59412cf36e38106eb5f64f6ebae6bf4f05698bfd3b2f9ae007782c7a718d2ca9

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59412cf36e38106eb5f64f6ebae6bf4f05698bfd3b2f9ae007782c7a718d2ca9.exe
Size

464KB
MD5

76973f9f275155f6db78f47268262709
SHA1

f54f87497d15835e52dcbefca108a08df241d2bf
SHA256

59412cf36e38106eb5f64f6ebae6bf4f05698bfd3b2f9ae007782c7a718d2ca9
SHA512

6f9b02372c8b492a69e28752c31b3b0ed5ab4c714f41de8b60037ff2ce7ff684a8d12e8cf5b7864e146577c954000e5caaf2be874b4978c3750ae75c2d8fd53f
SSDEEP

12288:x+gah2kkkkK4kXkkkkkkkkl888888888888888888nusG:Igah2kkkkK4kXkkkkkkkkK

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Iidphgcn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hibjli32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Mlpeff32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Fkpool32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Neccpd32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bojomm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Kqdaadln.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Efeihb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hkjafn32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fkpool32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Qlggjk32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qikgco32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hffken32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Fkqeib32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nbadcpbh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Pchlpfjb.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ddjmba32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Nqpcjj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Adkqoohc.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kjkpoq32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Bcinna32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dkdliame.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Oldjcg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Nqmfdj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ondljl32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ocaebc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Pcicklnn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kghjhemo.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hfcnpn32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Hoaojp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Lncjlq32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Jgadgf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Nemmoe32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cnfaohbj.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lnjgfb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hjchaf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mlpokp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Nnfpinmi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Pdhbmh32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hhdhon32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Peieba32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dkbocbog.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dmdhcddh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Nnbnhedj.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pemomqcn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Moipoh32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Onocomdo.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dbicpfdk.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dmohno32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Lnjgfb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Gdncmghi.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Npgmpf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Phganm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pecellgl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Dbicpfdk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ljeafb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Icdheded.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ijcjmmil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Jlfpdh32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Iqmidndd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Liqihglg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Pkenjh32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bcinna32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ndflak32.exe

Executes dropped EXE 64 IoCs

pid	Process
552	Fknicb32.exe
1620	Fkqeib32.exe
764	Fajnfl32.exe
3508	Fnaokmco.exe
4888	Fkeodaai.exe
1896	Gdncmghi.exe
2092	Ghklce32.exe
4396	Ggcfja32.exe
524	Hnoklk32.exe
4816	Hfipbh32.exe
228	Hnddgjbj.exe
3968	Hkjafn32.exe
3440	Knippe32.exe
2576	Kefdbo32.exe
1516	Lidmhmnp.exe
1904	Lbnngbbn.exe
4168	Llipehgk.exe
1588	Mfaqhp32.exe
4232	Mlpeff32.exe
4308	Moaogand.exe
2436	Nemcjk32.exe
1816	Nbadcpbh.exe
3780	Nhpiafnm.exe
2544	Nhbfff32.exe
4128	Nibbqicm.exe
1416	Ocmconhk.exe
4104	Ogklelna.exe
2552	Oofaiokl.exe
4600	Ollnhb32.exe
4392	Pcicklnn.exe
644	Phelcc32.exe
2724	Poaqemao.exe
1180	Pjgebf32.exe
1804	Podmkm32.exe
4884	Pgkelj32.exe
4004	Plhnda32.exe
3352	Qfpbmfdf.exe
2008	Qljjjqlc.exe
4432	Qjnkcekm.exe
4376	Agbkmijg.exe
2360	Ajqgidij.exe
4492	Aompak32.exe
2264	Ahfdjanb.exe
1384	Aihaoqlp.exe
2992	Ajhniccb.exe
2364	Afnnnd32.exe
5128	Bcbohigp.exe
5168	Bcelmhen.exe
5212	Biadeoce.exe
5252	Bgbdcgld.exe
5292	Bqkill32.exe
5332	Bifmqo32.exe
5372	Cgjjdf32.exe
5412	Cjhfpa32.exe
5452	Cpeohh32.exe
5492	Cjjcfabm.exe
5560	Ccchof32.exe
5608	Cippgm32.exe
5648	Cgqqdeod.exe
5688	Cibmlmeb.exe
5728	Ccgajfeh.exe
5768	Dakacjdb.exe
5812	Dfhjkabi.exe
5852	Dannij32.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Pedlgbkh.exe	Pojcjh32.exe
File created	C:\Windows\SysWOW64\Aanbhp32.exe	Ahenokjf.exe
File created	C:\Windows\SysWOW64\Bfgjjm32.exe	Bcinna32.exe
File created	C:\Windows\SysWOW64\Jfegnkqm.dll	Dbicpfdk.exe
File created	C:\Windows\SysWOW64\Onocomdo.exe	Ogekbb32.exe
File created	C:\Windows\SysWOW64\Chkobkod.exe	Cdpcal32.exe
File created	C:\Windows\SysWOW64\Hnoklk32.exe	Ggcfja32.exe
File opened for modification	C:\Windows\SysWOW64\Kbpkkn32.exe	Kqpoakco.exe
File created	C:\Windows\SysWOW64\Bdkohe32.dll	Lenicahg.exe
File opened for modification	C:\Windows\SysWOW64\Efgemb32.exe	Ekaapi32.exe
File created	C:\Windows\SysWOW64\Pqknpl32.dll	Hfcnpn32.exe
File opened for modification	C:\Windows\SysWOW64\Monjjgkb.exe	Mnmmboed.exe
File opened for modification	C:\Windows\SysWOW64\Plhnda32.exe	Pgkelj32.exe
File created	C:\Windows\SysWOW64\Khacqh32.dll	Djqblj32.exe
File opened for modification	C:\Windows\SysWOW64\Kpanan32.exe	Kgflcifg.exe
File created	C:\Windows\SysWOW64\Folnlh32.dll	Mgeakekd.exe
File opened for modification	C:\Windows\SysWOW64\Pnmopk32.exe	Ppjbmc32.exe
File created	C:\Windows\SysWOW64\Hpbiip32.exe	Hdkidohn.exe
File opened for modification	C:\Windows\SysWOW64\Bifmqo32.exe	Bqkill32.exe
File opened for modification	C:\Windows\SysWOW64\Kjpijpdg.exe	Kinmcg32.exe
File created	C:\Windows\SysWOW64\Bhocin32.dll	Ajndioga.exe
File opened for modification	C:\Windows\SysWOW64\Ljfhqh32.exe	Lggldm32.exe
File created	C:\Windows\SysWOW64\Jmbhoeid.exe	Iidphgcn.exe
File created	C:\Windows\SysWOW64\Hnkmnide.dll	Podmkm32.exe
File created	C:\Windows\SysWOW64\Gdbpil32.dll	Cippgm32.exe
File created	C:\Windows\SysWOW64\Enhpaj32.dll	Ghkeio32.exe
File created	C:\Windows\SysWOW64\Oeehkn32.exe	Nlmdbh32.exe
File opened for modification	C:\Windows\SysWOW64\Gbchdp32.exe	Gflhoo32.exe
File opened for modification	C:\Windows\SysWOW64\Mnegbp32.exe	Mcpcdg32.exe
File created	C:\Windows\SysWOW64\Ondljl32.exe	Ogjdmbil.exe
File created	C:\Windows\SysWOW64\Fkelgcfo.dll	Ggcfja32.exe
File opened for modification	C:\Windows\SysWOW64\Nlcalieg.exe	Nclikl32.exe
File created	C:\Windows\SysWOW64\Mbkkam32.dll	Cdpcal32.exe
File created	C:\Windows\SysWOW64\Cmnmphdf.dll	Moaogand.exe
File created	C:\Windows\SysWOW64\Dhbmpk32.dll	Dfgcakon.exe
File opened for modification	C:\Windows\SysWOW64\Edemkd32.exe	Dfamapjo.exe
File created	C:\Windows\SysWOW64\Qljcoj32.exe	Qikgco32.exe
File opened for modification	C:\Windows\SysWOW64\Ppolhcnm.exe	Pnmopk32.exe
File opened for modification	C:\Windows\SysWOW64\Ckebcg32.exe	Cdkifmjq.exe
File opened for modification	C:\Windows\SysWOW64\Phelcc32.exe	Pcicklnn.exe
File created	C:\Windows\SysWOW64\Nmnpml32.dll	Ecefqnel.exe
File created	C:\Windows\SysWOW64\Ggmgbckd.dll	Nknobkje.exe
File created	C:\Windows\SysWOW64\Licfngjd.exe	Lalnmiia.exe
File created	C:\Windows\SysWOW64\Dgcaaddl.dll	Nimbkc32.exe
File opened for modification	C:\Windows\SysWOW64\Ccgjopal.exe	Ckpbnb32.exe
File created	C:\Windows\SysWOW64\Fpejlmcf.exe	Emdajb32.exe
File created	C:\Windows\SysWOW64\Gckoph32.dll	Hplicjok.exe
File opened for modification	C:\Windows\SysWOW64\Maggnali.exe	Mnhkbfme.exe
File created	C:\Windows\SysWOW64\Iibccgep.exe	Ibhkfm32.exe
File opened for modification	C:\Windows\SysWOW64\Igchfiof.exe	Igqkqiai.exe
File created	C:\Windows\SysWOW64\Hodbhp32.dll	Ngqagcag.exe
File opened for modification	C:\Windows\SysWOW64\Ppjbmc32.exe	Pjmjdm32.exe
File created	C:\Windows\SysWOW64\Dannpknl.dll	Nnfpinmi.exe
File created	C:\Windows\SysWOW64\Bdickcpo.exe	Bnoknihb.exe
File created	C:\Windows\SysWOW64\Gojiiafp.exe	Geaepk32.exe
File created	C:\Windows\SysWOW64\Cpabibmg.dll	Hffken32.exe
File created	C:\Windows\SysWOW64\Lncjlq32.exe	Lflbkcll.exe
File opened for modification	C:\Windows\SysWOW64\Onocomdo.exe	Ogekbb32.exe
File opened for modification	C:\Windows\SysWOW64\Bkaobnio.exe	Bdgged32.exe
File opened for modification	C:\Windows\SysWOW64\Licfngjd.exe	Lalnmiia.exe
File created	C:\Windows\SysWOW64\Fjqjajoe.dll	Mlpokp32.exe
File created	C:\Windows\SysWOW64\Lfinqm32.dll	Allpejfe.exe
File opened for modification	C:\Windows\SysWOW64\Bjlpjm32.exe	Bcahmb32.exe
File created	C:\Windows\SysWOW64\Dndnpf32.exe	Dooaoj32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5912	5832	WerFault.exe	588

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ckpbnb32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Nbadcpbh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ajhniccb.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ohnohn32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Pedlgbkh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Qikgco32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Nhpiafnm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Lnaoodjg.dll"	Cibmlmeb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Kiljgf32.dll"	Cfbcke32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Imiehfao.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ciggeb32.dll"	Bnoknihb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ekaapi32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ogakfe32.dll"	Ppjbmc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Fpnfmjbo.dll"	Bqkill32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Bbiado32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cmhigf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Nlfndjhh.dll"	Gdaociml.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Bklfgo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Plhnda32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Milidebi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Jjafok32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hiqhki32.dll"	Nemcjk32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Dakacjdb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jmqgabec.dll"	Dfoplpla.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Gipdap32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qfdngj32.dll"	Hienlpel.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ecakqg32.dll"	Poimpapp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Nhbfff32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cippgm32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Dfamapjo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Igchfiof.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Njiegl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gdglhf32.dll"	Nfaemp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cpmapodj.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Gipdap32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Diinlj32.dll"	Cnahdi32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ilnbicff.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Oabhfg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hnkmnide.dll"	Podmkm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hnlonj32.dll"	Jgogbgei.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Pmoiqneg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Pkegpb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Gemkelcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Kkjqle32.dll"	Hnoklk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Fgibng32.dll"	Lbkkgl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Dimenegi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ghqomgid.dll"	Glcaambb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Oogpjbbb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Edemkd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pdnjmc32.dll"	Ljobpiql.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ankkea32.dll"	Efeihb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Aggpfkjj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Lenicahg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ngbjmd32.dll"	Pecellgl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Eppjfgcp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Hnddgjbj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mjnafk32.dll"	Mnnkgl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Qljcoj32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Aanbhp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Efepbi32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Phonha32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ekppjn32.dll"	Cogddd32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Dhphmj32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Oanfen32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3124 wrote to memory of 552	3124	59412cf36e38106eb5f64f6ebae6bf4f05698bfd3b2f9ae007782c7a718d2ca9.exe	96
PID 3124 wrote to memory of 552	3124	59412cf36e38106eb5f64f6ebae6bf4f05698bfd3b2f9ae007782c7a718d2ca9.exe	96
PID 3124 wrote to memory of 552	3124	59412cf36e38106eb5f64f6ebae6bf4f05698bfd3b2f9ae007782c7a718d2ca9.exe	96
PID 552 wrote to memory of 1620	552	Fknicb32.exe	97
PID 552 wrote to memory of 1620	552	Fknicb32.exe	97
PID 552 wrote to memory of 1620	552	Fknicb32.exe	97
PID 1620 wrote to memory of 764	1620	Fkqeib32.exe	98
PID 1620 wrote to memory of 764	1620	Fkqeib32.exe	98
PID 1620 wrote to memory of 764	1620	Fkqeib32.exe	98
PID 764 wrote to memory of 3508	764	Fajnfl32.exe	99
PID 764 wrote to memory of 3508	764	Fajnfl32.exe	99
PID 764 wrote to memory of 3508	764	Fajnfl32.exe	99
PID 3508 wrote to memory of 4888	3508	Fnaokmco.exe	100
PID 3508 wrote to memory of 4888	3508	Fnaokmco.exe	100
PID 3508 wrote to memory of 4888	3508	Fnaokmco.exe	100
PID 4888 wrote to memory of 1896	4888	Fkeodaai.exe	101
PID 4888 wrote to memory of 1896	4888	Fkeodaai.exe	101
PID 4888 wrote to memory of 1896	4888	Fkeodaai.exe	101
PID 1896 wrote to memory of 2092	1896	Gdncmghi.exe	102
PID 1896 wrote to memory of 2092	1896	Gdncmghi.exe	102
PID 1896 wrote to memory of 2092	1896	Gdncmghi.exe	102
PID 2092 wrote to memory of 4396	2092	Ghklce32.exe	103
PID 2092 wrote to memory of 4396	2092	Ghklce32.exe	103
PID 2092 wrote to memory of 4396	2092	Ghklce32.exe	103
PID 4396 wrote to memory of 524	4396	Ggcfja32.exe	104
PID 4396 wrote to memory of 524	4396	Ggcfja32.exe	104
PID 4396 wrote to memory of 524	4396	Ggcfja32.exe	104
PID 524 wrote to memory of 4816	524	Hnoklk32.exe	105
PID 524 wrote to memory of 4816	524	Hnoklk32.exe	105
PID 524 wrote to memory of 4816	524	Hnoklk32.exe	105
PID 4816 wrote to memory of 228	4816	Hfipbh32.exe	106
PID 4816 wrote to memory of 228	4816	Hfipbh32.exe	106
PID 4816 wrote to memory of 228	4816	Hfipbh32.exe	106
PID 228 wrote to memory of 3968	228	Hnddgjbj.exe	107
PID 228 wrote to memory of 3968	228	Hnddgjbj.exe	107
PID 228 wrote to memory of 3968	228	Hnddgjbj.exe	107
PID 3968 wrote to memory of 3440	3968	Hkjafn32.exe	108
PID 3968 wrote to memory of 3440	3968	Hkjafn32.exe	108
PID 3968 wrote to memory of 3440	3968	Hkjafn32.exe	108
PID 3440 wrote to memory of 2576	3440	Knippe32.exe	109
PID 3440 wrote to memory of 2576	3440	Knippe32.exe	109
PID 3440 wrote to memory of 2576	3440	Knippe32.exe	109
PID 2576 wrote to memory of 1516	2576	Kefdbo32.exe	110
PID 2576 wrote to memory of 1516	2576	Kefdbo32.exe	110
PID 2576 wrote to memory of 1516	2576	Kefdbo32.exe	110
PID 1516 wrote to memory of 1904	1516	Lidmhmnp.exe	111
PID 1516 wrote to memory of 1904	1516	Lidmhmnp.exe	111
PID 1516 wrote to memory of 1904	1516	Lidmhmnp.exe	111
PID 1904 wrote to memory of 4168	1904	Lbnngbbn.exe	112
PID 1904 wrote to memory of 4168	1904	Lbnngbbn.exe	112
PID 1904 wrote to memory of 4168	1904	Lbnngbbn.exe	112
PID 4168 wrote to memory of 1588	4168	Llipehgk.exe	113
PID 4168 wrote to memory of 1588	4168	Llipehgk.exe	113
PID 4168 wrote to memory of 1588	4168	Llipehgk.exe	113
PID 1588 wrote to memory of 4232	1588	Mfaqhp32.exe	114
PID 1588 wrote to memory of 4232	1588	Mfaqhp32.exe	114
PID 1588 wrote to memory of 4232	1588	Mfaqhp32.exe	114
PID 4232 wrote to memory of 4308	4232	Mlpeff32.exe	115
PID 4232 wrote to memory of 4308	4232	Mlpeff32.exe	115
PID 4232 wrote to memory of 4308	4232	Mlpeff32.exe	115
PID 4308 wrote to memory of 2436	4308	Moaogand.exe	116
PID 4308 wrote to memory of 2436	4308	Moaogand.exe	116
PID 4308 wrote to memory of 2436	4308	Moaogand.exe	116
PID 2436 wrote to memory of 1816	2436	Nemcjk32.exe	117

C:\Users\Admin\AppData\Local\Temp\59412cf36e38106eb5f64f6ebae6bf4f05698bfd3b2f9ae007782c7a718d2ca9.exe
"C:\Users\Admin\AppData\Local\Temp\59412cf36e38106eb5f64f6ebae6bf4f05698bfd3b2f9ae007782c7a718d2ca9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3124
- C:\Windows\SysWOW64\Fknicb32.exe
  C:\Windows\system32\Fknicb32.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:552
- - C:\Windows\SysWOW64\Fkqeib32.exe
    C:\Windows\system32\Fkqeib32.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1620
  - - C:\Windows\SysWOW64\Fajnfl32.exe
      C:\Windows\system32\Fajnfl32.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:764
    - - C:\Windows\SysWOW64\Fnaokmco.exe
        
        C:\Windows\system32\Fnaokmco.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3508
      - C:\Windows\SysWOW64\Fkeodaai.exe
        
        C:\Windows\system32\Fkeodaai.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4888
        
        C:\Windows\SysWOW64\Gdncmghi.exe
        
        C:\Windows\system32\Gdncmghi.exe
        7⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1896
        
        C:\Windows\SysWOW64\Ghklce32.exe
        
        C:\Windows\system32\Ghklce32.exe
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2092
        
        C:\Windows\SysWOW64\Ggcfja32.exe
        
        C:\Windows\system32\Ggcfja32.exe
        9⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4396
        
        C:\Windows\SysWOW64\Hnoklk32.exe
        
        C:\Windows\system32\Hnoklk32.exe
        10⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:524
        
        C:\Windows\SysWOW64\Hfipbh32.exe
        
        C:\Windows\system32\Hfipbh32.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4816
        
        C:\Windows\SysWOW64\Hnddgjbj.exe
        
        C:\Windows\system32\Hnddgjbj.exe
        12⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:228
        
        C:\Windows\SysWOW64\Hkjafn32.exe
        
        C:\Windows\system32\Hkjafn32.exe
        13⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3968
        
        C:\Windows\SysWOW64\Knippe32.exe
        
        C:\Windows\system32\Knippe32.exe
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3440
        
        C:\Windows\SysWOW64\Kefdbo32.exe
        
        C:\Windows\system32\Kefdbo32.exe
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2576
        
        C:\Windows\SysWOW64\Lidmhmnp.exe
        
        C:\Windows\system32\Lidmhmnp.exe
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1516
        
        C:\Windows\SysWOW64\Lbnngbbn.exe
        
        C:\Windows\system32\Lbnngbbn.exe
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1904
        
        C:\Windows\SysWOW64\Llipehgk.exe
        
        C:\Windows\system32\Llipehgk.exe
        18⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4168
        
        C:\Windows\SysWOW64\Mfaqhp32.exe
        
        C:\Windows\system32\Mfaqhp32.exe
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1588
        
        C:\Windows\SysWOW64\Mlpeff32.exe
        
        C:\Windows\system32\Mlpeff32.exe
        20⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4232
        
        C:\Windows\SysWOW64\Moaogand.exe
        
        C:\Windows\system32\Moaogand.exe
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4308
        
        C:\Windows\SysWOW64\Nemcjk32.exe
        
        C:\Windows\system32\Nemcjk32.exe
        22⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2436
        
        C:\Windows\SysWOW64\Nbadcpbh.exe
        
        C:\Windows\system32\Nbadcpbh.exe
        23⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:1816
        
        C:\Windows\SysWOW64\Nhpiafnm.exe
        
        C:\Windows\system32\Nhpiafnm.exe
        24⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3780
        
        C:\Windows\SysWOW64\Nhbfff32.exe
        
        C:\Windows\system32\Nhbfff32.exe
        25⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2544
        
        C:\Windows\SysWOW64\Nibbqicm.exe
        
        C:\Windows\system32\Nibbqicm.exe
        26⤵
        Executes dropped EXE
        
        PID:4128
        
        C:\Windows\SysWOW64\Ocmconhk.exe
        
        C:\Windows\system32\Ocmconhk.exe
        27⤵
        Executes dropped EXE
        
        PID:1416
        
        C:\Windows\SysWOW64\Ogklelna.exe
        
        C:\Windows\system32\Ogklelna.exe
        28⤵
        Executes dropped EXE
        
        PID:4104
        
        C:\Windows\SysWOW64\Oofaiokl.exe
        
        C:\Windows\system32\Oofaiokl.exe
        29⤵
        Executes dropped EXE
        
        PID:2552
        
        C:\Windows\SysWOW64\Ollnhb32.exe
        
        C:\Windows\system32\Ollnhb32.exe
        30⤵
        Executes dropped EXE
        
        PID:4600
        
        C:\Windows\SysWOW64\Pcicklnn.exe
        
        C:\Windows\system32\Pcicklnn.exe
        31⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4392
        
        C:\Windows\SysWOW64\Phelcc32.exe
        
        C:\Windows\system32\Phelcc32.exe
        32⤵
        Executes dropped EXE
        
        PID:644
        
        C:\Windows\SysWOW64\Poaqemao.exe
        
        C:\Windows\system32\Poaqemao.exe
        33⤵
        Executes dropped EXE
        
        PID:2724
        
        C:\Windows\SysWOW64\Pjgebf32.exe
        
        C:\Windows\system32\Pjgebf32.exe
        34⤵
        Executes dropped EXE
        
        PID:1180
        
        C:\Windows\SysWOW64\Podmkm32.exe
        
        C:\Windows\system32\Podmkm32.exe
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1804
        
        C:\Windows\SysWOW64\Pgkelj32.exe
        
        C:\Windows\system32\Pgkelj32.exe
        36⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4884
        
        C:\Windows\SysWOW64\Plhnda32.exe
        
        C:\Windows\system32\Plhnda32.exe
        37⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4004
        
        C:\Windows\SysWOW64\Qfpbmfdf.exe
        
        C:\Windows\system32\Qfpbmfdf.exe
        38⤵
        Executes dropped EXE
        
        PID:3352
        
        C:\Windows\SysWOW64\Qljjjqlc.exe
        
        C:\Windows\system32\Qljjjqlc.exe
        39⤵
        Executes dropped EXE
        
        PID:2008
        
        C:\Windows\SysWOW64\Qjnkcekm.exe
        
        C:\Windows\system32\Qjnkcekm.exe
        40⤵
        Executes dropped EXE
        
        PID:4432
        
        C:\Windows\SysWOW64\Agbkmijg.exe
        
        C:\Windows\system32\Agbkmijg.exe
        41⤵
        Executes dropped EXE
        
        PID:4376
        
        C:\Windows\SysWOW64\Ajqgidij.exe
        
        C:\Windows\system32\Ajqgidij.exe
        42⤵
        Executes dropped EXE
        
        PID:2360
        
        C:\Windows\SysWOW64\Aompak32.exe
        
        C:\Windows\system32\Aompak32.exe
        43⤵
        Executes dropped EXE
        
        PID:4492
        
        C:\Windows\SysWOW64\Ahfdjanb.exe
        
        C:\Windows\system32\Ahfdjanb.exe
        44⤵
        Executes dropped EXE
        
        PID:2264
        
        C:\Windows\SysWOW64\Aihaoqlp.exe
        
        C:\Windows\system32\Aihaoqlp.exe
        45⤵
        Executes dropped EXE
        
        PID:1384
        
        C:\Windows\SysWOW64\Ajhniccb.exe
        
        C:\Windows\system32\Ajhniccb.exe
        46⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2992
        
        C:\Windows\SysWOW64\Afnnnd32.exe
        
        C:\Windows\system32\Afnnnd32.exe
        47⤵
        Executes dropped EXE
        
        PID:2364
        
        C:\Windows\SysWOW64\Bcbohigp.exe
        
        C:\Windows\system32\Bcbohigp.exe
        48⤵
        Executes dropped EXE
        
        PID:5128
        
        C:\Windows\SysWOW64\Bcelmhen.exe
        
        C:\Windows\system32\Bcelmhen.exe
        49⤵
        Executes dropped EXE
        
        PID:5168
        
        C:\Windows\SysWOW64\Biadeoce.exe
        
        C:\Windows\system32\Biadeoce.exe
        50⤵
        Executes dropped EXE
        
        PID:5212
        
        C:\Windows\SysWOW64\Bgbdcgld.exe
        
        C:\Windows\system32\Bgbdcgld.exe
        51⤵
        Executes dropped EXE
        
        PID:5252
        
        C:\Windows\SysWOW64\Bqkill32.exe
        
        C:\Windows\system32\Bqkill32.exe
        52⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:5292
        
        C:\Windows\SysWOW64\Bifmqo32.exe
        
        C:\Windows\system32\Bifmqo32.exe
        53⤵
        Executes dropped EXE
        
        PID:5332
        
        C:\Windows\SysWOW64\Cgjjdf32.exe
        
        C:\Windows\system32\Cgjjdf32.exe
        54⤵
        Executes dropped EXE
        
        PID:5372
        
        C:\Windows\SysWOW64\Cjhfpa32.exe
        
        C:\Windows\system32\Cjhfpa32.exe
        55⤵
        Executes dropped EXE
        
        PID:5412
        
        C:\Windows\SysWOW64\Cpeohh32.exe
        
        C:\Windows\system32\Cpeohh32.exe
        56⤵
        Executes dropped EXE
        
        PID:5452
        
        C:\Windows\SysWOW64\Cjjcfabm.exe
        
        C:\Windows\system32\Cjjcfabm.exe
        57⤵
        Executes dropped EXE
        
        PID:5492
        
        C:\Windows\SysWOW64\Ccchof32.exe
        
        C:\Windows\system32\Ccchof32.exe
        58⤵
        Executes dropped EXE
        
        PID:5560
        
        C:\Windows\SysWOW64\Cippgm32.exe
        
        C:\Windows\system32\Cippgm32.exe
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:5608
        
        C:\Windows\SysWOW64\Cgqqdeod.exe
        
        C:\Windows\system32\Cgqqdeod.exe
        60⤵
        Executes dropped EXE
        
        PID:5648
        
        C:\Windows\SysWOW64\Cibmlmeb.exe
        
        C:\Windows\system32\Cibmlmeb.exe
        61⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:5688
        
        C:\Windows\SysWOW64\Ccgajfeh.exe
        
        C:\Windows\system32\Ccgajfeh.exe
        62⤵
        Executes dropped EXE
        
        PID:5728
        
        C:\Windows\SysWOW64\Dakacjdb.exe
        
        C:\Windows\system32\Dakacjdb.exe
        63⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:5768
        
        C:\Windows\SysWOW64\Dfhjkabi.exe
        
        C:\Windows\system32\Dfhjkabi.exe
        64⤵
        Executes dropped EXE
        
        PID:5812
        
        C:\Windows\SysWOW64\Dannij32.exe
        
        C:\Windows\system32\Dannij32.exe
        65⤵
        Executes dropped EXE
        
        PID:5852
        
        C:\Windows\SysWOW64\Djfcaohp.exe
        
        C:\Windows\system32\Djfcaohp.exe
        66⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\Dmdonkgc.exe
        
        C:\Windows\system32\Dmdonkgc.exe
        67⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\Dhjckcgi.exe
        
        C:\Windows\system32\Dhjckcgi.exe
        68⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\Dfoplpla.exe
        
        C:\Windows\system32\Dfoplpla.exe
        69⤵
        Modifies registry class
        
        PID:6016
        
        C:\Windows\SysWOW64\Dfamapjo.exe
        
        C:\Windows\system32\Dfamapjo.exe
        70⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6056
        
        C:\Windows\SysWOW64\Edemkd32.exe
        
        C:\Windows\system32\Edemkd32.exe
        71⤵
        Modifies registry class
        
        PID:6096
        
        C:\Windows\SysWOW64\Eplnpeol.exe
        
        C:\Windows\system32\Eplnpeol.exe
        72⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\Empoiimf.exe
        
        C:\Windows\system32\Empoiimf.exe
        73⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\Efmmmn32.exe
        
        C:\Windows\system32\Efmmmn32.exe
        74⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\Fineoi32.exe
        
        C:\Windows\system32\Fineoi32.exe
        75⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\Fdcjlb32.exe
        
        C:\Windows\system32\Fdcjlb32.exe
        76⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\Fipbdikp.exe
        
        C:\Windows\system32\Fipbdikp.exe
        77⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\Fkpool32.exe
        
        C:\Windows\system32\Fkpool32.exe
        78⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5392
        
        C:\Windows\SysWOW64\Fkbkdkpp.exe
        
        C:\Windows\system32\Fkbkdkpp.exe
        79⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\Fdkpma32.exe
        
        C:\Windows\system32\Fdkpma32.exe
        80⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\Gdmmbq32.exe
        
        C:\Windows\system32\Gdmmbq32.exe
        81⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\Gmeakf32.exe
        
        C:\Windows\system32\Gmeakf32.exe
        82⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\Ghkeio32.exe
        
        C:\Windows\system32\Ghkeio32.exe
        83⤵
        Drops file in System32 directory
        
        PID:5804
        
        C:\Windows\SysWOW64\Gdafnpqh.exe
        
        C:\Windows\system32\Gdafnpqh.exe
        84⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\Ginnfgop.exe
        
        C:\Windows\system32\Ginnfgop.exe
        85⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\Gahcmd32.exe
        
        C:\Windows\system32\Gahcmd32.exe
        86⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\Hjchaf32.exe
        
        C:\Windows\system32\Hjchaf32.exe
        87⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6052
        
        C:\Windows\SysWOW64\Hhdhon32.exe
        
        C:\Windows\system32\Hhdhon32.exe
        88⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:1648
        
        C:\Windows\SysWOW64\Hjedffig.exe
        
        C:\Windows\system32\Hjedffig.exe
        89⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\Hdkidohn.exe
        
        C:\Windows\system32\Hdkidohn.exe
        90⤵
        Drops file in System32 directory
        
        PID:6128
        
        C:\Windows\SysWOW64\Hpbiip32.exe
        
        C:\Windows\system32\Hpbiip32.exe
        91⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\Haafcb32.exe
        
        C:\Windows\system32\Haafcb32.exe
        92⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\Igqkqiai.exe
        
        C:\Windows\system32\Igqkqiai.exe
        93⤵
        Drops file in System32 directory
        
        PID:5260
        
        C:\Windows\SysWOW64\Igchfiof.exe
        
        C:\Windows\system32\Igchfiof.exe
        94⤵
        Modifies registry class
        
        PID:4996
        
        C:\Windows\SysWOW64\Iqmidndd.exe
        
        C:\Windows\system32\Iqmidndd.exe
        95⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5436
        
        C:\Windows\SysWOW64\Ikcmbfcj.exe
        
        C:\Windows\system32\Ikcmbfcj.exe
        96⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\Iqpfjnba.exe
        
        C:\Windows\system32\Iqpfjnba.exe
        97⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\Jdnoplhh.exe
        
        C:\Windows\system32\Jdnoplhh.exe
        98⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\Jglklggl.exe
        
        C:\Windows\system32\Jglklggl.exe
        99⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\Jqdoem32.exe
        
        C:\Windows\system32\Jqdoem32.exe
        100⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\Jgogbgei.exe
        
        C:\Windows\system32\Jgogbgei.exe
        101⤵
        Modifies registry class
        
        PID:1772
        
        C:\Windows\SysWOW64\Jqglkmlj.exe
        
        C:\Windows\system32\Jqglkmlj.exe
        102⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\Jgadgf32.exe
        
        C:\Windows\system32\Jgadgf32.exe
        103⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:216
        
        C:\Windows\SysWOW64\Jbiejoaj.exe
        
        C:\Windows\system32\Jbiejoaj.exe
        104⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\Jjdjoane.exe
        
        C:\Windows\system32\Jjdjoane.exe
        105⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\Kghjhemo.exe
        
        C:\Windows\system32\Kghjhemo.exe
        106⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5544
        
        C:\Windows\SysWOW64\Kqpoakco.exe
        
        C:\Windows\system32\Kqpoakco.exe
        107⤵
        Drops file in System32 directory
        
        PID:5696
        
        C:\Windows\SysWOW64\Kbpkkn32.exe
        
        C:\Windows\system32\Kbpkkn32.exe
        108⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\Kgmcce32.exe
        
        C:\Windows\system32\Kgmcce32.exe
        109⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\Kjkpoq32.exe
        
        C:\Windows\system32\Kjkpoq32.exe
        110⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4568
        
        C:\Windows\SysWOW64\Kjmmepfj.exe
        
        C:\Windows\system32\Kjmmepfj.exe
        111⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\Kinmcg32.exe
        
        C:\Windows\system32\Kinmcg32.exe
        112⤵
        Drops file in System32 directory
        
        PID:5444
        
        C:\Windows\SysWOW64\Kjpijpdg.exe
        
        C:\Windows\system32\Kjpijpdg.exe
        113⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\Lajagj32.exe
        
        C:\Windows\system32\Lajagj32.exe
        114⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\Liqihglg.exe
        
        C:\Windows\system32\Liqihglg.exe
        115⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5136
        
        C:\Windows\SysWOW64\Lalnmiia.exe
        
        C:\Windows\system32\Lalnmiia.exe
        116⤵
        Drops file in System32 directory
        
        PID:5236
        
        C:\Windows\SysWOW64\Licfngjd.exe
        
        C:\Windows\system32\Licfngjd.exe
        117⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\Lbkkgl32.exe
        
        C:\Windows\system32\Lbkkgl32.exe
        118⤵
        Modifies registry class
        
        PID:3260
        
        C:\Windows\SysWOW64\Ljkifn32.exe
        
        C:\Windows\system32\Ljkifn32.exe
        119⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\Milidebi.exe
        
        C:\Windows\system32\Milidebi.exe
        120⤵
        Modifies registry class
        
        PID:6028
        
        C:\Windows\SysWOW64\Mlmbfqoj.exe
        
        C:\Windows\system32\Mlmbfqoj.exe
        121⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\Mnlnbl32.exe
        
        C:\Windows\system32\Mnlnbl32.exe
        122⤵
        
        PID:320
        
        C:\Windows\SysWOW64\Majjng32.exe
        
        C:\Windows\system32\Majjng32.exe
        123⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\Miaboe32.exe
        
        C:\Windows\system32\Miaboe32.exe
        124⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\Mlpokp32.exe
        
        C:\Windows\system32\Mlpokp32.exe
        125⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:6204
        
        C:\Windows\SysWOW64\Mnnkgl32.exe
        
        C:\Windows\system32\Mnnkgl32.exe
        126⤵
        Modifies registry class
        
        PID:6248
        
        C:\Windows\SysWOW64\Malgcg32.exe
        
        C:\Windows\system32\Malgcg32.exe
        127⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\Mlbkap32.exe
        
        C:\Windows\system32\Mlbkap32.exe
        128⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\Mblcnj32.exe
        
        C:\Windows\system32\Mblcnj32.exe
        129⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\Mejpje32.exe
        
        C:\Windows\system32\Mejpje32.exe
        130⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\Njghbl32.exe
        
        C:\Windows\system32\Njghbl32.exe
        131⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\Nemmoe32.exe
        
        C:\Windows\system32\Nemmoe32.exe
        132⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6520
        
        C:\Windows\SysWOW64\Nhkikq32.exe
        
        C:\Windows\system32\Nhkikq32.exe
        133⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\Njiegl32.exe
        
        C:\Windows\system32\Njiegl32.exe
        134⤵
        Modifies registry class
        
        PID:6608
        
        C:\Windows\SysWOW64\Neoieenp.exe
        
        C:\Windows\system32\Neoieenp.exe
        135⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\Nhmeapmd.exe
        
        C:\Windows\system32\Nhmeapmd.exe
        136⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\Nklbmllg.exe
        
        C:\Windows\system32\Nklbmllg.exe
        137⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\Nimbkc32.exe
        
        C:\Windows\system32\Nimbkc32.exe
        138⤵
        Drops file in System32 directory
        
        PID:6796
        
        C:\Windows\SysWOW64\Nknobkje.exe
        
        C:\Windows\system32\Nknobkje.exe
        139⤵
        Drops file in System32 directory
        
        PID:6836
        
        C:\Windows\SysWOW64\Neccpd32.exe
        
        C:\Windows\system32\Neccpd32.exe
        140⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6888
        
        C:\Windows\SysWOW64\Oondnini.exe
        
        C:\Windows\system32\Oondnini.exe
        141⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\Oaompd32.exe
        
        C:\Windows\system32\Oaompd32.exe
        142⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\Oaajed32.exe
        
        C:\Windows\system32\Oaajed32.exe
        143⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\Ohnohn32.exe
        
        C:\Windows\system32\Ohnohn32.exe
        144⤵
        Modifies registry class
        
        PID:7064
        
        C:\Windows\SysWOW64\Obcceg32.exe
        
        C:\Windows\system32\Obcceg32.exe
        145⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\Pojcjh32.exe
        
        C:\Windows\system32\Pojcjh32.exe
        146⤵
        Drops file in System32 directory
        
        PID:2384
        
        C:\Windows\SysWOW64\Pedlgbkh.exe
        
        C:\Windows\system32\Pedlgbkh.exe
        147⤵
        Modifies registry class
        
        PID:6184
        
        C:\Windows\SysWOW64\Phbhcmjl.exe
        
        C:\Windows\system32\Phbhcmjl.exe
        148⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\Pkadoiip.exe
        
        C:\Windows\system32\Pkadoiip.exe
        149⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\Pchlpfjb.exe
        
        C:\Windows\system32\Pchlpfjb.exe
        150⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6364
        
        C:\Windows\SysWOW64\Pefhlaie.exe
        
        C:\Windows\system32\Pefhlaie.exe
        151⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\Phedhmhi.exe
        
        C:\Windows\system32\Phedhmhi.exe
        152⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\Pcjiff32.exe
        
        C:\Windows\system32\Pcjiff32.exe
        153⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\Peieba32.exe
        
        C:\Windows\system32\Peieba32.exe
        154⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6664
        
        C:\Windows\SysWOW64\Phganm32.exe
        
        C:\Windows\system32\Phganm32.exe
        155⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6732
        
        C:\Windows\SysWOW64\Pkenjh32.exe
        
        C:\Windows\system32\Pkenjh32.exe
        156⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6820
        
        C:\Windows\SysWOW64\Pcmeke32.exe
        
        C:\Windows\system32\Pcmeke32.exe
        157⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\Pekbga32.exe
        
        C:\Windows\system32\Pekbga32.exe
        158⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\Plejdkmm.exe
        
        C:\Windows\system32\Plejdkmm.exe
        159⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\Pemomqcn.exe
        
        C:\Windows\system32\Pemomqcn.exe
        160⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7072
        
        C:\Windows\SysWOW64\Qlggjk32.exe
        
        C:\Windows\system32\Qlggjk32.exe
        161⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7136
        
        C:\Windows\SysWOW64\Qcaofebg.exe
        
        C:\Windows\system32\Qcaofebg.exe
        162⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\Qikgco32.exe
        
        C:\Windows\system32\Qikgco32.exe
        163⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:6264
        
        C:\Windows\SysWOW64\Qljcoj32.exe
        
        C:\Windows\system32\Qljcoj32.exe
        164⤵
        Modifies registry class
        
        PID:6376
        
        C:\Windows\SysWOW64\Qohpkf32.exe
        
        C:\Windows\system32\Qohpkf32.exe
        165⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\Ajndioga.exe
        
        C:\Windows\system32\Ajndioga.exe
        166⤵
        Drops file in System32 directory
        
        PID:6560
        
        C:\Windows\SysWOW64\Allpejfe.exe
        
        C:\Windows\system32\Allpejfe.exe
        167⤵
        Drops file in System32 directory
        
        PID:6680
        
        C:\Windows\SysWOW64\Acfhad32.exe
        
        C:\Windows\system32\Acfhad32.exe
        168⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\Ahcajk32.exe
        
        C:\Windows\system32\Ahcajk32.exe
        169⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\Ahenokjf.exe
        
        C:\Windows\system32\Ahenokjf.exe
        170⤵
        Drops file in System32 directory
        
        PID:7012
        
        C:\Windows\SysWOW64\Aanbhp32.exe
        
        C:\Windows\system32\Aanbhp32.exe
        171⤵
        Modifies registry class
        
        PID:7104
        
        C:\Windows\SysWOW64\Ahgjejhd.exe
        
        C:\Windows\system32\Ahgjejhd.exe
        172⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\Afkknogn.exe
        
        C:\Windows\system32\Afkknogn.exe
        173⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\Bfngdn32.exe
        
        C:\Windows\system32\Bfngdn32.exe
        174⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\Blhpqhlh.exe
        
        C:\Windows\system32\Blhpqhlh.exe
        175⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\Bcahmb32.exe
        
        C:\Windows\system32\Bcahmb32.exe
        176⤵
        Drops file in System32 directory
        
        PID:6860
        
        C:\Windows\SysWOW64\Bjlpjm32.exe
        
        C:\Windows\system32\Bjlpjm32.exe
        177⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\Bljlfh32.exe
        
        C:\Windows\system32\Bljlfh32.exe
        178⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\Bfbaonae.exe
        
        C:\Windows\system32\Bfbaonae.exe
        179⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\Bbiado32.exe
        
        C:\Windows\system32\Bbiado32.exe
        180⤵
        Modifies registry class
        
        PID:4500
        
        C:\Windows\SysWOW64\Bkafmd32.exe
        
        C:\Windows\system32\Bkafmd32.exe
        181⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\Bcinna32.exe
        
        C:\Windows\system32\Bcinna32.exe
        182⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:7124
        
        C:\Windows\SysWOW64\Bfgjjm32.exe
        
        C:\Windows\system32\Bfgjjm32.exe
        183⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\Bmabggdm.exe
        
        C:\Windows\system32\Bmabggdm.exe
        184⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\Bbnkonbd.exe
        
        C:\Windows\system32\Bbnkonbd.exe
        185⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\Cmcolgbj.exe
        
        C:\Windows\system32\Cmcolgbj.exe
        186⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\Cobkhb32.exe
        
        C:\Windows\system32\Cobkhb32.exe
        187⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\Cmflbf32.exe
        
        C:\Windows\system32\Cmflbf32.exe
        188⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\Cfnqklgh.exe
        
        C:\Windows\system32\Cfnqklgh.exe
        189⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\Cmhigf32.exe
        
        C:\Windows\system32\Cmhigf32.exe
        190⤵
        Modifies registry class
        
        PID:7296
        
        C:\Windows\SysWOW64\Cbgnemjj.exe
        
        C:\Windows\system32\Cbgnemjj.exe
        191⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\Ciafbg32.exe
        
        C:\Windows\system32\Ciafbg32.exe
        192⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\Ckpbnb32.exe
        
        C:\Windows\system32\Ckpbnb32.exe
        193⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7420
        
        C:\Windows\SysWOW64\Ccgjopal.exe
        
        C:\Windows\system32\Ccgjopal.exe
        194⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\Djqblj32.exe
        
        C:\Windows\system32\Djqblj32.exe
        195⤵
        Drops file in System32 directory
        
        PID:7508
        
        C:\Windows\SysWOW64\Dkbocbog.exe
        
        C:\Windows\system32\Dkbocbog.exe
        196⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7552
        
        C:\Windows\SysWOW64\Dfgcakon.exe
        
        C:\Windows\system32\Dfgcakon.exe
        197⤵
        Drops file in System32 directory
        
        PID:7596
        
        C:\Windows\SysWOW64\Dkdliame.exe
        
        C:\Windows\system32\Dkdliame.exe
        198⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7636
        
        C:\Windows\SysWOW64\Dbndfl32.exe
        
        C:\Windows\system32\Dbndfl32.exe
        199⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\Dmdhcddh.exe
        
        C:\Windows\system32\Dmdhcddh.exe
        200⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7724
        
        C:\Windows\SysWOW64\Dcnqpo32.exe
        
        C:\Windows\system32\Dcnqpo32.exe
        201⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\Djhimica.exe
        
        C:\Windows\system32\Djhimica.exe
        202⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\Dimenegi.exe
        
        C:\Windows\system32\Dimenegi.exe
        203⤵
        Modifies registry class
        
        PID:7848
        
        C:\Windows\SysWOW64\Emkndc32.exe
        
        C:\Windows\system32\Emkndc32.exe
        204⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\Ecefqnel.exe
        
        C:\Windows\system32\Ecefqnel.exe
        205⤵
        Drops file in System32 directory
        
        PID:7932
        
        C:\Windows\SysWOW64\Efepbi32.exe
        
        C:\Windows\system32\Efepbi32.exe
        206⤵
        Modifies registry class
        
        PID:7972
        
        C:\Windows\SysWOW64\Eciplm32.exe
        
        C:\Windows\system32\Eciplm32.exe
        207⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\Emdajb32.exe
        
        C:\Windows\system32\Emdajb32.exe
        208⤵
        Drops file in System32 directory
        
        PID:8056
        
        C:\Windows\SysWOW64\Fpejlmcf.exe
        
        C:\Windows\system32\Fpejlmcf.exe
        209⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\Fbcfhibj.exe
        
        C:\Windows\system32\Fbcfhibj.exe
        210⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\Ffaong32.exe
        
        C:\Windows\system32\Ffaong32.exe
        211⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\Flngfn32.exe
        
        C:\Windows\system32\Flngfn32.exe
        212⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\Glcaambb.exe
        
        C:\Windows\system32\Glcaambb.exe
        213⤵
        Modifies registry class
        
        PID:7264
        
        C:\Windows\SysWOW64\Gfheof32.exe
        
        C:\Windows\system32\Gfheof32.exe
        214⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\Gmbmkpie.exe
        
        C:\Windows\system32\Gmbmkpie.exe
        215⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\Gdlfhj32.exe
        
        C:\Windows\system32\Gdlfhj32.exe
        216⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\Gfkbde32.exe
        
        C:\Windows\system32\Gfkbde32.exe
        217⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\Glgjlm32.exe
        
        C:\Windows\system32\Glgjlm32.exe
        218⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\Gdaociml.exe
        
        C:\Windows\system32\Gdaociml.exe
        219⤵
        Modifies registry class
        
        PID:7676
        
        C:\Windows\SysWOW64\Gmiclo32.exe
        
        C:\Windows\system32\Gmiclo32.exe
        220⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\Gipdap32.exe
        
        C:\Windows\system32\Gipdap32.exe
        221⤵
        Modifies registry class
        
        PID:7828
        
        C:\Windows\SysWOW64\Hpjmnjqn.exe
        
        C:\Windows\system32\Hpjmnjqn.exe
        222⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\Hplicjok.exe
        
        C:\Windows\system32\Hplicjok.exe
        223⤵
        Drops file in System32 directory
        
        PID:7960
        
        C:\Windows\SysWOW64\Hckeoeno.exe
        
        C:\Windows\system32\Hckeoeno.exe
        224⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\Hienlpel.exe
        
        C:\Windows\system32\Hienlpel.exe
        225⤵
        Modifies registry class
        
        PID:8120
        
        C:\Windows\SysWOW64\Hlcjhkdp.exe
        
        C:\Windows\system32\Hlcjhkdp.exe
        226⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\Hdjbiheb.exe
        
        C:\Windows\system32\Hdjbiheb.exe
        227⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\Hlhccj32.exe
        
        C:\Windows\system32\Hlhccj32.exe
        228⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\Hgmgqc32.exe
        
        C:\Windows\system32\Hgmgqc32.exe
        229⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\Hildmn32.exe
        
        C:\Windows\system32\Hildmn32.exe
        230⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\Icdheded.exe
        
        C:\Windows\system32\Icdheded.exe
        231⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7668
        
        C:\Windows\SysWOW64\Iknmla32.exe
        
        C:\Windows\system32\Iknmla32.exe
        232⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\Ijcjmmil.exe
        
        C:\Windows\system32\Ijcjmmil.exe
        233⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7860
        
        C:\Windows\SysWOW64\Jlfpdh32.exe
        
        C:\Windows\system32\Jlfpdh32.exe
        234⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7564
        
        C:\Windows\SysWOW64\Jcphab32.exe
        
        C:\Windows\system32\Jcphab32.exe
        235⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\Jcbdgb32.exe
        
        C:\Windows\system32\Jcbdgb32.exe
        236⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\Jjoiil32.exe
        
        C:\Windows\system32\Jjoiil32.exe
        237⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\Jcgnbaeo.exe
        
        C:\Windows\system32\Jcgnbaeo.exe
        238⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\Jjafok32.exe
        
        C:\Windows\system32\Jjafok32.exe
        239⤵
        Modifies registry class
        
        PID:7644
        
        C:\Windows\SysWOW64\Jdfjld32.exe
        
        C:\Windows\system32\Jdfjld32.exe
        240⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\Kcndbp32.exe
        
        C:\Windows\system32\Kcndbp32.exe
        241⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\Kjhloj32.exe
        
        C:\Windows\system32\Kjhloj32.exe
        242⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\Kqbdldnq.exe
        
        C:\Windows\system32\Kqbdldnq.exe
        243⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\Kkgiimng.exe
        
        C:\Windows\system32\Kkgiimng.exe
        244⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\Kqdaadln.exe
        
        C:\Windows\system32\Kqdaadln.exe
        245⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8072
        
        C:\Windows\SysWOW64\Kkjeomld.exe
        
        C:\Windows\system32\Kkjeomld.exe
        246⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\Lgqfdnah.exe
        
        C:\Windows\system32\Lgqfdnah.exe
        247⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\Ljobpiql.exe
        
        C:\Windows\system32\Ljobpiql.exe
        248⤵
        Modifies registry class
        
        PID:7372
        
        C:\Windows\SysWOW64\Lgccinoe.exe
        
        C:\Windows\system32\Lgccinoe.exe
        249⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\Lnohlgep.exe
        
        C:\Windows\system32\Lnohlgep.exe
        250⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\Lggldm32.exe
        
        C:\Windows\system32\Lggldm32.exe
        251⤵
        Drops file in System32 directory
        
        PID:8200
        
        C:\Windows\SysWOW64\Ljfhqh32.exe
        
        C:\Windows\system32\Ljfhqh32.exe
        252⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\Lekmnajj.exe
        
        C:\Windows\system32\Lekmnajj.exe
        253⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\Ljhefhha.exe
        
        C:\Windows\system32\Ljhefhha.exe
        254⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\Lenicahg.exe
        
        C:\Windows\system32\Lenicahg.exe
        255⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:8388
        
        C:\Windows\SysWOW64\Mjkblhfo.exe
        
        C:\Windows\system32\Mjkblhfo.exe
        256⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\Mnhkbfme.exe
        
        C:\Windows\system32\Mnhkbfme.exe
        257⤵
        Drops file in System32 directory
        
        PID:8472
        
        C:\Windows\SysWOW64\Maggnali.exe
        
        C:\Windows\system32\Maggnali.exe
        258⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\Mcecjmkl.exe
        
        C:\Windows\system32\Mcecjmkl.exe
        259⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\Mkmkkjko.exe
        
        C:\Windows\system32\Mkmkkjko.exe
        260⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\Mnkggfkb.exe
        
        C:\Windows\system32\Mnkggfkb.exe
        261⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\Meepdp32.exe
        
        C:\Windows\system32\Meepdp32.exe
        262⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\Mjahlgpf.exe
        
        C:\Windows\system32\Mjahlgpf.exe
        263⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\Nclikl32.exe
        
        C:\Windows\system32\Nclikl32.exe
        264⤵
        Drops file in System32 directory
        
        PID:8780
        
        C:\Windows\SysWOW64\Nlcalieg.exe
        
        C:\Windows\system32\Nlcalieg.exe
        265⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\Nnbnhedj.exe
        
        C:\Windows\system32\Nnbnhedj.exe
        266⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8864
        
        C:\Windows\SysWOW64\Napjdpcn.exe
        
        C:\Windows\system32\Napjdpcn.exe
        267⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\Ncofplba.exe
        
        C:\Windows\system32\Ncofplba.exe
        268⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\Nndjndbh.exe
        
        C:\Windows\system32\Nndjndbh.exe
        269⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\Nenbjo32.exe
        
        C:\Windows\system32\Nenbjo32.exe
        270⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\Nccokk32.exe
        
        C:\Windows\system32\Nccokk32.exe
        271⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\Njmhhefi.exe
        
        C:\Windows\system32\Njmhhefi.exe
        272⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\Nmlddqem.exe
        
        C:\Windows\system32\Nmlddqem.exe
        273⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\Ndflak32.exe
        
        C:\Windows\system32\Ndflak32.exe
        274⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8196
        
        C:\Windows\SysWOW64\Nlmdbh32.exe
        
        C:\Windows\system32\Nlmdbh32.exe
        275⤵
        Drops file in System32 directory
        
        PID:8256
        
        C:\Windows\SysWOW64\Oeehkn32.exe
        
        C:\Windows\system32\Oeehkn32.exe
        276⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\Ohcegi32.exe
        
        C:\Windows\system32\Ohcegi32.exe
        277⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\Ojbacd32.exe
        
        C:\Windows\system32\Ojbacd32.exe
        278⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\Ojdnid32.exe
        
        C:\Windows\system32\Ojdnid32.exe
        279⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\Oanfen32.exe
        
        C:\Windows\system32\Oanfen32.exe
        280⤵
        Modifies registry class
        
        PID:8584
        
        C:\Windows\SysWOW64\Odmbaj32.exe
        
        C:\Windows\system32\Odmbaj32.exe
        281⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\Oldjcg32.exe
        
        C:\Windows\system32\Oldjcg32.exe
        282⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8720
        
        C:\Windows\SysWOW64\Omegjomb.exe
        
        C:\Windows\system32\Omegjomb.exe
        283⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\Odoogi32.exe
        
        C:\Windows\system32\Odoogi32.exe
        284⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\Omgcpokp.exe
        
        C:\Windows\system32\Omgcpokp.exe
        285⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\Oogpjbbb.exe
        
        C:\Windows\system32\Oogpjbbb.exe
        286⤵
        Modifies registry class
        
        PID:8992
        
        C:\Windows\SysWOW64\Peahgl32.exe
        
        C:\Windows\system32\Peahgl32.exe
        287⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\Poimpapp.exe
        
        C:\Windows\system32\Poimpapp.exe
        288⤵
        Modifies registry class
        
        PID:9124
        
        C:\Windows\SysWOW64\Pecellgl.exe
        
        C:\Windows\system32\Pecellgl.exe
        289⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7740
        
        C:\Windows\SysWOW64\Phaahggp.exe
        
        C:\Windows\system32\Phaahggp.exe
        290⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\Pmoiqneg.exe
        
        C:\Windows\system32\Pmoiqneg.exe
        291⤵
        Modifies registry class
        
        PID:8396
        
        C:\Windows\SysWOW64\Pdhbmh32.exe
        
        C:\Windows\system32\Pdhbmh32.exe
        292⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8504
        
        C:\Windows\SysWOW64\Pmaffnce.exe
        
        C:\Windows\system32\Pmaffnce.exe
        293⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\Pdkoch32.exe
        
        C:\Windows\system32\Pdkoch32.exe
        294⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\Pkegpb32.exe
        
        C:\Windows\system32\Pkegpb32.exe
        295⤵
        Modifies registry class
        
        PID:8832
        
        C:\Windows\SysWOW64\Qmepam32.exe
        
        C:\Windows\system32\Qmepam32.exe
        296⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\Qdphngfl.exe
        
        C:\Windows\system32\Qdphngfl.exe
        297⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\Qlgpod32.exe
        
        C:\Windows\system32\Qlgpod32.exe
        298⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\Qachgk32.exe
        
        C:\Windows\system32\Qachgk32.exe
        299⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\Anobgl32.exe
        
        C:\Windows\system32\Anobgl32.exe
        300⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\Ahdged32.exe
        
        C:\Windows\system32\Ahdged32.exe
        301⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\Alelqb32.exe
        
        C:\Windows\system32\Alelqb32.exe
        302⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\Boeebnhp.exe
        
        C:\Windows\system32\Boeebnhp.exe
        303⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\Bdbnjdfg.exe
        
        C:\Windows\system32\Bdbnjdfg.exe
        304⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\Bklfgo32.exe
        
        C:\Windows\system32\Bklfgo32.exe
        305⤵
        Modifies registry class
        
        PID:8372
        
        C:\Windows\SysWOW64\Bnkbcj32.exe
        
        C:\Windows\system32\Bnkbcj32.exe
        306⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\Bebjdgmj.exe
        
        C:\Windows\system32\Bebjdgmj.exe
        307⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\Bhpfqcln.exe
        
        C:\Windows\system32\Bhpfqcln.exe
        308⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\Bojomm32.exe
        
        C:\Windows\system32\Bojomm32.exe
        309⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8276
        
        C:\Windows\SysWOW64\Bahkih32.exe
        
        C:\Windows\system32\Bahkih32.exe
        310⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\Bdgged32.exe
        
        C:\Windows\system32\Bdgged32.exe
        311⤵
        Drops file in System32 directory
        
        PID:9220
        
        C:\Windows\SysWOW64\Bkaobnio.exe
        
        C:\Windows\system32\Bkaobnio.exe
        312⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\Bnoknihb.exe
        
        C:\Windows\system32\Bnoknihb.exe
        313⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:9356
        
        C:\Windows\SysWOW64\Bdickcpo.exe
        
        C:\Windows\system32\Bdickcpo.exe
        314⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\Blqllqqa.exe
        
        C:\Windows\system32\Blqllqqa.exe
        315⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\Cnahdi32.exe
        
        C:\Windows\system32\Cnahdi32.exe
        316⤵
        Modifies registry class
        
        PID:9492
        
        C:\Windows\SysWOW64\Cfipef32.exe
        
        C:\Windows\system32\Cfipef32.exe
        317⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\Chglab32.exe
        
        C:\Windows\system32\Chglab32.exe
        318⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\Ckeimm32.exe
        
        C:\Windows\system32\Ckeimm32.exe
        319⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\Cndeii32.exe
        
        C:\Windows\system32\Cndeii32.exe
        320⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\Cdnmfclj.exe
        
        C:\Windows\system32\Cdnmfclj.exe
        321⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\Cleegp32.exe
        
        C:\Windows\system32\Cleegp32.exe
        322⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\Cnfaohbj.exe
        
        C:\Windows\system32\Cnfaohbj.exe
        323⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:9804
        
        C:\Windows\SysWOW64\Cfnjpfcl.exe
        
        C:\Windows\system32\Cfnjpfcl.exe
        324⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\Ckjbhmad.exe
        
        C:\Windows\system32\Ckjbhmad.exe
        325⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\Cbdjeg32.exe
        
        C:\Windows\system32\Cbdjeg32.exe
        326⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\Cljobphg.exe
        
        C:\Windows\system32\Cljobphg.exe
        327⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\Cfbcke32.exe
        
        C:\Windows\system32\Cfbcke32.exe
        328⤵
        Modifies registry class
        
        PID:10020
        
        C:\Windows\SysWOW64\Dokgdkeh.exe
        
        C:\Windows\system32\Dokgdkeh.exe
        329⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\Dbicpfdk.exe
        
        C:\Windows\system32\Dbicpfdk.exe
        330⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:10116
        
        C:\Windows\SysWOW64\Ddgplado.exe
        
        C:\Windows\system32\Ddgplado.exe
        331⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\Dmohno32.exe
        
        C:\Windows\system32\Dmohno32.exe
        332⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10208
        
        C:\Windows\SysWOW64\Ddjmba32.exe
        
        C:\Windows\system32\Ddjmba32.exe
        333⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8916
        
        C:\Windows\SysWOW64\Dooaoj32.exe
        
        C:\Windows\system32\Dooaoj32.exe
        334⤵
        Drops file in System32 directory
        
        PID:9340
        
        C:\Windows\SysWOW64\Dndnpf32.exe
        
        C:\Windows\system32\Dndnpf32.exe
        335⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\Deqcbpld.exe
        
        C:\Windows\system32\Deqcbpld.exe
        336⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\Eecphp32.exe
        
        C:\Windows\system32\Eecphp32.exe
        337⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\Enkdaepb.exe
        
        C:\Windows\system32\Enkdaepb.exe
        338⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\Emmdom32.exe
        
        C:\Windows\system32\Emmdom32.exe
        339⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\Efeihb32.exe
        
        C:\Windows\system32\Efeihb32.exe
        340⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:9728
        
        C:\Windows\SysWOW64\Eicedn32.exe
        
        C:\Windows\system32\Eicedn32.exe
        341⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\Ekaapi32.exe
        
        C:\Windows\system32\Ekaapi32.exe
        342⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:9884
        
        C:\Windows\SysWOW64\Efgemb32.exe
        
        C:\Windows\system32\Efgemb32.exe
        343⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\Eppjfgcp.exe
        
        C:\Windows\system32\Eppjfgcp.exe
        344⤵
        Modifies registry class
        
        PID:10012
        
        C:\Windows\SysWOW64\Flfkkhid.exe
        
        C:\Windows\system32\Flfkkhid.exe
        345⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\Fflohaij.exe
        
        C:\Windows\system32\Fflohaij.exe
        346⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\Fimhjl32.exe
        
        C:\Windows\system32\Fimhjl32.exe
        347⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\Flkdfh32.exe
        
        C:\Windows\system32\Flkdfh32.exe
        348⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\Fbelcblk.exe
        
        C:\Windows\system32\Fbelcblk.exe
        349⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\Fechomko.exe
        
        C:\Windows\system32\Fechomko.exe
        350⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\Flpmagqi.exe
        
        C:\Windows\system32\Flpmagqi.exe
        351⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\Gnqfcbnj.exe
        
        C:\Windows\system32\Gnqfcbnj.exe
        352⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\Gejopl32.exe
        
        C:\Windows\system32\Gejopl32.exe
        353⤵
        
        PID:9916
        
        C:\Windows\SysWOW64\Gmafajfi.exe
        
        C:\Windows\system32\Gmafajfi.exe
        354⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\Gppcmeem.exe
        
        C:\Windows\system32\Gppcmeem.exe
        355⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\Gemkelcd.exe
        
        C:\Windows\system32\Gemkelcd.exe
        356⤵
        Modifies registry class
        
        PID:3668
        
        C:\Windows\SysWOW64\Gbalopbn.exe
        
        C:\Windows\system32\Gbalopbn.exe
        357⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\Gflhoo32.exe
        
        C:\Windows\system32\Gflhoo32.exe
        358⤵
        Drops file in System32 directory
        
        PID:9608
        
        C:\Windows\SysWOW64\Gbchdp32.exe
        
        C:\Windows\system32\Gbchdp32.exe
        359⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\Geaepk32.exe
        
        C:\Windows\system32\Geaepk32.exe
        360⤵
        Drops file in System32 directory
        
        PID:9788
        
        C:\Windows\SysWOW64\Gojiiafp.exe
        
        C:\Windows\system32\Gojiiafp.exe
        361⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\Hfaajnfb.exe
        
        C:\Windows\system32\Hfaajnfb.exe
        362⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\Hipmfjee.exe
        
        C:\Windows\system32\Hipmfjee.exe
        363⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\Hfcnpn32.exe
        
        C:\Windows\system32\Hfcnpn32.exe
        364⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:9592
        
        C:\Windows\SysWOW64\Hibjli32.exe
        
        C:\Windows\system32\Hibjli32.exe
        365⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:9692
        
        C:\Windows\SysWOW64\Hlpfhe32.exe
        
        C:\Windows\system32\Hlpfhe32.exe
        366⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\Hffken32.exe
        
        C:\Windows\system32\Hffken32.exe
        367⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:10124
        
        C:\Windows\SysWOW64\Hoaojp32.exe
        
        C:\Windows\system32\Hoaojp32.exe
        368⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10200
        
        C:\Windows\SysWOW64\Hfhgkmpj.exe
        
        C:\Windows\system32\Hfhgkmpj.exe
        369⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\Hlepcdoa.exe
        
        C:\Windows\system32\Hlepcdoa.exe
        370⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\Hbohpn32.exe
        
        C:\Windows\system32\Hbohpn32.exe
        371⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\Hlglidlo.exe
        
        C:\Windows\system32\Hlglidlo.exe
        372⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\Imgicgca.exe
        
        C:\Windows\system32\Imgicgca.exe
        373⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\Ibcaknbi.exe
        
        C:\Windows\system32\Ibcaknbi.exe
        374⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\Iebngial.exe
        
        C:\Windows\system32\Iebngial.exe
        375⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\Imiehfao.exe
        
        C:\Windows\system32\Imiehfao.exe
        376⤵
        Modifies registry class
        
        PID:9388
        
        C:\Windows\SysWOW64\Ipgbdbqb.exe
        
        C:\Windows\system32\Ipgbdbqb.exe
        377⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\Ibfnqmpf.exe
        
        C:\Windows\system32\Ibfnqmpf.exe
        378⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\Iedjmioj.exe
        
        C:\Windows\system32\Iedjmioj.exe
        379⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\Ilnbicff.exe
        
        C:\Windows\system32\Ilnbicff.exe
        380⤵
        Modifies registry class
        
        PID:1620
        
        C:\Windows\SysWOW64\Ibhkfm32.exe
        
        C:\Windows\system32\Ibhkfm32.exe
        381⤵
        Drops file in System32 directory
        
        PID:4616
        
        C:\Windows\SysWOW64\Iibccgep.exe
        
        C:\Windows\system32\Iibccgep.exe
        382⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\Iidphgcn.exe
        
        C:\Windows\system32\Iidphgcn.exe
        383⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:10260
        
        C:\Windows\SysWOW64\Jmbhoeid.exe
        
        C:\Windows\system32\Jmbhoeid.exe
        384⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\Jcoaglhk.exe
        
        C:\Windows\system32\Jcoaglhk.exe
        385⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\Jpcapp32.exe
        
        C:\Windows\system32\Jpcapp32.exe
        386⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\Johnamkm.exe
        
        C:\Windows\system32\Johnamkm.exe
        387⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\Jniood32.exe
        
        C:\Windows\system32\Jniood32.exe
        388⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\Jokkgl32.exe
        
        C:\Windows\system32\Jokkgl32.exe
        389⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\Jlolpq32.exe
        
        C:\Windows\system32\Jlolpq32.exe
        390⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\Kgflcifg.exe
        
        C:\Windows\system32\Kgflcifg.exe
        391⤵
        Drops file in System32 directory
        
        PID:10596
        
        C:\Windows\SysWOW64\Kpanan32.exe
        
        C:\Windows\system32\Kpanan32.exe
        392⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\Kcpjnjii.exe
        
        C:\Windows\system32\Kcpjnjii.exe
        393⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\Kfnfjehl.exe
        
        C:\Windows\system32\Kfnfjehl.exe
        394⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\Kngkqbgl.exe
        
        C:\Windows\system32\Kngkqbgl.exe
        395⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\Lnjgfb32.exe
        
        C:\Windows\system32\Lnjgfb32.exe
        396⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10836
        
        C:\Windows\SysWOW64\Lqhdbm32.exe
        
        C:\Windows\system32\Lqhdbm32.exe
        397⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\Lcgpni32.exe
        
        C:\Windows\system32\Lcgpni32.exe
        398⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\Lgbloglj.exe
        
        C:\Windows\system32\Lgbloglj.exe
        399⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\Lqkqhm32.exe
        
        C:\Windows\system32\Lqkqhm32.exe
        400⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\Ljceqb32.exe
        
        C:\Windows\system32\Ljceqb32.exe
        401⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\Lqmmmmph.exe
        
        C:\Windows\system32\Lqmmmmph.exe
        402⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\Lckiihok.exe
        
        C:\Windows\system32\Lckiihok.exe
        403⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\Ljeafb32.exe
        
        C:\Windows\system32\Ljeafb32.exe
        404⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:11196
        
        C:\Windows\SysWOW64\Lqojclne.exe
        
        C:\Windows\system32\Lqojclne.exe
        405⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\Lflbkcll.exe
        
        C:\Windows\system32\Lflbkcll.exe
        406⤵
        Drops file in System32 directory
        
        PID:10268
        
        C:\Windows\SysWOW64\Lncjlq32.exe
        
        C:\Windows\system32\Lncjlq32.exe
        407⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10332
        
        C:\Windows\SysWOW64\Mcpcdg32.exe
        
        C:\Windows\system32\Mcpcdg32.exe
        408⤵
        Drops file in System32 directory
        
        PID:10428
        
        C:\Windows\SysWOW64\Mnegbp32.exe
        
        C:\Windows\system32\Mnegbp32.exe
        409⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\Mqdcnl32.exe
        
        C:\Windows\system32\Mqdcnl32.exe
        410⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\Mcbpjg32.exe
        
        C:\Windows\system32\Mcbpjg32.exe
        411⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\Mmkdcm32.exe
        
        C:\Windows\system32\Mmkdcm32.exe
        412⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\Moipoh32.exe
        
        C:\Windows\system32\Moipoh32.exe
        413⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10728
        
        C:\Windows\SysWOW64\Mfchlbfd.exe
        
        C:\Windows\system32\Mfchlbfd.exe
        414⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\Mnjqmpgg.exe
        
        C:\Windows\system32\Mnjqmpgg.exe
        415⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\Mqimikfj.exe
        
        C:\Windows\system32\Mqimikfj.exe
        416⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\Mcgiefen.exe
        
        C:\Windows\system32\Mcgiefen.exe
        417⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\Mnmmboed.exe
        
        C:\Windows\system32\Mnmmboed.exe
        418⤵
        Drops file in System32 directory
        
        PID:11052
        
        C:\Windows\SysWOW64\Monjjgkb.exe
        
        C:\Windows\system32\Monjjgkb.exe
        419⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\Mgeakekd.exe
        
        C:\Windows\system32\Mgeakekd.exe
        420⤵
        Drops file in System32 directory
        
        PID:11180
        
        C:\Windows\SysWOW64\Nqmfdj32.exe
        
        C:\Windows\system32\Nqmfdj32.exe
        421⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:11248
        
        C:\Windows\SysWOW64\Njfkmphe.exe
        
        C:\Windows\system32\Njfkmphe.exe
        422⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\Nqpcjj32.exe
        
        C:\Windows\system32\Nqpcjj32.exe
        423⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:3716
        
        C:\Windows\SysWOW64\Ncnofeof.exe
        
        C:\Windows\system32\Ncnofeof.exe
        424⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\Npepkf32.exe
        
        C:\Windows\system32\Npepkf32.exe
        425⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\Nfohgqlg.exe
        
        C:\Windows\system32\Nfohgqlg.exe
        426⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\Nnfpinmi.exe
        
        C:\Windows\system32\Nnfpinmi.exe
        427⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:10792
        
        C:\Windows\SysWOW64\Npgmpf32.exe
        
        C:\Windows\system32\Npgmpf32.exe
        428⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10828
        
        C:\Windows\SysWOW64\Nfaemp32.exe
        
        C:\Windows\system32\Nfaemp32.exe
        429⤵
        Modifies registry class
        
        PID:1216
        
        C:\Windows\SysWOW64\Nmkmjjaa.exe
        
        C:\Windows\system32\Nmkmjjaa.exe
        430⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\Ngqagcag.exe
        
        C:\Windows\system32\Ngqagcag.exe
        431⤵
        Drops file in System32 directory
        
        PID:4016
        
        C:\Windows\SysWOW64\Onkidm32.exe
        
        C:\Windows\system32\Onkidm32.exe
        432⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\Oaifpi32.exe
        
        C:\Windows\system32\Oaifpi32.exe
        433⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\Ogcnmc32.exe
        
        C:\Windows\system32\Ogcnmc32.exe
        434⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\Ogekbb32.exe
        
        C:\Windows\system32\Ogekbb32.exe
        435⤵
        Drops file in System32 directory
        
        PID:10456
        
        C:\Windows\SysWOW64\Onocomdo.exe
        
        C:\Windows\system32\Onocomdo.exe
        436⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10564
        
        C:\Windows\SysWOW64\Oclkgccf.exe
        
        C:\Windows\system32\Oclkgccf.exe
        437⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\Oaplqh32.exe
        
        C:\Windows\system32\Oaplqh32.exe
        438⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\Ogjdmbil.exe
        
        C:\Windows\system32\Ogjdmbil.exe
        439⤵
        Drops file in System32 directory
        
        PID:10936
        
        C:\Windows\SysWOW64\Ondljl32.exe
        
        C:\Windows\system32\Ondljl32.exe
        440⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8464
        
        C:\Windows\SysWOW64\Oabhfg32.exe
        
        C:\Windows\system32\Oabhfg32.exe
        441⤵
        Modifies registry class
        
        PID:6708
        
        C:\Windows\SysWOW64\Ocaebc32.exe
        
        C:\Windows\system32\Ocaebc32.exe
        442⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:11220
        
        C:\Windows\SysWOW64\Ppgegd32.exe
        
        C:\Windows\system32\Ppgegd32.exe
        443⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\Phonha32.exe
        
        C:\Windows\system32\Phonha32.exe
        444⤵
        Modifies registry class
        
        PID:1388
        
        C:\Windows\SysWOW64\Pjmjdm32.exe
        
        C:\Windows\system32\Pjmjdm32.exe
        445⤵
        Drops file in System32 directory
        
        PID:10628
        
        C:\Windows\SysWOW64\Ppjbmc32.exe
        
        C:\Windows\system32\Ppjbmc32.exe
        446⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:4048
        
        C:\Windows\SysWOW64\Pnmopk32.exe
        
        C:\Windows\system32\Pnmopk32.exe
        447⤵
        Drops file in System32 directory
        
        PID:10952
        
        C:\Windows\SysWOW64\Ppolhcnm.exe
        
        C:\Windows\system32\Ppolhcnm.exe
        448⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\Pfiddm32.exe
        
        C:\Windows\system32\Pfiddm32.exe
        449⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\Pnplfj32.exe
        
        C:\Windows\system32\Pnplfj32.exe
        450⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\Panhbfep.exe
        
        C:\Windows\system32\Panhbfep.exe
        451⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\Qfkqjmdg.exe
        
        C:\Windows\system32\Qfkqjmdg.exe
        452⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\Qmeigg32.exe
        
        C:\Windows\system32\Qmeigg32.exe
        453⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\Qdoacabq.exe
        
        C:\Windows\system32\Qdoacabq.exe
        454⤵
        
        PID:748
        
        C:\Windows\SysWOW64\Qfmmplad.exe
        
        C:\Windows\system32\Qfmmplad.exe
        455⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\Qacameaj.exe
        
        C:\Windows\system32\Qacameaj.exe
        456⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\Qpeahb32.exe
        
        C:\Windows\system32\Qpeahb32.exe
        457⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\Ahofoogd.exe
        
        C:\Windows\system32\Ahofoogd.exe
        458⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\Amlogfel.exe
        
        C:\Windows\system32\Amlogfel.exe
        459⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\Aokkahlo.exe
        
        C:\Windows\system32\Aokkahlo.exe
        460⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\Aajhndkb.exe
        
        C:\Windows\system32\Aajhndkb.exe
        461⤵
        
        PID:556
        
        C:\Windows\SysWOW64\Aggpfkjj.exe
        
        C:\Windows\system32\Aggpfkjj.exe
        462⤵
        Modifies registry class
        
        PID:4940
        
        C:\Windows\SysWOW64\Aonhghjl.exe
        
        C:\Windows\system32\Aonhghjl.exe
        463⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\Adkqoohc.exe
        
        C:\Windows\system32\Adkqoohc.exe
        464⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4628
        
        C:\Windows\SysWOW64\Akdilipp.exe
        
        C:\Windows\system32\Akdilipp.exe
        465⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\Aaoaic32.exe
        
        C:\Windows\system32\Aaoaic32.exe
        466⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\Bkgeainn.exe
        
        C:\Windows\system32\Bkgeainn.exe
        467⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\Bmeandma.exe
        
        C:\Windows\system32\Bmeandma.exe
        468⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\Bdojjo32.exe
        
        C:\Windows\system32\Bdojjo32.exe
        469⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\Bpfkpp32.exe
        
        C:\Windows\system32\Bpfkpp32.exe
        470⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\Bhmbqm32.exe
        
        C:\Windows\system32\Bhmbqm32.exe
        471⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\Bmjkic32.exe
        
        C:\Windows\system32\Bmjkic32.exe
        472⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\Bddcenpi.exe
        
        C:\Windows\system32\Bddcenpi.exe
        473⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\Bknlbhhe.exe
        
        C:\Windows\system32\Bknlbhhe.exe
        474⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\Bdfpkm32.exe
        
        C:\Windows\system32\Bdfpkm32.exe
        475⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\Bgelgi32.exe
        
        C:\Windows\system32\Bgelgi32.exe
        476⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\Cpmapodj.exe
        
        C:\Windows\system32\Cpmapodj.exe
        477⤵
        Modifies registry class
        
        PID:5312
        
        C:\Windows\SysWOW64\Chdialdl.exe
        
        C:\Windows\system32\Chdialdl.exe
        478⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\Cnaaib32.exe
        
        C:\Windows\system32\Cnaaib32.exe
        479⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\Cdkifmjq.exe
        
        C:\Windows\system32\Cdkifmjq.exe
        480⤵
        Drops file in System32 directory
        
        PID:2448
        
        C:\Windows\SysWOW64\Ckebcg32.exe
        
        C:\Windows\system32\Ckebcg32.exe
        481⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\Chiblk32.exe
        
        C:\Windows\system32\Chiblk32.exe
        482⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\Cnfkdb32.exe
        
        C:\Windows\system32\Cnfkdb32.exe
        483⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\Cdpcal32.exe
        
        C:\Windows\system32\Cdpcal32.exe
        484⤵
        Drops file in System32 directory
        
        PID:5528
        
        C:\Windows\SysWOW64\Chkobkod.exe
        
        C:\Windows\system32\Chkobkod.exe
        485⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\Cacckp32.exe
        
        C:\Windows\system32\Cacckp32.exe
        486⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\Cogddd32.exe
        
        C:\Windows\system32\Cogddd32.exe
        487⤵
        Modifies registry class
        
        PID:364
        
        C:\Windows\SysWOW64\Dhphmj32.exe
        
        C:\Windows\system32\Dhphmj32.exe
        488⤵
        Modifies registry class
        
        PID:4480
        
        C:\Windows\SysWOW64\Dkqaoe32.exe
        
        C:\Windows\system32\Dkqaoe32.exe
        489⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 420
        490⤵
        Program crash
        
        PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5832 -ip 5832
1⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4308 --field-trial-handle=2000,i,9877262470271371196,11878025205711850266,262144 --variations-seed-version /prefetch:8
1⤵
PID:5752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Afkknogn.exe

Filesize
464KB

MD5
75cfbb95c0bb1650dbf23403d88ee266

SHA1
091fe560dd632a4feb9520e254a013cfd9b49f5a

SHA256
c652d893f93381237bf9fd86086018799ca8d07dd835c74524643773f4e67343

SHA512
e105e7b5a4e57e93550ddc6f83c0759f5a44bfd748f230652953bbdeda294f39cbf5052eddc13796bff8912af89ead8f56c86dbbad305a1e611155bf2ca5c234

Download Submit
C:\Windows\SysWOW64\Ahenokjf.exe

Filesize
464KB

MD5
93163ae30f4a57f4d55cd620476e1361

SHA1
845ca1950ff80da6efb070d95f932b5d922052e2

SHA256
47f4450fab64aa5f4959a39e4e2e567b48798a32592489e818498e31ba754315

SHA512
d23a27d42d834ee5e0a398c32598a35fe71f332096335b6542ff52bcfcc8e47b55646c39d31bbcc4fe6a99003ce0832c54f43004c7bbef0ba391d4574377dd65

Download Submit
C:\Windows\SysWOW64\Ahfdjanb.exe

Filesize
464KB

MD5
68e3cdf8590f986fd9122c6fd1ff651f

SHA1
cf3c8b067fd4d42439efff823259c6ad5a6f0197

SHA256
6c00394fd8b531d16131e26be34658915852028ffa1959a094b240011176b620

SHA512
8884dcadc93805c7961b55768dfb80a36a6577ca28659fc9a93bd4fc5db9c052e0f40a6293bc3262f00307c1666ca4cdc3e81af481b48aed2703150cb976297e

Download Submit
C:\Windows\SysWOW64\Alelqb32.exe

Filesize
464KB

MD5
f6289a3a54c163c12d37473816bbb10b

SHA1
0f3d59ead7f0cc8a08b097dc0b821611da668140

SHA256
d32568f404495252a776bd6e2e654bd7c7254418fd9b01731f9034b8bf504692

SHA512
a82d092850b79ffa9b78902e2ab835aea9fdde87284386f81144f1e339bf71d07c0457007dfbfe454b748b8cfba8b72bdd4192b13f1f0691876b1bfd58bb0c8f

Download Submit
C:\Windows\SysWOW64\Bcbohigp.exe

Filesize
464KB

MD5
1ee76a4f052ea9a05f4755a518b6f95f

SHA1
a6519d376c7861905fb0811e25ad52822c3955a0

SHA256
ccf6e6f72cfda07d5d546024a8ded56c4e0be82b7900cda11a55a5cf795dca06

SHA512
a70b2a17077be69ba35a6ae1c883238582d11d1233c3c62c581ae1cf37efcfa49fea0533f5138f672c9b1b9953bd17d94ebca8c6a3f0eb614379514aa107af20

Download Submit
C:\Windows\SysWOW64\Cibmlmeb.exe

Filesize
464KB

MD5
64d2a785cc429030d134481e1c026a35

SHA1
fde0b4e6884b559c0e25b654f5a019c49f89f8b5

SHA256
82164533a1e5af561900fafda4bdfd74772b6ab3ad0e3f81824c945f84a22c84

SHA512
0de34868a91638d7efd09791bc30e2dd73e0239cac02f9415f7f549ec4ab0a35f398559a71147c2394f98d95c77f8b85b8160f90cc2ad93f8ed377fbe509b002

Download Submit
C:\Windows\SysWOW64\Dakacjdb.exe

Filesize
464KB

MD5
5816c24984528fb2ba9a27e151c8c886

SHA1
c763799063c357822f80ce0bbcccf3ffec92d2a1

SHA256
e5cff3287edfcd706d7e32c2c2e3ac82a30f4bfece3b6d8d50cafb5604f7d4ae

SHA512
145d61d9bc5c2d42c3e340e91e9d7360b07b4ff5ff8829d77f47dda7f3fb4fc1bfb871442db21b168e63c80d0fdd9ce0a87211c19844ad8fee541ca579b9ec75

Download Submit
C:\Windows\SysWOW64\Dfgcakon.exe

Filesize
194KB

MD5
360e94f2d33f1e2b8130266e38815bac

SHA1
20e66f16d15068b9210c5b3e6fc569a6e0d87e54

SHA256
2337d42c549149cd6a351e4174257bee1596f0670fc6981f2db537e2eb84f953

SHA512
831034a1cfbaecc55dd08efb3968c9e4b5ecd8043615bb511d9e7f2804f2c3b5bfea71efca0134329deb283b4d608e0fb3dd4968b7f86622863ec1b27d3c69b6

Download Submit
C:\Windows\SysWOW64\Dhjckcgi.exe

Filesize
464KB

MD5
5c9154d31e677637af62b2d27ac98537

SHA1
10722414a0f5cf77169ef38e427be40fdb19f32d

SHA256
53304f15cf0912a029917cb37e5d58cbc58d4f5f950d5e93f27fae72c5d59e22

SHA512
7d7216d86619877d7c8b807afd1934594ae045e9b9dc7d79e2865bd3fba61162b4b17d101499e830629c3adf005c93f8650711b2c5a89251883c0c84776f6c90

Download Submit
C:\Windows\SysWOW64\Dimenegi.exe

Filesize
448KB

MD5
dd83b875bad5d2db2d3ba6b4bfa57787

SHA1
2c0002ee5c5c78b307fdb79bbb9fcc040ffb625c

SHA256
01a82719d2cc7af9885c079af60fcca2850ae9b27cd9b99572494972ed3eb59b

SHA512
4d72e991450c964b2fb0f0bf9ee3f1f865f3b03a547f7921c5e3cef6eb37e93664c658df1c6ab9fba7713fa70627cfa53eb0978be9c017f764714ee69b8c498f

Download Submit
C:\Windows\SysWOW64\Dndnpf32.exe

Filesize
464KB

MD5
d3219642ec180417b4edee8378d8b2cd

SHA1
70d9d3a979f5c64087ce504d1cc6083847855660

SHA256
9f75de3217223e29a39060c5b4e62bfd247f9545683750c3aa9410bf14bbc2e3

SHA512
ded8049f477431145d2ff78d89480ae4ca2c5c238f4865b67cd1d0290a38d40bdd2234464bdfc412a366e0a71c999e433b28b810d5e76e0097bc3aca4609b0dc

Download Submit
C:\Windows\SysWOW64\Eciplm32.exe

Filesize
464KB

MD5
efdce64bc126847e540c7c3b69f39225

SHA1
2873ebc002d0d249ce760d0b2f99a007588383cf

SHA256
e1f893f5b8b517366d69055279203aa34f166034faa6ece3cc827945d8450674

SHA512
5213c2db0b6630630756d1f54ebacdb4b69d58c5012e7499faad107f94c201fa1ea1759c0bfb8db40aad696d75ab523880724dd580aa075ea4ddea21d2077ab7

Download Submit
C:\Windows\SysWOW64\Empoiimf.exe

Filesize
464KB

MD5
9b6bde09d47d8ce71c357a5e1e738baa

SHA1
660438bc77d6bd4f85f291cce5dd8aba7bcc6431

SHA256
094fe15bd51b59b3cd4d7149e7c18427a07318500a6132743963feb99b71b025

SHA512
a866a0eb0b97ec59c473af814d8febec8096bbf6c610f5ade98193ff2b0a829dc6ba8f140bec1ff8d5ef782e4166dc312273ea08e1ac2e560030baa4da865faa

Download Submit
C:\Windows\SysWOW64\Fajnfl32.exe

Filesize
464KB

MD5
b19f7bd68982d71ae72f9e42a1bec321

SHA1
baaedfc6f1f86717302acb52037f94fce0cfc4c8

SHA256
b08fe3bbe255d0944e19f63eaf2ba897a3b4e9af10b2968e249c57ea4f0f1589

SHA512
16f78c557af75ee23b7a37b1b0d27528ecceead21925ebd757d71990592d9cf5e1661c71971d656c1302be1a94d43eecd10e3988db1f635aab4a1283e138f900

Download Submit
C:\Windows\SysWOW64\Fipbdikp.exe

Filesize
256KB

MD5
533228dde8a29a89e7d57a097066b22b

SHA1
9b1a393c3d7a565b89e82573ee8e0317c61b2efa

SHA256
ed78532d70a7ef1c0dcb28eb5f49e986441354f753fdeee5a16722543f925ce9

SHA512
ff0fae75caed94a1941bad727adc4c72af10fc4b1566f6e964d425b362bdb0b24c262f1445cc133abb08b914a21e87d58afd0d64b17e86cb532465bfced9b0eb

Download Submit
C:\Windows\SysWOW64\Fkeodaai.exe

Filesize
464KB

MD5
d490a404f06be653c5ece1d814133c79

SHA1
7c2ad003646196ffa6c1f1cc3296e9918089bf20

SHA256
10325188175dc0cac6cc63196a9720981f729d8405c2d5a143c80eba965f9a70

SHA512
32acdde0ed4a2330daea49088c75d105288400b1ba8fe89623da86a6712fcc0da008325864ec483579ab26985487a6e704509a355f02f0f88fa1909036aa98f0

Download Submit
C:\Windows\SysWOW64\Fknicb32.exe

Filesize
464KB

MD5
1ca7b1612b72b3f81a9f76e4dec92bc1

SHA1
900196711d98d86072c88da08ada72aa7d42de42

SHA256
664ed59435298641d3667ec1c1d5b76a793075159960a514e9bcf7296f5784c6

SHA512
b07b4836b06b0ce3cab37e0e3f1bf23e5da87e37fa2a4dc229e216f0fb1aeb9aa4aea596974e1a189c31c4167c154f99c5eda174dd3908336e924d51f1a7dffb

Download Submit
C:\Windows\SysWOW64\Fkqeib32.exe

Filesize
464KB

MD5
994c04d552c71d81d26cadc35b8a42ba

SHA1
11d73a277d752dea408712a762b46c6d7003c2d8

SHA256
844d57801fa2da7887b24290e54b86cbfebb67b4a40bad7f3a5e7fab00566d61

SHA512
e3e93de3f28b387786658fd4aeb93f08c5ffe50df59f5e0bfcf6e971405594d8f230b8e1da6364e17458814bffbe2e927e75778d6784756f2098da845af79429

Download Submit
C:\Windows\SysWOW64\Fnaokmco.exe

Filesize
464KB

MD5
36d3efa294709cc2d7c6f7f6021ad41c

SHA1
11dc86be670989c94363ff8045d82c6408159a05

SHA256
f8da2e098bce7f49aa64c1b2f36f96a69b0fcdf10302dcf92f50959d83d14845

SHA512
0a70ddca7ee632fff7a94bee9978cbb9ce99d156cb562f5bf0fa2d23b37cda95961b6d4dcbc77213bfdc489af7d2a73022500096fe7fc272ba261d674b11a26d

Download Submit
C:\Windows\SysWOW64\Gdncmghi.exe

Filesize
448KB

MD5
89719700f88e248b360decf1d03f0777

SHA1
0d7e540a952a365df1a5ca528f565cd6f8c835d3

SHA256
869a7d8685f2d4cb57652bf13fd4a020db42b6c497018b8c95d6b6732c06c7cc

SHA512
9209ac809b73fbb60c354dd28f301a8ce90f8062a6102a0d91963bf8b3a22f8b257642bb1eb47fd0b5ae67bfc44cbe20c83198873269968d5d1a7dec347385ad

Download Submit
C:\Windows\SysWOW64\Ggcfja32.exe

Filesize
464KB

MD5
bc342464ad2d0e47023e2fc23b8fb656

SHA1
e1b9df2bbf0edcb59ac7c8a2e3d268d383738889

SHA256
c6b831cae4f83537a8d431796c5bfb98394605f9491836c7759dbaf2f6ca082f

SHA512
6a2ce31842d21ae407402fd7c477c1f3ce914a618e5219712cbb4200d151688398116621f326a0b7fa46b0e746654217ddf00f6c518c16fcfe7e25df03611fd3

Download Submit
C:\Windows\SysWOW64\Ghklce32.exe

Filesize
192KB

MD5
5b6cf8b94fdb79824f9074854592126a

SHA1
b2af61ffba27ae162833f3589587d32fcdf9e2ac

SHA256
134d13081b161f5ab724da342116156b3738b59ca394bc084266e89af48ae3d3

SHA512
0dc7771ebbd8b8ffee00a5fa07ee782386e1ddbd3c05ecaec2822cbcc1ba372636a3f28292ca1fa9fb3a1516b484d8dcc1ba9c854f37a2f03975389783dd60fb

Download Submit
C:\Windows\SysWOW64\Hfipbh32.exe

Filesize
464KB

MD5
4b74898a5a79738f140fad5404cdcafd

SHA1
8f84853d08a249552601a12077b25fe36e8ef4df

SHA256
c6e97cb1e5442bbe6b0ea755936b5e5c870b0332ce1bc90c15537322abfed496

SHA512
48d72f88cbc10b4a0a073da8f1e01b3c5b00cb835973031852926497c0022e680250721038d6d7084669489e2be11f7529d6356fe73b3208f768b4b6e6029e95

Download Submit
C:\Windows\SysWOW64\Hkjafn32.exe

Filesize
464KB

MD5
27eab05984c86841a7935e926742e19a

SHA1
b6e8744441852a394526373bf20e7f23f17e1bc8

SHA256
1f89bb6e638bba03324806511a945df38f45b119cccad09a0e631783d7714e32

SHA512
ea6ff84c133950e00ca7e08cf077617053ce87376cf6d3b06870ff69ae74bec2155646be79eb8e9d4aed9cd9d42bdc69800a2ea96197c65e388bf9fe5443738c

Download Submit
C:\Windows\SysWOW64\Hmfdddkc.dll

Filesize
7KB

MD5
f6c9d840596e4dc154a00fd7ca6a39c6

SHA1
a7497c4fc5dad1298755cea3d8bf0e5281a29724

SHA256
ef679d1433d9cc4f87b5c0bb6f57a02590aa3a430e337ec6d3b53fd40f0ea4df

SHA512
b7b21614cbe9ede5c5402ccc0b452801a7856db6a7b7c2203aa293ad71c2253c4da82ac3e93214b6809d878b4a28fea145c7ba6a60fdd8edc3725e616b91229f

Download Submit
C:\Windows\SysWOW64\Hnddgjbj.exe

Filesize
464KB

MD5
c7b83b9ca81c29824930ec9860a59e27

SHA1
b24b14d7c01bc61c2c371040ad8fee3d4dcb61a9

SHA256
c18532611a0697b45fb9b0c8b15dc32c1afb4cc1335ea5909ab0aa78ae2f3ac3

SHA512
aefea8238947a641a5a27db8cd332a78054982d9917c187bc11aa1f01a6cd49a7dfcf76f1f8fea5c25026b39c16269067cfa33df02a6ccc44593c3b6339a8ced

Download Submit
C:\Windows\SysWOW64\Hnoklk32.exe

Filesize
464KB

MD5
2e1521ee047df954d9c03c19fae04111

SHA1
6639e26112fffd75137823580e1ce057d8ed01c1

SHA256
8b5d416bf66cd7497737450b2981b453bfb6525b5a096dfc0fa22e18431252c6

SHA512
8cb546afaf14feb7d03fb76a4e2763002404eb4dd9b40f1639e3b31be07fd9f5a6a21eb90280e39d6ffc9c7597b8a90f1c39cb176d6aafdecffb385c35069a9b

Download Submit
C:\Windows\SysWOW64\Icdheded.exe

Filesize
320KB

MD5
7fca30b7a6e269a0aa37193bb9b80e48

SHA1
a3dc838b642fd4e87d2bacb2e94d560bb6524d13

SHA256
20252810486980f1a95c3bceff9961e09cb50a4c9c06e48cb985473095bb5904

SHA512
9beef5397e8f259c6d97560b09b75d29ae159e8318aa928ab16155ab6b26c0e7e628571d73861d5c274a2c294d83aad9377682aa4da02a117b9453967a3523ed

Download Submit
C:\Windows\SysWOW64\Igqkqiai.exe

Filesize
464KB

MD5
fdd47a7c2d58ef70bde2be651bd5ce48

SHA1
ac9251cf00bd47ab6751149b3352011673bf04ad

SHA256
5cbca05167db99e95d81bea11259101e5dc22ca25c8d06c059a1548b7261b7a2

SHA512
90013039937f891747b357358d5032479d728d74aa71252faff68aa0a2e74ee96f264c9cc4d6f3bb1f4b421985bd202506b02e86b78baf5fd8b27b5ca5cff954

Download Submit
C:\Windows\SysWOW64\Ijcjmmil.exe

Filesize
464KB

MD5
0b0c2c88c9461a94265360cadfba488e

SHA1
ce3118f2a5bc57785270e3060f4ba1e0ed0c82bd

SHA256
ee23f6938a9bbd91c698a6947d815edd0c02f7328ba2c1453ea48f43c61d4718

SHA512
950392c90791a5905af09a4131a0c533e11c48f96789a46dfc73921b37f6486eaaac9ab67d032276e83176dca1406dd1b5e1db7a1822e443caf3a2b19ae18399

Download Submit
C:\Windows\SysWOW64\Jcbdgb32.exe

Filesize
464KB

MD5
a02cc09bbd3debf70d367bce98abd632

SHA1
f2dea468a328ba5e44b95f67935e8c2cfc82e8aa

SHA256
082f32957bfcad5b36c037ea62ead0aa74a46600bfcd886b5e83515d3afcdfd5

SHA512
6fad03d27edfdad21c6b288b2dd45d66c5faa380c3bec970c49cdfff2ea606c810652e70189b4f24f23f6729cb65630b6b883bd14ef71b1e98fe84d1d535d53d

Download Submit
C:\Windows\SysWOW64\Jokkgl32.exe

Filesize
384KB

MD5
75ae518baff73293b98be27d6a212b1e

SHA1
616563054b91fffd5a546f972abda5b5ff3b36ca

SHA256
76b228052038b561589d1d2e4c3c1946243c0624f3aa8aeaa671442cd4e48c84

SHA512
9237b7123eedda68ab9d1b8fca3711d646fb6dd0c2dbfbdfae070b4f95444b4a0da1ea3f217b220cd0faf33e831bfc534d34d64f11551d60d9e4f51d30441bf4

Download Submit
C:\Windows\SysWOW64\Kefdbo32.exe

Filesize
464KB

MD5
cb302abc2b6fcdf443f86433a5d961c3

SHA1
ab6742a33eaa09d10651e6d8faab52630c961d1a

SHA256
6332a62180567ccc6f5d94b2b3fc70f3d8ada12ac6e03fc4bf07a3628d501fe6

SHA512
e688441c71c5b9e8be8a2c82d0d81953416405ef8ef68c64c2547761ea6551b4b34fb19cde0229c03cee77f7df69c621e3827b599a7421a78c581c490f3652d5

Download Submit
C:\Windows\SysWOW64\Knippe32.exe

Filesize
464KB

MD5
887e7663b86bef71a50092e8385b94c3

SHA1
5d262a2afec5fdf3660cfd466c6a01df6e26cc76

SHA256
9a33cb066982288c73520a2861dffabbaa889febba444f218e09a4262534a316

SHA512
0d6d6396cd218291e8dace35b2a3757820aa0ccc4f0969c5e0fadfb8b94959a0cb987c348dc3a9f19c070f07c586bf2bc5d7f6e219ee3ebd9a007590cc25e3c6

Download Submit
C:\Windows\SysWOW64\Lbnngbbn.exe

Filesize
464KB

MD5
4dbd5c36f858e0cf512f9a14a8e44ea8

SHA1
90a5851be188bae10f1b9113ca1490177748e2fc

SHA256
003cd9eb544bf72b68b770df43c3a8bfa09e7e04e0ae8f146ea688ded175b535

SHA512
c9e0b7f1c504a5400ec677af03e3bdc87b330fe122a659762237046738b18a0fc7600f7b999f52bc81d52859c54c510dfde070cbdccb9f0c02178e79e635e49d

Download Submit
C:\Windows\SysWOW64\Lgccinoe.exe

Filesize
464KB

MD5
e4da9c64457438c5c50aa2a8a07f6f86

SHA1
61eba6a934f68d5bd1a0ff612f337a94bb3b9671

SHA256
7e446afdb2f2e90751f5115b6b2cc7ee024b734d48d8eba46de076d229395a84

SHA512
c2ca8ab0cdfc7543cc549e669e1e01f2b164433501cef8aa8fb96f5046440189b649ffd4f29887c535b5e7378105863ec9d29eb2b4f854248b5eee01c2e1fcfe

Download Submit
C:\Windows\SysWOW64\Lidmhmnp.exe

Filesize
464KB

MD5
97c653707c836b2519771eac40fb62f0

SHA1
7f7a4ec4bb5d7aae4574f80c7b01251226122ffb

SHA256
4c82afc485bf4f52ddf68ae725a4f05293d3cf02c07a4df9ca3e38c0bc75fac1

SHA512
bef1d8fa098d2863be5eb764b7838aef2ae66ad13b6ae54373eb59a4d8ed18a7c4e8b2736a28f018a98c0dbc767c00a1f96493ae7b770e3ff4a6b7e150890495

Download Submit
C:\Windows\SysWOW64\Llipehgk.exe

Filesize
464KB

MD5
8072f63935131e191a5f03a5aaa5993c

SHA1
517495cdbc9034825cea38a2ca43da4f61edc40c

SHA256
ea2dc379d9c52154d39ddbcadcc133c8f052ff9da6cb202b5eea6935a9835cac

SHA512
56481c9b04d78b02950152015a20013cd697640448bf5e502c9a15f8d532d47f823b5305a54e18b1e36809d84a5c6bdb835b6936a71ddf3a2c0202b29f669b6e

Download Submit
C:\Windows\SysWOW64\Mfaqhp32.exe

Filesize
464KB

MD5
48470a2cf697c09b8dfdca986fae1a27

SHA1
92f720475c0f69936fcfa76ff85d0a50eb2c174d

SHA256
01356a0003b5479923ab0b6ece330558828cfd039c7340b18e361111d0a18852

SHA512
e942a8259c7dc9653902be0496b536e7a4abc48a8277684763a7ce2d6b8dfdae1856a5d7273b5040206b00236139958da44dd62a319fd1fdd9d3e1125e348522

Download Submit
C:\Windows\SysWOW64\Mlpeff32.exe

Filesize
464KB

MD5
4c41cd1341b2c845e5c9fa784f153a53

SHA1
45b71b93b717d7bdc7086884e8646376fa09c130

SHA256
47cda8026d3834a6cb1616652bac52d67a69ce0fe58b54b53ec38d0162262440

SHA512
499df7125ff9b434ca34232736bd6e7eabc0fb36c00bcc6cf68a5cac5e03947f71b265e62632e8f89b97a01a69b5accdda979cc81e987bf228aef49b1dccdb5f

Download Submit
C:\Windows\SysWOW64\Moaogand.exe

Filesize
464KB

MD5
33ee0c1fcf1869b970eb37fee72c9d0d

SHA1
c94de010227520e994decb423cf55a4ec8217ef8

SHA256
68a1ece4e019a351b47406b0d5275281f24ae0a59ec4e57cb3a0b208e5cb6a20

SHA512
0c984d6a1f8eab9dad4718043b118f0eea8a6f4e42e5a949f7768b08b2e001df179e034d6ba11c6b3bc00938394375a54f3b744e144929f8c648ef057b79d33c

Download Submit
C:\Windows\SysWOW64\Nbadcpbh.exe

Filesize
448KB

MD5
7b1711e3c8c919aff692095a79888dfd

SHA1
7369a6d45c0a02aa54224e002e719bb3302cafee

SHA256
e80f763b3b19adb29d08c281ec4148a74a0c206ed297311da0ac46ba8346d286

SHA512
dd526d31300ea89da30ce1fe893d05633b03e1860ca9b3e244d917e623998dac65d134e46491084dbde6fe023d83f4cbc22257c42d8b84d3f8dfd6dac8038861

Download Submit
C:\Windows\SysWOW64\Nbadcpbh.exe

Filesize
464KB

MD5
3d6a0b56c071aeb35ac8fd917d00934f

SHA1
4c62fc731b13a0f34f0c07121db37e32fcb07b6c

SHA256
9445f9c85e0b29fde0beaf4b1f3ba1a84f209d6185e7cf77cb30e36d0ac5aa0c

SHA512
259d4889ee07b72ca23fd1c0869f1f16d30dc3427f409f65a294d5226fee16b96e2f1112f58f3db557d2aae7662025fc2eb3315cde7e69e6e5c42c9e1d0109d7

Download Submit
C:\Windows\SysWOW64\Nemcjk32.exe

Filesize
464KB

MD5
dd375248fb2b195e85ce192083efcdd1

SHA1
f1dbffb1823917be346cbb1f7545c6ffa00fad88

SHA256
e0eda9452a7769b89a5b44f255063fc727f81fc276f674c32a084ec742c54800

SHA512
3d5317dd710907317be1e9342830d4229a2681854f7ada62e8eff600f65ba7d78714b7f5c183d249d6ac5047a440b756b39a298c4b4e026d74bc6066301869b1

Download Submit
C:\Windows\SysWOW64\Nhbfff32.exe

Filesize
464KB

MD5
f2aa9212e8cf3fef6363c4021616c203

SHA1
6649896391abc37cdd097e1b04793e7fe48bc963

SHA256
12694f67765b6af92776fe75a7ca829b68ce259af4f61d5b1fe529b93af9a3db

SHA512
6330a494203f8c815b309f8b577bd69542f11b64d5c633b1257add1f9b68ecb5936743e0bfa39ab596fe09da5803d0f610c5eff2b73ba91cb7379964f0d5fea1

Download Submit
C:\Windows\SysWOW64\Nhpiafnm.exe

Filesize
464KB

MD5
51746c730ba753ac2b957a3faf5dd330

SHA1
cdef0f85f9c340fe0c3b635470dd7d52b66615e8

SHA256
3628ddc11ab5b9abfcfc463f28b5df4650672a3d35bc481eb5647b177ac373d1

SHA512
8d97413b3ce7cca7a7cbef67ad6a4a2dd30a391b2d2d1dfc397c3da9e27aa05a16b5a88eb160dbb5e01dba6facc597fa44a340495dafb804fed8a0e53b82f10c

Download Submit
C:\Windows\SysWOW64\Nibbqicm.exe

Filesize
464KB

MD5
ce9bde9284c30c3bba8b168c659dbc98

SHA1
fde5cd6f594506172c4163f9783180a69c3d02d9

SHA256
e80f518c08aaef4830b5aa9f1f141b4898c6be413cae0c51ad54e130b60dd632

SHA512
8b24077a57709b36148d6eae91403707223fa9862363fd70da33305dff38588157c00bf690f0cd823eda6f2ab50637c6cc1cca028495161c9ce8711a0f405292

Download Submit
C:\Windows\SysWOW64\Oaompd32.exe

Filesize
128KB

MD5
19d2841515b6c969ab774cfbc32dd7f9

SHA1
c30fab46748b2611074df53812e75d684a78007e

SHA256
0ce779790835cd4d1169894af450ec9a3601c11d34b51f49df0a969634fa5c7f

SHA512
0847e2b87649d200154a3390ecc14c8b35272e8fab365def4ae2559249069d3e8f9b087da72085bcbdfd9972a3411d133e9ccaf266a98a0bee6a610e6f5a53bb

Download Submit
C:\Windows\SysWOW64\Ocmconhk.exe

Filesize
464KB

MD5
4ed5e8dee211169278d3dbf78674a8b7

SHA1
24e44b5ae02398e6e125a67f71e7c417ddfcb56e

SHA256
004b63d695d0b2f71e31c8459cd40ed3e48a45e3f14aa5e27f289b36b31a4b44

SHA512
fbb91fbf1cca9b40249e367322e0ddc3098bc93408dfb3e487eef1628ae373866321b7516a2fc340cf0246ff351516b3ebd314bfda8ef46306f1ad604b099e0c

Download Submit
C:\Windows\SysWOW64\Ogklelna.exe

Filesize
464KB

MD5
700e6e897550337d042c4a91759265d7

SHA1
e624a112a27a84e3a2711fbb5d876d6040f25e62

SHA256
51b60a452f87c6d9dc363ecf612d9847ecb349243e2da1ac99d90ce6dcbd21c7

SHA512
78d2f8b8941344dc0e42847c22ec4b3c169fb91eab0444b87a4de781cbde497fb679e0247758b73cf1f2f5349030c52c32cc188c79622a342b440ecbc0c4860d

Download Submit
C:\Windows\SysWOW64\Ollnhb32.exe

Filesize
464KB

MD5
bef6d5015daef73ece13e3ede82a88cf

SHA1
4ef40222b0a4f2e8ce42adb6578626db4d8b5d22

SHA256
afec9c0da07dfd2e2002739fbf54efada74a9c0b55e73c7b8aafca15f33e5ea9

SHA512
8152d60c03d4981459f965b2d78b1e9d51c92263bb996aa1a6dda78793c746feb0c802361c6d34fce9c111d17489585b8fbad3100e9ca30c077de53a24f87b33

Download Submit
C:\Windows\SysWOW64\Omgcpokp.exe

Filesize
464KB

MD5
c3cf058f792af639cadeab99307e7898

SHA1
512632baff37ae35d956a58b0e025500fff44c73

SHA256
b0604930453036e0843f439a16a03d114fe651825c2b9f8c651a3ec8045022c3

SHA512
be357c872bb9eedf6766ee13641b00b4e5cda2273f9c9d4319947eeedca40abf9a8ff01bd1a10790562a43491d2676f9905c6226a52f782adfc66569920d243c

Download Submit
C:\Windows\SysWOW64\Oofaiokl.exe

Filesize
464KB

MD5
d3f281d8810a32f63a241af65b151ca4

SHA1
27f8dc15799c0fcad39c84a1ca8fbc44ca9a24fb

SHA256
1c5bf4c65ce3add2522afa6ac1f9c945386d081ac1c804e6554699284734b011

SHA512
6869570ece73c9130c57df579a549366822a5aa5fc227040fc23910547a65c467b5f446a4633cf96c26f871d3ea5fd38a94044e9d8650fc235900f545a99bb55

Download Submit
C:\Windows\SysWOW64\Pcicklnn.exe

Filesize
464KB

MD5
abd12021f4380e69bf952eee414a0381

SHA1
c07947d238c8a28882455490b619b6186e911f14

SHA256
c4ac5a37a9c74a0f33ca53ebc781b3a6bbce8fcce5c5a4c5059a902496342c33

SHA512
1c756fa9bb7c1a5b13da33ee6e3009acbf04d99c2406bd3c43c6830c6e0f3ca91cc3fb2e6a92180ab7e01191bec90f091bac3d77627fe192846aefbf2a45f3ed

Download Submit
C:\Windows\SysWOW64\Pcicklnn.exe

Filesize
464KB

MD5
2afcb52704dbf72714633839dcccb52b

SHA1
9ac5fd573be61672306b9a28a2b6b252b45e3565

SHA256
9f6d5776f61e09218852b80bd62a6e76ef06acb77248c7ad06d27e0839bb7307

SHA512
6a06d371d4611ad24fc7693835e62eecd3541a675a513ec6cdf822103d1a040f982c925ca0eff3fbe4da011f9a18711b478eff52ffae2cd7b82a44ba5804a33c

Download Submit
C:\Windows\SysWOW64\Phelcc32.exe

Filesize
192KB

MD5
9c6a4779cddac74449a2a51251f4eb8c

SHA1
b829d7217a8589fb28a5f9d1712f27eac82b978c

SHA256
46921218d9389a1d109ea7e6e89679de8d983fa1bea917f5c5e688dd2be6a8fb

SHA512
8e983eaed8a35942d23ab04a3c5f4064e263f204d96b9fa15154f4206dca3aa94704d91b6adaa76b235e7d245ffe3db93dba647a452c400d33381942e82614b0

Download Submit
C:\Windows\SysWOW64\Phelcc32.exe

Filesize
464KB

MD5
8b4ad9d09cba21186b3d769c7a69704f

SHA1
3dcb8b9e1135759266ed8ac4ef08f851ac8dfd30

SHA256
7391a348b450be9b5d24eaa2053c3b4aa09906325a1aa14c4318a157785dd50c

SHA512
29a6affcba365a215fb0b14b25c01605c567231c94e6646e524fff94c6d346d3599d754324e04f672389142f0dcd44291891f90148bf52f1f650b866a0b43186

Download Submit
C:\Windows\SysWOW64\Pkegpb32.exe

Filesize
464KB

MD5
01f2c98154b9934a74d12ecd538e2ab4

SHA1
67bd669c98647d35e5ece321c08b454129b5523c

SHA256
cafaa41b5ed9f6a120df8bebd6bd1ded758909cf6134a44a26e8527155af5f78

SHA512
8162f4e750f10a2ea5ed5ca7439542a8c03f409a2c998ba09537f828a3a11e91520aab59a9d1f7fd4e41752fd62824b243568574c3e02a705691de9178e0549f

Download Submit
C:\Windows\SysWOW64\Poaqemao.exe

Filesize
464KB

MD5
31f29f07ca096662895a8f1c84a757fb

SHA1
a08665cb480dc7c6c2691db87ca5640c1fcdf31a

SHA256
6f51e25e528a9ae591efc023d613e660a387ecefc7101cdc3d5102ff51335641

SHA512
05cdc65ca5e0b47d5729982eb33461423c733715d4076e79bcb1fb268aa873b602914e6b73501e5401c7d66c8932a04226b2fa9e7c5bd5d1217f82582a9e9f8a

Download Submit
C:\Windows\SysWOW64\Qachgk32.exe

Filesize
464KB

MD5
c1890588b89ea86c1b2b4f411e6643e8

SHA1
79133d21c276ea8eb289e2f878dcaa9b763b9f70

SHA256
354a0116c18fdc5fe490219d3c935467cee0f6e002e4d31530f6d90328c2c7c8

SHA512
235d2ab8db9992faac3a1b5dc8aec893ecb43e7de03a140d70e345c50a1d44d6bf718813fe955ed26713460cc284e6a9409996f94f0715b7978a78263097d204

Download Submit
memory/228-609-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/228-87-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/524-583-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/524-71-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/552-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/552-515-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/644-247-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/764-529-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/764-24-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1180-267-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1384-328-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1416-207-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1516-119-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1588-143-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1620-522-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1620-16-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1804-273-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1816-175-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1896-47-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1896-544-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1904-127-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2008-292-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2092-56-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2092-556-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2264-322-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2360-310-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2364-340-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2436-168-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2544-192-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-224-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2576-112-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2724-256-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2992-334-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3124-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3124-436-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3352-286-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3440-103-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3508-534-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3508-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3780-183-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3968-95-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4004-280-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4104-216-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4128-199-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4168-135-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4232-151-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4308-159-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4376-304-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4392-240-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4396-576-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4396-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4432-298-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4492-316-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4600-231-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4816-80-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4816-596-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4884-279-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4888-537-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4888-40-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5128-346-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5168-352-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5212-358-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5252-364-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5292-370-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5332-376-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5372-382-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5412-388-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5452-394-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5492-400-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5560-410-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5608-412-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5648-418-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5688-424-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5728-430-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5768-437-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5812-443-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads