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Edplhjhi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Kpiqfima.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bjmkmfbo.dll"	Klpakj32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Lohqnd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ekljpm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gakbde32.dll"	Hpioin32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Mpclce32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Pbcncibp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Bmdkcnie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Kpccmhdg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Iaidib32.dll"	Oflmnh32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Aibibp32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Fcekfnkb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Hlpfhe32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jbofpe32.dll"	Nagiji32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Agdcpkll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Jhkbdmbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dmokdgeg.dll"	Lljklo32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Jlikkkhn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bkgppbgc.dll"	Kpccmhdg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Cpogkhnl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ncchae32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Aaldccip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Chkobkod.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ojehbail.dll"	Fohfbpgi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Olqjha32.dll"	Acccdj32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Felbnn32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Aagkhd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Jlikkkhn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Fiodpl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gelfeh32.dll"	Dpiplm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ekjded32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gipbmd32.dll"	Nqaiecjd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ofckhj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Iliinc32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Jllokajf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Phfcipoo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Egilaj32.dll"	Qfmmplad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Eklajcmc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Nfqnbjfi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Oqoefand.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Iplkpa32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hhblffgn.dll"	Phfcipoo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Begfqa32.dll"	Enpfan32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ieagmcmq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Lcfidb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Alapqh32.dll"	Mfenglqf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dilcjbag.dll"	Babcil32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Cmbgdl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Akhkncql.dll"	Dmohno32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pnjbcghk.dll"	Jocefm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Kcmmhj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Bddcenpi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Pbcncibp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Piocecgj.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Caageq32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pncepolj.dll"	Gndick32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bcidlo32.dll"	Cajjjk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cajjjk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jcggmk32.dll"	Fjocbhbo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qgnnai32.dll"	Mjlhgaqp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Aaldccip.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ekonpckp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pkffgpdd.dll"	Jahqiaeb.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 4384	3472	63e5438e8df52cc1282c2f33fa85fb338191bc72653843586961eeac8b63c04a.exe	95
PID 3472 wrote to memory of 4384	3472	63e5438e8df52cc1282c2f33fa85fb338191bc72653843586961eeac8b63c04a.exe	95
PID 3472 wrote to memory of 4384	3472	63e5438e8df52cc1282c2f33fa85fb338191bc72653843586961eeac8b63c04a.exe	95
PID 4384 wrote to memory of 2444	4384	Dmohno32.exe	96
PID 4384 wrote to memory of 2444	4384	Dmohno32.exe	96
PID 4384 wrote to memory of 2444	4384	Dmohno32.exe	96
PID 2444 wrote to memory of 3960	2444	Dmennnni.exe	97
PID 2444 wrote to memory of 3960	2444	Dmennnni.exe	97
PID 2444 wrote to memory of 3960	2444	Dmennnni.exe	97
PID 3960 wrote to memory of 4032	3960	Dfnbgc32.exe	98
PID 3960 wrote to memory of 4032	3960	Dfnbgc32.exe	98
PID 3960 wrote to memory of 4032	3960	Dfnbgc32.exe	98
PID 4032 wrote to memory of 3160	4032	Eofgpikj.exe	99
PID 4032 wrote to memory of 3160	4032	Eofgpikj.exe	99
PID 4032 wrote to memory of 3160	4032	Eofgpikj.exe	99
PID 3160 wrote to memory of 4592	3160	Eeelnp32.exe	100
PID 3160 wrote to memory of 4592	3160	Eeelnp32.exe	100
PID 3160 wrote to memory of 4592	3160	Eeelnp32.exe	100
PID 4592 wrote to memory of 3020	4592	Ebimgcfi.exe	102
PID 4592 wrote to memory of 3020	4592	Ebimgcfi.exe	102
PID 4592 wrote to memory of 3020	4592	Ebimgcfi.exe	102
PID 3020 wrote to memory of 3664	3020	Eblimcdf.exe	103
PID 3020 wrote to memory of 3664	3020	Eblimcdf.exe	103
PID 3020 wrote to memory of 3664	3020	Eblimcdf.exe	103
PID 3664 wrote to memory of 5064	3664	Felbnn32.exe	104
PID 3664 wrote to memory of 5064	3664	Felbnn32.exe	104
PID 3664 wrote to memory of 5064	3664	Felbnn32.exe	104
PID 5064 wrote to memory of 1300	5064	Fflohaij.exe	105
PID 5064 wrote to memory of 1300	5064	Fflohaij.exe	105
PID 5064 wrote to memory of 1300	5064	Fflohaij.exe	105
PID 1300 wrote to memory of 1656	1300	Fngcmcfe.exe	106
PID 1300 wrote to memory of 1656	1300	Fngcmcfe.exe	106
PID 1300 wrote to memory of 1656	1300	Fngcmcfe.exe	106
PID 1656 wrote to memory of 4820	1656	Fiodpl32.exe	108
PID 1656 wrote to memory of 4820	1656	Fiodpl32.exe	108
PID 1656 wrote to memory of 4820	1656	Fiodpl32.exe	108
PID 4820 wrote to memory of 3708	4820	Gejopl32.exe	109
PID 4820 wrote to memory of 3708	4820	Gejopl32.exe	109
PID 4820 wrote to memory of 3708	4820	Gejopl32.exe	109
PID 3708 wrote to memory of 4388	3708	Gbnoiqdq.exe	110
PID 3708 wrote to memory of 4388	3708	Gbnoiqdq.exe	110
PID 3708 wrote to memory of 4388	3708	Gbnoiqdq.exe	110
PID 4388 wrote to memory of 4400	4388	Glgcbf32.exe	111
PID 4388 wrote to memory of 4400	4388	Glgcbf32.exe	111
PID 4388 wrote to memory of 4400	4388	Glgcbf32.exe	111
PID 4400 wrote to memory of 4088	4400	Gikdkj32.exe	112
PID 4400 wrote to memory of 4088	4400	Gikdkj32.exe	112
PID 4400 wrote to memory of 4088	4400	Gikdkj32.exe	112
PID 4088 wrote to memory of 1640	4088	Gojiiafp.exe	114
PID 4088 wrote to memory of 1640	4088	Gojiiafp.exe	114
PID 4088 wrote to memory of 1640	4088	Gojiiafp.exe	114
PID 1640 wrote to memory of 3540	1640	Hlnjbedi.exe	115
PID 1640 wrote to memory of 3540	1640	Hlnjbedi.exe	115
PID 1640 wrote to memory of 3540	1640	Hlnjbedi.exe	115
PID 3540 wrote to memory of 1788	3540	Hlpfhe32.exe	116
PID 3540 wrote to memory of 1788	3540	Hlpfhe32.exe	116
PID 3540 wrote to memory of 1788	3540	Hlpfhe32.exe	116
PID 1788 wrote to memory of 2628	1788	Hidgai32.exe	117
PID 1788 wrote to memory of 2628	1788	Hidgai32.exe	117
PID 1788 wrote to memory of 2628	1788	Hidgai32.exe	117
PID 2628 wrote to memory of 1664	2628	Hbohpn32.exe	118
PID 2628 wrote to memory of 1664	2628	Hbohpn32.exe	118
PID 2628 wrote to memory of 1664	2628	Hbohpn32.exe	118
PID 1664 wrote to memory of 4356	1664	Hlglidlo.exe	120

C:\Users\Admin\AppData\Local\Temp\63e5438e8df52cc1282c2f33fa85fb338191bc72653843586961eeac8b63c04a.exe
"C:\Users\Admin\AppData\Local\Temp\63e5438e8df52cc1282c2f33fa85fb338191bc72653843586961eeac8b63c04a.exe"
1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Windows\SysWOW64\Dmohno32.exe
  C:\Windows\system32\Dmohno32.exe
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4384
- - C:\Windows\SysWOW64\Dmennnni.exe
    C:\Windows\system32\Dmennnni.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Windows\SysWOW64\Dfnbgc32.exe
      C:\Windows\system32\Dfnbgc32.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:3960
    - - C:\Windows\SysWOW64\Eofgpikj.exe
        
        C:\Windows\system32\Eofgpikj.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4032
      - C:\Windows\SysWOW64\Eeelnp32.exe
        
        C:\Windows\system32\Eeelnp32.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3160
        
        C:\Windows\SysWOW64\Ebimgcfi.exe
        
        C:\Windows\system32\Ebimgcfi.exe
        7⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4592
        
        C:\Windows\SysWOW64\Eblimcdf.exe
        
        C:\Windows\system32\Eblimcdf.exe
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3020
        
        C:\Windows\SysWOW64\Felbnn32.exe
        
        C:\Windows\system32\Felbnn32.exe
        9⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3664
        
        C:\Windows\SysWOW64\Fflohaij.exe
        
        C:\Windows\system32\Fflohaij.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5064
        
        C:\Windows\SysWOW64\Fngcmcfe.exe
        
        C:\Windows\system32\Fngcmcfe.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1300
        
        C:\Windows\SysWOW64\Fiodpl32.exe
        
        C:\Windows\system32\Fiodpl32.exe
        12⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1656
        
        C:\Windows\SysWOW64\Gejopl32.exe
        
        C:\Windows\system32\Gejopl32.exe
        13⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4820
        
        C:\Windows\SysWOW64\Gbnoiqdq.exe
        
        C:\Windows\system32\Gbnoiqdq.exe
        14⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3708
        
        C:\Windows\SysWOW64\Glgcbf32.exe
        
        C:\Windows\system32\Glgcbf32.exe
        15⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4388
        
        C:\Windows\SysWOW64\Gikdkj32.exe
        
        C:\Windows\system32\Gikdkj32.exe
        16⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4400
        
        C:\Windows\SysWOW64\Gojiiafp.exe
        
        C:\Windows\system32\Gojiiafp.exe
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4088
        
        C:\Windows\SysWOW64\Hlnjbedi.exe
        
        C:\Windows\system32\Hlnjbedi.exe
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1640
        
        C:\Windows\SysWOW64\Hlpfhe32.exe
        
        C:\Windows\system32\Hlpfhe32.exe
        19⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3540
        
        C:\Windows\SysWOW64\Hidgai32.exe
        
        C:\Windows\system32\Hidgai32.exe
        20⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1788
        
        C:\Windows\SysWOW64\Hbohpn32.exe
        
        C:\Windows\system32\Hbohpn32.exe
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2628
        
        C:\Windows\SysWOW64\Hlglidlo.exe
        
        C:\Windows\system32\Hlglidlo.exe
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1664
        
        C:\Windows\SysWOW64\Iliinc32.exe
        
        C:\Windows\system32\Iliinc32.exe
        23⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4356
        
        C:\Windows\SysWOW64\Illfdc32.exe
        
        C:\Windows\system32\Illfdc32.exe
        24⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1644
        
        C:\Windows\SysWOW64\Iipfmggc.exe
        
        C:\Windows\system32\Iipfmggc.exe
        25⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3056
        
        C:\Windows\SysWOW64\Iefgbh32.exe
        
        C:\Windows\system32\Iefgbh32.exe
        26⤵
        Executes dropped EXE
        
        PID:2664
        
        C:\Windows\SysWOW64\Iplkpa32.exe
        
        C:\Windows\system32\Iplkpa32.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2992
        
        C:\Windows\SysWOW64\Jcmdaljn.exe
        
        C:\Windows\system32\Jcmdaljn.exe
        28⤵
        Executes dropped EXE
        
        PID:2356
        
        C:\Windows\SysWOW64\Jocefm32.exe
        
        C:\Windows\system32\Jocefm32.exe
        29⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:688
        
        C:\Windows\SysWOW64\Jpcapp32.exe
        
        C:\Windows\system32\Jpcapp32.exe
        30⤵
        Executes dropped EXE
        
        PID:3292
        
        C:\Windows\SysWOW64\Johnamkm.exe
        
        C:\Windows\system32\Johnamkm.exe
        31⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4784
        
        C:\Windows\SysWOW64\Jllokajf.exe
        
        C:\Windows\system32\Jllokajf.exe
        32⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:4468
        
        C:\Windows\SysWOW64\Jgbchj32.exe
        
        C:\Windows\system32\Jgbchj32.exe
        33⤵
        Executes dropped EXE
        
        PID:3476
        
        C:\Windows\SysWOW64\Kpmdfonj.exe
        
        C:\Windows\system32\Kpmdfonj.exe
        34⤵
        Executes dropped EXE
        
        PID:5032
        
        C:\Windows\SysWOW64\Keimof32.exe
        
        C:\Windows\system32\Keimof32.exe
        35⤵
        Executes dropped EXE
        
        PID:1584
        
        C:\Windows\SysWOW64\Kcmmhj32.exe
        
        C:\Windows\system32\Kcmmhj32.exe
        36⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:4252
        
        C:\Windows\SysWOW64\Kncaec32.exe
        
        C:\Windows\system32\Kncaec32.exe
        37⤵
        Executes dropped EXE
        
        PID:1076
        
        C:\Windows\SysWOW64\Kjjbjd32.exe
        
        C:\Windows\system32\Kjjbjd32.exe
        38⤵
        Executes dropped EXE
        
        PID:3360
        
        C:\Windows\SysWOW64\Lljklo32.exe
        
        C:\Windows\system32\Lljklo32.exe
        39⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:908
        
        C:\Windows\SysWOW64\Lgpoihnl.exe
        
        C:\Windows\system32\Lgpoihnl.exe
        40⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:736
        
        C:\Windows\SysWOW64\Lqhdbm32.exe
        
        C:\Windows\system32\Lqhdbm32.exe
        41⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:2252
        
        C:\Windows\SysWOW64\Lnldla32.exe
        
        C:\Windows\system32\Lnldla32.exe
        42⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3680
        
        C:\Windows\SysWOW64\Ljceqb32.exe
        
        C:\Windows\system32\Ljceqb32.exe
        43⤵
        Executes dropped EXE
        
        PID:644
        
        C:\Windows\SysWOW64\Ljeafb32.exe
        
        C:\Windows\system32\Ljeafb32.exe
        44⤵
        Executes dropped EXE
        
        PID:776
        
        C:\Windows\SysWOW64\Lobjni32.exe
        
        C:\Windows\system32\Lobjni32.exe
        45⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4656
        
        C:\Windows\SysWOW64\Mmfkhmdi.exe
        
        C:\Windows\system32\Mmfkhmdi.exe
        46⤵
        Executes dropped EXE
        
        PID:2280
        
        C:\Windows\SysWOW64\Mgloefco.exe
        
        C:\Windows\system32\Mgloefco.exe
        47⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5132
        
        C:\Windows\SysWOW64\Mqdcnl32.exe
        
        C:\Windows\system32\Mqdcnl32.exe
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5172
        
        C:\Windows\SysWOW64\Mjlhgaqp.exe
        
        C:\Windows\system32\Mjlhgaqp.exe
        49⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:5212
        
        C:\Windows\SysWOW64\Mjodla32.exe
        
        C:\Windows\system32\Mjodla32.exe
        50⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:5256
        
        C:\Windows\SysWOW64\Mqimikfj.exe
        
        C:\Windows\system32\Mqimikfj.exe
        51⤵
        Executes dropped EXE
        
        PID:5296
        
        C:\Windows\SysWOW64\Mmpmnl32.exe
        
        C:\Windows\system32\Mmpmnl32.exe
        52⤵
        Executes dropped EXE
        
        PID:5344
        
        C:\Windows\SysWOW64\Mcifkf32.exe
        
        C:\Windows\system32\Mcifkf32.exe
        53⤵
        Executes dropped EXE
        
        PID:5400
        
        C:\Windows\SysWOW64\Nclbpf32.exe
        
        C:\Windows\system32\Nclbpf32.exe
        54⤵
        Executes dropped EXE
        
        PID:5440
        
        C:\Windows\SysWOW64\Njhgbp32.exe
        
        C:\Windows\system32\Njhgbp32.exe
        55⤵
        Executes dropped EXE
        
        PID:5488
        
        C:\Windows\SysWOW64\Nqbpojnp.exe
        
        C:\Windows\system32\Nqbpojnp.exe
        56⤵
        Executes dropped EXE
        
        PID:5528
        
        C:\Windows\SysWOW64\Nnfpinmi.exe
        
        C:\Windows\system32\Nnfpinmi.exe
        57⤵
        Executes dropped EXE
        
        PID:5564
        
        C:\Windows\SysWOW64\Ncchae32.exe
        
        C:\Windows\system32\Ncchae32.exe
        58⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:5608
        
        C:\Windows\SysWOW64\Nagiji32.exe
        
        C:\Windows\system32\Nagiji32.exe
        59⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:5656
        
        C:\Windows\SysWOW64\Nfcabp32.exe
        
        C:\Windows\system32\Nfcabp32.exe
        60⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:5696
        
        C:\Windows\SysWOW64\Oplfkeob.exe
        
        C:\Windows\system32\Oplfkeob.exe
        61⤵
        Executes dropped EXE
        
        PID:5736
        
        C:\Windows\SysWOW64\Ompfej32.exe
        
        C:\Windows\system32\Ompfej32.exe
        62⤵
        Executes dropped EXE
        
        PID:5776
        
        C:\Windows\SysWOW64\Ofhknodl.exe
        
        C:\Windows\system32\Ofhknodl.exe
        63⤵
        Executes dropped EXE
        
        PID:5856
        
        C:\Windows\SysWOW64\Phajna32.exe
        
        C:\Windows\system32\Phajna32.exe
        64⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5888
        
        C:\Windows\SysWOW64\Pplobcpp.exe
        
        C:\Windows\system32\Pplobcpp.exe
        65⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:5936
        
        C:\Windows\SysWOW64\Pmpolgoi.exe
        
        C:\Windows\system32\Pmpolgoi.exe
        66⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\Phfcipoo.exe
        
        C:\Windows\system32\Phfcipoo.exe
        67⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6016
        
        C:\Windows\SysWOW64\Qfkqjmdg.exe
        
        C:\Windows\system32\Qfkqjmdg.exe
        68⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\Qfmmplad.exe
        
        C:\Windows\system32\Qfmmplad.exe
        69⤵
        Modifies registry class
        
        PID:6108
        
        C:\Windows\SysWOW64\Afpjel32.exe
        
        C:\Windows\system32\Afpjel32.exe
        70⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4440
        
        C:\Windows\SysWOW64\Adcjop32.exe
        
        C:\Windows\system32\Adcjop32.exe
        71⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\Aknbkjfh.exe
        
        C:\Windows\system32\Aknbkjfh.exe
        72⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\Aagkhd32.exe
        
        C:\Windows\system32\Aagkhd32.exe
        73⤵
        Modifies registry class
        
        PID:5316
        
        C:\Windows\SysWOW64\Agdcpkll.exe
        
        C:\Windows\system32\Agdcpkll.exe
        74⤵
        Modifies registry class
        
        PID:5372
        
        C:\Windows\SysWOW64\Aajhndkb.exe
        
        C:\Windows\system32\Aajhndkb.exe
        75⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\Aaldccip.exe
        
        C:\Windows\system32\Aaldccip.exe
        76⤵
        Modifies registry class
        
        PID:5508
        
        C:\Windows\SysWOW64\Aopemh32.exe
        
        C:\Windows\system32\Aopemh32.exe
        77⤵
        Drops file in System32 directory
        
        PID:5544
        
        C:\Windows\SysWOW64\Bgkiaj32.exe
        
        C:\Windows\system32\Bgkiaj32.exe
        78⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\Bpdnjple.exe
        
        C:\Windows\system32\Bpdnjple.exe
        79⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\Bkibgh32.exe
        
        C:\Windows\system32\Bkibgh32.exe
        80⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5804
        
        C:\Windows\SysWOW64\Bpfkpp32.exe
        
        C:\Windows\system32\Bpfkpp32.exe
        81⤵
        Drops file in System32 directory
        
        PID:5912
        
        C:\Windows\SysWOW64\Bgpcliao.exe
        
        C:\Windows\system32\Bgpcliao.exe
        82⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\Bddcenpi.exe
        
        C:\Windows\system32\Bddcenpi.exe
        83⤵
        Modifies registry class
        
        PID:6044
        
        C:\Windows\SysWOW64\Boihcf32.exe
        
        C:\Windows\system32\Boihcf32.exe
        84⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\Bpkdjofm.exe
        
        C:\Windows\system32\Bpkdjofm.exe
        85⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\Bgelgi32.exe
        
        C:\Windows\system32\Bgelgi32.exe
        86⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\Chdialdl.exe
        
        C:\Windows\system32\Chdialdl.exe
        87⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\Cnaaib32.exe
        
        C:\Windows\system32\Cnaaib32.exe
        88⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5572
        
        C:\Windows\SysWOW64\Chfegk32.exe
        
        C:\Windows\system32\Chfegk32.exe
        89⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\Cpbjkn32.exe
        
        C:\Windows\system32\Cpbjkn32.exe
        90⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\Caageq32.exe
        
        C:\Windows\system32\Caageq32.exe
        91⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:1884
        
        C:\Windows\SysWOW64\Chkobkod.exe
        
        C:\Windows\system32\Chkobkod.exe
        92⤵
        Modifies registry class
        
        PID:6068
        
        C:\Windows\SysWOW64\Cpfcfmlp.exe
        
        C:\Windows\system32\Cpfcfmlp.exe
        93⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\Dpiplm32.exe
        
        C:\Windows\system32\Dpiplm32.exe
        94⤵
        Modifies registry class
        
        PID:5424
        
        C:\Windows\SysWOW64\Dgcihgaj.exe
        
        C:\Windows\system32\Dgcihgaj.exe
        95⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\Dgeenfog.exe
        
        C:\Windows\system32\Dgeenfog.exe
        96⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5884
        
        C:\Windows\SysWOW64\Dakikoom.exe
        
        C:\Windows\system32\Dakikoom.exe
        97⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5180
        
        C:\Windows\SysWOW64\Dnajppda.exe
        
        C:\Windows\system32\Dnajppda.exe
        98⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5604
        
        C:\Windows\SysWOW64\Dgjoif32.exe
        
        C:\Windows\system32\Dgjoif32.exe
        99⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6052
        
        C:\Windows\SysWOW64\Dhikci32.exe
        
        C:\Windows\system32\Dhikci32.exe
        100⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\Edplhjhi.exe
        
        C:\Windows\system32\Edplhjhi.exe
        101⤵
        Modifies registry class
        
        PID:5448
        
        C:\Windows\SysWOW64\Ekjded32.exe
        
        C:\Windows\system32\Ekjded32.exe
        102⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:6156
        
        C:\Windows\SysWOW64\Eklajcmc.exe
        
        C:\Windows\system32\Eklajcmc.exe
        103⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6196
        
        C:\Windows\SysWOW64\Ekonpckp.exe
        
        C:\Windows\system32\Ekonpckp.exe
        104⤵
        Modifies registry class
        
        PID:6248
        
        C:\Windows\SysWOW64\Edgbii32.exe
        
        C:\Windows\system32\Edgbii32.exe
        105⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\Enpfan32.exe
        
        C:\Windows\system32\Enpfan32.exe
        106⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6368
        
        C:\Windows\SysWOW64\Ekcgkb32.exe
        
        C:\Windows\system32\Ekcgkb32.exe
        107⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\Fqppci32.exe
        
        C:\Windows\system32\Fqppci32.exe
        108⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\Fgjhpcmo.exe
        
        C:\Windows\system32\Fgjhpcmo.exe
        109⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\Fijdjfdb.exe
        
        C:\Windows\system32\Fijdjfdb.exe
        110⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6544
        
        C:\Windows\SysWOW64\Foclgq32.exe
        
        C:\Windows\system32\Foclgq32.exe
        111⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6596
        
        C:\Windows\SysWOW64\Fkjmlaac.exe
        
        C:\Windows\system32\Fkjmlaac.exe
        112⤵
        Drops file in System32 directory
        
        PID:6644
        
        C:\Windows\SysWOW64\Fecadghc.exe
        
        C:\Windows\system32\Fecadghc.exe
        113⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\Fohfbpgi.exe
        
        C:\Windows\system32\Fohfbpgi.exe
        114⤵
        Modifies registry class
        
        PID:6736
        
        C:\Windows\SysWOW64\Fkofga32.exe
        
        C:\Windows\system32\Fkofga32.exe
        115⤵
        Drops file in System32 directory
        
        PID:6820
        
        C:\Windows\SysWOW64\Gicgpelg.exe
        
        C:\Windows\system32\Gicgpelg.exe
        116⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\Gkaclqkk.exe
        
        C:\Windows\system32\Gkaclqkk.exe
        117⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\Gndick32.exe
        
        C:\Windows\system32\Gndick32.exe
        118⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6964
        
        C:\Windows\SysWOW64\Ggmmlamj.exe
        
        C:\Windows\system32\Ggmmlamj.exe
        119⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\Hlkfbocp.exe
        
        C:\Windows\system32\Hlkfbocp.exe
        120⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\Hahokfag.exe
        
        C:\Windows\system32\Hahokfag.exe
        121⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\Hpioin32.exe
        
        C:\Windows\system32\Hpioin32.exe
        122⤵
        Modifies registry class
        
        PID:5140
        
        C:\Windows\SysWOW64\Hlblcn32.exe
        
        C:\Windows\system32\Hlblcn32.exe
        123⤵
        Drops file in System32 directory
        
        PID:6216
        
        C:\Windows\SysWOW64\Hldiinke.exe
        
        C:\Windows\system32\Hldiinke.exe
        124⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6288
        
        C:\Windows\SysWOW64\Ipdndloi.exe
        
        C:\Windows\system32\Ipdndloi.exe
        125⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:6408
        
        C:\Windows\SysWOW64\Ieagmcmq.exe
        
        C:\Windows\system32\Ieagmcmq.exe
        126⤵
        Modifies registry class
        
        PID:6476
        
        C:\Windows\SysWOW64\Ibgdlg32.exe
        
        C:\Windows\system32\Ibgdlg32.exe
        127⤵
        Drops file in System32 directory
        
        PID:6552
        
        C:\Windows\SysWOW64\Iondqhpl.exe
        
        C:\Windows\system32\Iondqhpl.exe
        128⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\Jlbejloe.exe
        
        C:\Windows\system32\Jlbejloe.exe
        129⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\Jhkbdmbg.exe
        
        C:\Windows\system32\Jhkbdmbg.exe
        130⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6864
        
        C:\Windows\SysWOW64\Jbagbebm.exe
        
        C:\Windows\system32\Jbagbebm.exe
        131⤵
        Drops file in System32 directory
        
        PID:6940
        
        C:\Windows\SysWOW64\Jlikkkhn.exe
        
        C:\Windows\system32\Jlikkkhn.exe
        132⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7000
        
        C:\Windows\SysWOW64\Jeapcq32.exe
        
        C:\Windows\system32\Jeapcq32.exe
        133⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7096
        
        C:\Windows\SysWOW64\Jahqiaeb.exe
        
        C:\Windows\system32\Jahqiaeb.exe
        134⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6236
        
        C:\Windows\SysWOW64\Kpiqfima.exe
        
        C:\Windows\system32\Kpiqfima.exe
        135⤵
        Modifies registry class
        
        PID:6356
        
        C:\Windows\SysWOW64\Klpakj32.exe
        
        C:\Windows\system32\Klpakj32.exe
        136⤵
        Modifies registry class
        
        PID:6444
        
        C:\Windows\SysWOW64\Kamjda32.exe
        
        C:\Windows\system32\Kamjda32.exe
        137⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\Klbnajqc.exe
        
        C:\Windows\system32\Klbnajqc.exe
        138⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6652
        
        C:\Windows\SysWOW64\Kekbjo32.exe
        
        C:\Windows\system32\Kekbjo32.exe
        139⤵
        Drops file in System32 directory
        
        PID:6780
        
        C:\Windows\SysWOW64\Klekfinp.exe
        
        C:\Windows\system32\Klekfinp.exe
        140⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6900
        
        C:\Windows\SysWOW64\Kabcopmg.exe
        
        C:\Windows\system32\Kabcopmg.exe
        141⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:6988
        
        C:\Windows\SysWOW64\Kpccmhdg.exe
        
        C:\Windows\system32\Kpccmhdg.exe
        142⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6164
        
        C:\Windows\SysWOW64\Lohqnd32.exe
        
        C:\Windows\system32\Lohqnd32.exe
        143⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6340
        
        C:\Windows\SysWOW64\Lcfidb32.exe
        
        C:\Windows\system32\Lcfidb32.exe
        144⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6528
        
        C:\Windows\SysWOW64\Ljpaqmgb.exe
        
        C:\Windows\system32\Ljpaqmgb.exe
        145⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\Lomjicei.exe
        
        C:\Windows\system32\Lomjicei.exe
        146⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\Ljbnfleo.exe
        
        C:\Windows\system32\Ljbnfleo.exe
        147⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\Loofnccf.exe
        
        C:\Windows\system32\Loofnccf.exe
        148⤵
        Drops file in System32 directory
        
        PID:6304
        
        C:\Windows\SysWOW64\Ljdkll32.exe
        
        C:\Windows\system32\Ljdkll32.exe
        149⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\Lpochfji.exe
        
        C:\Windows\system32\Lpochfji.exe
        150⤵
        Drops file in System32 directory
        
        PID:6960
        
        C:\Windows\SysWOW64\Mapppn32.exe
        
        C:\Windows\system32\Mapppn32.exe
        151⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\Mledmg32.exe
        
        C:\Windows\system32\Mledmg32.exe
        152⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\Mcoljagj.exe
        
        C:\Windows\system32\Mcoljagj.exe
        153⤵
        Drops file in System32 directory
        
        PID:6152
        
        C:\Windows\SysWOW64\Mjidgkog.exe
        
        C:\Windows\system32\Mjidgkog.exe
        154⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\Mpclce32.exe
        
        C:\Windows\system32\Mpclce32.exe
        155⤵
        Modifies registry class
        
        PID:7076
        
        C:\Windows\SysWOW64\Mbdiknlb.exe
        
        C:\Windows\system32\Mbdiknlb.exe
        156⤵
        Drops file in System32 directory
        
        PID:7180
        
        C:\Windows\SysWOW64\Mjlalkmd.exe
        
        C:\Windows\system32\Mjlalkmd.exe
        157⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\Mjnnbk32.exe
        
        C:\Windows\system32\Mjnnbk32.exe
        158⤵
        Drops file in System32 directory
        
        PID:7268
        
        C:\Windows\SysWOW64\Mqhfoebo.exe
        
        C:\Windows\system32\Mqhfoebo.exe
        159⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7308
        
        C:\Windows\SysWOW64\Mfenglqf.exe
        
        C:\Windows\system32\Mfenglqf.exe
        160⤵
        Modifies registry class
        
        PID:7356
        
        C:\Windows\SysWOW64\Njbgmjgl.exe
        
        C:\Windows\system32\Njbgmjgl.exe
        161⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7404
        
        C:\Windows\SysWOW64\Nqmojd32.exe
        
        C:\Windows\system32\Nqmojd32.exe
        162⤵
        Drops file in System32 directory
        
        PID:7444
        
        C:\Windows\SysWOW64\Nhhdnf32.exe
        
        C:\Windows\system32\Nhhdnf32.exe
        163⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\Nbphglbe.exe
        
        C:\Windows\system32\Nbphglbe.exe
        164⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:7528
        
        C:\Windows\SysWOW64\Nqaiecjd.exe
        
        C:\Windows\system32\Nqaiecjd.exe
        165⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7568
        
        C:\Windows\SysWOW64\Nfnamjhk.exe
        
        C:\Windows\system32\Nfnamjhk.exe
        166⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\Nqcejcha.exe
        
        C:\Windows\system32\Nqcejcha.exe
        167⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\Nfqnbjfi.exe
        
        C:\Windows\system32\Nfqnbjfi.exe
        168⤵
        Modifies registry class
        
        PID:7680
        
        C:\Windows\SysWOW64\Nmjfodne.exe
        
        C:\Windows\system32\Nmjfodne.exe
        169⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:7716
        
        C:\Windows\SysWOW64\Ofckhj32.exe
        
        C:\Windows\system32\Ofckhj32.exe
        170⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7756
        
        C:\Windows\SysWOW64\Oqklkbbi.exe
        
        C:\Windows\system32\Oqklkbbi.exe
        171⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7796
        
        C:\Windows\SysWOW64\Oqmhqapg.exe
        
        C:\Windows\system32\Oqmhqapg.exe
        172⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\Obnehj32.exe
        
        C:\Windows\system32\Obnehj32.exe
        173⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7872
        
        C:\Windows\SysWOW64\Oqoefand.exe
        
        C:\Windows\system32\Oqoefand.exe
        174⤵
        Modifies registry class
        
        PID:7916
        
        C:\Windows\SysWOW64\Oflmnh32.exe
        
        C:\Windows\system32\Oflmnh32.exe
        175⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7956
        
        C:\Windows\SysWOW64\Omfekbdh.exe
        
        C:\Windows\system32\Omfekbdh.exe
        176⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\Pbcncibp.exe
        
        C:\Windows\system32\Pbcncibp.exe
        177⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:8048
        
        C:\Windows\SysWOW64\Pmhbqbae.exe
        
        C:\Windows\system32\Pmhbqbae.exe
        178⤵
        Drops file in System32 directory
        
        PID:8112
        
        C:\Windows\SysWOW64\Piocecgj.exe
        
        C:\Windows\system32\Piocecgj.exe
        179⤵
        Modifies registry class
        
        PID:8164
        
        C:\Windows\SysWOW64\Ppikbm32.exe
        
        C:\Windows\system32\Ppikbm32.exe
        180⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\Pjoppf32.exe
        
        C:\Windows\system32\Pjoppf32.exe
        181⤵
        Drops file in System32 directory
        
        PID:7232
        
        C:\Windows\SysWOW64\Paihlpfi.exe
        
        C:\Windows\system32\Paihlpfi.exe
        182⤵
        Drops file in System32 directory
        
        PID:7288
        
        C:\Windows\SysWOW64\Pfepdg32.exe
        
        C:\Windows\system32\Pfepdg32.exe
        183⤵
        Drops file in System32 directory
        
        PID:7352
        
        C:\Windows\SysWOW64\Ppnenlka.exe
        
        C:\Windows\system32\Ppnenlka.exe
        184⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\Qamago32.exe
        
        C:\Windows\system32\Qamago32.exe
        185⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\Qjffpe32.exe
        
        C:\Windows\system32\Qjffpe32.exe
        186⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\Qapnmopa.exe
        
        C:\Windows\system32\Qapnmopa.exe
        187⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7600
        
        C:\Windows\SysWOW64\Qbajeg32.exe
        
        C:\Windows\system32\Qbajeg32.exe
        188⤵
        Drops file in System32 directory
        
        PID:7664
        
        C:\Windows\SysWOW64\Amfobp32.exe
        
        C:\Windows\system32\Amfobp32.exe
        189⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7748
        
        C:\Windows\SysWOW64\Acqgojmb.exe
        
        C:\Windows\system32\Acqgojmb.exe
        190⤵
        Drops file in System32 directory
        
        PID:7788
        
        C:\Windows\SysWOW64\Acccdj32.exe
        
        C:\Windows\system32\Acccdj32.exe
        191⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7860
        
        C:\Windows\SysWOW64\Adepji32.exe
        
        C:\Windows\system32\Adepji32.exe
        192⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\Aibibp32.exe
        
        C:\Windows\system32\Aibibp32.exe
        193⤵
        Modifies registry class
        
        PID:8016
        
        C:\Windows\SysWOW64\Abjmkf32.exe
        
        C:\Windows\system32\Abjmkf32.exe
        194⤵
        Drops file in System32 directory
        
        PID:8108
        
        C:\Windows\SysWOW64\Aidehpea.exe
        
        C:\Windows\system32\Aidehpea.exe
        195⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8184
        
        C:\Windows\SysWOW64\Apnndj32.exe
        
        C:\Windows\system32\Apnndj32.exe
        196⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\Bigbmpco.exe
        
        C:\Windows\system32\Bigbmpco.exe
        197⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:7376
        
        C:\Windows\SysWOW64\Bfkbfd32.exe
        
        C:\Windows\system32\Bfkbfd32.exe
        198⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\Bmdkcnie.exe
        
        C:\Windows\system32\Bmdkcnie.exe
        199⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7628
        
        C:\Windows\SysWOW64\Bjhkmbho.exe
        
        C:\Windows\system32\Bjhkmbho.exe
        200⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\Babcil32.exe
        
        C:\Windows\system32\Babcil32.exe
        201⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7840
        
        C:\Windows\SysWOW64\Bbdpad32.exe
        
        C:\Windows\system32\Bbdpad32.exe
        202⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\Binhnomg.exe
        
        C:\Windows\system32\Binhnomg.exe
        203⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8096
        
        C:\Windows\SysWOW64\Bdcmkgmm.exe
        
        C:\Windows\system32\Bdcmkgmm.exe
        204⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\Bkmeha32.exe
        
        C:\Windows\system32\Bkmeha32.exe
        205⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7344
        
        C:\Windows\SysWOW64\Bdeiqgkj.exe
        
        C:\Windows\system32\Bdeiqgkj.exe
        206⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7596
        
        C:\Windows\SysWOW64\Cajjjk32.exe
        
        C:\Windows\system32\Cajjjk32.exe
        207⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7792
        
        C:\Windows\SysWOW64\Cgfbbb32.exe
        
        C:\Windows\system32\Cgfbbb32.exe
        208⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\Cpogkhnl.exe
        
        C:\Windows\system32\Cpogkhnl.exe
        209⤵
        Modifies registry class
        
        PID:8188
        
        C:\Windows\SysWOW64\Cmbgdl32.exe
        
        C:\Windows\system32\Cmbgdl32.exe
        210⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7516
        
        C:\Windows\SysWOW64\Cmedjl32.exe
        
        C:\Windows\system32\Cmedjl32.exe
        211⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:7924
        
        C:\Windows\SysWOW64\Ckidcpjl.exe
        
        C:\Windows\system32\Ckidcpjl.exe
        212⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\Dickplko.exe
        
        C:\Windows\system32\Dickplko.exe
        213⤵
        Drops file in System32 directory
        
        PID:7332
        
        C:\Windows\SysWOW64\Dckoia32.exe
        
        C:\Windows\system32\Dckoia32.exe
        214⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\Dcnlnaom.exe
        
        C:\Windows\system32\Dcnlnaom.exe
        215⤵
        Drops file in System32 directory
        
        PID:7476
        
        C:\Windows\SysWOW64\Dncpkjoc.exe
        
        C:\Windows\system32\Dncpkjoc.exe
        216⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:8228
        
        C:\Windows\SysWOW64\Ddmhhd32.exe
        
        C:\Windows\system32\Ddmhhd32.exe
        217⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\Ejjaqk32.exe
        
        C:\Windows\system32\Ejjaqk32.exe
        218⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\Epdime32.exe
        
        C:\Windows\system32\Epdime32.exe
        219⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\Enhifi32.exe
        
        C:\Windows\system32\Enhifi32.exe
        220⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\Ekljpm32.exe
        
        C:\Windows\system32\Ekljpm32.exe
        221⤵
        Modifies registry class
        
        PID:8432
        
        C:\Windows\SysWOW64\Ecgodpgb.exe
        
        C:\Windows\system32\Ecgodpgb.exe
        222⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\Enlcahgh.exe
        
        C:\Windows\system32\Enlcahgh.exe
        223⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8520
        
        C:\Windows\SysWOW64\Enopghee.exe
        
        C:\Windows\system32\Enopghee.exe
        224⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8564
        
        C:\Windows\SysWOW64\Edihdb32.exe
        
        C:\Windows\system32\Edihdb32.exe
        225⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8604
        
        C:\Windows\SysWOW64\Fkcpql32.exe
        
        C:\Windows\system32\Fkcpql32.exe
        226⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\Fgiaemic.exe
        
        C:\Windows\system32\Fgiaemic.exe
        227⤵
        Drops file in System32 directory
        
        PID:8692
        
        C:\Windows\SysWOW64\Fkgillpj.exe
        
        C:\Windows\system32\Fkgillpj.exe
        228⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\Fkjfakng.exe
        
        C:\Windows\system32\Fkjfakng.exe
        229⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8772
        
        C:\Windows\SysWOW64\Fbdnne32.exe
        
        C:\Windows\system32\Fbdnne32.exe
        230⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\Fcekfnkb.exe
        
        C:\Windows\system32\Fcekfnkb.exe
        231⤵
        Modifies registry class
        
        PID:8852
        
        C:\Windows\SysWOW64\Fjocbhbo.exe
        
        C:\Windows\system32\Fjocbhbo.exe
        232⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:8900
        
        C:\Windows\SysWOW64\Gddgpqbe.exe
        
        C:\Windows\system32\Gddgpqbe.exe
        233⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 412
        234⤵
        Program crash
        
        PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 8940 -ip 8940
1⤵
PID:9020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Dfnbgc32.exe

Filesize
295KB

MD5
4f34b4f2e795dd4d103bc4b4924b6a89

SHA1
dd566af121ebebc71c30a2d80dd6071fb7633a2c

SHA256
2eca805b3700434f32a8da3aee3ac1d6a389ec99a850ba4e5d61bec3003d416c

SHA512
f35f122ada8532ec8809b3c6973cd4ba1c29b78ac54a67dca2a2ef41e633492679898dc461cefff8fdfe71965b510b4d6e5fd5e3fe75975982d90f27778b58b1

Download Submit
C:\Windows\SysWOW64\Dmennnni.exe

Filesize
295KB

MD5
188f65d5485a16cc66749185196c3c25

SHA1
44a7d831643a4aaccabbcf6c228a6055de8bb764

SHA256
45ab52a24e41d7b40a20b2b340dc39513d49dc04bf28bb969a514d5f14a2b1e4

SHA512
68674bde69afe1035fa3769924b6dff83b0e75d14f21809ec2aef08da3a286442c266f6654b8873ae4fac1236c8044ffc76da465ca1f584fb1ccd23775ad316c

Download Submit
C:\Windows\SysWOW64\Dmohno32.exe

Filesize
295KB

MD5
db9f52c7d191b4f914891b80a68ffc9e

SHA1
35c3a681b84500d739fda04e1ce29d138e1f6c13

SHA256
f2330f699f823d5bc021c9f75f97746dabf21930d6df0bf2495684a10fa20bf7

SHA512
6ef0fc82d4bbf2d5bdb4ab3c2a14a0744b8a34e3492a7f7db93c908312eaffafea82b578c8ff414ddadb825a8614cc5cd66cb6891b7f4e867bbe40c650681ac2

Download Submit
C:\Windows\SysWOW64\Ebimgcfi.exe

Filesize
295KB

MD5
1f1a288c0853fb933c165fa6834013dd

SHA1
a248d74dfa706fb859ee9ca90d58c969af989134

SHA256
fae24121e7930094f73f10c5d1dd3cad776eefb7651d67abd58d0fa312c82a0a

SHA512
3fbcdef63dce4dadb8e4d48fd5a9d56ef08afae175b9944824ac9d7c6b6094922e645a3ce930a4e171fb2c6b6101efc4d505f71f308e27ec02e1f7674a2a0cc8

Download Submit
C:\Windows\SysWOW64\Eblimcdf.exe

Filesize
295KB

MD5
fba4d248d80bbf0bda6876db81f109f1

SHA1
4d18746b2e5b69022a8433956fdf42e381fb3cde

SHA256
dc08f674aea565572a779616a2b01f7e4811b1fefa067e088b9393f3a8933b24

SHA512
e6d7b1bb1b931df3f6462aadf3646b20a2a54749bd33c0d3518046bb76d1eb6a56fbe3575d2cebe615b5fd80f3b8d9cc22632469287ec6b0a9763868a45ee59c

Download Submit
C:\Windows\SysWOW64\Eeelnp32.exe

Filesize
295KB

MD5
933a0d9104f64b38012c21f693a7b42b

SHA1
93d5282c79d9f285655e043c6f0c4127c6bb713b

SHA256
0b21cf7be93ac55cb8d384253669723b9a0a37f5ce941e18441a634af63257cd

SHA512
3e61f29840d7c907f5b20839b6bd8a915931c4494e912edd6c16d772fcf092fd6e566b7fc724a9e284b34c74319698600d5bd5ced3814efdfebb78bcf3742e17

Download Submit
C:\Windows\SysWOW64\Enhifi32.exe

Filesize
295KB

MD5
cb2845fe5a9079583468679dc64707ff

SHA1
bafa3a1c297b9b714d10b790145cf3135e8b49ff

SHA256
9c8c699f5319213014b6804a17c2eedb305bd50b7a2942d735007fbafea74fc4

SHA512
2e19270ecb70c2f82cd7a2a6ef4bc14f63c6e52e959bc6dbf612e4fca4774a6f1638fb8080daba993c163bac271014a673dd8d60bdea0d6d1400c30e61fa7300

Download Submit
C:\Windows\SysWOW64\Eofgpikj.exe

Filesize
295KB

MD5
325eed598806303b8f2b8ea4dda05b36

SHA1
3b2561b122e401418b520b25be2cbd4dedd71aee

SHA256
9aaf034db27a83df17604f2576a6b6c8d601454937e724662f4364ba59442da6

SHA512
5cfb9600ee17ac60e6f63650499f57b780cd2f7a90d4f33c2570445ee4fb45da9f49288dbae44aacc93ee5b452ca30ea9321e37cd6107f63d48bb7a8dddd9c4e

Download Submit
C:\Windows\SysWOW64\Felbnn32.exe

Filesize
295KB

MD5
7f1004e7155dbdb84e1ce790b12af34a

SHA1
bdde9d7ddf669acdfe8ee45ee2b5f95abc0b5c9f

SHA256
9db7081cef0947cac95ca4bec9e4a68ee522d425f17cebd060b7f4965aa5e586

SHA512
ffdd2c13a0a318053b1c53e5b3f65be2941fb9a811af92b3f160b8473e0f6036694ddc9c7f585cd68977d0f2ad0f68f23b15dde7262583e3e586c74a67708815

Download Submit
C:\Windows\SysWOW64\Felbnn32.exe

Filesize
256KB

MD5
eb6e863e2cc761d360f17a25fc1bdbdc

SHA1
8693a0bede29c0b066403aeb5295dd94b3410c2b

SHA256
14ed0a7d20c3e85fc5481da64f545775304f07bd49577d63ae974ea7a43f393b

SHA512
59893a1b84f6b07ff8ee979c29bfee6eeb8bb422d1c3b4d5d03f5272aa4a9bc7444dbc9f243c6962e8c65cc390433751b627d1f97cac2b1961713440b65c848a

Download Submit
C:\Windows\SysWOW64\Fflohaij.exe

Filesize
295KB

MD5
f61dace0a8543b0738164c3745bfbcd0

SHA1
43273778a2d10073885ca5b3e3ec77cd8ca8cb37

SHA256
864c322dc34fb12e1e1f5817f489e991e60336f4652a555e706944a1e7a28254

SHA512
ffbf173f88bb08506e1590abe1fa15d74bbd458d8a8133639f6f564ac2e97c81059fea330ce1f65a29d8922720440a0a7e362f156552563d4d3aa6b347a12c68

Download Submit
C:\Windows\SysWOW64\Fiodpl32.exe

Filesize
295KB

MD5
cfafc36f562ee7639bba3896e787c93b

SHA1
0887a7ce4291ec128616206ad945370093b81fbf

SHA256
278b5c4276cebede4d7ea1cfc49a8f78ff2dbcd7f465a961764cea9d7a43ef55

SHA512
262371cda5b539b100c996878022b7c041e6e61fe884283e7189ac3befa26fb8915d756460d07d997ac874f16162f76ecd66a9c2a553cb37740b13f5d8c1b1d9

Download Submit
C:\Windows\SysWOW64\Fngcmcfe.exe

Filesize
295KB

MD5
f38b1ab02c5cda2538c77b967e48baf4

SHA1
a3191abf25af0f8f2802e1f73c6a0ff3562c45d3

SHA256
a162c23c926ae13ee52d4e881ab90a7c4b1ee22fe0f39ab37f9285090dbbd711

SHA512
da9eb5387c10b04076d9c46ae927ebf8e8e82ade5cf0fed976a09e9c4e8601e284c6011de4f538f0a6de8e82ad8e759ae7704cf777c5d2be94f85d1b1815f779

Download Submit
C:\Windows\SysWOW64\Gbnoiqdq.exe

Filesize
295KB

MD5
9a48dc130ffa07514c9e6e79fdc84a01

SHA1
c2856b4a14794e7e9ae31de526d84f31942683a7

SHA256
8d5de4d672d4edb0e70d0a5c63d6d2eef23d9e795f9bf893013f66f065a3f575

SHA512
20fca2fa6cf6c380489cf8cbbe047861c4bd222a6d3a058b853bf353986f7504ae4d27d9c8c65abf51e799696c1a18138ca64f72bc9b482d85d870d238ed775d

Download Submit
C:\Windows\SysWOW64\Gejopl32.exe

Filesize
295KB

MD5
42fc143d3cccd4d868094e7e6fa58bc1

SHA1
0d753416373869b829c8ea6079eaa7f3938f64d1

SHA256
aa052b805ae1f61b13623dd315943d1a198593bb44d732911212beaef81daa83

SHA512
979493caf49080708d8f6a8e580ddc06a5e509bb66eced829982214bcdd1786e45ff4128cd5d1993fd5c00da5a42d5caa03a3e804774217e829a784e7e0724c1

Download Submit
C:\Windows\SysWOW64\Ghcjeh32.dll

Filesize
7KB

MD5
9d04a7b5e82d89dce06580dccd1b50d7

SHA1
1cd68c0e8bf62d69a46e62c124fc8a136168c0ce

SHA256
80bc87a154000a0648165dc5067b8e47290b15d00f2bf7abf04515b3a5fc327e

SHA512
b324f62a11a4756cf1ad72980deb5d82de12911d73f1c3fd63eb735e09f94c654cc4c54fb9cd505c105972e1ecf82f05152cc3e752c1f147ef31df1aa7edcd79

Download Submit
C:\Windows\SysWOW64\Gikdkj32.exe

Filesize
295KB

MD5
87620d5b496878a89bbd61546a1af37c

SHA1
8ac3917ad5f8413cd884307dbffa102f0fbfe837

SHA256
11cbf5658aee23b22904a0e3e469e80acde3e0448ff0e6be645281108725c9d6

SHA512
86efe500f04a67ec7a747681e38ce5aefd83f4848beb40d70fb362f2ff5136a788a3d1336ab50bbfbb6aaa1da742979c269e0da0908a798ace5ad2c319bfbe7b

Download Submit
C:\Windows\SysWOW64\Glgcbf32.exe

Filesize
295KB

MD5
19641064ae199557f2577995cc91878f

SHA1
2ca7567e45fb911ea89142616fb20e48612fc254

SHA256
30a97f01bc02799a4405c615f9314c51fa176ee85591816722c32d07ed149121

SHA512
01261f36dcf9c41b9724e21096a9231f57b9491c35c9d46485a5d393dfa855004cfa4aece38df7f9774c454cb66b0e6392fa7f749f971d2b77d4a50810daec86

Download Submit
C:\Windows\SysWOW64\Gojiiafp.exe

Filesize
295KB

MD5
10526bb6aa04643c3db6348a166fded8

SHA1
442789c386bfd950689d1f9d0f9bcf19a2772a04

SHA256
5e507f09adfb52f6f7beb6cde2dde43f3f368404089688c028a5ec65dfd8c8ff

SHA512
0c190b0f901ad4bb9022f98b5ad9e746cdda2e63918ca076f2ed79bbd0bb9abb95d3e5a9ef46009101e6599e78de06ca0fe9d3e087950c9e9aff024bfbfb5bc7

Download Submit
C:\Windows\SysWOW64\Hbohpn32.exe

Filesize
295KB

MD5
bd71a7ebd569e9416a625e0f5dd994be

SHA1
f773f3ea65c4567a9f457da45af37d950388b654

SHA256
a5300df30b7f4d5a6e17f96f43fc46d16e0ae6d0deddabd3526abbd5009c806e

SHA512
b5b720cfbdaab1daa1abf105ee15b8a24b35f925a5fca7ef9bfbf014e537ad338481feb0698649b1fa9045f9b65e51ded8b14960837878671048097efc82c808

Download Submit
C:\Windows\SysWOW64\Hidgai32.exe

Filesize
295KB

MD5
ca63069c32539db7f117f1aaefda79e4

SHA1
9bd6eb3b563161fc843eac0a89f8ebdf40d65169

SHA256
25321422aef68c39cbdf3cf101b907c34c256bb6e1778cb2caeae018dfd35425

SHA512
d90eba4f5e6b31661d8359864d2a3c885351b54c33d334d8426d9d2419fcd949759bb861f6339436e50ed2919bcd66d0140c679970b18faa434d788a203abf99

Download Submit
C:\Windows\SysWOW64\Hlglidlo.exe

Filesize
295KB

MD5
4f696d606290ef390b54d587db1ae79c

SHA1
396caa9b5cf694b5686d8d215b87c6d9a6b24e5a

SHA256
552ae4049d0a1bbb7908d231d0a9c06a503255fbe05017584642cfc787ba8a80

SHA512
554e807a2b791dbaa5ffb90064109e2b3ce950f9cc056a69b275832e341434582a44d6c890fece5fad67dbd82075cb030a5c575873e5b1e5a60ed5a7943b0e17

Download Submit
C:\Windows\SysWOW64\Hlnjbedi.exe

Filesize
295KB

MD5
ed43987e7e741feb9cb0557b40d72e88

SHA1
fe67a2f2be7999b78852b2b4d62031372248789d

SHA256
24fb9c522fdd9d630212de19faff36efbbaa616697ca19ac85fb15430b6fbf18

SHA512
6130d9c66049de662eb902dbd0d0ba825ac643600ba44e51ac10608306fc832f9813cfd40d96d8d30ff3824da5f4795885ce2b893df2cbb8024eb369b67e08dc

Download Submit
C:\Windows\SysWOW64\Hlpfhe32.exe

Filesize
295KB

MD5
60b47a516730067297cba4f2583f24fb

SHA1
665ed063f7d5976ffd49bdc80a27f380498ec814

SHA256
53f3d7d59f070c1db35d5a422cdee0c084c52e0b622322ebd7930e9e56101a9d

SHA512
3ebb5abe00eaaf76c350da185e1a4c9ccee3b8edbf8439b691f30b6ed73634794f1f1b81e4f6d3eefe4afa7cb932bb89076a51fa880fa10998be0721a066fcc9

Download Submit
C:\Windows\SysWOW64\Iefgbh32.exe

Filesize
295KB

MD5
77491746624b60fd6575efca62e82e03

SHA1
757e130815064dd5c6382b0f2aedc57d3ad02e81

SHA256
2e45e0eba3f4a30410b65dcb371fc36b2b13af21f9628761a7465986e22f7969

SHA512
928c558205667519ab22c66d199bb15b6a3d794ee4f4373a2ad3ecc6e5ac99609d2060564050a964fe5db0bb6d60f20ec4846e01ce2867195dd8918179519bd2

Download Submit
C:\Windows\SysWOW64\Iipfmggc.exe

Filesize
295KB

MD5
8089df8d6991b7edb00f84777848387b

SHA1
df4c236ca7fcffd1148b2ba397de0854a8a2ee0f

SHA256
881b70b1394c7dc43807c5cccee25b9847a36f260614cabf17456a1e1fd85754

SHA512
896ef09d1d7bdff923ea69b189491d1a1a18898bea9a4ec8ae4f25db5bcacfaa4562418d6f81be6e205a00381cc0db5e61b87dc6e82afb79484fd0f947c6116f

Download Submit
C:\Windows\SysWOW64\Iliinc32.exe

Filesize
295KB

MD5
694b97a6002033de7f7ca6ecccb3f36e

SHA1
a43d0a2f9ce358d88dc9d6a4822ae211870bfa17

SHA256
4c69290927e6fd4272db2032cbe126618482ad75737a86a6b00234c15b2117da

SHA512
6b31fb5482cd30e9ed6c3ee09e0284475fc04beb260a09e3fc90a98ba09b9095e858d77312e9375c4d4b35c8805aed31fa0168fb3adde80baea27dfd42735cd8

Download Submit
C:\Windows\SysWOW64\Illfdc32.exe

Filesize
295KB

MD5
dc68b38c89c496d37bc4ef4b853312e7

SHA1
2d20a50ee44a9f19fb12f9318c52b7c9d9e8f119

SHA256
cdd09bd926fbf2284ad6b997cc7e9112e8e9372fa4282d4cdf0eb69ab88dc5d4

SHA512
7a97efd86de919c171c5b204eef55c0a0b9852085f71ddb82115037c22a228063c98e134d70a2f9327ecd557b1dc75fce0489fe3ce11a512613bfe345ef065ae

Download Submit
C:\Windows\SysWOW64\Iplkpa32.exe

Filesize
295KB

MD5
58e8c178bb57dc4f0797274dc3c7c507

SHA1
743ca5b3a87fd9377737b7d0795e362441416e96

SHA256
3dba732cc15bc474eb667bd97974534d38f5a7cb17756dc475f469084241a085

SHA512
c2ee6a369a968fe6b4fc8a90c0122bdba99168de48aef746dc0db6c1a28983906beeec4d8d84ba3ae093269dbc8a9d51b83411b0abcd77c0778fcc5f11897261

Download Submit
C:\Windows\SysWOW64\Jcmdaljn.exe

Filesize
295KB

MD5
a1422f017a86b3ac629bb20858c4d7c0

SHA1
deac0c3ec9715b6dbca23cfd1bedf300a39e3cd0

SHA256
b47f1607c15149dcd08c7919423bc484e6d0058a84352b05c3976671135b83ee

SHA512
4c437b253b0d720277e5362e8ea3a8bdea753b025ca39ec805ac90004919437abb89e161cdfc6173b524cf53521ead2f35f3fd98755776494f5e0ec600d818ec

Download Submit
C:\Windows\SysWOW64\Jgbchj32.exe

Filesize
295KB

MD5
5d56264ec84d780b4769a363061439c7

SHA1
80f8550cfdef81b94d202052b564006786a0d9b9

SHA256
13ef1dda893f9b716bd3965524a82c18ff0125922708cf1fc3c6285a9107defa

SHA512
2a8d5d18c9a64eddb73442072faf5a35bf0d1c78664d485e678a0d4367b3831ced5b95eae703b0618f39b9e896a067916c8702384a8b3f932d23cf804201d3b0

Download Submit
C:\Windows\SysWOW64\Jllokajf.exe

Filesize
295KB

MD5
efea6993ca9875a83d7065f8e7795bc4

SHA1
95b77051ac822370f540f7fe12106da05d9348ac

SHA256
a56ffacdeaf21f89d522fb73362acd43c723f56f0e220091c4696cda98fc030c

SHA512
2c7331ba9e9547b6512bfb9b2341af6021c3fce196551b53c9582d11ad8d09e9e44dca7796f481a51337d88a9114d98e7b562479b40ab3d1557d1b1cc7def5e8

Download Submit
C:\Windows\SysWOW64\Jocefm32.exe

Filesize
295KB

MD5
a95be74d4b390e988f8cf8ecb987a227

SHA1
a3d32ecd9960c9c3238366a7f458f7edebbb3cbe

SHA256
c4df2d7b6d31f1a48541186374359e6ffd23b3f79380e74eab09d8ad814d9e8d

SHA512
4835cb30b6df61184e8d8d9ef8af7b0228517acc09313fcfc5144cc4521b27c65c3e3ae5ea1cfc537713a4a956176560352057f9430eb68120f47910cb1a0db0

Download Submit
C:\Windows\SysWOW64\Johnamkm.exe

Filesize
295KB

MD5
fb37d287433b9a779602047cfae3cba4

SHA1
7c904e024009f0ecc700dcf0bcde58d68e7144cb

SHA256
433a0683e27becdf3f0a1739de513421a296c3d5ab4271ab03f205211bdad3d9

SHA512
cb6ccd0b585ec35dd369fd5152b64b00f32dc0ff8bd4945d249d7e63293d6d6e0e907c0f6cc7e61ca9875cf3d0fb0562c711d234dbc298e8f17d9a821ff924c3

Download Submit
C:\Windows\SysWOW64\Jpcapp32.exe

Filesize
295KB

MD5
a426f79f00dffe534ca86a959998791a

SHA1
c46e9b362405e0700a5e1b5bb627b48b2a72f505

SHA256
03ee00c7e099166c79da0a9fd07c1267bf377a0dbb213375e64725738cebd0c1

SHA512
756f540d87483f18e885b58e6efa2b581bb87612731b34decc358f89ed649ed591f93dc90bbe365ba678915c900c3f160e88e048d6b6d460fcd150eba8040c39

Download Submit
C:\Windows\SysWOW64\Loofnccf.exe

Filesize
295KB

MD5
100b3504d2c1c070cc78e5a8fcd1787b

SHA1
299ad73effeb4922f55047f45f3d7455a4e4ce11

SHA256
59214726c36fe2df9c99d1013cfe4dadba444471a4c2e7026ddb1300d04851dd

SHA512
cfc42fc2394c65565665cde956cb12eec1d3b45905c83778d3c241c0fd0b5c8828dee4f60790f5ed4eee11c4120c93519b9dd4b59ecd0c5ec9225ab7a07bc64b

Download Submit
C:\Windows\SysWOW64\Nqaiecjd.exe

Filesize
295KB

MD5
1cb288350c54ecbd41585c859c13dcf8

SHA1
4e2da879f0dddb864ae6cce363e11db2c749bfcd

SHA256
2ee7f5ab4a6ba42aeb74e0fe3f171bde5aa204e790e96f4953dd01208dcb3327

SHA512
df283e6183b5fae188f5233d086ea98e5375858f349b7e2b61ca5e594a6838f1e5461f20a93a50eb7a6f32982e39101d876206534428002a62bf1a49cca1c5a6

Download Submit
C:\Windows\SysWOW64\Qamago32.exe

Filesize
295KB

MD5
6d5fa857bd5283a3028545ca57ae50ca

SHA1
d6d888ed69ea6c16af6a46a937ef218eb225fe4f

SHA256
e77b628d7ed302313f7a66901faec83e1e28af73b3175c2c5ced82831a527288

SHA512
e8d1ea3c2f5fc5b3cb85e1113c4fd8e987211cff24eba4ac582db08dbf49fc5c90dffc70bad61515d9a557779824665dc7af4656e37fb4a4f98094a810b3af1d

Download Submit
memory/644-315-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/688-223-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/736-297-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/776-321-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/908-291-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1076-284-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1300-79-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1584-267-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1640-135-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1644-184-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1656-87-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1664-168-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1788-152-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2252-303-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2280-333-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2356-215-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2444-16-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2628-160-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2992-207-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3020-55-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3056-197-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3160-40-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3292-231-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3360-285-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3472-0-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3476-254-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3540-144-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3664-63-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3680-309-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3708-103-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3960-23-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4032-31-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4088-127-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4252-273-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4356-180-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4384-7-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4388-112-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4400-120-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4468-251-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4592-48-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4656-328-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4784-239-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4820-95-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5032-261-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5064-72-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5132-339-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5172-345-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5212-351-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5256-361-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5344-368-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5400-374-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5440-381-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5488-387-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5528-393-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5564-404-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5608-405-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5656-411-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5696-417-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5736-423-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5776-429-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5856-440-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5888-445-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5936-451-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5968-453-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads