3762259fed651147cbe40b43e5b89f6af493ea2a652a47466b40b13da801a766

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

053ead18c277cbc0eaa7709937600950_NeikiAnalytics.exe
Size

77KB
MD5

053ead18c277cbc0eaa7709937600950
SHA1

4ae99398ef5299a61512a34e2170d71374e0d563
SHA256

3762259fed651147cbe40b43e5b89f6af493ea2a652a47466b40b13da801a766
SHA512

e2113b57907f79395c7e47f5d0dddb2b7c948b25bd1c7f075033bb0bb5963748e8967f06f722602b4fc8b96da577d19259047136700e4c0166e11506323a004a
SSDEEP

1536:OP+vJolQsdOZpTNU68Qn4XN0B+ocM82LtWwfi+TjRC/:s+h6dOZvR8Q4d0NB0wf1TjY

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Jekjcaef.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kcmfnd32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pafkgphl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nfpghccm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Oomelheh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Pmnbfhal.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Opnbae32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Fgoakc32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fggdpnkf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Lddble32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Odjmdocp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Pomncfge.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Aflpkpjm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Lnangaoa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Gnblnlhl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Aplaoj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dnngpj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ggepalof.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Njfkmphe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bgkiaj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Kdhbpf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Mlifnphl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Knenkbio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Npgmpf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lhgkgijg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Dnngpj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fkgillpj.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Igmoih32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jdalog32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Klmnkdal.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ipjoja32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Hbgkei32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cdhffg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cmbgdl32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nchhfild.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ehndnh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Llmhaold.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mqkiok32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ahfmpnql.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Hhdcmp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bdapehop.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kemhei32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Loopdmpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ipjoja32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Noblkqca.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Obgohklm.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Epffbd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Igmoih32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Obnnnc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Hnphoj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Giljfddl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Kpoalo32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fnjocf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hgcmbj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jbncbpqd.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dpjfgf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Gndick32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bdeiqgkj.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dmjmekgn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ekgqennl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Loopdmpk.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mllccpfj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Eghkjdoa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Hhimhobl.exe

Executes dropped EXE 64 IoCs

pid	Process
1980	Ipjoja32.exe
3668	Jiiicf32.exe
4768	Jcdjbk32.exe
2184	Jlolpq32.exe
4492	Kpoalo32.exe
1088	Knenkbio.exe
3356	Llmhaold.exe
2936	Lgdidgjg.exe
4052	Lnangaoa.exe
2928	Mmfkhmdi.exe
5012	Mogcihaj.exe
2176	Mjodla32.exe
1292	Mqkiok32.exe
5044	Njfkmphe.exe
1900	Nncccnol.exe
4500	Npgmpf32.exe
4608	Nfcabp32.exe
2592	Opnbae32.exe
700	Oclkgccf.exe
2432	Ofmdio32.exe
4072	Pjkmomfn.exe
2820	Pnifekmd.exe
4252	Pmnbfhal.exe
2172	Pdjgha32.exe
1360	Pmblagmf.exe
1888	Qdoacabq.exe
4368	Aaenbd32.exe
3712	Ahfmpnql.exe
3912	Bgkiaj32.exe
3736	Bmhocd32.exe
1184	Bpkdjofm.exe
4668	Cggimh32.exe
2208	Cgqlcg32.exe
1944	Dafppp32.exe
2540	Dkcndeen.exe
2520	Ehndnh32.exe
5108	Ebifmm32.exe
4776	Eghkjdoa.exe
1648	Fqbliicp.exe
4676	Fqeioiam.exe
4408	Fgoakc32.exe
5080	Fiqjke32.exe
5004	Gbiockdj.exe
4984	Gnblnlhl.exe
3208	Gndick32.exe
2908	Gpdennml.exe
4148	Giljfddl.exe
2380	Hahokfag.exe
5036	Hhdcmp32.exe
440	Halhfe32.exe
1852	Hnphoj32.exe
4640	Hhimhobl.exe
3140	Inebjihf.exe
1100	Ipdndloi.exe
1724	Jidinqpb.exe
2256	Jekjcaef.exe
4008	Jemfhacc.exe
1924	Jikoopij.exe
3804	Jhplpl32.exe
2212	Kedlip32.exe
4760	Kheekkjl.exe
4360	Kcmfnd32.exe
3264	Kabcopmg.exe
2296	Lpepbgbd.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Jggocdgo.dll	Halhfe32.exe
File created	C:\Windows\SysWOW64\Mlifnphl.exe	Moefdljc.exe
File created	C:\Windows\SysWOW64\Bebggf32.dll	Ndpjnq32.exe
File opened for modification	C:\Windows\SysWOW64\Ofmdio32.exe	Oclkgccf.exe
File created	C:\Windows\SysWOW64\Ebifmm32.exe	Ehndnh32.exe
File created	C:\Windows\SysWOW64\Ldbhiiol.dll	Bmbnnn32.exe
File created	C:\Windows\SysWOW64\Halhfe32.exe	Hhdcmp32.exe
File opened for modification	C:\Windows\SysWOW64\Maaekg32.exe	Mdnebc32.exe
File created	C:\Windows\SysWOW64\Jbofpe32.dll	Npgmpf32.exe
File created	C:\Windows\SysWOW64\Nfnamjhk.exe	Noblkqca.exe
File created	C:\Windows\SysWOW64\Ejojljqa.exe	Epffbd32.exe
File opened for modification	C:\Windows\SysWOW64\Icfmci32.exe	Iholohii.exe
File created	C:\Windows\SysWOW64\Cbpijjbj.dll	Nfpghccm.exe
File created	C:\Windows\SysWOW64\Nocbfjmc.exe	Napameoi.exe
File created	C:\Windows\SysWOW64\Kfcfimfi.dll	Pnifekmd.exe
File created	C:\Windows\SysWOW64\Lmnbjama.dll	Pmnbfhal.exe
File created	C:\Windows\SysWOW64\Dafppp32.exe	Cgqlcg32.exe
File created	C:\Windows\SysWOW64\Gpdennml.exe	Gndick32.exe
File opened for modification	C:\Windows\SysWOW64\Hcljmj32.exe	Hgeihiac.exe
File created	C:\Windows\SysWOW64\Ckdlidhm.dll	Ijbbfc32.exe
File created	C:\Windows\SysWOW64\Noblkqca.exe	Nqmojd32.exe
File created	C:\Windows\SysWOW64\Cgmhcaac.exe	Ciihjmcj.exe
File opened for modification	C:\Windows\SysWOW64\Jdalog32.exe	Jbncbpqd.exe
File created	C:\Windows\SysWOW64\Kejloi32.exe	Kdkoef32.exe
File created	C:\Windows\SysWOW64\Dlqgpnjq.dll	Pcpgmf32.exe
File opened for modification	C:\Windows\SysWOW64\Cgqlcg32.exe	Cggimh32.exe
File created	C:\Windows\SysWOW64\Eclhcj32.dll	Enlcahgh.exe
File created	C:\Windows\SysWOW64\Mogcihaj.exe	Mmfkhmdi.exe
File opened for modification	C:\Windows\SysWOW64\Pmphaaln.exe	Pafkgphl.exe
File opened for modification	C:\Windows\SysWOW64\Fkgillpj.exe	Fggdpnkf.exe
File created	C:\Windows\SysWOW64\Kfkklk32.dll	Ggccllai.exe
File created	C:\Windows\SysWOW64\Bakpfm32.dll	Oomelheh.exe
File created	C:\Windows\SysWOW64\Eghkjdoa.exe	Ebifmm32.exe
File opened for modification	C:\Windows\SysWOW64\Jemfhacc.exe	Jekjcaef.exe
File opened for modification	C:\Windows\SysWOW64\Kcmfnd32.exe	Kheekkjl.exe
File created	C:\Windows\SysWOW64\Egnajocq.exe	Ekgqennl.exe
File created	C:\Windows\SysWOW64\Bfdkqcmb.dll	Kejloi32.exe
File created	C:\Windows\SysWOW64\Meghme32.dll	Mlifnphl.exe
File opened for modification	C:\Windows\SysWOW64\Ijbbfc32.exe	Iajmmm32.exe
File created	C:\Windows\SysWOW64\Jkfood32.dll	Jbncbpqd.exe
File created	C:\Windows\SysWOW64\Obnnnc32.exe	Odjmdocp.exe
File created	C:\Windows\SysWOW64\Eobdnbdn.dll	Obnnnc32.exe
File opened for modification	C:\Windows\SysWOW64\Pcpgmf32.exe	Ocmjhfjl.exe
File created	C:\Windows\SysWOW64\Poidhg32.exe	Pfppoa32.exe
File opened for modification	C:\Windows\SysWOW64\Oclkgccf.exe	Opnbae32.exe
File created	C:\Windows\SysWOW64\Pdjgha32.exe	Pmnbfhal.exe
File opened for modification	C:\Windows\SysWOW64\Hahokfag.exe	Giljfddl.exe
File created	C:\Windows\SysWOW64\Nfpghccm.exe	Ndpjnq32.exe
File opened for modification	C:\Windows\SysWOW64\Aflpkpjm.exe	Qmckbjdl.exe
File opened for modification	C:\Windows\SysWOW64\Iholohii.exe	Igmoih32.exe
File created	C:\Windows\SysWOW64\Lddble32.exe	Lbqinm32.exe
File opened for modification	C:\Windows\SysWOW64\Cggimh32.exe	Bpkdjofm.exe
File opened for modification	C:\Windows\SysWOW64\Kedlip32.exe	Jhplpl32.exe
File created	C:\Windows\SysWOW64\Bfaigclq.exe	Bdapehop.exe
File created	C:\Windows\SysWOW64\Akpbem32.dll	Hcljmj32.exe
File created	C:\Windows\SysWOW64\Pnifekmd.exe	Pjkmomfn.exe
File opened for modification	C:\Windows\SysWOW64\Nocbfjmc.exe	Napameoi.exe
File created	C:\Windows\SysWOW64\Pomncfge.exe	Pfeijqqe.exe
File created	C:\Windows\SysWOW64\Nfcabp32.exe	Npgmpf32.exe
File created	C:\Windows\SysWOW64\Bghgmioe.dll	Cgqlcg32.exe
File opened for modification	C:\Windows\SysWOW64\Hnphoj32.exe	Halhfe32.exe
File created	C:\Windows\SysWOW64\Elfahb32.dll	Daollh32.exe
File created	C:\Windows\SysWOW64\Hhlpmmgb.dll	Kpoalo32.exe
File opened for modification	C:\Windows\SysWOW64\Dkcndeen.exe	Dafppp32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Qikbaaml.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jlanpfkj.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Oomelheh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Pmmeak32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Eanmnefk.dll"	Llmhaold.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bbdcakkc.dll"	Fiqjke32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jidinqpb.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Qdoacabq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dmjmekgn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mpaifo32.dll"	Hgeihiac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hopaik32.dll"	Lddble32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Mdnebc32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Pjkmomfn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Cdhffg32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Fkgillpj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dlqgpnjq.dll"	Pcpgmf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jlobem32.dll"	Bpkdjofm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ipdndloi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Kemhei32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Cgpfqchb.dll"	Jemfhacc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Kheekkjl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Nphnbpql.dll"	Kcmfnd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Eeeaodnk.dll"	Lpepbgbd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Pafkgphl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mfikmmob.dll"	Ejojljqa.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jdalog32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Mqkiok32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Pmphaaln.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Bdeiqgkj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Oomelheh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mohpjh32.dll"	Hgcmbj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Odedipge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bgcboj32.dll"	Poidhg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Giljfddl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Nqmojd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Nbebbk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qekjhmdj.dll"	Kdkoef32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gjbpbd32.dll"	Odedipge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Pnifekmd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Inclga32.dll"	Hbgkei32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Dnngpj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dpjkgoka.dll"	Kemhei32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ahfmpnql.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Llnnmhfe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Nfnamjhk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ghaeocdd.dll"	Obgohklm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Hgeihiac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Kejloi32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dfhegp32.dll"	Oljoen32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Knenkbio.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Fqeioiam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Hahokfag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Pafkgphl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bfaigclq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ggccllai.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gaagdbfm.dll"	Oclkgccf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Obgohklm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Fncnpk32.dll"	Jhoeef32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Oenflo32.dll"	Pomncfge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Hahokfag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Enlcahgh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ohnncn32.dll"	Jhhodg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Balfdi32.dll"	Jlanpfkj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gpdkpe32.dll"	Loopdmpk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3220 wrote to memory of 1980	3220	053ead18c277cbc0eaa7709937600950_NeikiAnalytics.exe	90
PID 3220 wrote to memory of 1980	3220	053ead18c277cbc0eaa7709937600950_NeikiAnalytics.exe	90
PID 3220 wrote to memory of 1980	3220	053ead18c277cbc0eaa7709937600950_NeikiAnalytics.exe	90
PID 1980 wrote to memory of 3668	1980	Ipjoja32.exe	91
PID 1980 wrote to memory of 3668	1980	Ipjoja32.exe	91
PID 1980 wrote to memory of 3668	1980	Ipjoja32.exe	91
PID 3668 wrote to memory of 4768	3668	Jiiicf32.exe	92
PID 3668 wrote to memory of 4768	3668	Jiiicf32.exe	92
PID 3668 wrote to memory of 4768	3668	Jiiicf32.exe	92
PID 4768 wrote to memory of 2184	4768	Jcdjbk32.exe	93
PID 4768 wrote to memory of 2184	4768	Jcdjbk32.exe	93
PID 4768 wrote to memory of 2184	4768	Jcdjbk32.exe	93
PID 2184 wrote to memory of 4492	2184	Jlolpq32.exe	94
PID 2184 wrote to memory of 4492	2184	Jlolpq32.exe	94
PID 2184 wrote to memory of 4492	2184	Jlolpq32.exe	94
PID 4492 wrote to memory of 1088	4492	Kpoalo32.exe	95
PID 4492 wrote to memory of 1088	4492	Kpoalo32.exe	95
PID 4492 wrote to memory of 1088	4492	Kpoalo32.exe	95
PID 1088 wrote to memory of 3356	1088	Knenkbio.exe	96
PID 1088 wrote to memory of 3356	1088	Knenkbio.exe	96
PID 1088 wrote to memory of 3356	1088	Knenkbio.exe	96
PID 3356 wrote to memory of 2936	3356	Llmhaold.exe	97
PID 3356 wrote to memory of 2936	3356	Llmhaold.exe	97
PID 3356 wrote to memory of 2936	3356	Llmhaold.exe	97
PID 2936 wrote to memory of 4052	2936	Lgdidgjg.exe	98
PID 2936 wrote to memory of 4052	2936	Lgdidgjg.exe	98
PID 2936 wrote to memory of 4052	2936	Lgdidgjg.exe	98
PID 4052 wrote to memory of 2928	4052	Lnangaoa.exe	99
PID 4052 wrote to memory of 2928	4052	Lnangaoa.exe	99
PID 4052 wrote to memory of 2928	4052	Lnangaoa.exe	99
PID 2928 wrote to memory of 5012	2928	Mmfkhmdi.exe	100
PID 2928 wrote to memory of 5012	2928	Mmfkhmdi.exe	100
PID 2928 wrote to memory of 5012	2928	Mmfkhmdi.exe	100
PID 5012 wrote to memory of 2176	5012	Mogcihaj.exe	101
PID 5012 wrote to memory of 2176	5012	Mogcihaj.exe	101
PID 5012 wrote to memory of 2176	5012	Mogcihaj.exe	101
PID 2176 wrote to memory of 1292	2176	Mjodla32.exe	102
PID 2176 wrote to memory of 1292	2176	Mjodla32.exe	102
PID 2176 wrote to memory of 1292	2176	Mjodla32.exe	102
PID 1292 wrote to memory of 5044	1292	Mqkiok32.exe	103
PID 1292 wrote to memory of 5044	1292	Mqkiok32.exe	103
PID 1292 wrote to memory of 5044	1292	Mqkiok32.exe	103
PID 5044 wrote to memory of 1900	5044	Njfkmphe.exe	104
PID 5044 wrote to memory of 1900	5044	Njfkmphe.exe	104
PID 5044 wrote to memory of 1900	5044	Njfkmphe.exe	104
PID 1900 wrote to memory of 4500	1900	Nncccnol.exe	105
PID 1900 wrote to memory of 4500	1900	Nncccnol.exe	105
PID 1900 wrote to memory of 4500	1900	Nncccnol.exe	105
PID 4500 wrote to memory of 4608	4500	Npgmpf32.exe	106
PID 4500 wrote to memory of 4608	4500	Npgmpf32.exe	106
PID 4500 wrote to memory of 4608	4500	Npgmpf32.exe	106
PID 4608 wrote to memory of 2592	4608	Nfcabp32.exe	107
PID 4608 wrote to memory of 2592	4608	Nfcabp32.exe	107
PID 4608 wrote to memory of 2592	4608	Nfcabp32.exe	107
PID 2592 wrote to memory of 700	2592	Opnbae32.exe	108
PID 2592 wrote to memory of 700	2592	Opnbae32.exe	108
PID 2592 wrote to memory of 700	2592	Opnbae32.exe	108
PID 700 wrote to memory of 2432	700	Oclkgccf.exe	109
PID 700 wrote to memory of 2432	700	Oclkgccf.exe	109
PID 700 wrote to memory of 2432	700	Oclkgccf.exe	109
PID 2432 wrote to memory of 4072	2432	Ofmdio32.exe	110
PID 2432 wrote to memory of 4072	2432	Ofmdio32.exe	110
PID 2432 wrote to memory of 4072	2432	Ofmdio32.exe	110
PID 4072 wrote to memory of 2820	4072	Pjkmomfn.exe	111

C:\Users\Admin\AppData\Local\Temp\053ead18c277cbc0eaa7709937600950_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\053ead18c277cbc0eaa7709937600950_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3220
- C:\Windows\SysWOW64\Ipjoja32.exe
  C:\Windows\system32\Ipjoja32.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1980
- - C:\Windows\SysWOW64\Jiiicf32.exe
    C:\Windows\system32\Jiiicf32.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3668
  - - C:\Windows\SysWOW64\Jcdjbk32.exe
      C:\Windows\system32\Jcdjbk32.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4768
    - - C:\Windows\SysWOW64\Jlolpq32.exe
        
        C:\Windows\system32\Jlolpq32.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2184
      - C:\Windows\SysWOW64\Kpoalo32.exe
        
        C:\Windows\system32\Kpoalo32.exe
        6⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4492
        
        C:\Windows\SysWOW64\Knenkbio.exe
        
        C:\Windows\system32\Knenkbio.exe
        7⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1088
        
        C:\Windows\SysWOW64\Llmhaold.exe
        
        C:\Windows\system32\Llmhaold.exe
        8⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3356
        
        C:\Windows\SysWOW64\Lgdidgjg.exe
        
        C:\Windows\system32\Lgdidgjg.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2936
        
        C:\Windows\SysWOW64\Lnangaoa.exe
        
        C:\Windows\system32\Lnangaoa.exe
        10⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4052
        
        C:\Windows\SysWOW64\Mmfkhmdi.exe
        
        C:\Windows\system32\Mmfkhmdi.exe
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2928
        
        C:\Windows\SysWOW64\Mogcihaj.exe
        
        C:\Windows\system32\Mogcihaj.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5012
        
        C:\Windows\SysWOW64\Mjodla32.exe
        
        C:\Windows\system32\Mjodla32.exe
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2176
        
        C:\Windows\SysWOW64\Mqkiok32.exe
        
        C:\Windows\system32\Mqkiok32.exe
        14⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1292
        
        C:\Windows\SysWOW64\Njfkmphe.exe
        
        C:\Windows\system32\Njfkmphe.exe
        15⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5044
        
        C:\Windows\SysWOW64\Nncccnol.exe
        
        C:\Windows\system32\Nncccnol.exe
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1900
        
        C:\Windows\SysWOW64\Npgmpf32.exe
        
        C:\Windows\system32\Npgmpf32.exe
        17⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4500
        
        C:\Windows\SysWOW64\Nfcabp32.exe
        
        C:\Windows\system32\Nfcabp32.exe
        18⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4608
        
        C:\Windows\SysWOW64\Opnbae32.exe
        
        C:\Windows\system32\Opnbae32.exe
        19⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2592
        
        C:\Windows\SysWOW64\Oclkgccf.exe
        
        C:\Windows\system32\Oclkgccf.exe
        20⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:700
        
        C:\Windows\SysWOW64\Ofmdio32.exe
        
        C:\Windows\system32\Ofmdio32.exe
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2432
        
        C:\Windows\SysWOW64\Pjkmomfn.exe
        
        C:\Windows\system32\Pjkmomfn.exe
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4072
        
        C:\Windows\SysWOW64\Pnifekmd.exe
        
        C:\Windows\system32\Pnifekmd.exe
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:2820
        
        C:\Windows\SysWOW64\Pmnbfhal.exe
        
        C:\Windows\system32\Pmnbfhal.exe
        24⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4252
        
        C:\Windows\SysWOW64\Pdjgha32.exe
        
        C:\Windows\system32\Pdjgha32.exe
        25⤵
        Executes dropped EXE
        
        PID:2172
        
        C:\Windows\SysWOW64\Pmblagmf.exe
        
        C:\Windows\system32\Pmblagmf.exe
        26⤵
        Executes dropped EXE
        
        PID:1360
        
        C:\Windows\SysWOW64\Qdoacabq.exe
        
        C:\Windows\system32\Qdoacabq.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1888
        
        C:\Windows\SysWOW64\Aaenbd32.exe
        
        C:\Windows\system32\Aaenbd32.exe
        28⤵
        Executes dropped EXE
        
        PID:4368
        
        C:\Windows\SysWOW64\Ahfmpnql.exe
        
        C:\Windows\system32\Ahfmpnql.exe
        29⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:3712
        
        C:\Windows\SysWOW64\Bgkiaj32.exe
        
        C:\Windows\system32\Bgkiaj32.exe
        30⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3912
        
        C:\Windows\SysWOW64\Bmhocd32.exe
        
        C:\Windows\system32\Bmhocd32.exe
        31⤵
        Executes dropped EXE
        
        PID:3736
        
        C:\Windows\SysWOW64\Bpkdjofm.exe
        
        C:\Windows\system32\Bpkdjofm.exe
        32⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1184
        
        C:\Windows\SysWOW64\Cggimh32.exe
        
        C:\Windows\system32\Cggimh32.exe
        33⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4668
        
        C:\Windows\SysWOW64\Cgqlcg32.exe
        
        C:\Windows\system32\Cgqlcg32.exe
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2208
        
        C:\Windows\SysWOW64\Dafppp32.exe
        
        C:\Windows\system32\Dafppp32.exe
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1944
        
        C:\Windows\SysWOW64\Dkcndeen.exe
        
        C:\Windows\system32\Dkcndeen.exe
        36⤵
        Executes dropped EXE
        
        PID:2540
        
        C:\Windows\SysWOW64\Ehndnh32.exe
        
        C:\Windows\system32\Ehndnh32.exe
        37⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2520
        
        C:\Windows\SysWOW64\Ebifmm32.exe
        
        C:\Windows\system32\Ebifmm32.exe
        38⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5108
        
        C:\Windows\SysWOW64\Eghkjdoa.exe
        
        C:\Windows\system32\Eghkjdoa.exe
        39⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4776
        
        C:\Windows\SysWOW64\Fqbliicp.exe
        
        C:\Windows\system32\Fqbliicp.exe
        40⤵
        Executes dropped EXE
        
        PID:1648
        
        C:\Windows\SysWOW64\Fqeioiam.exe
        
        C:\Windows\system32\Fqeioiam.exe
        41⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4676
        
        C:\Windows\SysWOW64\Fgoakc32.exe
        
        C:\Windows\system32\Fgoakc32.exe
        42⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4408
        
        C:\Windows\SysWOW64\Fiqjke32.exe
        
        C:\Windows\system32\Fiqjke32.exe
        43⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:5080
        
        C:\Windows\SysWOW64\Gbiockdj.exe
        
        C:\Windows\system32\Gbiockdj.exe
        44⤵
        Executes dropped EXE
        
        PID:5004
        
        C:\Windows\SysWOW64\Gnblnlhl.exe
        
        C:\Windows\system32\Gnblnlhl.exe
        45⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4984
        
        C:\Windows\SysWOW64\Gndick32.exe
        
        C:\Windows\system32\Gndick32.exe
        46⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3208
        
        C:\Windows\SysWOW64\Gpdennml.exe
        
        C:\Windows\system32\Gpdennml.exe
        47⤵
        Executes dropped EXE
        
        PID:2908
        
        C:\Windows\SysWOW64\Giljfddl.exe
        
        C:\Windows\system32\Giljfddl.exe
        48⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:4148
        
        C:\Windows\SysWOW64\Hahokfag.exe
        
        C:\Windows\system32\Hahokfag.exe
        49⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2380
        
        C:\Windows\SysWOW64\Hbgkei32.exe
        
        C:\Windows\system32\Hbgkei32.exe
        50⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:3968
        
        C:\Windows\SysWOW64\Hhdcmp32.exe
        
        C:\Windows\system32\Hhdcmp32.exe
        51⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5036
        
        C:\Windows\SysWOW64\Halhfe32.exe
        
        C:\Windows\system32\Halhfe32.exe
        52⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:440
        
        C:\Windows\SysWOW64\Hnphoj32.exe
        
        C:\Windows\system32\Hnphoj32.exe
        53⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:1852
        
        C:\Windows\SysWOW64\Hhimhobl.exe
        
        C:\Windows\system32\Hhimhobl.exe
        54⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4640
        
        C:\Windows\SysWOW64\Inebjihf.exe
        
        C:\Windows\system32\Inebjihf.exe
        55⤵
        Executes dropped EXE
        
        PID:3140
        
        C:\Windows\SysWOW64\Ipdndloi.exe
        
        C:\Windows\system32\Ipdndloi.exe
        56⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1100
        
        C:\Windows\SysWOW64\Jidinqpb.exe
        
        C:\Windows\system32\Jidinqpb.exe
        57⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1724
        
        C:\Windows\SysWOW64\Jekjcaef.exe
        
        C:\Windows\system32\Jekjcaef.exe
        58⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2256
        
        C:\Windows\SysWOW64\Jemfhacc.exe
        
        C:\Windows\system32\Jemfhacc.exe
        59⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4008
        
        C:\Windows\SysWOW64\Jikoopij.exe
        
        C:\Windows\system32\Jikoopij.exe
        60⤵
        Executes dropped EXE
        
        PID:1924
        
        C:\Windows\SysWOW64\Jhplpl32.exe
        
        C:\Windows\system32\Jhplpl32.exe
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3804
        
        C:\Windows\SysWOW64\Kedlip32.exe
        
        C:\Windows\system32\Kedlip32.exe
        62⤵
        Executes dropped EXE
        
        PID:2212
        
        C:\Windows\SysWOW64\Kheekkjl.exe
        
        C:\Windows\system32\Kheekkjl.exe
        63⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:4760
        
        C:\Windows\SysWOW64\Kcmfnd32.exe
        
        C:\Windows\system32\Kcmfnd32.exe
        64⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:4360
        
        C:\Windows\SysWOW64\Kabcopmg.exe
        
        C:\Windows\system32\Kabcopmg.exe
        65⤵
        Executes dropped EXE
        
        PID:3264
        
        C:\Windows\SysWOW64\Lpepbgbd.exe
        
        C:\Windows\system32\Lpepbgbd.exe
        66⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2296
        
        C:\Windows\SysWOW64\Llnnmhfe.exe
        
        C:\Windows\system32\Llnnmhfe.exe
        67⤵
        Modifies registry class
        
        PID:4976
        
        C:\Windows\SysWOW64\Lhgkgijg.exe
        
        C:\Windows\system32\Lhgkgijg.exe
        68⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:1984
        
        C:\Windows\SysWOW64\Mhldbh32.exe
        
        C:\Windows\system32\Mhldbh32.exe
        69⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\Mcdeeq32.exe
        
        C:\Windows\system32\Mcdeeq32.exe
        70⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\Mjpjgj32.exe
        
        C:\Windows\system32\Mjpjgj32.exe
        71⤵
        
        PID:468
        
        C:\Windows\SysWOW64\Nqmojd32.exe
        
        C:\Windows\system32\Nqmojd32.exe
        72⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:2836
        
        C:\Windows\SysWOW64\Noblkqca.exe
        
        C:\Windows\system32\Noblkqca.exe
        73⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:1892
        
        C:\Windows\SysWOW64\Nfnamjhk.exe
        
        C:\Windows\system32\Nfnamjhk.exe
        74⤵
        Modifies registry class
        
        PID:832
        
        C:\Windows\SysWOW64\Nbebbk32.exe
        
        C:\Windows\system32\Nbebbk32.exe
        75⤵
        Modifies registry class
        
        PID:3828
        
        C:\Windows\SysWOW64\Obgohklm.exe
        
        C:\Windows\system32\Obgohklm.exe
        76⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:1564
        
        C:\Windows\SysWOW64\Objkmkjj.exe
        
        C:\Windows\system32\Objkmkjj.exe
        77⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\Oikjkc32.exe
        
        C:\Windows\system32\Oikjkc32.exe
        78⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\Padnaq32.exe
        
        C:\Windows\system32\Padnaq32.exe
        79⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\Pafkgphl.exe
        
        C:\Windows\system32\Pafkgphl.exe
        80⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:3844
        
        C:\Windows\SysWOW64\Pmphaaln.exe
        
        C:\Windows\system32\Pmphaaln.exe
        81⤵
        Modifies registry class
        
        PID:1164
        
        C:\Windows\SysWOW64\Qikbaaml.exe
        
        C:\Windows\system32\Qikbaaml.exe
        82⤵
        Modifies registry class
        
        PID:4296
        
        C:\Windows\SysWOW64\Apggckbf.exe
        
        C:\Windows\system32\Apggckbf.exe
        83⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\Aplaoj32.exe
        
        C:\Windows\system32\Aplaoj32.exe
        84⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5192
        
        C:\Windows\SysWOW64\Bmbnnn32.exe
        
        C:\Windows\system32\Bmbnnn32.exe
        85⤵
        Drops file in System32 directory
        
        PID:5236
        
        C:\Windows\SysWOW64\Bmdkcnie.exe
        
        C:\Windows\system32\Bmdkcnie.exe
        86⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\Bdapehop.exe
        
        C:\Windows\system32\Bdapehop.exe
        87⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5368
        
        C:\Windows\SysWOW64\Bfaigclq.exe
        
        C:\Windows\system32\Bfaigclq.exe
        88⤵
        Modifies registry class
        
        PID:5412
        
        C:\Windows\SysWOW64\Bdeiqgkj.exe
        
        C:\Windows\system32\Bdeiqgkj.exe
        89⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5464
        
        C:\Windows\SysWOW64\Cdhffg32.exe
        
        C:\Windows\system32\Cdhffg32.exe
        90⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5516
        
        C:\Windows\SysWOW64\Cpogkhnl.exe
        
        C:\Windows\system32\Cpogkhnl.exe
        91⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\Cmbgdl32.exe
        
        C:\Windows\system32\Cmbgdl32.exe
        92⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5620
        
        C:\Windows\SysWOW64\Ciihjmcj.exe
        
        C:\Windows\system32\Ciihjmcj.exe
        93⤵
        Drops file in System32 directory
        
        PID:5692
        
        C:\Windows\SysWOW64\Cgmhcaac.exe
        
        C:\Windows\system32\Cgmhcaac.exe
        94⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\Dmjmekgn.exe
        
        C:\Windows\system32\Dmjmekgn.exe
        95⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5784
        
        C:\Windows\SysWOW64\Dcffnbee.exe
        
        C:\Windows\system32\Dcffnbee.exe
        96⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\Dpjfgf32.exe
        
        C:\Windows\system32\Dpjfgf32.exe
        97⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5912
        
        C:\Windows\SysWOW64\Dnngpj32.exe
        
        C:\Windows\system32\Dnngpj32.exe
        98⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5988
        
        C:\Windows\SysWOW64\Djegekil.exe
        
        C:\Windows\system32\Djegekil.exe
        99⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\Daollh32.exe
        
        C:\Windows\system32\Daollh32.exe
        100⤵
        Drops file in System32 directory
        
        PID:6096
        
        C:\Windows\SysWOW64\Ekgqennl.exe
        
        C:\Windows\system32\Ekgqennl.exe
        101⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:2276
        
        C:\Windows\SysWOW64\Egnajocq.exe
        
        C:\Windows\system32\Egnajocq.exe
        102⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\Epffbd32.exe
        
        C:\Windows\system32\Epffbd32.exe
        103⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5280
        
        C:\Windows\SysWOW64\Ejojljqa.exe
        
        C:\Windows\system32\Ejojljqa.exe
        104⤵
        Modifies registry class
        
        PID:5376
        
        C:\Windows\SysWOW64\Enlcahgh.exe
        
        C:\Windows\system32\Enlcahgh.exe
        105⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5424
        
        C:\Windows\SysWOW64\Ekqckmfb.exe
        
        C:\Windows\system32\Ekqckmfb.exe
        106⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\Fggdpnkf.exe
        
        C:\Windows\system32\Fggdpnkf.exe
        107⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5660
        
        C:\Windows\SysWOW64\Fkgillpj.exe
        
        C:\Windows\system32\Fkgillpj.exe
        108⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5724
        
        C:\Windows\SysWOW64\Fjmfmh32.exe
        
        C:\Windows\system32\Fjmfmh32.exe
        109⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\Fnjocf32.exe
        
        C:\Windows\system32\Fnjocf32.exe
        110⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5920
        
        C:\Windows\SysWOW64\Ggccllai.exe
        
        C:\Windows\system32\Ggccllai.exe
        111⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6040
        
        C:\Windows\SysWOW64\Ggepalof.exe
        
        C:\Windows\system32\Ggepalof.exe
        112⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6104
        
        C:\Windows\SysWOW64\Gcqjal32.exe
        
        C:\Windows\system32\Gcqjal32.exe
        113⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\Hccggl32.exe
        
        C:\Windows\system32\Hccggl32.exe
        114⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\Hqghqpnl.exe
        
        C:\Windows\system32\Hqghqpnl.exe
        115⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\Hbfdjc32.exe
        
        C:\Windows\system32\Hbfdjc32.exe
        116⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\Hgcmbj32.exe
        
        C:\Windows\system32\Hgcmbj32.exe
        117⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5728
        
        C:\Windows\SysWOW64\Hnmeodjc.exe
        
        C:\Windows\system32\Hnmeodjc.exe
        118⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\Hgeihiac.exe
        
        C:\Windows\system32\Hgeihiac.exe
        119⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6140
        
        C:\Windows\SysWOW64\Hcljmj32.exe
        
        C:\Windows\system32\Hcljmj32.exe
        120⤵
        Drops file in System32 directory
        
        PID:5244
        
        C:\Windows\SysWOW64\Ielfgmnj.exe
        
        C:\Windows\system32\Ielfgmnj.exe
        121⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\Igmoih32.exe
        
        C:\Windows\system32\Igmoih32.exe
        122⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5676
        
        C:\Windows\SysWOW64\Iholohii.exe
        
        C:\Windows\system32\Iholohii.exe
        123⤵
        Drops file in System32 directory
        
        PID:6036
        
        C:\Windows\SysWOW64\Icfmci32.exe
        
        C:\Windows\system32\Icfmci32.exe
        124⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\Iajmmm32.exe
        
        C:\Windows\system32\Iajmmm32.exe
        125⤵
        Drops file in System32 directory
        
        PID:5604
        
        C:\Windows\SysWOW64\Ijbbfc32.exe
        
        C:\Windows\system32\Ijbbfc32.exe
        126⤵
        Drops file in System32 directory
        
        PID:6024
        
        C:\Windows\SysWOW64\Jlanpfkj.exe
        
        C:\Windows\system32\Jlanpfkj.exe
        127⤵
        Modifies registry class
        
        PID:5436
        
        C:\Windows\SysWOW64\Jhhodg32.exe
        
        C:\Windows\system32\Jhhodg32.exe
        128⤵
        Modifies registry class
        
        PID:6084
        
        C:\Windows\SysWOW64\Jbncbpqd.exe
        
        C:\Windows\system32\Jbncbpqd.exe
        129⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5556
        
        C:\Windows\SysWOW64\Jdalog32.exe
        
        C:\Windows\system32\Jdalog32.exe
        130⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5720
        
        C:\Windows\SysWOW64\Jhoeef32.exe
        
        C:\Windows\system32\Jhoeef32.exe
        131⤵
        Modifies registry class
        
        PID:6156
        
        C:\Windows\SysWOW64\Klmnkdal.exe
        
        C:\Windows\system32\Klmnkdal.exe
        132⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6200
        
        C:\Windows\SysWOW64\Kdhbpf32.exe
        
        C:\Windows\system32\Kdhbpf32.exe
        133⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6240
        
        C:\Windows\SysWOW64\Kdkoef32.exe
        
        C:\Windows\system32\Kdkoef32.exe
        134⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6284
        
        C:\Windows\SysWOW64\Kejloi32.exe
        
        C:\Windows\system32\Kejloi32.exe
        135⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6328
        
        C:\Windows\SysWOW64\Kemhei32.exe
        
        C:\Windows\system32\Kemhei32.exe
        136⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6372
        
        C:\Windows\SysWOW64\Lbqinm32.exe
        
        C:\Windows\system32\Lbqinm32.exe
        137⤵
        Drops file in System32 directory
        
        PID:6416
        
        C:\Windows\SysWOW64\Lddble32.exe
        
        C:\Windows\system32\Lddble32.exe
        138⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6460
        
        C:\Windows\SysWOW64\Ledoegkm.exe
        
        C:\Windows\system32\Ledoegkm.exe
        139⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\Lajokiaa.exe
        
        C:\Windows\system32\Lajokiaa.exe
        140⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\Loopdmpk.exe
        
        C:\Windows\system32\Loopdmpk.exe
        141⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6596
        
        C:\Windows\SysWOW64\Mkepineo.exe
        
        C:\Windows\system32\Mkepineo.exe
        142⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\Mdnebc32.exe
        
        C:\Windows\system32\Mdnebc32.exe
        143⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6684
        
        C:\Windows\SysWOW64\Maaekg32.exe
        
        C:\Windows\system32\Maaekg32.exe
        144⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\Moefdljc.exe
        
        C:\Windows\system32\Moefdljc.exe
        145⤵
        Drops file in System32 directory
        
        PID:6788
        
        C:\Windows\SysWOW64\Mlifnphl.exe
        
        C:\Windows\system32\Mlifnphl.exe
        146⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:6876
        
        C:\Windows\SysWOW64\Mllccpfj.exe
        
        C:\Windows\system32\Mllccpfj.exe
        147⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6932
        
        C:\Windows\SysWOW64\Medglemj.exe
        
        C:\Windows\system32\Medglemj.exe
        148⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\Nchhfild.exe
        
        C:\Windows\system32\Nchhfild.exe
        149⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7064
        
        C:\Windows\SysWOW64\Nooikj32.exe
        
        C:\Windows\system32\Nooikj32.exe
        150⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\Ndlacapp.exe
        
        C:\Windows\system32\Ndlacapp.exe
        151⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\Napameoi.exe
        
        C:\Windows\system32\Napameoi.exe
        152⤵
        Drops file in System32 directory
        
        PID:6208
        
        C:\Windows\SysWOW64\Nocbfjmc.exe
        
        C:\Windows\system32\Nocbfjmc.exe
        153⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\Ndpjnq32.exe
        
        C:\Windows\system32\Ndpjnq32.exe
        154⤵
        Drops file in System32 directory
        
        PID:6352
        
        C:\Windows\SysWOW64\Nfpghccm.exe
        
        C:\Windows\system32\Nfpghccm.exe
        155⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:6440
        
        C:\Windows\SysWOW64\Oljoen32.exe
        
        C:\Windows\system32\Oljoen32.exe
        156⤵
        Modifies registry class
        
        PID:6504
        
        C:\Windows\SysWOW64\Odedipge.exe
        
        C:\Windows\system32\Odedipge.exe
        157⤵
        Modifies registry class
        
        PID:6588
        
        C:\Windows\SysWOW64\Ookhfigk.exe
        
        C:\Windows\system32\Ookhfigk.exe
        158⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\Oomelheh.exe
        
        C:\Windows\system32\Oomelheh.exe
        159⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:6716
        
        C:\Windows\SysWOW64\Odjmdocp.exe
        
        C:\Windows\system32\Odjmdocp.exe
        160⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:6804
        
        C:\Windows\SysWOW64\Obnnnc32.exe
        
        C:\Windows\system32\Obnnnc32.exe
        161⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:6924
        
        C:\Windows\SysWOW64\Ocmjhfjl.exe
        
        C:\Windows\system32\Ocmjhfjl.exe
        162⤵
        Drops file in System32 directory
        
        PID:6968
        
        C:\Windows\SysWOW64\Pcpgmf32.exe
        
        C:\Windows\system32\Pcpgmf32.exe
        163⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7136
        
        C:\Windows\SysWOW64\Pmhkflnj.exe
        
        C:\Windows\system32\Pmhkflnj.exe
        164⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\Pfppoa32.exe
        
        C:\Windows\system32\Pfppoa32.exe
        165⤵
        Drops file in System32 directory
        
        PID:6276
        
        C:\Windows\SysWOW64\Poidhg32.exe
        
        C:\Windows\system32\Poidhg32.exe
        166⤵
        Modifies registry class
        
        PID:6484
        
        C:\Windows\SysWOW64\Pmmeak32.exe
        
        C:\Windows\system32\Pmmeak32.exe
        167⤵
        Modifies registry class
        
        PID:6584
        
        C:\Windows\SysWOW64\Pfeijqqe.exe
        
        C:\Windows\system32\Pfeijqqe.exe
        168⤵
        Drops file in System32 directory
        
        PID:6668
        
        C:\Windows\SysWOW64\Pomncfge.exe
        
        C:\Windows\system32\Pomncfge.exe
        169⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6828
        
        C:\Windows\SysWOW64\Qmanljfo.exe
        
        C:\Windows\system32\Qmanljfo.exe
        170⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\Qmckbjdl.exe
        
        C:\Windows\system32\Qmckbjdl.exe
        171⤵
        Drops file in System32 directory
        
        PID:7100
        
        C:\Windows\SysWOW64\Aflpkpjm.exe
        
        C:\Windows\system32\Aflpkpjm.exe
        172⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6280
        
        C:\Windows\SysWOW64\Acppddig.exe
        
        C:\Windows\system32\Acppddig.exe
        173⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\Amhdmi32.exe
        
        C:\Windows\system32\Amhdmi32.exe
        174⤵
        
        PID:6612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:5456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Aaenbd32.exe

Filesize
77KB

MD5
2426a06f2355bc061fe6b5bd29a24849

SHA1
ecd2215a3ca36d2a792229a4be0debd92e3a2123

SHA256
fb0db84c6c971d9135495234c0f5973f0ca4237cb07cf78ee2f469ae84a201d9

SHA512
c310fea1125fbca1d88cb21339cd3e1fda8bb2492f732d8e525f00d91df95147167f776a1a9af509e1635f70e23c03dfe4ef4508f72f444493146df9036c38f3

Download Submit
C:\Windows\SysWOW64\Ahfmpnql.exe

Filesize
77KB

MD5
9a6e84703cf40c863b4e2f6f41fbaa96

SHA1
693096aa4caac9436b599581366dc07518dac89a

SHA256
f063c148fba3e5e975610d4f0530c9f4bf4087e435a1ddb7b3cc0669abf022cc

SHA512
359bf5b3d9152d54ef26709a64bd615d88c4aefd836d933bb1b776ebbb1ba7f51f9ed25dc1b3b947840b0bbe737f4ac24ad104c8902743cf67f56242efa198fc

Download Submit
C:\Windows\SysWOW64\Aplaoj32.exe

Filesize
77KB

MD5
66a594ae0ed84a849bbd35681950844a

SHA1
f35da9634d680a93820c61da3f795a354c47825e

SHA256
cea997425e1dec4506459a452f46f805210d285bbe3a40f251076f32ddd0fd9c

SHA512
127d06a851d422431fd2c84fb2657930fc8fd8325f50e56ede1bdf2a8e978aa5a2ec70e4a7a033ca0ef2b644594a53d6ab062dca56fdcc1142cee4fabaa18599

Download Submit
C:\Windows\SysWOW64\Bgkiaj32.exe

Filesize
77KB

MD5
35b14ec7bc035a7f9033996f0f1210b8

SHA1
0ed7d7fd6c1722d67b0e0a10f123441542260fae

SHA256
cd6894bd232322e959caac09998901438cd74fd7e0b8068678add29125069ce0

SHA512
3f6bcd7e55af45b676f9239fa70562332266b83fc6b8745501419e940a3b356fa2d38c403e14a9deb98fa62d361c961d907d4f1f495db5538a61b9930ebc4ea9

Download Submit
C:\Windows\SysWOW64\Bmhocd32.exe

Filesize
77KB

MD5
9e59a21e92c4292936246e3b8aea8262

SHA1
d858c577fc96d27ada65faabae9849e24b84a515

SHA256
0b1ddc8ec73d9014a4fc652b909b9db22ac455581d324a484d0d9b23b37c25da

SHA512
2cb82baf685f4ea7f0602165a3eaff80ea7aa41127260b583b24df8b8531f874597d86e4cdda95c5d05d601cfcd390c791e6865d9190f20ddd4ad47343b97024

Download Submit
C:\Windows\SysWOW64\Bpkdjofm.exe

Filesize
77KB

MD5
dd487112e396903e5cd6210d4543abfb

SHA1
5912474b2471c4bb29fd7814d55e87e0c8191044

SHA256
d2fe05e79e1cc3814509fa19c34ed14b90c62eb7cd273287c175abb177cf4028

SHA512
24edb7f6557181c797c19afe667e282ad210d7599c74a5b83f6c5177af51aa0421ca3b3496cd2918be77a832948b2fccf7d3692813e33006940c912e23d43218

Download Submit
C:\Windows\SysWOW64\Cggimh32.exe

Filesize
77KB

MD5
8afeed87a1646a3df85ec2766bd63b8d

SHA1
89b00a452b7c681db06fbd1cec459abeb000bdc0

SHA256
0abee45f8fabe2704a771aa7385a053f6cd51973124baf34dc55b2bb6491f58b

SHA512
c6afc992450fcfc2a83891a736d4600f5cdeca09baefab231bafc608f7db024fa65ad8dcb56e126c80b188a7b275be4e63a1004d2645db135ea5495e95754531

Download Submit
C:\Windows\SysWOW64\Dkcndeen.exe

Filesize
77KB

MD5
6baec5c1ab3bf643c5ea3fb245a95d26

SHA1
37958f5c998eb562ceeb439a8080954a5d1c7605

SHA256
ae90a29b8a7858bd73a0f7c9eb34671a647afc324d2d71a7680127a86ef4fda0

SHA512
0ba7c6e55b39cfef70f19bcd3c7ab1358f4472d148e374aa7cae2b9f01b2cdb12a26abdfe2875c505c8d617adf5b02599dae37ee6ee327cdd2136e9c53a7565c

Download Submit
C:\Windows\SysWOW64\Ebifmm32.exe

Filesize
77KB

MD5
304b5d00634f5e94ce21ad0d1effd7d6

SHA1
59e020a1f8a6cb2eb22622935887882acd94d6ff

SHA256
0fa94fa4c32b3daf1f445c6d8b682f386701223f4a3ffbc659d6da9c74fb2f5f

SHA512
a36878c6d67d6903556559c423484b87c68bcc05aeba9f68ba7db09827145ea1d4114a2ea4f29c7e7ce913d4aa5b143f74a50afd71605980af3e5c16910fc6b7

Download Submit
C:\Windows\SysWOW64\Fgoakc32.exe

Filesize
77KB

MD5
4098a01b1d1d5b7f8352e37f252bba3e

SHA1
15a02cb3b16fb8e8a727451718f043caed965330

SHA256
f49f94f348e5ffdf142e91da7a56ad296a617c9a90cff6354e2944411316ee90

SHA512
270bad8e1b79b2582acb105093025e2e1e7ba0135a3d38ac5351ee487a83f0d8799717c5ddaea2dbd3e7b3416de058a7789940f05d2380d2817982e5fc157015

Download Submit
C:\Windows\SysWOW64\Hgeihiac.exe

Filesize
77KB

MD5
9acc7dc8b160d4afe84500acefe52c5a

SHA1
9a5519aab03ee1a7d03ac2ff11f4c5987178e2a4

SHA256
f89994742a07ad7a8766914f2fe3f680adfbf2b866f4f217691fbe5912d455f0

SHA512
29accc7f3f724468201ff8e129f53b7f5e651ccad7eb207d022db6ee083999c12a765ed889a5c97db4726bc1e3b53a4449bab6005466207ad29b4dea9a55fd15

Download Submit
C:\Windows\SysWOW64\Hqghqpnl.exe

Filesize
77KB

MD5
69a2c0f78d39be7288182b01db2b8784

SHA1
6a1e67e7d68928f96fd8ed4e71a880867d78e819

SHA256
3139acfe32a9939d3cdd20d914ed553334f8b1a3f01aa26fc1602b1dade077a0

SHA512
e7eba835782260364793fe0be7e8ac12dfc7802446a8880eb570bb4fdca08a9bc326401a88e7a868949435a8a2c1c27127043bb1f8651d51053631dd07c3211f

Download Submit
C:\Windows\SysWOW64\Ielfgmnj.exe

Filesize
77KB

MD5
3b5e7da5ab613f50d9f10067e971b745

SHA1
20a8edc760975327e48d41622c437a063bd25fcf

SHA256
155b096c05e449d31acfe9e363caa124af90bc23a550d73783930c1b5165c599

SHA512
5a744511d074fb106d36cf8fb0321975c0a9c7d618fb8ba6c3cdb2552a8df0d16f70af8a1c88d9d1aeae0abe4ff4a3866d5a2d71e5b2f57d799d4c601e6c1337

Download Submit
C:\Windows\SysWOW64\Ijbbfc32.exe

Filesize
77KB

MD5
44bf0c0339916cf4e05c945660899f4b

SHA1
c0162cef7cf934229e0978cd14b90820d99030b4

SHA256
40dafe36d18110242d62f7dc2afa8a41ebe25045743cdc6418f66fdb9a6caef7

SHA512
362ae3ca2671461915b0dbccfbc44a11b5954529cf0d604b9bf4ebcda77a8090750739ce5fc103d50348e972703aff5edfbdd5859d908ce462e3f19c85366de1

Download Submit
C:\Windows\SysWOW64\Ipdndloi.exe

Filesize
77KB

MD5
b8a928207bbafa42b2cbd2eb12a6fa35

SHA1
4b7c72c0a6a5247162f0b5a75302cd8f4317c997

SHA256
778d7be64c0801d10c42446bd9fa9668d5ced03a3baea0d5e271ca170c760eb8

SHA512
19bdd74262ae8c3e51447ff3964d7307c9bb1802beba660f6d87449683017657ba0dfad61cdfdf9312653fbe3a13c7f0f349897959d6ecdd298595c6ec4b1e85

Download Submit
C:\Windows\SysWOW64\Ipjoja32.exe

Filesize
77KB

MD5
3bc2e15aebf3a085879081c6e1a2d12a

SHA1
59e3d6c9a8f1b3ed684d594a511d1049899999b5

SHA256
165b92a42322aac21e5ea62c2c393ae5c6e18ea95bd16e7726a1e86d9413ca17

SHA512
329290f942cc0f365fb43d949b6e43dd71bb784091f6167045c09542d22dacc0a91b27acb73dd4a0a9f8a2638ab533a2c437d45c1646bdc2e6c90e4a1a73a109

Download Submit
C:\Windows\SysWOW64\Jbncbpqd.exe

Filesize
77KB

MD5
5bb409319738e12a39f0dbaec9de7e34

SHA1
40036f017fc036bbe8c162b5b406688491ca4eae

SHA256
580ab2a3bfa54b0f0c623835112745b8012ac0d96f74fc5a01e5af6b77800484

SHA512
2a95f53fffdaad665e07d96c922793f831360e32a0717d44338cdefe7cab3932ab691c318bef5fd863f6796bb2f15070bdd493da52bfe11d8834a060b65e5e68

Download Submit
C:\Windows\SysWOW64\Jcdjbk32.exe

Filesize
77KB

MD5
8da5ae2199a4b61e8a147d7760d41df9

SHA1
6e7ec815ed5bc0ddd02b8d2924c410b82d1dd823

SHA256
3831938abafb1b658fb44143b5dba5beb064f758cbbbc15e50571f5fdaa1785a

SHA512
96bae33fe93e6ff7ae358fad775879ba9bbbda51a8c3057b7fe40b2c37768a64096f53fdd327e2e4bf4f4519890ac9693b64067b54bb07e0fa4ec7694d1c073a

Download Submit
C:\Windows\SysWOW64\Jhoeef32.exe

Filesize
77KB

MD5
c3fd6bef8afebd446708b11d80f838eb

SHA1
3c24e648353e2d65e63c4251f828378303a5d33a

SHA256
7001d1119fb2c24d08162d82a2379ffac082979b333ce9e4d020dc43c8735bf5

SHA512
bac46f5606974c1a8ca31877a97c1225ec67ee7b675f7dd7cf1d1613444724281d7ab1d1cc2e777955c3ebef4d53d2a7bdd4c7124979f7cd6d3238913edb0c1c

Download Submit
C:\Windows\SysWOW64\Jiiicf32.exe

Filesize
77KB

MD5
3f779b1685110ee677472f1582de505c

SHA1
ceeac3913f57f5fc9d288c66f166dcf1c9d93be1

SHA256
95a2bf9d1e0a5cb3fb2b6f42c8433c91c9b5f6bfc4ad8be98118601cbd25f110

SHA512
34fc45a254f1c821f21ac9f0104dc6f4461336f8562d1fc99d1831404aea54036d0ba4f16949b50d15cc13610a9034c4de58a18259170039f339dc26d03c4656

Download Submit
C:\Windows\SysWOW64\Jikoopij.exe

Filesize
77KB

MD5
8b97ff6d352f9353dc941a66ef855a97

SHA1
5852bd8ce36b8602245e2799bbd58ad074624c1f

SHA256
52ffbbd61d6548744875c77c61c88a164b9fa55550e1c0c3eb3406ab8f5c8372

SHA512
f7b96549a18d92294b7a7e9f3482088cf11161a0ed3cbef08862e663c0dd1fb71477fd5ee8d5b22a60394b7cfb6fe82531af9ab225d384f91385aaf2806c817f

Download Submit
C:\Windows\SysWOW64\Jlolpq32.exe

Filesize
77KB

MD5
72681b49c2f391aa8bed73d83ba2f3d3

SHA1
d679cac7423352829b521c08c358bce3f31fea65

SHA256
c0baa99ee0611dbfcbc90361445ae8cf19e3ad2f78d651638d8c2cd0a82c69cd

SHA512
301f965b2928fdf43e0939e286609ca4a31187a7f5d65e7828916bb4a60f6148c0c1348ba3aa084b50a7725d32795dcae219565096ca0c44f9fc0884fb32e5e7

Download Submit
C:\Windows\SysWOW64\Kdkoef32.exe

Filesize
77KB

MD5
cee54423b3ce31110362a7a7864e00f7

SHA1
0011335828ac256970d3a3fb98fee78aad2bb01f

SHA256
6f5722aa940e99e2a1c042a9eed30d62575be9c71ec54da39b8329587633b557

SHA512
002cdad523b95749b29969227c5a16be767a7633b6f517bfc01ed6b279aed0f345a53a5a034697b4732e5796fc96d7d7b68232c3e29f58cfe8d5648efea744c8

Download Submit
C:\Windows\SysWOW64\Knenkbio.exe

Filesize
77KB

MD5
815999a0293a16282cb44b6e6c9c14d2

SHA1
e58b83ea53bd255b0bbe81e07ec8d755b1f3ac04

SHA256
bac42c4c0cbc25053d03af00f816934c524a1ec975ed1c057fc6adc81d0475ee

SHA512
303887e614c86392661cb4bc6c1d5a652c46813fcf4206b2c9b9835ce15bf8c2f3af68a630a84ec01e9c91bfedfbcdf5c81f62bbb9dcb016e4ec19315d068752

Download Submit
C:\Windows\SysWOW64\Kpoalo32.exe

Filesize
77KB

MD5
11a6fa346758e4909fc5569b2b6add1a

SHA1
94ebec2faf9c8d5167c0c961c1991608e21fc4ba

SHA256
c84036a308f180377d310b166cf3c3f815825addd22e2514a950446de4cc1568

SHA512
e66722e687590a01a18468991ab6f817686de21510d32b6b498629e196d0b2378b550455215558165d98b11f4a01d7b84bbccdc02d85e80e73a468018769a45a

Download Submit
C:\Windows\SysWOW64\Lgdidgjg.exe

Filesize
77KB

MD5
607967c9565dd413aac00346f55c443d

SHA1
5ca23b26abbcc4f49ee46ed43bbc1906fe35d8be

SHA256
d9be02864fa667de313c2b71e64b91500b420df34d422d603281a15cc9a34a55

SHA512
140937b8357683a5dc251ca00ec8d4fb3234899961bc154474ac33afcca93a2a5a9da8dbe67bdb99330e7af5039b5ce55b82f5521da5a6b88fe207ac346f3790

Download Submit
C:\Windows\SysWOW64\Lhgkgijg.exe

Filesize
77KB

MD5
6189a56dd04f3c6753a0924c72d159b1

SHA1
1ee04c9a9585956bde35434660b2f723acf1c21f

SHA256
9f359efdd9b314334debfabaac59c869fee93ff40be66742109e862975be88b6

SHA512
de46f8bee4623f29c203e8f006a04e2c025eb5ce03b4bb5a8de965266b67e60cb3a2b56dc5f35a8ed04a387b75b81d6809e70b206e4ac30b0d96822af7e1d594

Download Submit
C:\Windows\SysWOW64\Llmhaold.exe

Filesize
77KB

MD5
aa96ca538e9b2e2992e8cb780c4b553f

SHA1
b83a5e369b71625a45ad7f9c83465e78c538ff59

SHA256
fb5ba44a5dcdad96f8c6d42dc578caa0b3d94bf587703c3345c44f2007f41712

SHA512
bab0d13c773dc3656119fe6362bfc96dddbb83beb4ecca12e70e605439032de148316d3db65ac39a44bc094d2eb531783fc72a15d0e6868b67ee795da53531a3

Download Submit
C:\Windows\SysWOW64\Lnangaoa.exe

Filesize
77KB

MD5
80942e869a92538820d86baa73eb43db

SHA1
b5b3ac177eb0d96c3568d2f302b1b445c1edea91

SHA256
d772ff1c40922fa049ddc255fd4996ec402c9c53ca061b2f3d3ec50d99b89037

SHA512
839898749ac6da09741e2155e7d41bd66d7f8ddac91e9f5bbf8421f95b16fe532e8c8013c9ea4ff41fffeed2b16cf40f3970b6aa39128fa600e3b1a8dee043b2

Download Submit
C:\Windows\SysWOW64\Loopdmpk.exe

Filesize
77KB

MD5
32d7a07ed509e14ec63bd7db4a5fe719

SHA1
5b2c485e8c2a38b15a23428704947f7fb73c0d9c

SHA256
a89763c1935e2ad48ffc98a11c67bf19a8c9e41d9c4898d96263b083d78ac53d

SHA512
876bfffc0d382380cc0b223e3c57dedf848e819872d0242acd7caf25b24c5fe7cc52212930bc08b054f6c3bc92bd413667fad56c09aa9168d1be6a69fef906ec

Download Submit
C:\Windows\SysWOW64\Mdnebc32.exe

Filesize
77KB

MD5
7a608197217df00c02e14f4f4de834e8

SHA1
d4bf17b59ac7887c3ba231a94bf17d7e5bdec98d

SHA256
1f16372b6631dbed36463bba66858405ca4de1084445841a91cdb956d6077528

SHA512
14222efac726c7a36754a48a1e46fcbdee5eb1cbaae99856e23a4886d7527fdfcd446e6faa7d10b3ad27877e62f84778909a3fbe7e58d104c90e55e097662191

Download Submit
C:\Windows\SysWOW64\Mjodla32.exe

Filesize
77KB

MD5
63787792005c46c1832254ec1597ec82

SHA1
39fc25946617b8cd321baef7db60edd74dfc9f00

SHA256
b247593d52b0ff4fd3c369ea6ebf0216a8ce6dfae922587338ab03686aaa0760

SHA512
f9a674fdbae2f145ee31ef7336abb9995e72eb49ec83a39f19e74055fdfe869a49ada7bb7f3a4f8bb858a535971fe982ca42814a78a0bd5c8dc402bfb0182e6c

Download Submit
C:\Windows\SysWOW64\Mmfkhmdi.exe

Filesize
77KB

MD5
d5f23b9be06fca47c6589fcabbdcc30f

SHA1
815be2104a00fd81b33d4a718d8a5230bf937e14

SHA256
fbee3975626cc9bd543b7fbd8d5c5f33dd23b261303058ae602dde48133e3270

SHA512
5f2d259cc0a4d8e403aabc081cb38dd7c90605dc603522a54094ababc2a30518dbd7d1c42a71ef4249fb0380c6856be2370542fb729d3ff15a2b1bd946ca4269

Download Submit
C:\Windows\SysWOW64\Mogcihaj.exe

Filesize
77KB

MD5
a426c3915ade6e382ebfd9c6b37a8779

SHA1
5701055dfeadaf11854879b9a59c644df847e286

SHA256
59e4ce89a187767e34bd600880da91ccb02876f380d9ded82f0042f44ffa1168

SHA512
3a35b4d7e0fa8d0ba428ddfc987acafb0339bd5b18cfbaf5321aaa7c17f9ad09b8926ae74b5f71193fa01c1b44b22e31ff93e93530f1ea714f52ea0134fe44be

Download Submit
C:\Windows\SysWOW64\Mqkiok32.exe

Filesize
77KB

MD5
8845be3fc82fb505ab7a911abd38e5a6

SHA1
59dde51424d91ec1034f681ab7f0f7d5814ee396

SHA256
1dfbeb41f599c731efecd1ef28badbe60ffb3158e21b212e1519e8b07405312c

SHA512
5acaa68421954568543293b742502d3e568dec45182c64eb65c5d42bbe25b48eebb7e139f5e0cee3407e70a34d15ec86bd2fc8a43afbe8431967c6707e381e1b

Download Submit
C:\Windows\SysWOW64\Nfcabp32.exe

Filesize
77KB

MD5
01b01cb80e7918edf89285e1f64321f3

SHA1
05a8a54ff590709fdf6fe488659350429940cffe

SHA256
3dda3873f588c84b4af2641f1858c423eae6817633eedebc4f0c728ffacd5a76

SHA512
ac62e4ebc99f3b83f340972e2012cae7eafe13af5ca95f2089342cfcdc0f87ab98e3411b21250268a65eb82a4a7b80ec2d2975d828a2836a97a5806215bb7147

Download Submit
C:\Windows\SysWOW64\Njfkmphe.exe

Filesize
77KB

MD5
b9498d454fb3732af4646616a215012a

SHA1
85fb557cd9882dddb2dece049acdb173e5ed5045

SHA256
7bb92498b6d00eac7abd871f8d1e394383a172ad98633c91f6fc6e451acad1d3

SHA512
aed46c39c12849060834bbe1e2d09ee2a593aa1272d9153972da55669fb2ddabe71e8e300508ff61fa053d905cf0ce7b7dec73f05906ff2cf1c2081d207ad426

Download Submit
C:\Windows\SysWOW64\Nncccnol.exe

Filesize
77KB

MD5
5e5b080ff16a64849f60d81a22ff7a2a

SHA1
c7958d777a8d1cd0161901819d141eb3cc31e4f1

SHA256
83ae9fba872e3547df785bb8ddbb78bcfae6b8702ed0413e35b002cfa88bfd38

SHA512
500ecfd814fe8257319bf8a1cad26f98defc640007974b467c8dc1d84a0184f235e82b1782ab3cc50a460bed012dcb63ebd6465e009fbbeff567a2709f555e2b

Download Submit
C:\Windows\SysWOW64\Npgmpf32.exe

Filesize
77KB

MD5
e25ff619307a42e9646f46f42816a62f

SHA1
bcd3920d4a2c668370e8e8214e91921574c901cd

SHA256
46dfd8e053d35a91cc5d5925a2a2592806fcad24115019ef92153dcb1c09b94c

SHA512
7b0e947859be742923452ab48c6521c482e0ef3e47aec8e78807ed4c5bbf5b33ab00de8ff32b6ff5f86834f099daea3aee0d04c1a1ba6606fc072c08e1ead9db

Download Submit
C:\Windows\SysWOW64\Oclkgccf.exe

Filesize
77KB

MD5
3407048cfb8be0427b10d7b6f1116e1b

SHA1
79c0d39055621fd3f1f985569b813aaf9cd1d06b

SHA256
615f1c6d7bfff1c9a43a9ff2cd6e51f0d0cfae876e47dddb288a0e03b2b6f64f

SHA512
a38eacad31465a82c83108835bad8948e0f65e5931cde1466fb34b0792de535475e05b8fbe185c283c95021deb9eee7ebd540a74310905f8c0798fa4e44ddaba

Download Submit
C:\Windows\SysWOW64\Ofmdio32.exe

Filesize
77KB

MD5
1f5d9d62fc5762f350fd9796023c88cb

SHA1
143e5165ae0216ad4d1a0bd6171ab1d3cdef76f7

SHA256
1235a612177afe3fe57d5c24785184b9e7a41f8584c1dfccbadb11d32933ebf9

SHA512
f275508161491bd6e28335374fb7694af3eac751c3d48dadcabdee8becaf03cd9ab8e8a255bd5743e86f344887e814d8d32bdd76cbaaf5fc637ad46d9cf1e27d

Download Submit
C:\Windows\SysWOW64\Oikjkc32.exe

Filesize
77KB

MD5
7181b2a7e2e3be0dd437916c8ad7a9d7

SHA1
4318ff77d356ec026e30a7aaa6af7219fb68c053

SHA256
cd99909a8351a209f50166e7dbb897a927c46d847b5f1cfd11085429730d3aa8

SHA512
c99fa75626367a70627fc70d413d468fb6ae28e02127df0b1a8bd1155288dfa270a6b8ab56e5c3477c17cb29dc67a32a107ac986bf0c0d887d953782d531428c

Download Submit
C:\Windows\SysWOW64\Ookhfigk.exe

Filesize
77KB

MD5
d9a236d7ddba039285e4636bd780ea40

SHA1
ba9f3c3f290df53f9a83b89c06a9c36b76fd9e4b

SHA256
bae07b2e5c0a75b94803774fc8a5651db29237b5fb642b9fe71594d5cea60606

SHA512
86d44517a6588225a66c39585c1ebddb05714b470ab51f757574ac10429c06cb42e6339b184ae4fc8f8413bb62a62344633a968649e59b249c29f23ae973c5f2

Download Submit
C:\Windows\SysWOW64\Opnbae32.exe

Filesize
77KB

MD5
72dd6f4bbc4f1c2308fd9111297d7d7b

SHA1
73d2fa5a63bb00e56ebe07ca4d9e632f4306ed28

SHA256
7cc88d041ad42f81433cb583e52f239d9772202b90b25840ecfabfe70369db12

SHA512
e7975c9dcbad8238b886106e7d070708a05675c186728823faac31b22c2778254e4902d4bcc7ae20a0ff3d9184a52a41c4a55b58f87b671ae0e6239748e4904f

Download Submit
C:\Windows\SysWOW64\Pdjgha32.exe

Filesize
77KB

MD5
d8fb8d9bea4b5fce31cad86f3fd97dd4

SHA1
5e2efe7e619fd0d3c2c1f5dafd3aa6c5e998213f

SHA256
657ba65e2c8968d5f2545d0d247e0d9c5d3941d816f0296835c119fd4b9e42cf

SHA512
3f89d9588cac0785d26a67d77cf07ba35d6d042bb4cb0869be0ff14c788a8236885dba230418cab33235800ac1ad3f725b7903d61acf0a5915676e1da10c5f70

Download Submit
C:\Windows\SysWOW64\Pjkmomfn.exe

Filesize
77KB

MD5
b1eb469a027f2d956eff89de466f3c35

SHA1
450c35c67bed49be6cedad951f3d97adfef181b5

SHA256
75a7e82264b9448d84ae84e7d9fdb2cb5cc55a15f0f6deded57d2f14fc0af785

SHA512
f4786722370a5f29987e254b3c984c63ed3008ebf2927564593aa8e6c80bccf70e2c63938a078405ed1a3107a248f67defa3dc23437edfe2bf5ab22d248dc361

Download Submit
C:\Windows\SysWOW64\Pmblagmf.exe

Filesize
77KB

MD5
c2dbab7008981b6c6195f6e1fd5b4ae7

SHA1
a7c9173b012264f625b8f76f4a4850ca2e8639f4

SHA256
b10d39e383fdba11e964f6822a755c802b0a0d422dad7119f5e1738a4e67e035

SHA512
2fe2072934cca707ffa393ba7808a2a9d2fa99b759445db3b40c50f8872eac191b065175286f5821f4649bf0118fb0dabcd0f9eea0e2fb7b1ad9dbf62874b487

Download Submit
C:\Windows\SysWOW64\Pmnbfhal.exe

Filesize
77KB

MD5
8c51166237526d8c0a5d3814a69464e9

SHA1
ed53e2d5d0cdc48ca74ddfbef0fb8337c3ba2dd5

SHA256
53956ffa9f9f44808f1dba57b01be391992ecbda49ce8b211779cc9a04e0cdd1

SHA512
a37b3624b6fe3a060ebe72b4e6aa9f5a7046b1102e64136987ea01a01f110aeb4461de4deed64e5f827db2e858718e68c383ca9043d24d6cc751d8303a01cab7

Download Submit
C:\Windows\SysWOW64\Pnifekmd.exe

Filesize
77KB

MD5
9fbf2138035d3e6392c8ff070fcdc220

SHA1
56089bf2504a5957c9a54bd25c62b1435eb05e38

SHA256
e40e495d658e7d03f9c5359c0b74e059c5a88df2db579ce01f19240edcd69caf

SHA512
9dbdd5fd336e20ad8d448966ce11dbcc4177426e1b16e8e13a80ef50fba107925b7f06525e577eab98d3fc8145e4b1e2df098bcebf478f644cbd0943051face9

Download Submit
C:\Windows\SysWOW64\Qdoacabq.exe

Filesize
77KB

MD5
9f2a70961d553ccb2d8b5fd35830d63b

SHA1
ccb3ba1395308bd85d843f6c0ed0c3aa7926db46

SHA256
e9cb9d8f84a41b007b6fbe0d8ab8805738343587534ab20843c2fa32183c423c

SHA512
76a514c566a8cabd4a4ea6b76e1e3b746d8e7a445584b0f46f31327a677b0f5a95a3bb4ab4963be47cfc30d4a37aa6d7dd982f40679e04162b0bef36a5b2ef66

Download Submit
C:\Windows\SysWOW64\Qmckbjdl.exe

Filesize
77KB

MD5
9993d7020c6bb254d8f4b24635e22348

SHA1
79e316d8f6850bcd8d52257d6849468d6e8316f1

SHA256
c64c1b17fc18bc6ed1b94c901c38779faa0e8e4ab8a2e2e60d7e30694b0c50a0

SHA512
e468e866977394eb6b81eadd0d9020288b0f0df2dd5cf5c0516d7b3e4a0631b9e8abb19ddb0a422fd0b117dff80954b48f109df3dd9537be4d438d152604f316

Download Submit
memory/440-370-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/468-480-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/700-152-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/832-498-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1088-48-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1088-582-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1100-390-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1164-545-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1184-248-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1292-104-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1360-200-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1564-514-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1648-299-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1724-398-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1852-372-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1888-208-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1892-492-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1900-120-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1924-414-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1944-269-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1980-547-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1980-9-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1984-462-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2172-193-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2176-96-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2184-33-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2184-568-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2208-263-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2212-426-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2256-402-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2296-450-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2380-353-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2432-161-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2520-281-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2540-275-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2592-144-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2820-176-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2836-486-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2908-345-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2924-474-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2928-81-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2936-64-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3096-523-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3140-384-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3208-335-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3220-522-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3220-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3220-1-0x0000000000431000-0x0000000000432000-memory.dmp

Filesize
4KB

Download
memory/3264-444-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3356-56-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3356-589-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3668-16-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3668-554-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3712-224-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3736-240-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3804-420-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3828-504-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3844-535-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3912-233-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3968-354-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4008-408-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4048-468-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4052-72-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4064-516-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4072-168-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4148-352-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4252-185-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4296-548-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4360-438-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4368-217-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4408-311-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4492-575-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4492-40-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4500-128-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4608-136-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4628-533-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4640-378-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4668-256-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4676-305-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4760-432-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4768-24-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4768-561-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4776-293-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4976-456-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4984-329-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5004-323-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5012-88-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5036-360-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5044-112-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5080-317-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5108-287-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5148-555-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5192-562-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5236-569-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5300-576-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5368-583-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads