d12579cde7407f9f5f1508912a900784fec9c2ec87c7a6d7e2a6b37641063d65

Analysis

max time kernel
140s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24d12af7af510369b55f3ab9f1a73ec0_NeikiAnalytics.exe
Size

391KB
MD5

24d12af7af510369b55f3ab9f1a73ec0
SHA1

b5266298226ba0a37a3b3bcbbe5977ad4f52e1cc
SHA256

d12579cde7407f9f5f1508912a900784fec9c2ec87c7a6d7e2a6b37641063d65
SHA512

3b9d32004d6b85f012dc5858f8b5f98beb85099526a88721b35996395522aeb4f1faeb6febd32d0362df01852a9d0e04c1be55a760f75b15f42a132d9405b1e2
SSDEEP

6144:6WcmUFrqsotaAfbAfNtTAfMAfFAfNPUmKyIxLfYeOO9UmKyIxL:H6FumNtuhUNP3cOK3

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Cajcbgml.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ehljfnpn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Jlednamo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Kdqejn32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ldanqkki.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Odkjng32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qdbiedpa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Bhhdil32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Djgjlelk.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dknpmdfc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Hiefcj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Kimnbd32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cndikf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ehljfnpn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ecandfpd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Icnpmp32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pqbdjfln.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Aqppkd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ehimanbq.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jmhale32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kimnbd32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pjhlml32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Icgjmapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ojllan32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qjoankoi.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Eadopc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Fdgdgnbm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Fooeif32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Fbnafb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jidklf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Klgqcqkl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bjokdipf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Dllfkn32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dlncan32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Gomakdcp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Hcmgfbhd.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lbjlfi32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Heapdjlp.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lfkaag32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ojgbfocc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Pmoahijl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Bgcknmop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Cfpnph32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Calhnpgn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dohfbj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Eabbjc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Mbfkbhpa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Mnebeogl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Njefqo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Qmmnjfnl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jpgmha32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Eapedd32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jefbfgig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Aeniabfd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ddonekbl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Flnlhk32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fbnafb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Odmgcgbi.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pmdkch32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pgioqq32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Dknpmdfc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Fkffog32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qgqeappe.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fohoigfh.exe

Executes dropped EXE 64 IoCs

pid	Process
1676	Cafigg32.exe
640	Cojjqlpk.exe
2480	Cahfmgoo.exe
720	Clnjjpod.exe
3312	Cajcbgml.exe
2348	Chdkoa32.exe
5040	Ckcgkldl.exe
3964	Cdkldb32.exe
3208	Ckedalaj.exe
4092	Dbllbibl.exe
3184	Dekhneap.exe
4708	Dldpkoil.exe
2356	Dboigi32.exe
3448	Demecd32.exe
220	Dhkapp32.exe
4816	Dkjmlk32.exe
924	Dadeieea.exe
4984	Ddbbeade.exe
3388	Dlijfneg.exe
2612	Dohfbj32.exe
3188	Dafbne32.exe
840	Dddojq32.exe
1400	Dllfkn32.exe
3268	Dceohhja.exe
4732	Dedkdcie.exe
3932	Dhbgqohi.exe
3372	Dlncan32.exe
3276	Eolpmi32.exe
1356	Echknh32.exe
372	Eefhjc32.exe
1704	Edihepnm.exe
4784	Ehedfo32.exe
3612	Eoolbinc.exe
2868	Eamhodmf.exe
4580	Edkdkplj.exe
4432	Ehgqln32.exe
4924	Ekemhj32.exe
4400	Ecmeig32.exe
4036	Eapedd32.exe
888	Ehimanbq.exe
3644	Eleiam32.exe
5036	Eocenh32.exe
1420	Eabbjc32.exe
4628	Edpnfo32.exe
3024	Ehljfnpn.exe
3512	Ekjfcipa.exe
1460	Ecandfpd.exe
1964	Eadopc32.exe
776	Ehnglm32.exe
1560	Fljcmlfd.exe
4004	Fohoigfh.exe
4604	Fafkecel.exe
2420	Fdegandp.exe
2468	Fhqcam32.exe
3724	Fkopnh32.exe
4948	Fcfhof32.exe
1216	Ffddka32.exe
4584	Fdgdgnbm.exe
2256	Flnlhk32.exe
4824	Fomhdg32.exe
1512	Fchddejl.exe
4472	Ffgqqaip.exe
664	Fhemmlhc.exe
4000	Flqimk32.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Baacma32.dll	Ampkof32.exe
File created	C:\Windows\SysWOW64\Bhoilahe.dll	Jifhaenk.exe
File created	C:\Windows\SysWOW64\Pjjhbl32.exe	Pgllfp32.exe
File created	C:\Windows\SysWOW64\Jlednamo.exe	Jifhaenk.exe
File created	C:\Windows\SysWOW64\Odmgcgbi.exe	Olfobjbg.exe
File created	C:\Windows\SysWOW64\Dlijfneg.exe	Ddbbeade.exe
File created	C:\Windows\SysWOW64\Odapnf32.exe	Olkhmi32.exe
File created	C:\Windows\SysWOW64\Echegpbb.dll	Agjhgngj.exe
File created	C:\Windows\SysWOW64\Ndqgbjkm.dll	Jeklag32.exe
File opened for modification	C:\Windows\SysWOW64\Nfgmjqop.exe	Ndfqbhia.exe
File created	C:\Windows\SysWOW64\Fafkecel.exe	Fohoigfh.exe
File created	C:\Windows\SysWOW64\Fhpili32.dll	Ecandfpd.exe
File created	C:\Windows\SysWOW64\Jmknaell.exe	Jfaedkdp.exe
File opened for modification	C:\Windows\SysWOW64\Ogpmjb32.exe	Odapnf32.exe
File created	C:\Windows\SysWOW64\Fchddejl.exe	Fomhdg32.exe
File opened for modification	C:\Windows\SysWOW64\Dedkdcie.exe	Dceohhja.exe
File created	C:\Windows\SysWOW64\Oijgnaaa.dll	Fdlnbm32.exe
File opened for modification	C:\Windows\SysWOW64\Clnjjpod.exe	Cahfmgoo.exe
File created	C:\Windows\SysWOW64\Dldpkoil.exe	Dekhneap.exe
File created	C:\Windows\SysWOW64\Popodg32.dll	Pclgkb32.exe
File opened for modification	C:\Windows\SysWOW64\Qddfkd32.exe	Qmmnjfnl.exe
File created	C:\Windows\SysWOW64\Lommhphi.dll	Bfabnjjp.exe
File created	C:\Windows\SysWOW64\Nloiakho.exe	Njqmepik.exe
File opened for modification	C:\Windows\SysWOW64\Cnkplejl.exe	Chagok32.exe
File created	C:\Windows\SysWOW64\Mcgdgamg.dll	Cajcbgml.exe
File created	C:\Windows\SysWOW64\Klgqcqkl.exe	Kiidgeki.exe
File opened for modification	C:\Windows\SysWOW64\Ipnjab32.exe	Iicbehnq.exe
File created	C:\Windows\SysWOW64\Hcdmga32.exe	Hmjdjgjo.exe
File created	C:\Windows\SysWOW64\Ladjgikj.dll	Ogkcpbam.exe
File opened for modification	C:\Windows\SysWOW64\Icgjmapi.exe	Iiaephpc.exe
File opened for modification	C:\Windows\SysWOW64\Mmbfpp32.exe	Mmpijp32.exe
File opened for modification	C:\Windows\SysWOW64\Ampkof32.exe	Anmjcieo.exe
File opened for modification	C:\Windows\SysWOW64\Jpijnqkp.exe	Jmknaell.exe
File created	C:\Windows\SysWOW64\Gnbinq32.dll	Kdeoemeg.exe
File opened for modification	C:\Windows\SysWOW64\Eleiam32.exe	Ehimanbq.exe
File opened for modification	C:\Windows\SysWOW64\Njqmepik.exe	Nebdoa32.exe
File created	C:\Windows\SysWOW64\Fqjamcpe.dll	Cfmajipb.exe
File created	C:\Windows\SysWOW64\Hhkephlb.dll	Fdgdgnbm.exe
File created	C:\Windows\SysWOW64\Lmiciaaj.exe	Lgokmgjm.exe
File opened for modification	C:\Windows\SysWOW64\Qgcbgo32.exe	Qddfkd32.exe
File created	C:\Windows\SysWOW64\Dhbgqohi.exe	Dedkdcie.exe
File opened for modification	C:\Windows\SysWOW64\Anogiicl.exe	Afhohlbj.exe
File opened for modification	C:\Windows\SysWOW64\Aeiofcji.exe	Anogiicl.exe
File created	C:\Windows\SysWOW64\Fpdaoioe.dll	Deokon32.exe
File opened for modification	C:\Windows\SysWOW64\Likjcbkc.exe	Lgmngglp.exe
File opened for modification	C:\Windows\SysWOW64\Mipcob32.exe	Mbfkbhpa.exe
File created	C:\Windows\SysWOW64\Ceqnmpfo.exe	Caebma32.exe
File opened for modification	C:\Windows\SysWOW64\Ddonekbl.exe	Daqbip32.exe
File created	C:\Windows\SysWOW64\Kngpec32.dll	Doilmc32.exe
File opened for modification	C:\Windows\SysWOW64\Cafigg32.exe	24d12af7af510369b55f3ab9f1a73ec0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\Hjfhhm32.dll	Cndikf32.exe
File opened for modification	C:\Windows\SysWOW64\Bmngqdpj.exe	Bjokdipf.exe
File created	C:\Windows\SysWOW64\Cenahpha.exe	Cmgjgcgo.exe
File created	C:\Windows\SysWOW64\Jmehcnhg.dll	Ipnjab32.exe
File opened for modification	C:\Windows\SysWOW64\Jplfcpin.exe	Jmmjgejj.exe
File opened for modification	C:\Windows\SysWOW64\Pmdkch32.exe	Pjeoglgc.exe
File created	C:\Windows\SysWOW64\Dmcibama.exe	Dfiafg32.exe
File opened for modification	C:\Windows\SysWOW64\Hijooifk.exe	Hcmgfbhd.exe
File opened for modification	C:\Windows\SysWOW64\Ekemhj32.exe	Ehgqln32.exe
File created	C:\Windows\SysWOW64\Clncadfb.dll	Ogpmjb32.exe
File created	C:\Windows\SysWOW64\Dnieoofh.dll	Ceqnmpfo.exe
File created	C:\Windows\SysWOW64\Dboigi32.exe	Dldpkoil.exe
File created	C:\Windows\SysWOW64\Jpijnqkp.exe	Jmknaell.exe
File opened for modification	C:\Windows\SysWOW64\Qnhahj32.exe	Pfaigm32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
8852	8756	WerFault.exe	365

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Bjfaeh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Dafbne32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pohkbc32.dll"	Gomakdcp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ibnccmbo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Bmngqdpj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Epbahkcp.dll"	Fkopnh32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Jlednamo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Kdeoemeg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cafigg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mnjgghdi.dll"	Aeniabfd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cdfkolkf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Icnpmp32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Likjcbkc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Oneklm32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Cnffqf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Flnlhk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Lemphdgj.dll"	Mdmnlj32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Banllbdn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Pggbkagp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Bnpppgdj.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Gomakdcp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Pjjhbl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Qdbiedpa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Npfhbbpk.dll"	Dekhneap.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Eocenh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dbagnedl.dll"	Pncgmkmj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Fbnafb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ogkcpbam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	24d12af7af510369b55f3ab9f1a73ec0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Jbjcolha.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ldanqkki.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Jpppnp32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Aqppkd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Caebma32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Nlaegk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hmmblqfc.dll"	Pcppfaka.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Kgngca32.dll"	Qjoankoi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Jefbfgig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ampkof32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ffddka32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Blleba32.dll"	Mipcob32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Mmbfpp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Eefhjc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pglcddpd.dll"	Hbnjmp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jcjpfk32.dll"	Lgmngglp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jdeflhhf.dll"	Ndhmhh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Pdkcde32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jijjfldq.dll"	Bffkij32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Dhbgqohi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Aipoal32.dll"	Eolpmi32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gbdhjm32.dll"	Nebdoa32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Pclgkb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ogifjcdp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Qddfkd32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Hmhhehlb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Elogmm32.dll"	Jbeidl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Flgehc32.dll"	Cdabcm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ddonekbl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Dlijfneg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Gomakdcp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Iedoeq32.dll"	Hiefcj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pjngmo32.dll"	Chagok32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Dlncan32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Aglemn32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 1676	4192	24d12af7af510369b55f3ab9f1a73ec0_NeikiAnalytics.exe	85
PID 4192 wrote to memory of 1676	4192	24d12af7af510369b55f3ab9f1a73ec0_NeikiAnalytics.exe	85
PID 4192 wrote to memory of 1676	4192	24d12af7af510369b55f3ab9f1a73ec0_NeikiAnalytics.exe	85
PID 1676 wrote to memory of 640	1676	Cafigg32.exe	86
PID 1676 wrote to memory of 640	1676	Cafigg32.exe	86
PID 1676 wrote to memory of 640	1676	Cafigg32.exe	86
PID 640 wrote to memory of 2480	640	Cojjqlpk.exe	87
PID 640 wrote to memory of 2480	640	Cojjqlpk.exe	87
PID 640 wrote to memory of 2480	640	Cojjqlpk.exe	87
PID 2480 wrote to memory of 720	2480	Cahfmgoo.exe	88
PID 2480 wrote to memory of 720	2480	Cahfmgoo.exe	88
PID 2480 wrote to memory of 720	2480	Cahfmgoo.exe	88
PID 720 wrote to memory of 3312	720	Clnjjpod.exe	89
PID 720 wrote to memory of 3312	720	Clnjjpod.exe	89
PID 720 wrote to memory of 3312	720	Clnjjpod.exe	89
PID 3312 wrote to memory of 2348	3312	Cajcbgml.exe	90
PID 3312 wrote to memory of 2348	3312	Cajcbgml.exe	90
PID 3312 wrote to memory of 2348	3312	Cajcbgml.exe	90
PID 2348 wrote to memory of 5040	2348	Chdkoa32.exe	91
PID 2348 wrote to memory of 5040	2348	Chdkoa32.exe	91
PID 2348 wrote to memory of 5040	2348	Chdkoa32.exe	91
PID 5040 wrote to memory of 3964	5040	Ckcgkldl.exe	92
PID 5040 wrote to memory of 3964	5040	Ckcgkldl.exe	92
PID 5040 wrote to memory of 3964	5040	Ckcgkldl.exe	92
PID 3964 wrote to memory of 3208	3964	Cdkldb32.exe	93
PID 3964 wrote to memory of 3208	3964	Cdkldb32.exe	93
PID 3964 wrote to memory of 3208	3964	Cdkldb32.exe	93
PID 3208 wrote to memory of 4092	3208	Ckedalaj.exe	94
PID 3208 wrote to memory of 4092	3208	Ckedalaj.exe	94
PID 3208 wrote to memory of 4092	3208	Ckedalaj.exe	94
PID 4092 wrote to memory of 3184	4092	Dbllbibl.exe	95
PID 4092 wrote to memory of 3184	4092	Dbllbibl.exe	95
PID 4092 wrote to memory of 3184	4092	Dbllbibl.exe	95
PID 3184 wrote to memory of 4708	3184	Dekhneap.exe	96
PID 3184 wrote to memory of 4708	3184	Dekhneap.exe	96
PID 3184 wrote to memory of 4708	3184	Dekhneap.exe	96
PID 4708 wrote to memory of 2356	4708	Dldpkoil.exe	97
PID 4708 wrote to memory of 2356	4708	Dldpkoil.exe	97
PID 4708 wrote to memory of 2356	4708	Dldpkoil.exe	97
PID 2356 wrote to memory of 3448	2356	Dboigi32.exe	98
PID 2356 wrote to memory of 3448	2356	Dboigi32.exe	98
PID 2356 wrote to memory of 3448	2356	Dboigi32.exe	98
PID 3448 wrote to memory of 220	3448	Demecd32.exe	99
PID 3448 wrote to memory of 220	3448	Demecd32.exe	99
PID 3448 wrote to memory of 220	3448	Demecd32.exe	99
PID 220 wrote to memory of 4816	220	Dhkapp32.exe	100
PID 220 wrote to memory of 4816	220	Dhkapp32.exe	100
PID 220 wrote to memory of 4816	220	Dhkapp32.exe	100
PID 4816 wrote to memory of 924	4816	Dkjmlk32.exe	101
PID 4816 wrote to memory of 924	4816	Dkjmlk32.exe	101
PID 4816 wrote to memory of 924	4816	Dkjmlk32.exe	101
PID 924 wrote to memory of 4984	924	Dadeieea.exe	102
PID 924 wrote to memory of 4984	924	Dadeieea.exe	102
PID 924 wrote to memory of 4984	924	Dadeieea.exe	102
PID 4984 wrote to memory of 3388	4984	Ddbbeade.exe	103
PID 4984 wrote to memory of 3388	4984	Ddbbeade.exe	103
PID 4984 wrote to memory of 3388	4984	Ddbbeade.exe	103
PID 3388 wrote to memory of 2612	3388	Dlijfneg.exe	104
PID 3388 wrote to memory of 2612	3388	Dlijfneg.exe	104
PID 3388 wrote to memory of 2612	3388	Dlijfneg.exe	104
PID 2612 wrote to memory of 3188	2612	Dohfbj32.exe	105
PID 2612 wrote to memory of 3188	2612	Dohfbj32.exe	105
PID 2612 wrote to memory of 3188	2612	Dohfbj32.exe	105
PID 3188 wrote to memory of 840	3188	Dafbne32.exe	106

C:\Users\Admin\AppData\Local\Temp\24d12af7af510369b55f3ab9f1a73ec0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\24d12af7af510369b55f3ab9f1a73ec0_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Windows\SysWOW64\Cafigg32.exe
  C:\Windows\system32\Cafigg32.exe
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1676
- - C:\Windows\SysWOW64\Cojjqlpk.exe
    C:\Windows\system32\Cojjqlpk.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:640
  - - C:\Windows\SysWOW64\Cahfmgoo.exe
      C:\Windows\system32\Cahfmgoo.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2480
    - - C:\Windows\SysWOW64\Clnjjpod.exe
        
        C:\Windows\system32\Clnjjpod.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:720
      - C:\Windows\SysWOW64\Cajcbgml.exe
        
        C:\Windows\system32\Cajcbgml.exe
        6⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3312
        
        C:\Windows\SysWOW64\Chdkoa32.exe
        
        C:\Windows\system32\Chdkoa32.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2348
        
        C:\Windows\SysWOW64\Ckcgkldl.exe
        
        C:\Windows\system32\Ckcgkldl.exe
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5040
        
        C:\Windows\SysWOW64\Cdkldb32.exe
        
        C:\Windows\system32\Cdkldb32.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3964
        
        C:\Windows\SysWOW64\Ckedalaj.exe
        
        C:\Windows\system32\Ckedalaj.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3208
        
        C:\Windows\SysWOW64\Dbllbibl.exe
        
        C:\Windows\system32\Dbllbibl.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4092
        
        C:\Windows\SysWOW64\Dekhneap.exe
        
        C:\Windows\system32\Dekhneap.exe
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3184
        
        C:\Windows\SysWOW64\Dldpkoil.exe
        
        C:\Windows\system32\Dldpkoil.exe
        13⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4708
        
        C:\Windows\SysWOW64\Dboigi32.exe
        
        C:\Windows\system32\Dboigi32.exe
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2356
        
        C:\Windows\SysWOW64\Demecd32.exe
        
        C:\Windows\system32\Demecd32.exe
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3448
        
        C:\Windows\SysWOW64\Dhkapp32.exe
        
        C:\Windows\system32\Dhkapp32.exe
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:220
        
        C:\Windows\SysWOW64\Dkjmlk32.exe
        
        C:\Windows\system32\Dkjmlk32.exe
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4816
        
        C:\Windows\SysWOW64\Dadeieea.exe
        
        C:\Windows\system32\Dadeieea.exe
        18⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:924
        
        C:\Windows\SysWOW64\Ddbbeade.exe
        
        C:\Windows\system32\Ddbbeade.exe
        19⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4984
        
        C:\Windows\SysWOW64\Dlijfneg.exe
        
        C:\Windows\system32\Dlijfneg.exe
        20⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3388
        
        C:\Windows\SysWOW64\Dohfbj32.exe
        
        C:\Windows\system32\Dohfbj32.exe
        21⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2612
        
        C:\Windows\SysWOW64\Dafbne32.exe
        
        C:\Windows\system32\Dafbne32.exe
        22⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3188
        
        C:\Windows\SysWOW64\Dddojq32.exe
        
        C:\Windows\system32\Dddojq32.exe
        23⤵
        Executes dropped EXE
        
        PID:840
        
        C:\Windows\SysWOW64\Dllfkn32.exe
        
        C:\Windows\system32\Dllfkn32.exe
        24⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:1400
        
        C:\Windows\SysWOW64\Dceohhja.exe
        
        C:\Windows\system32\Dceohhja.exe
        25⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3268
        
        C:\Windows\SysWOW64\Dedkdcie.exe
        
        C:\Windows\system32\Dedkdcie.exe
        26⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4732
        
        C:\Windows\SysWOW64\Dhbgqohi.exe
        
        C:\Windows\system32\Dhbgqohi.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3932
        
        C:\Windows\SysWOW64\Dlncan32.exe
        
        C:\Windows\system32\Dlncan32.exe
        28⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:3372
        
        C:\Windows\SysWOW64\Eolpmi32.exe
        
        C:\Windows\system32\Eolpmi32.exe
        29⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3276
        
        C:\Windows\SysWOW64\Echknh32.exe
        
        C:\Windows\system32\Echknh32.exe
        30⤵
        Executes dropped EXE
        
        PID:1356
        
        C:\Windows\SysWOW64\Eefhjc32.exe
        
        C:\Windows\system32\Eefhjc32.exe
        31⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:372
        
        C:\Windows\SysWOW64\Edihepnm.exe
        
        C:\Windows\system32\Edihepnm.exe
        32⤵
        Executes dropped EXE
        
        PID:1704
        
        C:\Windows\SysWOW64\Ehedfo32.exe
        
        C:\Windows\system32\Ehedfo32.exe
        33⤵
        Executes dropped EXE
        
        PID:4784
        
        C:\Windows\SysWOW64\Eoolbinc.exe
        
        C:\Windows\system32\Eoolbinc.exe
        34⤵
        Executes dropped EXE
        
        PID:3612
        
        C:\Windows\SysWOW64\Eamhodmf.exe
        
        C:\Windows\system32\Eamhodmf.exe
        35⤵
        Executes dropped EXE
        
        PID:2868
        
        C:\Windows\SysWOW64\Edkdkplj.exe
        
        C:\Windows\system32\Edkdkplj.exe
        36⤵
        Executes dropped EXE
        
        PID:4580
        
        C:\Windows\SysWOW64\Ehgqln32.exe
        
        C:\Windows\system32\Ehgqln32.exe
        37⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4432
        
        C:\Windows\SysWOW64\Ekemhj32.exe
        
        C:\Windows\system32\Ekemhj32.exe
        38⤵
        Executes dropped EXE
        
        PID:4924
        
        C:\Windows\SysWOW64\Ecmeig32.exe
        
        C:\Windows\system32\Ecmeig32.exe
        39⤵
        Executes dropped EXE
        
        PID:4400
        
        C:\Windows\SysWOW64\Eapedd32.exe
        
        C:\Windows\system32\Eapedd32.exe
        40⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4036
        
        C:\Windows\SysWOW64\Ehimanbq.exe
        
        C:\Windows\system32\Ehimanbq.exe
        41⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:888
        
        C:\Windows\SysWOW64\Eleiam32.exe
        
        C:\Windows\system32\Eleiam32.exe
        42⤵
        Executes dropped EXE
        
        PID:3644
        
        C:\Windows\SysWOW64\Eocenh32.exe
        
        C:\Windows\system32\Eocenh32.exe
        43⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:5036
        
        C:\Windows\SysWOW64\Eabbjc32.exe
        
        C:\Windows\system32\Eabbjc32.exe
        44⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:1420
        
        C:\Windows\SysWOW64\Edpnfo32.exe
        
        C:\Windows\system32\Edpnfo32.exe
        45⤵
        Executes dropped EXE
        
        PID:4628
        
        C:\Windows\SysWOW64\Ehljfnpn.exe
        
        C:\Windows\system32\Ehljfnpn.exe
        46⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3024
        
        C:\Windows\SysWOW64\Ekjfcipa.exe
        
        C:\Windows\system32\Ekjfcipa.exe
        47⤵
        Executes dropped EXE
        
        PID:3512
        
        C:\Windows\SysWOW64\Ecandfpd.exe
        
        C:\Windows\system32\Ecandfpd.exe
        48⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1460
        
        C:\Windows\SysWOW64\Eadopc32.exe
        
        C:\Windows\system32\Eadopc32.exe
        49⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:1964
        
        C:\Windows\SysWOW64\Ehnglm32.exe
        
        C:\Windows\system32\Ehnglm32.exe
        50⤵
        Executes dropped EXE
        
        PID:776
        
        C:\Windows\SysWOW64\Fljcmlfd.exe
        
        C:\Windows\system32\Fljcmlfd.exe
        51⤵
        Executes dropped EXE
        
        PID:1560
        
        C:\Windows\SysWOW64\Fohoigfh.exe
        
        C:\Windows\system32\Fohoigfh.exe
        52⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4004
        
        C:\Windows\SysWOW64\Fafkecel.exe
        
        C:\Windows\system32\Fafkecel.exe
        53⤵
        Executes dropped EXE
        
        PID:4604
        
        C:\Windows\SysWOW64\Fdegandp.exe
        
        C:\Windows\system32\Fdegandp.exe
        54⤵
        Executes dropped EXE
        
        PID:2420
        
        C:\Windows\SysWOW64\Fhqcam32.exe
        
        C:\Windows\system32\Fhqcam32.exe
        55⤵
        Executes dropped EXE
        
        PID:2468
        
        C:\Windows\SysWOW64\Fkopnh32.exe
        
        C:\Windows\system32\Fkopnh32.exe
        56⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3724
        
        C:\Windows\SysWOW64\Fcfhof32.exe
        
        C:\Windows\system32\Fcfhof32.exe
        57⤵
        Executes dropped EXE
        
        PID:4948
        
        C:\Windows\SysWOW64\Ffddka32.exe
        
        C:\Windows\system32\Ffddka32.exe
        58⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1216
        
        C:\Windows\SysWOW64\Fdgdgnbm.exe
        
        C:\Windows\system32\Fdgdgnbm.exe
        59⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4584
        
        C:\Windows\SysWOW64\Flnlhk32.exe
        
        C:\Windows\system32\Flnlhk32.exe
        60⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:2256
        
        C:\Windows\SysWOW64\Fomhdg32.exe
        
        C:\Windows\system32\Fomhdg32.exe
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4824
        
        C:\Windows\SysWOW64\Fchddejl.exe
        
        C:\Windows\system32\Fchddejl.exe
        62⤵
        Executes dropped EXE
        
        PID:1512
        
        C:\Windows\SysWOW64\Ffgqqaip.exe
        
        C:\Windows\system32\Ffgqqaip.exe
        63⤵
        Executes dropped EXE
        
        PID:4472
        
        C:\Windows\SysWOW64\Fhemmlhc.exe
        
        C:\Windows\system32\Fhemmlhc.exe
        64⤵
        Executes dropped EXE
        
        PID:664
        
        C:\Windows\SysWOW64\Flqimk32.exe
        
        C:\Windows\system32\Flqimk32.exe
        65⤵
        Executes dropped EXE
        
        PID:4000
        
        C:\Windows\SysWOW64\Fooeif32.exe
        
        C:\Windows\system32\Fooeif32.exe
        66⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4008
        
        C:\Windows\SysWOW64\Fbnafb32.exe
        
        C:\Windows\system32\Fbnafb32.exe
        67⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:1732
        
        C:\Windows\SysWOW64\Fdlnbm32.exe
        
        C:\Windows\system32\Fdlnbm32.exe
        68⤵
        Drops file in System32 directory
        
        PID:3036
        
        C:\Windows\SysWOW64\Fhgjblfq.exe
        
        C:\Windows\system32\Fhgjblfq.exe
        69⤵
        
        PID:208
        
        C:\Windows\SysWOW64\Fkffog32.exe
        
        C:\Windows\system32\Fkffog32.exe
        70⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4696
        
        C:\Windows\SysWOW64\Foabofnn.exe
        
        C:\Windows\system32\Foabofnn.exe
        71⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\Fbpnkama.exe
        
        C:\Windows\system32\Fbpnkama.exe
        72⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\Gomakdcp.exe
        
        C:\Windows\system32\Gomakdcp.exe
        73⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:4408
        
        C:\Windows\SysWOW64\Gfgjgo32.exe
        
        C:\Windows\system32\Gfgjgo32.exe
        74⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\Hiefcj32.exe
        
        C:\Windows\system32\Hiefcj32.exe
        75⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:2800
        
        C:\Windows\SysWOW64\Hkdbpe32.exe
        
        C:\Windows\system32\Hkdbpe32.exe
        76⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\Hbnjmp32.exe
        
        C:\Windows\system32\Hbnjmp32.exe
        77⤵
        Modifies registry class
        
        PID:1352
        
        C:\Windows\SysWOW64\Hihbijhn.exe
        
        C:\Windows\system32\Hihbijhn.exe
        78⤵
        
        PID:764
        
        C:\Windows\SysWOW64\Hkfoeega.exe
        
        C:\Windows\system32\Hkfoeega.exe
        79⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\Hcmgfbhd.exe
        
        C:\Windows\system32\Hcmgfbhd.exe
        80⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:4152
        
        C:\Windows\SysWOW64\Hijooifk.exe
        
        C:\Windows\system32\Hijooifk.exe
        81⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\Hodgkc32.exe
        
        C:\Windows\system32\Hodgkc32.exe
        82⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\Heapdjlp.exe
        
        C:\Windows\system32\Heapdjlp.exe
        83⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2688
        
        C:\Windows\SysWOW64\Hmhhehlb.exe
        
        C:\Windows\system32\Hmhhehlb.exe
        84⤵
        Modifies registry class
        
        PID:3544
        
        C:\Windows\SysWOW64\Hbeqmoji.exe
        
        C:\Windows\system32\Hbeqmoji.exe
        85⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\Hecmijim.exe
        
        C:\Windows\system32\Hecmijim.exe
        86⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\Hmjdjgjo.exe
        
        C:\Windows\system32\Hmjdjgjo.exe
        87⤵
        Drops file in System32 directory
        
        PID:3456
        
        C:\Windows\SysWOW64\Hcdmga32.exe
        
        C:\Windows\system32\Hcdmga32.exe
        88⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\Hfcicmqp.exe
        
        C:\Windows\system32\Hfcicmqp.exe
        89⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\Iiaephpc.exe
        
        C:\Windows\system32\Iiaephpc.exe
        90⤵
        Drops file in System32 directory
        
        PID:968
        
        C:\Windows\SysWOW64\Icgjmapi.exe
        
        C:\Windows\system32\Icgjmapi.exe
        91⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:1620
        
        C:\Windows\SysWOW64\Iicbehnq.exe
        
        C:\Windows\system32\Iicbehnq.exe
        92⤵
        Drops file in System32 directory
        
        PID:116
        
        C:\Windows\SysWOW64\Ipnjab32.exe
        
        C:\Windows\system32\Ipnjab32.exe
        93⤵
        Drops file in System32 directory
        
        PID:2904
        
        C:\Windows\SysWOW64\Iejcji32.exe
        
        C:\Windows\system32\Iejcji32.exe
        94⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\Imakkfdg.exe
        
        C:\Windows\system32\Imakkfdg.exe
        95⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\Ibnccmbo.exe
        
        C:\Windows\system32\Ibnccmbo.exe
        96⤵
        Modifies registry class
        
        PID:5136
        
        C:\Windows\SysWOW64\Iihkpg32.exe
        
        C:\Windows\system32\Iihkpg32.exe
        97⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\Imdgqfbd.exe
        
        C:\Windows\system32\Imdgqfbd.exe
        98⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\Icnpmp32.exe
        
        C:\Windows\system32\Icnpmp32.exe
        99⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5256
        
        C:\Windows\SysWOW64\Iikhfg32.exe
        
        C:\Windows\system32\Iikhfg32.exe
        100⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\Ibcmom32.exe
        
        C:\Windows\system32\Ibcmom32.exe
        101⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\Jmhale32.exe
        
        C:\Windows\system32\Jmhale32.exe
        102⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5420
        
        C:\Windows\SysWOW64\Jpgmha32.exe
        
        C:\Windows\system32\Jpgmha32.exe
        103⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5460
        
        C:\Windows\SysWOW64\Jbeidl32.exe
        
        C:\Windows\system32\Jbeidl32.exe
        104⤵
        Modifies registry class
        
        PID:5500
        
        C:\Windows\SysWOW64\Jfaedkdp.exe
        
        C:\Windows\system32\Jfaedkdp.exe
        105⤵
        Drops file in System32 directory
        
        PID:5556
        
        C:\Windows\SysWOW64\Jmknaell.exe
        
        C:\Windows\system32\Jmknaell.exe
        106⤵
        Drops file in System32 directory
        
        PID:5596
        
        C:\Windows\SysWOW64\Jpijnqkp.exe
        
        C:\Windows\system32\Jpijnqkp.exe
        107⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\Jefbfgig.exe
        
        C:\Windows\system32\Jefbfgig.exe
        108⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5688
        
        C:\Windows\SysWOW64\Jmmjgejj.exe
        
        C:\Windows\system32\Jmmjgejj.exe
        109⤵
        Drops file in System32 directory
        
        PID:5728
        
        C:\Windows\SysWOW64\Jplfcpin.exe
        
        C:\Windows\system32\Jplfcpin.exe
        110⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\Jbjcolha.exe
        
        C:\Windows\system32\Jbjcolha.exe
        111⤵
        Modifies registry class
        
        PID:5808
        
        C:\Windows\SysWOW64\Jidklf32.exe
        
        C:\Windows\system32\Jidklf32.exe
        112⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5852
        
        C:\Windows\SysWOW64\Jeklag32.exe
        
        C:\Windows\system32\Jeklag32.exe
        113⤵
        Drops file in System32 directory
        
        PID:5904
        
        C:\Windows\SysWOW64\Jifhaenk.exe
        
        C:\Windows\system32\Jifhaenk.exe
        114⤵
        Drops file in System32 directory
        
        PID:5940
        
        C:\Windows\SysWOW64\Jlednamo.exe
        
        C:\Windows\system32\Jlednamo.exe
        115⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5984
        
        C:\Windows\SysWOW64\Jpppnp32.exe
        
        C:\Windows\system32\Jpppnp32.exe
        116⤵
        Modifies registry class
        
        PID:6028
        
        C:\Windows\SysWOW64\Kfjhkjle.exe
        
        C:\Windows\system32\Kfjhkjle.exe
        117⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\Kiidgeki.exe
        
        C:\Windows\system32\Kiidgeki.exe
        118⤵
        Drops file in System32 directory
        
        PID:6108
        
        C:\Windows\SysWOW64\Klgqcqkl.exe
        
        C:\Windows\system32\Klgqcqkl.exe
        119⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:1568
        
        C:\Windows\SysWOW64\Kbaipkbi.exe
        
        C:\Windows\system32\Kbaipkbi.exe
        120⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\Kmfmmcbo.exe
        
        C:\Windows\system32\Kmfmmcbo.exe
        121⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\Kdqejn32.exe
        
        C:\Windows\system32\Kdqejn32.exe
        122⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5284
        
        C:\Windows\SysWOW64\Kimnbd32.exe
        
        C:\Windows\system32\Kimnbd32.exe
        123⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5496
        
        C:\Windows\SysWOW64\Kdcbom32.exe
        
        C:\Windows\system32\Kdcbom32.exe
        124⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\Kfankifm.exe
        
        C:\Windows\system32\Kfankifm.exe
        125⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\Kipkhdeq.exe
        
        C:\Windows\system32\Kipkhdeq.exe
        126⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\Klngdpdd.exe
        
        C:\Windows\system32\Klngdpdd.exe
        127⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\Kdeoemeg.exe
        
        C:\Windows\system32\Kdeoemeg.exe
        128⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5848
        
        C:\Windows\SysWOW64\Kefkme32.exe
        
        C:\Windows\system32\Kefkme32.exe
        129⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\Kmncnb32.exe
        
        C:\Windows\system32\Kmncnb32.exe
        130⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\Kdgljmcd.exe
        
        C:\Windows\system32\Kdgljmcd.exe
        131⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\Lbjlfi32.exe
        
        C:\Windows\system32\Lbjlfi32.exe
        132⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6092
        
        C:\Windows\SysWOW64\Lbmhlihl.exe
        
        C:\Windows\system32\Lbmhlihl.exe
        133⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\Lekehdgp.exe
        
        C:\Windows\system32\Lekehdgp.exe
        134⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\Lmbmibhb.exe
        
        C:\Windows\system32\Lmbmibhb.exe
        135⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\Lfkaag32.exe
        
        C:\Windows\system32\Lfkaag32.exe
        136⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5308
        
        C:\Windows\SysWOW64\Liimncmf.exe
        
        C:\Windows\system32\Liimncmf.exe
        137⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\Ldoaklml.exe
        
        C:\Windows\system32\Ldoaklml.exe
        138⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\Lgmngglp.exe
        
        C:\Windows\system32\Lgmngglp.exe
        139⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5932
        
        C:\Windows\SysWOW64\Likjcbkc.exe
        
        C:\Windows\system32\Likjcbkc.exe
        140⤵
        Modifies registry class
        
        PID:6064
        
        C:\Windows\SysWOW64\Ldanqkki.exe
        
        C:\Windows\system32\Ldanqkki.exe
        141⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6052
        
        C:\Windows\SysWOW64\Lgokmgjm.exe
        
        C:\Windows\system32\Lgokmgjm.exe
        142⤵
        Drops file in System32 directory
        
        PID:5584
        
        C:\Windows\SysWOW64\Lmiciaaj.exe
        
        C:\Windows\system32\Lmiciaaj.exe
        143⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\Mbfkbhpa.exe
        
        C:\Windows\system32\Mbfkbhpa.exe
        144⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5300
        
        C:\Windows\SysWOW64\Mipcob32.exe
        
        C:\Windows\system32\Mipcob32.exe
        145⤵
        Modifies registry class
        
        PID:5788
        
        C:\Windows\SysWOW64\Mdehlk32.exe
        
        C:\Windows\system32\Mdehlk32.exe
        146⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\Mgddhf32.exe
        
        C:\Windows\system32\Mgddhf32.exe
        147⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\Mdhdajea.exe
        
        C:\Windows\system32\Mdhdajea.exe
        148⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\Mmpijp32.exe
        
        C:\Windows\system32\Mmpijp32.exe
        149⤵
        Drops file in System32 directory
        
        PID:6252
        
        C:\Windows\SysWOW64\Mmbfpp32.exe
        
        C:\Windows\system32\Mmbfpp32.exe
        150⤵
        Modifies registry class
        
        PID:6304
        
        C:\Windows\SysWOW64\Mdmnlj32.exe
        
        C:\Windows\system32\Mdmnlj32.exe
        151⤵
        Modifies registry class
        
        PID:6336
        
        C:\Windows\SysWOW64\Mnebeogl.exe
        
        C:\Windows\system32\Mnebeogl.exe
        152⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6380
        
        C:\Windows\SysWOW64\Nebdoa32.exe
        
        C:\Windows\system32\Nebdoa32.exe
        153⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6468
        
        C:\Windows\SysWOW64\Njqmepik.exe
        
        C:\Windows\system32\Njqmepik.exe
        154⤵
        Drops file in System32 directory
        
        PID:6508
        
        C:\Windows\SysWOW64\Nloiakho.exe
        
        C:\Windows\system32\Nloiakho.exe
        155⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\Ndfqbhia.exe
        
        C:\Windows\system32\Ndfqbhia.exe
        156⤵
        Drops file in System32 directory
        
        PID:6588
        
        C:\Windows\SysWOW64\Nfgmjqop.exe
        
        C:\Windows\system32\Nfgmjqop.exe
        157⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\Nlaegk32.exe
        
        C:\Windows\system32\Nlaegk32.exe
        158⤵
        Modifies registry class
        
        PID:6680
        
        C:\Windows\SysWOW64\Ndhmhh32.exe
        
        C:\Windows\system32\Ndhmhh32.exe
        159⤵
        Modifies registry class
        
        PID:6724
        
        C:\Windows\SysWOW64\Njefqo32.exe
        
        C:\Windows\system32\Njefqo32.exe
        160⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6780
        
        C:\Windows\SysWOW64\Odkjng32.exe
        
        C:\Windows\system32\Odkjng32.exe
        161⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6820
        
        C:\Windows\SysWOW64\Ogifjcdp.exe
        
        C:\Windows\system32\Ogifjcdp.exe
        162⤵
        Modifies registry class
        
        PID:6876
        
        C:\Windows\SysWOW64\Ojgbfocc.exe
        
        C:\Windows\system32\Ojgbfocc.exe
        163⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6920
        
        C:\Windows\SysWOW64\Olfobjbg.exe
        
        C:\Windows\system32\Olfobjbg.exe
        164⤵
        Drops file in System32 directory
        
        PID:6956
        
        C:\Windows\SysWOW64\Odmgcgbi.exe
        
        C:\Windows\system32\Odmgcgbi.exe
        165⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7012
        
        C:\Windows\SysWOW64\Ogkcpbam.exe
        
        C:\Windows\system32\Ogkcpbam.exe
        166⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7068
        
        C:\Windows\SysWOW64\Oneklm32.exe
        
        C:\Windows\system32\Oneklm32.exe
        167⤵
        Modifies registry class
        
        PID:7124
        
        C:\Windows\SysWOW64\Odocigqg.exe
        
        C:\Windows\system32\Odocigqg.exe
        168⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\Ocbddc32.exe
        
        C:\Windows\system32\Ocbddc32.exe
        169⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\Ojllan32.exe
        
        C:\Windows\system32\Ojllan32.exe
        170⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6260
        
        C:\Windows\SysWOW64\Olkhmi32.exe
        
        C:\Windows\system32\Olkhmi32.exe
        171⤵
        Drops file in System32 directory
        
        PID:6288
        
        C:\Windows\SysWOW64\Odapnf32.exe
        
        C:\Windows\system32\Odapnf32.exe
        172⤵
        Drops file in System32 directory
        
        PID:6312
        
        C:\Windows\SysWOW64\Ogpmjb32.exe
        
        C:\Windows\system32\Ogpmjb32.exe
        173⤵
        Drops file in System32 directory
        
        PID:6348
        
        C:\Windows\SysWOW64\Ojoign32.exe
        
        C:\Windows\system32\Ojoign32.exe
        174⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\Onjegled.exe
        
        C:\Windows\system32\Onjegled.exe
        175⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\Oqhacgdh.exe
        
        C:\Windows\system32\Oqhacgdh.exe
        176⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\Ocgmpccl.exe
        
        C:\Windows\system32\Ocgmpccl.exe
        177⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\Ofeilobp.exe
        
        C:\Windows\system32\Ofeilobp.exe
        178⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\Pmoahijl.exe
        
        C:\Windows\system32\Pmoahijl.exe
        179⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6608
        
        C:\Windows\SysWOW64\Pqknig32.exe
        
        C:\Windows\system32\Pqknig32.exe
        180⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\Pjcbbmif.exe
        
        C:\Windows\system32\Pjcbbmif.exe
        181⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\Pqmjog32.exe
        
        C:\Windows\system32\Pqmjog32.exe
        182⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\Pclgkb32.exe
        
        C:\Windows\system32\Pclgkb32.exe
        183⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6644
        
        C:\Windows\SysWOW64\Pggbkagp.exe
        
        C:\Windows\system32\Pggbkagp.exe
        184⤵
        Modifies registry class
        
        PID:7116
        
        C:\Windows\SysWOW64\Pjeoglgc.exe
        
        C:\Windows\system32\Pjeoglgc.exe
        185⤵
        Drops file in System32 directory
        
        PID:6012
        
        C:\Windows\SysWOW64\Pmdkch32.exe
        
        C:\Windows\system32\Pmdkch32.exe
        186⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6236
        
        C:\Windows\SysWOW64\Pdkcde32.exe
        
        C:\Windows\system32\Pdkcde32.exe
        187⤵
        Modifies registry class
        
        PID:6320
        
        C:\Windows\SysWOW64\Pgioqq32.exe
        
        C:\Windows\system32\Pgioqq32.exe
        188⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6168
        
        C:\Windows\SysWOW64\Pjhlml32.exe
        
        C:\Windows\system32\Pjhlml32.exe
        189⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6428
        
        C:\Windows\SysWOW64\Pncgmkmj.exe
        
        C:\Windows\system32\Pncgmkmj.exe
        190⤵
        Modifies registry class
        
        PID:6672
        
        C:\Windows\SysWOW64\Pqbdjfln.exe
        
        C:\Windows\system32\Pqbdjfln.exe
        191⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6812
        
        C:\Windows\SysWOW64\Pcppfaka.exe
        
        C:\Windows\system32\Pcppfaka.exe
        192⤵
        Modifies registry class
        
        PID:6476
        
        C:\Windows\SysWOW64\Pgllfp32.exe
        
        C:\Windows\system32\Pgllfp32.exe
        193⤵
        Drops file in System32 directory
        
        PID:7004
        
        C:\Windows\SysWOW64\Pjjhbl32.exe
        
        C:\Windows\system32\Pjjhbl32.exe
        194⤵
        Modifies registry class
        
        PID:7132
        
        C:\Windows\SysWOW64\Pqdqof32.exe
        
        C:\Windows\system32\Pqdqof32.exe
        195⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\Pcbmka32.exe
        
        C:\Windows\system32\Pcbmka32.exe
        196⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\Pfaigm32.exe
        
        C:\Windows\system32\Pfaigm32.exe
        197⤵
        Drops file in System32 directory
        
        PID:6424
        
        C:\Windows\SysWOW64\Qnhahj32.exe
        
        C:\Windows\system32\Qnhahj32.exe
        198⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\Qdbiedpa.exe
        
        C:\Windows\system32\Qdbiedpa.exe
        199⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6972
        
        C:\Windows\SysWOW64\Qgqeappe.exe
        
        C:\Windows\system32\Qgqeappe.exe
        200⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6240
        
        C:\Windows\SysWOW64\Qjoankoi.exe
        
        C:\Windows\system32\Qjoankoi.exe
        201⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6980
        
        C:\Windows\SysWOW64\Qmmnjfnl.exe
        
        C:\Windows\system32\Qmmnjfnl.exe
        202⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5540
        
        C:\Windows\SysWOW64\Qddfkd32.exe
        
        C:\Windows\system32\Qddfkd32.exe
        203⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6888
        
        C:\Windows\SysWOW64\Qgcbgo32.exe
        
        C:\Windows\system32\Qgcbgo32.exe
        204⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\Anmjcieo.exe
        
        C:\Windows\system32\Anmjcieo.exe
        205⤵
        Drops file in System32 directory
        
        PID:7200
        
        C:\Windows\SysWOW64\Ampkof32.exe
        
        C:\Windows\system32\Ampkof32.exe
        206⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7252
        
        C:\Windows\SysWOW64\Adgbpc32.exe
        
        C:\Windows\system32\Adgbpc32.exe
        207⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\Afhohlbj.exe
        
        C:\Windows\system32\Afhohlbj.exe
        208⤵
        Drops file in System32 directory
        
        PID:7384
        
        C:\Windows\SysWOW64\Anogiicl.exe
        
        C:\Windows\system32\Anogiicl.exe
        209⤵
        Drops file in System32 directory
        
        PID:7432
        
        C:\Windows\SysWOW64\Aeiofcji.exe
        
        C:\Windows\system32\Aeiofcji.exe
        210⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\Ajfhnjhq.exe
        
        C:\Windows\system32\Ajfhnjhq.exe
        211⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\Aqppkd32.exe
        
        C:\Windows\system32\Aqppkd32.exe
        212⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7564
        
        C:\Windows\SysWOW64\Agjhgngj.exe
        
        C:\Windows\system32\Agjhgngj.exe
        213⤵
        Drops file in System32 directory
        
        PID:7604
        
        C:\Windows\SysWOW64\Andqdh32.exe
        
        C:\Windows\system32\Andqdh32.exe
        214⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\Aeniabfd.exe
        
        C:\Windows\system32\Aeniabfd.exe
        215⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7692
        
        C:\Windows\SysWOW64\Aglemn32.exe
        
        C:\Windows\system32\Aglemn32.exe
        216⤵
        Modifies registry class
        
        PID:7732
        
        C:\Windows\SysWOW64\Aepefb32.exe
        
        C:\Windows\system32\Aepefb32.exe
        217⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\Bfabnjjp.exe
        
        C:\Windows\system32\Bfabnjjp.exe
        218⤵
        Drops file in System32 directory
        
        PID:7824
        
        C:\Windows\SysWOW64\Bnhjohkb.exe
        
        C:\Windows\system32\Bnhjohkb.exe
        219⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\Bebblb32.exe
        
        C:\Windows\system32\Bebblb32.exe
        220⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\Bganhm32.exe
        
        C:\Windows\system32\Bganhm32.exe
        221⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\Bjokdipf.exe
        
        C:\Windows\system32\Bjokdipf.exe
        222⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:7992
        
        C:\Windows\SysWOW64\Bmngqdpj.exe
        
        C:\Windows\system32\Bmngqdpj.exe
        223⤵
        Modifies registry class
        
        PID:8032
        
        C:\Windows\SysWOW64\Beeoaapl.exe
        
        C:\Windows\system32\Beeoaapl.exe
        224⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\Bgcknmop.exe
        
        C:\Windows\system32\Bgcknmop.exe
        225⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8116
        
        C:\Windows\SysWOW64\Bffkij32.exe
        
        C:\Windows\system32\Bffkij32.exe
        226⤵
        Modifies registry class
        
        PID:8152
        
        C:\Windows\SysWOW64\Bmpcfdmg.exe
        
        C:\Windows\system32\Bmpcfdmg.exe
        227⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\Beglgani.exe
        
        C:\Windows\system32\Beglgani.exe
        228⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\Bgehcmmm.exe
        
        C:\Windows\system32\Bgehcmmm.exe
        229⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\Bnpppgdj.exe
        
        C:\Windows\system32\Bnpppgdj.exe
        230⤵
        Modifies registry class
        
        PID:7464
        
        C:\Windows\SysWOW64\Banllbdn.exe
        
        C:\Windows\system32\Banllbdn.exe
        231⤵
        Modifies registry class
        
        PID:7528
        
        C:\Windows\SysWOW64\Bhhdil32.exe
        
        C:\Windows\system32\Bhhdil32.exe
        232⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7592
        
        C:\Windows\SysWOW64\Bjfaeh32.exe
        
        C:\Windows\system32\Bjfaeh32.exe
        233⤵
        Modifies registry class
        
        PID:7680
        
        C:\Windows\SysWOW64\Bmemac32.exe
        
        C:\Windows\system32\Bmemac32.exe
        234⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\Belebq32.exe
        
        C:\Windows\system32\Belebq32.exe
        235⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\Bcoenmao.exe
        
        C:\Windows\system32\Bcoenmao.exe
        236⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\Cfmajipb.exe
        
        C:\Windows\system32\Cfmajipb.exe
        237⤵
        Drops file in System32 directory
        
        PID:8024
        
        C:\Windows\SysWOW64\Cndikf32.exe
        
        C:\Windows\system32\Cndikf32.exe
        238⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:8104
        
        C:\Windows\SysWOW64\Cmgjgcgo.exe
        
        C:\Windows\system32\Cmgjgcgo.exe
        239⤵
        Drops file in System32 directory
        
        PID:8176
        
        C:\Windows\SysWOW64\Cenahpha.exe
        
        C:\Windows\system32\Cenahpha.exe
        240⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\Cdabcm32.exe
        
        C:\Windows\system32\Cdabcm32.exe
        241⤵
        Modifies registry class
        
        PID:7500
        
        C:\Windows\SysWOW64\Cfpnph32.exe
        
        C:\Windows\system32\Cfpnph32.exe
        242⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7628
        
        C:\Windows\SysWOW64\Cnffqf32.exe
        
        C:\Windows\system32\Cnffqf32.exe
        243⤵
        Modifies registry class
        
        PID:7752
        
        C:\Windows\SysWOW64\Caebma32.exe
        
        C:\Windows\system32\Caebma32.exe
        244⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7908
        
        C:\Windows\SysWOW64\Ceqnmpfo.exe
        
        C:\Windows\system32\Ceqnmpfo.exe
        245⤵
        Drops file in System32 directory
        
        PID:8000
        
        C:\Windows\SysWOW64\Chokikeb.exe
        
        C:\Windows\system32\Chokikeb.exe
        246⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\Cnicfe32.exe
        
        C:\Windows\system32\Cnicfe32.exe
        247⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\Cdfkolkf.exe
        
        C:\Windows\system32\Cdfkolkf.exe
        248⤵
        Modifies registry class
        
        PID:7600
        
        C:\Windows\SysWOW64\Chagok32.exe
        
        C:\Windows\system32\Chagok32.exe
        249⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7740
        
        C:\Windows\SysWOW64\Cnkplejl.exe
        
        C:\Windows\system32\Cnkplejl.exe
        250⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\Cajlhqjp.exe
        
        C:\Windows\system32\Cajlhqjp.exe
        251⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\Cdhhdlid.exe
        
        C:\Windows\system32\Cdhhdlid.exe
        252⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\Cffdpghg.exe
        
        C:\Windows\system32\Cffdpghg.exe
        253⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\Cnnlaehj.exe
        
        C:\Windows\system32\Cnnlaehj.exe
        254⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\Calhnpgn.exe
        
        C:\Windows\system32\Calhnpgn.exe
        255⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7640
        
        C:\Windows\SysWOW64\Dfiafg32.exe
        
        C:\Windows\system32\Dfiafg32.exe
        256⤵
        Drops file in System32 directory
        
        PID:7724
        
        C:\Windows\SysWOW64\Dmcibama.exe
        
        C:\Windows\system32\Dmcibama.exe
        257⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\Dejacond.exe
        
        C:\Windows\system32\Dejacond.exe
        258⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\Djgjlelk.exe
        
        C:\Windows\system32\Djgjlelk.exe
        259⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8016
        
        C:\Windows\SysWOW64\Dmefhako.exe
        
        C:\Windows\system32\Dmefhako.exe
        260⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\Daqbip32.exe
        
        C:\Windows\system32\Daqbip32.exe
        261⤵
        Drops file in System32 directory
        
        PID:8252
        
        C:\Windows\SysWOW64\Ddonekbl.exe
        
        C:\Windows\system32\Ddonekbl.exe
        262⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:8292
        
        C:\Windows\SysWOW64\Dfnjafap.exe
        
        C:\Windows\system32\Dfnjafap.exe
        263⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\Dodbbdbb.exe
        
        C:\Windows\system32\Dodbbdbb.exe
        264⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\Deokon32.exe
        
        C:\Windows\system32\Deokon32.exe
        265⤵
        Drops file in System32 directory
        
        PID:8416
        
        C:\Windows\SysWOW64\Dhmgki32.exe
        
        C:\Windows\system32\Dhmgki32.exe
        266⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\Dfpgffpm.exe
        
        C:\Windows\system32\Dfpgffpm.exe
        267⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\Dogogcpo.exe
        
        C:\Windows\system32\Dogogcpo.exe
        268⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\Dmjocp32.exe
        
        C:\Windows\system32\Dmjocp32.exe
        269⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\Deagdn32.exe
        
        C:\Windows\system32\Deagdn32.exe
        270⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\Dknpmdfc.exe
        
        C:\Windows\system32\Dknpmdfc.exe
        271⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8676
        
        C:\Windows\SysWOW64\Doilmc32.exe
        
        C:\Windows\system32\Doilmc32.exe
        272⤵
        Drops file in System32 directory
        
        PID:8716
        
        C:\Windows\SysWOW64\Dmllipeg.exe
        
        C:\Windows\system32\Dmllipeg.exe
        273⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 408
        274⤵
        Program crash
        
        PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 8756 -ip 8756
1⤵
PID:8824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Aeiofcji.exe

Filesize
391KB

MD5
8280e0f242a68b1c74747ae1236a4389

SHA1
c3ad8d97da0b29f7dce2645670b30a40b8585f7a

SHA256
0beed214171cc12642fd43a382ea3b9ae603df831b96c922791ca36a0dd77d62

SHA512
7948562920ada1e3d82487dc2980c07028a31fd1aae996989f929e9750368ec5c36d874d63eb94bd6254fb5212c98cfcc29da81e9621c351ea363b4668fb6175

Download Submit
C:\Windows\SysWOW64\Aqppkd32.exe

Filesize
391KB

MD5
4fb17c2b70c6814d341ed1d1645d1517

SHA1
c70c7ed259adc193f847ec414351c6749e3ac7cb

SHA256
125e504748a70376914f54159daf346ece840a40fb056fefc4c380251df6c9d0

SHA512
2409a40181df0dcdb22394bd6bb452c5ee442aa228a115de849c380e72d7ceda18989cc80edd3c38cc30466109d07c64dc2d036d30573f32cce775ca471dc1c7

Download Submit
C:\Windows\SysWOW64\Becbkfdh.dll

Filesize
7KB

MD5
bbcd434e047fd159dffd2797cce1efc7

SHA1
9b295bba81080f3a44f848b2f4a2c21ed12996a2

SHA256
38229cbe60c6505d5de7f2e7ec31cfaaaf2d3bc41f43303096e63eaf3c4bcdf0

SHA512
cb6d9953d8e19e7874d2edd6acd565c5c5f10aac143f00832620c450456bb94290616e83c338ab3ec6cd65706e109647fef3736107ab161eb85546068f6f645f

Download Submit
C:\Windows\SysWOW64\Beglgani.exe

Filesize
391KB

MD5
e76760f50a1e81465d6e526d292581a4

SHA1
114767dbe8d9a05fa5a20205eefd601ea9b20133

SHA256
eac83ff40eec7d65d7cb1f5895f358144b09222f7fde2546e17690237276959a

SHA512
a8ff9ae24873ca16b5dffb2bb454e10a7d3b462d01d740b934311eef1bf3c5823bf7edb42f56945c5afbbb94a3c875d6e9573a0a891b2b4cf9edda2e190cbc2c

Download Submit
C:\Windows\SysWOW64\Bfabnjjp.exe

Filesize
391KB

MD5
023b4f294b32f4ae3b2c72910f13fa69

SHA1
cb4983c80dce9a5975db24c048c37067a4d6d7c7

SHA256
4dcf865106e023539edb2bde6ac84cd22db6739225248ffb3d8da1d6d114c9b9

SHA512
a79c1e52e8577c9df42f190b815d850f185c9ee4eea0f705dea97d4417e862ec29694c6153b65a977b84fda551d799fa5abfdbd83bec64ec3c99c98872c3111f

Download Submit
C:\Windows\SysWOW64\Bhhdil32.exe

Filesize
391KB

MD5
182f6344bfab60b5751caa947c0449c4

SHA1
392d900fbff159bf6f01321301b2896bdc8bc739

SHA256
aa2164a352978360db1f9f25a97c6a4ff8a1865c3e609062b6b6ea19f6b5c851

SHA512
3551ae3322c2b4c10078074dcfbe9a4933c909d505fdcd9094d15d792324c6f13de439edad5af40e263946c25bcbf73ae57380495ae1eb64650c77986cfdb2c9

Download Submit
C:\Windows\SysWOW64\Bmngqdpj.exe

Filesize
391KB

MD5
6d60a3896c4a747fb71bf5c6500266a6

SHA1
658cb6d456e1a95be57ff69cf8ed5121826cc519

SHA256
496333ef411cbc7e62df4fb0527c2057874155b6177f164c6ce137301403ad78

SHA512
55105f3ee3af4d73c45e87a9e49f668191da2cea73060b587ebd02566fc0c47a4d2bb5d3feb6c7433907bf2a8fbdf4fbdfa1eb3bafce3f02df89064cc913aaaa

Download Submit
C:\Windows\SysWOW64\Bnpppgdj.exe

Filesize
391KB

MD5
c63a73ef80b5da93723777033c48287a

SHA1
9ab5c69fb04f8f78860e5ce7c8b2ce6854af7df3

SHA256
a8007b3a06c29a042cb10ff77c43bbf7e47ac291b3aedb9f0a950a0f1de9da61

SHA512
5ec163a35df0f2b2222230055c1e6e29a6231127bce6aa2ad1289bf1c0b5f9d1c56b53f8b4a10b83c2f7251c6d046ecac8f5f7b1b40799c3098e6f2a9d3df9c6

Download Submit
C:\Windows\SysWOW64\Cafigg32.exe

Filesize
391KB

MD5
52a583baab36f93a5bc1a8ddd0625a82

SHA1
59ec4ba4640a9cb094d64f58f79b4eae9fd108eb

SHA256
4b24b145c478a708da6b55c341e48c14da7445b255d54aa39c5b8f428f0c8f6d

SHA512
bfa8ed808868e2054ffd89c3a73e91b4c0ac1698b2576e3b0130802ba3328da8aa9f8d3d64f90aa947659c99ff34c85486ed24a2b581f623552314b8dc917d2b

Download Submit
C:\Windows\SysWOW64\Cahfmgoo.exe

Filesize
391KB

MD5
77ae5626e37feeb39af4a2e5cb4812d4

SHA1
ff76b62fcddeadbed6100071f900a046053f7016

SHA256
64e2dc82a89c549dbebbd45a6e062fe7bd09f38722eb3894174c6e0b048bc9c9

SHA512
5648b3727d716fae9319450891a6ee95c3ba1f6d11ab64aa7f659a4f5c7d7496e72be640a0125498b5ef74801a200b40887938f66b0e6e147f0780cdbaffcaf7

Download Submit
C:\Windows\SysWOW64\Cajcbgml.exe

Filesize
391KB

MD5
d6f7ba9b3ae7c442aa5e327243c70dc3

SHA1
5fba6a9632232481c00dc933956ebe597d900a81

SHA256
89d36605a4f2cd4cd0c5597a6614553b23ebac665c4103b1e14504748b1602d6

SHA512
1002cd45fa8906e64cfc84757db9b3bb14bbca66ec1f771d5535fa1cd978479873c7b664e9a748c8deb984fb5f6d778b0de7a7de348224a14b69e1dfeba5832d

Download Submit
C:\Windows\SysWOW64\Cdhhdlid.exe

Filesize
391KB

MD5
2dd51e509e92a104ccf52b39aa3e4fe9

SHA1
5bb920a88184a2f59d2f9fceaae9f9da0acaa01a

SHA256
de9ec011d3cdb8db152cfe1189d6941cbb7544b371896a8a1733f24c3d0bb3ec

SHA512
90050f5cf4960f4c1dae85fcd18511cbda5f04e345234c531b1bd464e1449b248c51632cc160f4653611b6e3678cb0e1d848eea1de3918f70f0ee6435267cd5b

Download Submit
C:\Windows\SysWOW64\Cdkldb32.exe

Filesize
391KB

MD5
ce003c814f7cae5ddb64d8d307a88231

SHA1
7623936746f279cb558a66c8c947aab9c562fe91

SHA256
846a9f7f09c1cb0dfcb79ec4405b2510f21404731083adfb2d2c01fdf5d91978

SHA512
5fa9f79c4c25631deae47e5fe7a2824de8274ab542f83fab331dc97aa3564126262641b46cbad6587374c460488939a9d6d1df9c45b89a615eb5691e4a7de884

Download Submit
C:\Windows\SysWOW64\Ceqnmpfo.exe

Filesize
391KB

MD5
4fe55569bb185e8fab2ebab2feda98a8

SHA1
b5752c4a85fa4d180fadc9442996a48273ceaa51

SHA256
9c3aa380420508a108d6c073dafc7e22a33a6769431c43c4e69172a9b48baaad

SHA512
f94d3155d10a3b0c36b6b119daf471b4abe03486b428d53e46eb042e5ba6486f692441db5034a6283f41bc1d009e8c992e010b75431fce686aabfaa37a63ee7b

Download Submit
C:\Windows\SysWOW64\Chdkoa32.exe

Filesize
391KB

MD5
f9933a1cb8d630645667ddbdf30d329d

SHA1
72b2bec436c7e4d1a448b01d20fe17242614e506

SHA256
1d875246fbafcb0758d8a9fe39a2d45fc88f284276a44f5b8d8608a37c244657

SHA512
a7bf326386eacb7e746903ce26d5da722e86ec72d436c22caf59c54fca287485dfdeddab1792d024fef6adca43b0d684b18f3015b24b7701f4aa804647cae247

Download Submit
C:\Windows\SysWOW64\Ckcgkldl.exe

Filesize
391KB

MD5
a128870d8d25a41230e6587fac6cb1f1

SHA1
0600628d0838b9bf4114d60e7e316a408041aa1f

SHA256
771649556d111bbb7400dab4f014978b3473c65343000b236d354b081044a216

SHA512
14aab1b285d24f6bc3f23d9ddd33332fe5f67508236453d37799ed58eba60ebb4b36c55a9e8ac55ed2c6693632009aa2256aec990049570c40d9a5de7b8865f7

Download Submit
C:\Windows\SysWOW64\Ckedalaj.exe

Filesize
391KB

MD5
17f718812326fbe76c30121d22cf6c45

SHA1
9311c318a6562e295a6a2975141b0767143343e4

SHA256
e77f416db7ef8398a8b98620ffcc843bb73f5042a5885550a1c1a8631fca62aa

SHA512
99099afc4ba1340b56f0e8630dd595f5737d484556549a1e9047a2b1615489072422b36c60503cbe89b4e4d4dfca749b4bc3bd854aef6843c5e79cc643b0f3a7

Download Submit
C:\Windows\SysWOW64\Clnjjpod.exe

Filesize
391KB

MD5
4f87e5499dde1ec89beb30b278628e16

SHA1
ddbd7c6ca5db908983f3c7d837e02572e3252a55

SHA256
5ebff2ec7c792dbc1c6683b5f67aca650de309ad35494973c7b31916909c84d5

SHA512
58bdd4c16df04b767872a8991fbe4ce91a24ffc5197201f8d51b18d73d245799dd0e09f3f3a127f9107481cece7ae39373cde39808907cb943d54270ef168e97

Download Submit
C:\Windows\SysWOW64\Clnjjpod.exe

Filesize
391KB

MD5
d97ee6488622367dcd903e0b25e03ba0

SHA1
d9ac664e02767b58613dff57edf7c6dc6526a949

SHA256
ecb428326156a1fedc31a462c4aa2e76f6221bfc23df3d70976110ebac11e6f5

SHA512
23292d994a9d451d4766668c9a495d1d64cf55bd8c6e0d3f47c2c786a002e0bb93ef74f50fef418b8ff95eacc67962d217a337fb53e6889851bbc8c4ce1f6ad0

Download Submit
C:\Windows\SysWOW64\Cnicfe32.exe

Filesize
391KB

MD5
6566d71cbfc5eaa62621574fc555dbda

SHA1
b9a3fc6f227970d903b20588e97586e07f29e237

SHA256
70dbd4268be12a23f31525003711effae134932d278b78afbeec9ed171929713

SHA512
8407ade9a3d4e96c941805f6f4c614e3fe43dc7a93b3aa313606de21d4f2df9f25fa31a5be6b1118069a62ddf68eb2b33940eca57f1a6fb7d044c633de6a0934

Download Submit
C:\Windows\SysWOW64\Cojjqlpk.exe

Filesize
391KB

MD5
f1a45bb3422ff11687f9541825cf4291

SHA1
edc7b2bf6254f1321a2240dff0276b40d59c84b1

SHA256
dfcc2617d6a0627dd7ce7d15be99a7282f649f703ea0f9bc883ad1785b84fd93

SHA512
e7300bfbf395d52fc949eaddb4cd440e019d16569339f7ee0e509c01017199ba61e69d0b418c07a785a8d5e2dce5a4f840eed0942802b4870dffe87fcca2f0f6

Download Submit
C:\Windows\SysWOW64\Dadeieea.exe

Filesize
391KB

MD5
92b880f14dfb1c6e3052a4ebff03f302

SHA1
20efe6708ecf566c57f71f78f3783621dcee5354

SHA256
40078bcda903b08b467391da2d4db17ba0cc61e274758c48a7cc453287be077a

SHA512
ca71f02007123ee566d39a90e98f83217f3b3fd4c7b04f40c8285ba857014059dbe6a849f2cd4786efef289cc0828d8814e0752bb91bcc0de3cb0a0bbd613c4c

Download Submit
C:\Windows\SysWOW64\Dafbne32.exe

Filesize
391KB

MD5
b58700116dd9561901403b3fa505cbd9

SHA1
33b66a954b30719a273c5aee7c874aa1409c78de

SHA256
bd193ab0752bac97cc00d8ca2a6319ac874f26f6aef07fbc40e2952c9558b74a

SHA512
9f3433ee65764604f0fb6a863dff43a9a25fced74e30e027e65a969b4f85e70555e8061f3b08d710d5f5a4be4aa1ecba7c6ab481a872b43c6ec7560a36d97015

Download Submit
C:\Windows\SysWOW64\Daqbip32.exe

Filesize
391KB

MD5
203861939baf992cc708a716ebad5c8f

SHA1
edcb8f2d3d75a32491a8fde37a97facbfa100d63

SHA256
dd90dccb4f13cbb9e248f9c7c0905fbf445bb312810d58022000a53b73fc7234

SHA512
b754401f522d07cfe41c6ccea44ad4e3d2a2c863cfb37a44d8602d26572b67d27dfeb1d90fb7143dcca896276c06f40fe818ac02d848fc7b7f6e556d4dd383e2

Download Submit
C:\Windows\SysWOW64\Dbllbibl.exe

Filesize
391KB

MD5
5b7624155b9dc1d7e8020cd7f2127b69

SHA1
b632660182f12efcd207b8007c0019148d96022e

SHA256
dc35356b23b45b2591ed657d75040138330fb73b648fb467fa50b4904e0415ae

SHA512
90935fbbb3ef0f7b926900b18ea377e1930041f269bddd9be3dd4cde6a2be6fb437f0ae64461f3dbfc1fbb677ddc423fe19427544f99b14b8968e93df009caba

Download Submit
C:\Windows\SysWOW64\Dboigi32.exe

Filesize
391KB

MD5
8e57f5a2c2ed514674450e9239d59735

SHA1
80481664d5764e4f9f66daba22ef134b25712407

SHA256
9181de080f9f4834f7db47a773ac81986d132145e2ea5d3e69ce215fec8f9a02

SHA512
dafb57bc80de98fbf963b3a23ba18510098e8ba524ceb927a85b610211a7c0d16976217a5ca93c7984058073944f13dadcead46c46b263e59e01555db862eb06

Download Submit
C:\Windows\SysWOW64\Dceohhja.exe

Filesize
391KB

MD5
a185fee90d635c07a8a5e4c820a358da

SHA1
571615c89703bb6a1d3e3bad13ebc23212218982

SHA256
2d866c8c0a6c2d3b3e24c4bb9160ffb4ce7de982c2d3d368bff88fb2b87a9121

SHA512
54fe855121be3fd5343d50aa7b6b54b2e497e759a3a75c6481b462b47e144415be9897cf6e6268a9f2e939a76302fb3c73f9da7dbb0d377bffee8d182cfa3cc8

Download Submit
C:\Windows\SysWOW64\Ddbbeade.exe

Filesize
391KB

MD5
2a63dcb05fe1bc7c04efd3c119670fff

SHA1
1dadab6f1f6248c95674f57e6c0559d7364534be

SHA256
73aa0719ba9e29c4a88b26184ef2dbafba9fa1f11163412aaf4d067bb1451aad

SHA512
d3153f472fbc5af8f76fc762c4c06d0b3b470629b9fd70ab8b39f3f903dc6a498674a177702e3c7336f181c344a3549b5766ccca70ac5d06c36c5142ff257958

Download Submit
C:\Windows\SysWOW64\Dddojq32.exe

Filesize
391KB

MD5
bdf354648c4e377040c84484e5de7b9b

SHA1
8df8316ed0a33729bde8b69d8be026fad3c4354f

SHA256
bb60c8d6b6273f63d41d58b7a60226d6e75d663c85d02befe858fdc31ef9cce6

SHA512
a1ca14a660016a8c18d76ca0279a125ee925463285c32f8b90d2ae049558e08fb88c3f61cae5ae621c7199e62569c867c9b22e8b00a21e7132ade071cbfa8d11

Download Submit
C:\Windows\SysWOW64\Dedkdcie.exe

Filesize
391KB

MD5
e229fa6f58ad7c45efb399ddcacade8b

SHA1
c48545f0bd9050f8262f3f7ae6ee1a8e13fee39e

SHA256
e4e0e5708f0c72b119f2db8f442a2a0e69e0615dd42a1e09b82b7fdcd2c8f5e6

SHA512
e0449755a3509833e27f69fc04e079ac82d1353d4272c89f60c996b84487df900438214663e7f2f2383240a5fd1e08069cdc9e3ddf10e80c3b65875beeaf465f

Download Submit
C:\Windows\SysWOW64\Dekhneap.exe

Filesize
391KB

MD5
e7ca4b9c94403267293c915dc6afd839

SHA1
40446d1e401d788944db27a081297af63e6947e2

SHA256
2576ec3a9abaec2c5b3832e7951d4ff88fed4a3abbd303d61baf97777ab5bebc

SHA512
ca29ab7e988639823867e0161e5340625d3ae751b588bd2a66ce0cde7abdcc7c715c4fb1d4b3ddd574723f417d3afe7544ddfcb50ec793080eff561972834071

Download Submit
C:\Windows\SysWOW64\Demecd32.exe

Filesize
391KB

MD5
3d8ad050550d14c128dda950901e0464

SHA1
9303d6ff119e09d738c8e5c3b3c6b91e4cfbbbc7

SHA256
9219ae56e87818fd765d12c961c4b143171f290f2805668da73942c894021dbe

SHA512
5ce519f8bde8b7f8b73929bf95408576097041bc6e5da13e685873d0e9a7fdb1c43f6325dc44168856c3463b60e2c17874647145d956d926cf77401745ce1447

Download Submit
C:\Windows\SysWOW64\Dfnjafap.exe

Filesize
391KB

MD5
8566f93c465234d0febe067ce8a139db

SHA1
13c264c62a1ec8e54b330f8da66578b1e5b43bd7

SHA256
78f7625ff6c3d91558328d76a7800eda38cb294885202a6bb2bbd4f1d6dd2a2d

SHA512
d2f255adbc32a9cf122db5fc0e569041de281b9b706be09f7574848d04981924f40a636489f7a33950c3b612c62ad4e56068f0c03aeea290cfe852da1e70c802

Download Submit
C:\Windows\SysWOW64\Dfpgffpm.exe

Filesize
391KB

MD5
38506d4dcc759026ece1716adfe114e9

SHA1
9b394fd0996f0504bf86565d6d8c2a61486e25fd

SHA256
37a5929ebf724fe205231099c6311c5e46f3e0f27841d7b6e05ee732c2e9dc6a

SHA512
385616872395b5c0a1235e69db6bda511c66ab49b7f64aa0483c2332493ee092d287ffbef63d32d9b3675f7a181b686aab9c7ffe0edddd406b630b1e943e9231

Download Submit
C:\Windows\SysWOW64\Dhbgqohi.exe

Filesize
391KB

MD5
a01342c03bdbf63e41203505234b30e4

SHA1
32bebaa9afab11c122ff5d18655c903b8713d357

SHA256
75138dd3348b0e4206c48e3bd264c4076726a47d78f93cb3065ecb918d601612

SHA512
d93ccb2049d21356541616a3eecb4bddabfa1dc560e2fa7e0bb7b42c336b4579435c7144fa23913fb0384ce5cdb486c992d01ddbebebf456ca96b93b140b284f

Download Submit
C:\Windows\SysWOW64\Dhkapp32.exe

Filesize
391KB

MD5
46618c584a496c8413ac5f25e203c82f

SHA1
d63911603093679833fb93e8c6f850e8f80afbb1

SHA256
7db6ba091af27cf84c8713936c21fbbafec433ed60b8cbbf5b09d496e3e59cab

SHA512
7a860d6e72299b7b12ee95d82b18c4108a564a49b36d4ef94fd343a9379c1723a8d05e6b7fcc7f3af75c3a0e8964a1c01df9a4e7edb29abe1847df384c4facc0

Download Submit
C:\Windows\SysWOW64\Dkjmlk32.exe

Filesize
391KB

MD5
0bdb02aab8131952c6cb89da2745f46c

SHA1
09c21cc53f3eff8ad77cb4298d6e9975ba474451

SHA256
5e1b232a42d503dce4b77323bfb65bdf6e4e3c50b2ea488aea5d07cfeeea9761

SHA512
c1ac834c631333ebfa33ec9af44540aeb397a362cbb11475f9daa7fd6b7659896fecb5455c47472948277efce083ed01219787aabee7f0b8d4adf25b280255c6

Download Submit
C:\Windows\SysWOW64\Dldpkoil.exe

Filesize
391KB

MD5
47c41e85bd025103694e0c3de5f760bc

SHA1
8d807c081fa51125ee7440fe15e1d8bb08cd5038

SHA256
f99136666157a83dca65ae61a2290a43e75093ee64dae68d3e41dfe73db433cb

SHA512
99c05111c364f8badb78c1fb6c08ade9f301120b3eeccea07683e842cda2794e977e61c43923f9d24ae7fe2489c2b35b3b29d74e652c1135537ceba3b5d9b8d5

Download Submit
C:\Windows\SysWOW64\Dlijfneg.exe

Filesize
391KB

MD5
6dc09eed0d037c0ab4ac49caf76a67d1

SHA1
b49ceff98d2eaab9dd6a82e101864ce38f316bec

SHA256
ef5feae960d0a6a335fa9e6ddf37e3846927497f24e91ecf208a9f67e5673bd4

SHA512
1387c9d03eb886596b1fbe6779c3212f00e7b2eaa4ee97af31024bb142a6dbce38a4f6415164e8d47b5c8e893a77c662c2d565156e5b84dd75cf53e63dee153c

Download Submit
C:\Windows\SysWOW64\Dllfkn32.exe

Filesize
391KB

MD5
c8a742eec14d73743467353d3ebd7d36

SHA1
93df09c9fd06ac7c8fa2833b2fb10d7d34d4736a

SHA256
ef04fecc766809e11a3a5cb95f591ae5b0d963eac47f75774eaffb00704a7b2c

SHA512
cd14bdae60299cf9a1c1092d8d1860d70e1de354ca2bf549466b3c7ba587503b55293aba513d723608322c20541f8d7d294d6dff02334d7c78d662bd0c27cc52

Download Submit
C:\Windows\SysWOW64\Dlncan32.exe

Filesize
391KB

MD5
f39f82605dc7e995d15dcce723b05773

SHA1
42c84b212bf05176bd1e5347775b7d8be0beb22b

SHA256
eb287d0c64e0b681f815c3fd603162c0f3267aabc42e8bfd02eefe0ab11aff7a

SHA512
1b13c2775bad6e1f8d73ce5673acb3d2b493644cb892bcccf1c199e32c6fcc3d9d5e2a79341445d6810accdf32275d7d1394ed490df3cbc1d0d20ceeaf931cc7

Download Submit
C:\Windows\SysWOW64\Dmcibama.exe

Filesize
391KB

MD5
407f616886da528a3cff09589aaa958a

SHA1
ccc1495ef731e6bc06ac44d6a30a12f16974e68c

SHA256
88906c3c4fbf17a7a6f9d45dcca27304c1562e39fee952ccae45bbfa6c02b889

SHA512
af11664fcde25a7e75e6d5ce80b08556b5938b82f024448e4db842d640e042355f728db59fe3ad95f18c2a578d004573ed1f64424c666a675f85e3d11a4ee592

Download Submit
C:\Windows\SysWOW64\Dmjocp32.exe

Filesize
391KB

MD5
533da5c204d2f9bf7c7fb7d69086ea4f

SHA1
39fb9fc3ea8f46792c1c4a1e8030c282d8cb2198

SHA256
0d120d655ff2dcd877646a2ed8140bfa8397d16d0ae124f98d8048a64b3e1c0e

SHA512
42939235d7e02fc8b70f3e1b2aff72f1fbb2858b844bd2b3cb0e159471c3220dc2c79e8481e4d301e563a3fff9232c0754ed4e3af5db61795af762a4a558509a

Download Submit
C:\Windows\SysWOW64\Dmllipeg.exe

Filesize
391KB

MD5
7f549f307dcb8197a800e95918f11e4a

SHA1
d5c5de4a861765ba7f5cc8d10dcc1337f41040dd

SHA256
c944da357dbb683da0ac80b595336581ac142adfff1ce3e92cb4e9fc459dc62f

SHA512
7074f74d0ace5941f86a3f54e859a715d0adc3779321998bcb2c6c042c4656ce19d26b5edc70cd702ba77be465fa823e4dc3376c3990fec38b09b4d033371cdc

Download Submit
C:\Windows\SysWOW64\Dohfbj32.exe

Filesize
391KB

MD5
3b0ec17e7b4c0bab7fbd5639ff7bf3c2

SHA1
f79ed5a6fd3fed20a191e0c46beaa99e59c9c119

SHA256
d2e689463830d22b5839fc2964a68f1dc03ca511f925097e5529b6ae96f2305e

SHA512
fdba2277ffbc70804afb6375dfd5fef4f5634e6f7a5e50d58a4078303d3a6545689e159dc32a273d986680a22629e1e2a4a66066e3681110d579f2ff48066f9a

Download Submit
C:\Windows\SysWOW64\Echknh32.exe

Filesize
391KB

MD5
df327afc9e1ac95b6a3176df64c1c8dd

SHA1
194af2867ff4ffd130c829af866a6a143b121527

SHA256
55950ef61bcfc49e744a5ccf08ca5e1bfd6c6741c0ffe328367670c4385c2d22

SHA512
3e9b888085bd51d12a8a6e9d23af398a172c970b28a5f4e5dd371545e75511bb7fe7f20a85c0fb867214d5831f9e6969d950b28899af3b80b179ecad0dfe1041

Download Submit
C:\Windows\SysWOW64\Edihepnm.exe

Filesize
391KB

MD5
9c78bcba8db16d161f06178f28fdee99

SHA1
79091610a795ff1fbabdeaa50ff9157d0c2da1cd

SHA256
e80d8563c115be42f80d7d86829193509d65ddc4ec23d594f113c48e549b6534

SHA512
7aba6a7038baf39e542c142fda1951fb0db2a7586c7a37420e64830e7949d16fe128e90112ee61a1bfe860bf87ce1c2b92cb6656dea89eb0f09d2a94472ad006

Download Submit
C:\Windows\SysWOW64\Eefhjc32.exe

Filesize
391KB

MD5
623eb566bbb442ff6e53b5a82112dcaa

SHA1
145f7d34cbee8fec3f0078a286009e5471a20a92

SHA256
c14b44d20754f91cdd11a776c4a4258662361b4fdadb93d2b896559cfb8516a7

SHA512
bee82efa9750f92a43f770536e50a6dda3d9bde6a3c27099f5af4967de9bc79279a93be00bb414c7b8461cbd61f168e08175e436fe74f79026aee5aed45350c9

Download Submit
C:\Windows\SysWOW64\Ehedfo32.exe

Filesize
391KB

MD5
ff1534765a99d81e843624f5d20fc710

SHA1
0c08f5676b1b4b21a7111f7f1583044f8feb8c0c

SHA256
193241766a8380a1f81c4ef55a9dcf26df1b0af3a434595a75f8a5499996db24

SHA512
83adece62dd31eb51670a3c2ef17ec6b9bd5de19f92fed4c6774d54724037a7ad24643e048a42567f3d086d32f175d57b63d52ad4c0b7ba29143d962a130a190

Download Submit
C:\Windows\SysWOW64\Eolpmi32.exe

Filesize
391KB

MD5
4735d29a31f3e8c66ac177ef7c5ec82e

SHA1
1881591cd73edfe706dfe7877ae9841c404e22a7

SHA256
a6ff0d6b9f3614d7cdb29952721f5a65dababbf31ba63a29706fa974eb09a278

SHA512
045e4c5a3579af930d6e97647f0d578aaa55d3622a1d001bb3a658cbcd9dd1a3041f39333b154eb27a805cb04e9a34cddb108319701f68258cbfe51ed38f47db

Download Submit
C:\Windows\SysWOW64\Fbpnkama.exe

Filesize
391KB

MD5
2a571021f4b995543b758afe5f48edc6

SHA1
0e336ecc4121dd6c2be577351312231ec08ece68

SHA256
09a1d74f63293d4b49bdad3849e0a498d526f7bd50d81df6d38e07bf1b414934

SHA512
ff1e23f1be8ea333ed8adbcda94d20cd7a1090db7705f41b06121f725c6cd787bbed9f094be32ecd35a2260ebbf503527070ac603a7004fa4d678bfb7f371e53

Download Submit
C:\Windows\SysWOW64\Imdgqfbd.exe

Filesize
391KB

MD5
bcab7433a338d3754223773aa2f14291

SHA1
0af55b2eca02ef13f3722f07b952019f92b27f34

SHA256
a2f4f394c7efa2cc8e26ae2f1d6710c4458c353071cdd555f7036fa711722fd4

SHA512
1b2038e13564c736ada02435f6396f7373bfe5f857fd604c7be0cfc2f7834f6be2d0b0e3ebe27b35c2a6f5e4f1603220c6863ba2a44ab39aea5944cebdde391f

Download Submit
C:\Windows\SysWOW64\Jefbfgig.exe

Filesize
391KB

MD5
2220e645721bca36b785e56c3e8a5f29

SHA1
7d035a0e86634c8482c43dce1d3eaba0a76e71d3

SHA256
f4c9f854b85f6f5a787b6ed7bd542e1a19f766513e044e279384bc2258c654e1

SHA512
306521fe8fb0e2c5cd2c75b586a6a7d56608c810ac1edd24bb056cddc326f7f27197c147a3678febf1cf6598d31e9aad66096d1f703c331b1d33fc85333a961a

Download Submit
C:\Windows\SysWOW64\Jpijnqkp.exe

Filesize
391KB

MD5
1a47d4b22c11bffb9fe89403176655a5

SHA1
6876ce530f58b902dba1c1d362c30b2bd0e08015

SHA256
ddc14df10e9c5d8906f4d070c3abae6f0f970f512a148a644e261abbe3b9fa41

SHA512
89d1387274edc5f2b0453a80fbb37f10d2a08d20e9d47e8088f619ea3d98fa39df9e2588d4248d2b272f4a5dee9d940eccf140e210b2d23d17beaa7996302de7

Download Submit
C:\Windows\SysWOW64\Kfjhkjle.exe

Filesize
391KB

MD5
a44ce50df68800501f222758f7872f42

SHA1
e40c6d32122f8920229192722dd54011f66415cf

SHA256
d26b84ce061957325deb111cc9e3066ff5b977c42b6671f2e364bd7ecf329246

SHA512
73ed5375897ee1ec5d17688b2ce93224b0dc3752a55417bb88e071c8338e90f711f40d5e089d70a91624bac6d59651e16355625f3bea7aca4670190d12a83725

Download Submit
C:\Windows\SysWOW64\Klgqcqkl.exe

Filesize
391KB

MD5
bb3cbd302e6c0b2c8215d5c630382b5f

SHA1
742042d027f3543c71ab646dc6c70c1f2714072a

SHA256
67142d5e64aeb8f1382685e6fad8b02d70a83e64c786e397510c20c1279d1b79

SHA512
2095549889cb5ae4b29abeee77f68a6c7115279f997d93246c994adbdb32f63529066600c22d3b3995092a77a9c857d4d250c17d13052b008a7d9ccc335151f7

Download Submit
C:\Windows\SysWOW64\Ocbddc32.exe

Filesize
391KB

MD5
82fa5e989fc6d3404bd81149c01efa7b

SHA1
cd0e3ecc0de2cb9a8f3680833972424e831ec053

SHA256
50838e4e3741d1ed2ca84b1d57c94db79835e78232d0467c66e0771b06bd084e

SHA512
5f0c850ff4cbd78651646b82e7d65093e6a9003aaab00f604050322a5d3ee835752ef4e5d0c9a9fc406bd5235df6d14ff48a967140b80d9558665b5da9f641e0

Download Submit
C:\Windows\SysWOW64\Ogkcpbam.exe

Filesize
391KB

MD5
21f6f5efa06402f8ff22f31d1b82b396

SHA1
b58fde005d54b9d6cf86bd86a9c09eae60dfaa5d

SHA256
2a18fad7f0172f833932772cd6967dcbfcf7fbace557354b693c0993a8fc579a

SHA512
53ccd488fb273960567da6f34df56917aba93baabb9d3db35ad0424a9882f43b39d4c803df026f3fb1d6bd65caa18545f21adb31f2d0ff0c93715ac8d4e7f447

Download Submit
C:\Windows\SysWOW64\Oqhacgdh.exe

Filesize
391KB

MD5
803c1f3b5155e7815250b6d5ae174580

SHA1
ddc489fbee389678266f47f16a184f7cc284b6ff

SHA256
22314f13960ae77b61a0754026255265f511ab8b3437e5ec4b0c103c8a3f5294

SHA512
b6f6ca70323cd160d855034a8f9bb67ba43ff12ca8484d430c0005a4b6748ea518bb4e978ccbc745c43c70505d6cadabbec65ecd9295c04b6ae9a95e9fc8e00a

Download Submit
C:\Windows\SysWOW64\Pcbmka32.exe

Filesize
391KB

MD5
f993ef4e46a4804e4f17d349426b5757

SHA1
3af9bb4fb8eff9cf1110b9644d167b64f2c9840c

SHA256
3b6d02ec895ac90ee0cdc147f12134c0cdce644ae03459fc7c349c5b996ecece

SHA512
4acff17e4fc27aaaefe9348ea3e4c3e24f9861c3125da34a1ca09b795231078cd3cf59ba9d48ef94640a395c54958af7c7246a52c695c7ffa9259fd581f13ec6

Download Submit
C:\Windows\SysWOW64\Pggbkagp.exe

Filesize
391KB

MD5
9a180367841babd0f591ef58172beecd

SHA1
8f8f6c7370771c2537d2a2814843e2fdfe6b5da5

SHA256
f2719cebdc6d17e8c17b08a156c0839663e0bd1692842f6407b92b6b7d5bf69c

SHA512
df890b79f2e32b8d14bd43d0b9c569b86c2245b439b503be9fc69f915f5d984c6c5cb6e4570b4b65e788cbf101132fff52ca97a43fcd43101296576b885b0928

Download Submit
C:\Windows\SysWOW64\Pjjhbl32.exe

Filesize
391KB

MD5
0b81c7b5bae3186297447066188e98ba

SHA1
bd2fb483a2503a9546d75f1b3622766ed48a8c8a

SHA256
77f245fa439559f5b761fed056b09f818c001c194627a7a412b534a9e4dbca4d

SHA512
677d78a1578575b8559cad3fc872a3259316ccb968807963e6faf5d139fcd494ed52222dd766e7dfeab5a2a33241db500cfaf99d27000872b08e49b2d6270194

Download Submit
C:\Windows\SysWOW64\Pqknig32.exe

Filesize
391KB

MD5
f19613d45b81f921294b1b6d48b7ec9d

SHA1
9b280877541ec6a14d5299b07b3e2bd8945ca610

SHA256
ce5ff961e04f2777d482acbb52e2977fa345b2df960ee70aea91504b4d998988

SHA512
59f40a125f05ba73bd2f0d58969dd7fca7622827286f23355bb6d6f0a593822625bdac9c5e2861920077050626793fae39d66a05222e00251427f9b8b1e491dd

Download Submit
memory/116-550-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/220-904-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/220-430-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/640-15-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/640-861-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/720-875-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/720-36-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/764-471-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/924-432-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1220-531-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1236-562-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1300-480-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1568-706-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1620-544-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1672-492-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1676-852-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1676-7-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2184-756-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2348-879-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2348-52-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2356-428-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2356-902-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2480-24-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2480-865-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2612-435-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2688-498-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2904-556-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3040-452-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3184-901-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3184-426-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3188-436-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3208-424-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3208-899-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3312-51-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3312-878-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3388-434-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3448-903-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3448-429-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3456-526-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3860-519-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3964-891-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3964-68-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4092-900-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4092-425-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4152-485-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4192-846-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4192-0-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4580-2136-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4708-427-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4708-896-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4768-512-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4816-431-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4816-905-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4824-437-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4844-458-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/4984-433-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5020-533-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5040-56-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5040-889-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5136-578-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5172-579-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5204-717-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5256-590-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5284-723-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5316-600-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5368-602-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5420-612-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5460-619-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5496-730-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5500-620-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5564-840-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5584-837-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5596-631-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5616-777-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5636-637-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5688-647-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5708-809-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5720-749-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5728-653-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5768-659-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5788-853-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5792-815-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5900-765-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5932-821-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5940-680-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5984-687-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/6024-778-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/6028-688-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/6064-823-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/6072-698-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/6108-705-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/6252-877-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/6336-898-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/6476-1824-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/6508-921-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/6544-922-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/6588-928-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/6632-934-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/6888-1803-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/7528-1746-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/7680-1742-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/7756-1741-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/7972-1704-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/8024-1734-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/8104-1733-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/8124-1705-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/8460-1677-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads