c00ee29b9c912a95450bc37fa929b6e6accf73fb7af6d8d41aa4b9cc7307eac1

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 12:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ca75b2f811f42beb1c72955b399f270_NeikiAnalytics.exe
Size

96KB
MD5

0ca75b2f811f42beb1c72955b399f270
SHA1

34d2b6e3907e9b6a3d590e0b2b8fd335b84b59cd
SHA256

c00ee29b9c912a95450bc37fa929b6e6accf73fb7af6d8d41aa4b9cc7307eac1
SHA512

f8045a583a6db57785d37b674ac7931b3d763b6ec5d26b319c6068c665e7a8c1be54b9554991651c395922e73f924af8db381310400296578ef3a01523935cd0
SSDEEP

1536:ztAb+9fWL4aHtUyhGhL/x3r/UlnpQk33y7LcXrCrWuA40ThrUQVoMdUT+irF:zuydcp5m1QWk3CsXraWuABThr1Rhk

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Hlpfhe32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Njedbjej.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Glgcbf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kifojnol.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jeocna32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Hlblcn32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ieagmcmq.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kjeiodek.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ncpeaoih.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Oiccje32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ckhecmcf.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Eiokinbk.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ljceqb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Enmjlojd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ekajec32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	0ca75b2f811f42beb1c72955b399f270_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ckjbhmad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ekodjiol.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hpqldc32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jpenfp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Lobjni32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Gnblnlhl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Aekddhcb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ckhecmcf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Qobhkjdi.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bhhiemoj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Mlljnf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cbpajgmf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Loighj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hbihjifh.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ipihpkkd.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fqbliicp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Fecadghc.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lhqefjpo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Jghpbk32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ogjdmbil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Hmkigh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Hbenoi32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hihibbjo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Hihibbjo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ckmonl32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fiaael32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pjkmomfn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Njinmf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dkfadkgf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Pagbaglh.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Agdcpkll.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pqbala32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Enpmld32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kofkbk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Mcelpggq.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hbenoi32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ieojgc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ieagmcmq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Johggfha.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Flkdfh32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jllokajf.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kpanan32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ojajin32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Galoohke.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Dkfadkgf.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ibaeen32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ieojgc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Mfnhfm32.exe

Executes dropped EXE 64 IoCs

pid	Process
640	Mkhapk32.exe
4816	Mmpdhboj.exe
1156	Nclikl32.exe
4288	Njinmf32.exe
2356	Njmhhefi.exe
4304	Ojbacd32.exe
220	Oejbfmpg.exe
1256	Ojigdcll.exe
3596	Okkdic32.exe
4552	Pmlmkn32.exe
1048	Pmaffnce.exe
5024	Aekddhcb.exe
5068	Bomkcm32.exe
3628	Camddhoi.exe
1628	Cbpajgmf.exe
2164	Ckhecmcf.exe
2440	Ckjbhmad.exe
3480	Ckmonl32.exe
3604	Dnmhpg32.exe
4544	Ddjmba32.exe
1992	Dkfadkgf.exe
4240	Ekkkoj32.exe
740	Eiokinbk.exe
3012	Ekodjiol.exe
4804	Enpmld32.exe
2908	Eppjfgcp.exe
1844	Fflohaij.exe
2124	Flkdfh32.exe
4572	Fiaael32.exe
4688	Gidnkkpc.exe
4348	Gldglf32.exe
3468	Glgcbf32.exe
1228	Glipgf32.exe
2168	Gojiiafp.exe
4632	Hmkigh32.exe
1680	Hlpfhe32.exe
776	Hpnoncim.exe
3972	Hpqldc32.exe
2016	Ibaeen32.exe
3672	Ifomll32.exe
2916	Iipfmggc.exe
4876	Imnocf32.exe
4396	Ieidhh32.exe
2328	Jghpbk32.exe
1288	Jenmcggo.exe
4516	Jpenfp32.exe
348	Jllokajf.exe
4308	Kpjgaoqm.exe
3620	Klahfp32.exe
1280	Kjeiodek.exe
1708	Kpanan32.exe
944	Kofkbk32.exe
4692	Loighj32.exe
4108	Lgbloglj.exe
4504	Ljceqb32.exe
2500	Lobjni32.exe
1432	Mmfkhmdi.exe
636	Mgnlkfal.exe
4368	Mcelpggq.exe
4120	Mcgiefen.exe
2772	Mqkiok32.exe
4292	Nqmfdj32.exe
3100	Ncnofeof.exe
1064	Nnfpinmi.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Oodlnfco.dll	Njinmf32.exe
File opened for modification	C:\Windows\SysWOW64\Pplobcpp.exe	Pjpfjl32.exe
File created	C:\Windows\SysWOW64\Oiagde32.exe	Nqfbpb32.exe
File created	C:\Windows\SysWOW64\Hmkigh32.exe	Gojiiafp.exe
File opened for modification	C:\Windows\SysWOW64\Ocgkan32.exe	Oiagde32.exe
File created	C:\Windows\SysWOW64\Afakoidm.dll	Imnocf32.exe
File opened for modification	C:\Windows\SysWOW64\Feqeog32.exe	Fgmdec32.exe
File created	C:\Windows\SysWOW64\Pcgdhkem.exe	Pcbkml32.exe
File opened for modification	C:\Windows\SysWOW64\Fiaael32.exe	Flkdfh32.exe
File created	C:\Windows\SysWOW64\Pneclb32.dll	Gijmad32.exe
File created	C:\Windows\SysWOW64\Ieicjl32.dll	Jifecp32.exe
File created	C:\Windows\SysWOW64\Kcapicdj.exe	Kifojnol.exe
File created	C:\Windows\SysWOW64\Jgbfjmkq.dll	Mlljnf32.exe
File created	C:\Windows\SysWOW64\Loighj32.exe	Kofkbk32.exe
File created	C:\Windows\SysWOW64\Mmfkhmdi.exe	Lobjni32.exe
File created	C:\Windows\SysWOW64\Ljpaqmgb.exe	Lhqefjpo.exe
File created	C:\Windows\SysWOW64\Ocgkan32.exe	Oiagde32.exe
File created	C:\Windows\SysWOW64\Cfiedd32.dll	Kpanan32.exe
File created	C:\Windows\SysWOW64\Lgbloglj.exe	Loighj32.exe
File created	C:\Windows\SysWOW64\Ggpenegb.dll	Pagbaglh.exe
File opened for modification	C:\Windows\SysWOW64\Fajbjh32.exe	Fecadghc.exe
File created	C:\Windows\SysWOW64\Libmeq32.dll	Gnpphljo.exe
File opened for modification	C:\Windows\SysWOW64\Jpbjfjci.exe	Jemfhacc.exe
File created	C:\Windows\SysWOW64\Dpglbfpm.dll	Mkhapk32.exe
File created	C:\Windows\SysWOW64\Jacodldj.dll	Ljpaqmgb.exe
File created	C:\Windows\SysWOW64\Mlljnf32.exe	Mfbaalbi.exe
File created	C:\Windows\SysWOW64\Mlofcf32.exe	Mlljnf32.exe
File created	C:\Windows\SysWOW64\Nqfbpb32.exe	Nbebbk32.exe
File created	C:\Windows\SysWOW64\Kjeqge32.dll	Mmpdhboj.exe
File created	C:\Windows\SysWOW64\Ojajin32.exe	Oplfkeob.exe
File created	C:\Windows\SysWOW64\Ekbmje32.dll	Agdcpkll.exe
File opened for modification	C:\Windows\SysWOW64\Mfbaalbi.exe	Mljmhflh.exe
File opened for modification	C:\Windows\SysWOW64\Eppjfgcp.exe	Enpmld32.exe
File created	C:\Windows\SysWOW64\Ajiqfi32.dll	Geanfelc.exe
File created	C:\Windows\SysWOW64\Hbgkei32.exe	Hbenoi32.exe
File created	C:\Windows\SysWOW64\Pencqe32.dll	Pcbkml32.exe
File created	C:\Windows\SysWOW64\Ifaciolc.dll	Ekkkoj32.exe
File created	C:\Windows\SysWOW64\Kaofbcjo.dll	Eiokinbk.exe
File created	C:\Windows\SysWOW64\Pjkmomfn.exe	Ogjdmbil.exe
File created	C:\Windows\SysWOW64\Hodlgn32.dll	Fajbjh32.exe
File created	C:\Windows\SysWOW64\Nnhmnn32.exe	Nnfpinmi.exe
File opened for modification	C:\Windows\SysWOW64\Ieojgc32.exe	Hihibbjo.exe
File created	C:\Windows\SysWOW64\Aadafn32.dll	Nqcejcha.exe
File created	C:\Windows\SysWOW64\Jhghaf32.dll	Oejbfmpg.exe
File created	C:\Windows\SysWOW64\Hlgdjg32.dll	Ieidhh32.exe
File created	C:\Windows\SysWOW64\Gnblnlhl.exe	Gnpphljo.exe
File opened for modification	C:\Windows\SysWOW64\Ncnofeof.exe	Nqmfdj32.exe
File created	C:\Windows\SysWOW64\Qikoka32.dll	Glipgf32.exe
File created	C:\Windows\SysWOW64\Bhhiemoj.exe	Aggpfkjj.exe
File opened for modification	C:\Windows\SysWOW64\Camddhoi.exe	Bomkcm32.exe
File created	C:\Windows\SysWOW64\Gnpphljo.exe	Galoohke.exe
File created	C:\Windows\SysWOW64\Hpceplkl.dll	Hldiinke.exe
File created	C:\Windows\SysWOW64\Gepgfb32.dll	Fflohaij.exe
File created	C:\Windows\SysWOW64\Ddipic32.dll	Hmkigh32.exe
File created	C:\Windows\SysWOW64\Epoaed32.dll	Dnmaea32.exe
File opened for modification	C:\Windows\SysWOW64\Ieagmcmq.exe	Ieojgc32.exe
File created	C:\Windows\SysWOW64\Gpkpbaea.dll	Mgnlkfal.exe
File opened for modification	C:\Windows\SysWOW64\Nnfpinmi.exe	Ncnofeof.exe
File created	C:\Windows\SysWOW64\Imffkelf.dll	Enfckp32.exe
File created	C:\Windows\SysWOW64\Nbjnhape.dll	Hlblcn32.exe
File created	C:\Windows\SysWOW64\Konidd32.dll	Flkdfh32.exe
File created	C:\Windows\SysWOW64\Jeegfibg.dll	Dggbcf32.exe
File created	C:\Windows\SysWOW64\Nbebbk32.exe	Nqcejcha.exe
File created	C:\Windows\SysWOW64\Aqhblk32.dll	Okkdic32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
7096	7004	WerFault.exe	244

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Epoaed32.dll"	Dnmaea32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Geanfelc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Kbhmbdle.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Oiagde32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ahhjomjk.dll"	Oonlfo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Deaiemli.dll"	Pcgdhkem.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Fiaael32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Enpmld32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Mcgiefen.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ieagmcmq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Jpbjfjci.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Fjohgj32.dll"	Klpakj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Nqfbpb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mjijkmod.dll"	Njmhhefi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Gojiiafp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hlohlk32.dll"	Aggpfkjj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gjecbd32.dll"	Bpfkpp32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Fqbliicp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Jemfhacc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ckjbhmad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Imnbiq32.dll"	Mmfkhmdi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Lcmodajm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Modpib32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ecfjqmbc.dll"	Mlofcf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Oejbfmpg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ncnofeof.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Hbenoi32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Kjeiodek.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Gnblnlhl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hpidaqmj.dll"	Jpenfp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qikoka32.dll"	Glipgf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ojcpdg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Gidnkkpc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ieidhh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Nfenigce.dll"	Mfnhfm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Nqoloc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Gldglf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ifomll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Lafmjp32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Dnmhpg32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ekajec32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Jemfhacc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Nfgklkoc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Nfldgk32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Enmjlojd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Kmfpdfnd.dll"	Fqbliicp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Kpanan32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Khfclo32.dll"	Ckjbhmad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Jpenfp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Folnlh32.dll"	Mqkiok32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Mfnhfm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Nbenoa32.dll"	Ckhecmcf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Klahfp32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Npiiffqe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Qobhkjdi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Gldglf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ieojgc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Lhqefjpo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ocnabm32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ckmonl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Dnmaea32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jacodldj.dll"	Ljpaqmgb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Mlljnf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Enpmld32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 648 wrote to memory of 640	648	0ca75b2f811f42beb1c72955b399f270_NeikiAnalytics.exe	90
PID 648 wrote to memory of 640	648	0ca75b2f811f42beb1c72955b399f270_NeikiAnalytics.exe	90
PID 648 wrote to memory of 640	648	0ca75b2f811f42beb1c72955b399f270_NeikiAnalytics.exe	90
PID 640 wrote to memory of 4816	640	Mkhapk32.exe	91
PID 640 wrote to memory of 4816	640	Mkhapk32.exe	91
PID 640 wrote to memory of 4816	640	Mkhapk32.exe	91
PID 4816 wrote to memory of 1156	4816	Mmpdhboj.exe	92
PID 4816 wrote to memory of 1156	4816	Mmpdhboj.exe	92
PID 4816 wrote to memory of 1156	4816	Mmpdhboj.exe	92
PID 1156 wrote to memory of 4288	1156	Nclikl32.exe	93
PID 1156 wrote to memory of 4288	1156	Nclikl32.exe	93
PID 1156 wrote to memory of 4288	1156	Nclikl32.exe	93
PID 4288 wrote to memory of 2356	4288	Njinmf32.exe	94
PID 4288 wrote to memory of 2356	4288	Njinmf32.exe	94
PID 4288 wrote to memory of 2356	4288	Njinmf32.exe	94
PID 2356 wrote to memory of 4304	2356	Njmhhefi.exe	95
PID 2356 wrote to memory of 4304	2356	Njmhhefi.exe	95
PID 2356 wrote to memory of 4304	2356	Njmhhefi.exe	95
PID 4304 wrote to memory of 220	4304	Ojbacd32.exe	96
PID 4304 wrote to memory of 220	4304	Ojbacd32.exe	96
PID 4304 wrote to memory of 220	4304	Ojbacd32.exe	96
PID 220 wrote to memory of 1256	220	Oejbfmpg.exe	97
PID 220 wrote to memory of 1256	220	Oejbfmpg.exe	97
PID 220 wrote to memory of 1256	220	Oejbfmpg.exe	97
PID 1256 wrote to memory of 3596	1256	Ojigdcll.exe	98
PID 1256 wrote to memory of 3596	1256	Ojigdcll.exe	98
PID 1256 wrote to memory of 3596	1256	Ojigdcll.exe	98
PID 3596 wrote to memory of 4552	3596	Okkdic32.exe	99
PID 3596 wrote to memory of 4552	3596	Okkdic32.exe	99
PID 3596 wrote to memory of 4552	3596	Okkdic32.exe	99
PID 4552 wrote to memory of 1048	4552	Pmlmkn32.exe	100
PID 4552 wrote to memory of 1048	4552	Pmlmkn32.exe	100
PID 4552 wrote to memory of 1048	4552	Pmlmkn32.exe	100
PID 1048 wrote to memory of 5024	1048	Pmaffnce.exe	101
PID 1048 wrote to memory of 5024	1048	Pmaffnce.exe	101
PID 1048 wrote to memory of 5024	1048	Pmaffnce.exe	101
PID 5024 wrote to memory of 5068	5024	Aekddhcb.exe	102
PID 5024 wrote to memory of 5068	5024	Aekddhcb.exe	102
PID 5024 wrote to memory of 5068	5024	Aekddhcb.exe	102
PID 5068 wrote to memory of 3628	5068	Bomkcm32.exe	103
PID 5068 wrote to memory of 3628	5068	Bomkcm32.exe	103
PID 5068 wrote to memory of 3628	5068	Bomkcm32.exe	103
PID 3628 wrote to memory of 1628	3628	Camddhoi.exe	104
PID 3628 wrote to memory of 1628	3628	Camddhoi.exe	104
PID 3628 wrote to memory of 1628	3628	Camddhoi.exe	104
PID 1628 wrote to memory of 2164	1628	Cbpajgmf.exe	105
PID 1628 wrote to memory of 2164	1628	Cbpajgmf.exe	105
PID 1628 wrote to memory of 2164	1628	Cbpajgmf.exe	105
PID 2164 wrote to memory of 2440	2164	Ckhecmcf.exe	106
PID 2164 wrote to memory of 2440	2164	Ckhecmcf.exe	106
PID 2164 wrote to memory of 2440	2164	Ckhecmcf.exe	106
PID 2440 wrote to memory of 3480	2440	Ckjbhmad.exe	107
PID 2440 wrote to memory of 3480	2440	Ckjbhmad.exe	107
PID 2440 wrote to memory of 3480	2440	Ckjbhmad.exe	107
PID 3480 wrote to memory of 3604	3480	Ckmonl32.exe	108
PID 3480 wrote to memory of 3604	3480	Ckmonl32.exe	108
PID 3480 wrote to memory of 3604	3480	Ckmonl32.exe	108
PID 3604 wrote to memory of 4544	3604	Dnmhpg32.exe	109
PID 3604 wrote to memory of 4544	3604	Dnmhpg32.exe	109
PID 3604 wrote to memory of 4544	3604	Dnmhpg32.exe	109
PID 4544 wrote to memory of 1992	4544	Ddjmba32.exe	110
PID 4544 wrote to memory of 1992	4544	Ddjmba32.exe	110
PID 4544 wrote to memory of 1992	4544	Ddjmba32.exe	110
PID 1992 wrote to memory of 4240	1992	Dkfadkgf.exe	111

C:\Users\Admin\AppData\Local\Temp\0ca75b2f811f42beb1c72955b399f270_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0ca75b2f811f42beb1c72955b399f270_NeikiAnalytics.exe"
1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Suspicious use of WriteProcessMemory
PID:648
- C:\Windows\SysWOW64\Mkhapk32.exe
  C:\Windows\system32\Mkhapk32.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:640
- - C:\Windows\SysWOW64\Mmpdhboj.exe
    C:\Windows\system32\Mmpdhboj.exe
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:4816
  - - C:\Windows\SysWOW64\Nclikl32.exe
      C:\Windows\system32\Nclikl32.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1156
    - - C:\Windows\SysWOW64\Njinmf32.exe
        
        C:\Windows\system32\Njinmf32.exe
        5⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4288
      - C:\Windows\SysWOW64\Njmhhefi.exe
        
        C:\Windows\system32\Njmhhefi.exe
        6⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2356
        
        C:\Windows\SysWOW64\Ojbacd32.exe
        
        C:\Windows\system32\Ojbacd32.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4304
        
        C:\Windows\SysWOW64\Oejbfmpg.exe
        
        C:\Windows\system32\Oejbfmpg.exe
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:220
        
        C:\Windows\SysWOW64\Ojigdcll.exe
        
        C:\Windows\system32\Ojigdcll.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1256
        
        C:\Windows\SysWOW64\Okkdic32.exe
        
        C:\Windows\system32\Okkdic32.exe
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3596
        
        C:\Windows\SysWOW64\Pmlmkn32.exe
        
        C:\Windows\system32\Pmlmkn32.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4552
        
        C:\Windows\SysWOW64\Pmaffnce.exe
        
        C:\Windows\system32\Pmaffnce.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1048
        
        C:\Windows\SysWOW64\Aekddhcb.exe
        
        C:\Windows\system32\Aekddhcb.exe
        13⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5024
        
        C:\Windows\SysWOW64\Bomkcm32.exe
        
        C:\Windows\system32\Bomkcm32.exe
        14⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:5068
        
        C:\Windows\SysWOW64\Camddhoi.exe
        
        C:\Windows\system32\Camddhoi.exe
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3628
        
        C:\Windows\SysWOW64\Cbpajgmf.exe
        
        C:\Windows\system32\Cbpajgmf.exe
        16⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1628
        
        C:\Windows\SysWOW64\Ckhecmcf.exe
        
        C:\Windows\system32\Ckhecmcf.exe
        17⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2164
        
        C:\Windows\SysWOW64\Ckjbhmad.exe
        
        C:\Windows\system32\Ckjbhmad.exe
        18⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2440
        
        C:\Windows\SysWOW64\Ckmonl32.exe
        
        C:\Windows\system32\Ckmonl32.exe
        19⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3480
        
        C:\Windows\SysWOW64\Dnmhpg32.exe
        
        C:\Windows\system32\Dnmhpg32.exe
        20⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3604
        
        C:\Windows\SysWOW64\Ddjmba32.exe
        
        C:\Windows\system32\Ddjmba32.exe
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4544
        
        C:\Windows\SysWOW64\Dkfadkgf.exe
        
        C:\Windows\system32\Dkfadkgf.exe
        22⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1992
        
        C:\Windows\SysWOW64\Ekkkoj32.exe
        
        C:\Windows\system32\Ekkkoj32.exe
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4240
        
        C:\Windows\SysWOW64\Eiokinbk.exe
        
        C:\Windows\system32\Eiokinbk.exe
        24⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:740
        
        C:\Windows\SysWOW64\Ekodjiol.exe
        
        C:\Windows\system32\Ekodjiol.exe
        25⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3012
        
        C:\Windows\SysWOW64\Enpmld32.exe
        
        C:\Windows\system32\Enpmld32.exe
        26⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:4804
        
        C:\Windows\SysWOW64\Eppjfgcp.exe
        
        C:\Windows\system32\Eppjfgcp.exe
        27⤵
        Executes dropped EXE
        
        PID:2908
        
        C:\Windows\SysWOW64\Fflohaij.exe
        
        C:\Windows\system32\Fflohaij.exe
        28⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1844
        
        C:\Windows\SysWOW64\Flkdfh32.exe
        
        C:\Windows\system32\Flkdfh32.exe
        29⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2124
        
        C:\Windows\SysWOW64\Fiaael32.exe
        
        C:\Windows\system32\Fiaael32.exe
        30⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:4572
        
        C:\Windows\SysWOW64\Gidnkkpc.exe
        
        C:\Windows\system32\Gidnkkpc.exe
        31⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4688
        
        C:\Windows\SysWOW64\Gldglf32.exe
        
        C:\Windows\system32\Gldglf32.exe
        32⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4348
        
        C:\Windows\SysWOW64\Glgcbf32.exe
        
        C:\Windows\system32\Glgcbf32.exe
        33⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3468
        
        C:\Windows\SysWOW64\Glipgf32.exe
        
        C:\Windows\system32\Glipgf32.exe
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1228
        
        C:\Windows\SysWOW64\Gojiiafp.exe
        
        C:\Windows\system32\Gojiiafp.exe
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:2168
        
        C:\Windows\SysWOW64\Hmkigh32.exe
        
        C:\Windows\system32\Hmkigh32.exe
        36⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4632
        
        C:\Windows\SysWOW64\Hlpfhe32.exe
        
        C:\Windows\system32\Hlpfhe32.exe
        37⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:1680
        
        C:\Windows\SysWOW64\Hpnoncim.exe
        
        C:\Windows\system32\Hpnoncim.exe
        38⤵
        Executes dropped EXE
        
        PID:776
        
        C:\Windows\SysWOW64\Hpqldc32.exe
        
        C:\Windows\system32\Hpqldc32.exe
        39⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3972
        
        C:\Windows\SysWOW64\Ibaeen32.exe
        
        C:\Windows\system32\Ibaeen32.exe
        40⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:2016
        
        C:\Windows\SysWOW64\Ifomll32.exe
        
        C:\Windows\system32\Ifomll32.exe
        41⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3672
        
        C:\Windows\SysWOW64\Iipfmggc.exe
        
        C:\Windows\system32\Iipfmggc.exe
        42⤵
        Executes dropped EXE
        
        PID:2916
        
        C:\Windows\SysWOW64\Imnocf32.exe
        
        C:\Windows\system32\Imnocf32.exe
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4876
        
        C:\Windows\SysWOW64\Ieidhh32.exe
        
        C:\Windows\system32\Ieidhh32.exe
        44⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:4396
        
        C:\Windows\SysWOW64\Jghpbk32.exe
        
        C:\Windows\system32\Jghpbk32.exe
        45⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:2328
        
        C:\Windows\SysWOW64\Jenmcggo.exe
        
        C:\Windows\system32\Jenmcggo.exe
        46⤵
        Executes dropped EXE
        
        PID:1288
        
        C:\Windows\SysWOW64\Jpenfp32.exe
        
        C:\Windows\system32\Jpenfp32.exe
        47⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:4516
        
        C:\Windows\SysWOW64\Jllokajf.exe
        
        C:\Windows\system32\Jllokajf.exe
        48⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:348
        
        C:\Windows\SysWOW64\Kpjgaoqm.exe
        
        C:\Windows\system32\Kpjgaoqm.exe
        49⤵
        Executes dropped EXE
        
        PID:4308
        
        C:\Windows\SysWOW64\Klahfp32.exe
        
        C:\Windows\system32\Klahfp32.exe
        50⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3620
        
        C:\Windows\SysWOW64\Kjeiodek.exe
        
        C:\Windows\system32\Kjeiodek.exe
        51⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:1280
        
        C:\Windows\SysWOW64\Kpanan32.exe
        
        C:\Windows\system32\Kpanan32.exe
        52⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1708
        
        C:\Windows\SysWOW64\Kofkbk32.exe
        
        C:\Windows\system32\Kofkbk32.exe
        53⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:944
        
        C:\Windows\SysWOW64\Loighj32.exe
        
        C:\Windows\system32\Loighj32.exe
        54⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4692
        
        C:\Windows\SysWOW64\Lgbloglj.exe
        
        C:\Windows\system32\Lgbloglj.exe
        55⤵
        Executes dropped EXE
        
        PID:4108
        
        C:\Windows\SysWOW64\Ljceqb32.exe
        
        C:\Windows\system32\Ljceqb32.exe
        56⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4504
        
        C:\Windows\SysWOW64\Lobjni32.exe
        
        C:\Windows\system32\Lobjni32.exe
        57⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2500
        
        C:\Windows\SysWOW64\Mmfkhmdi.exe
        
        C:\Windows\system32\Mmfkhmdi.exe
        58⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1432
        
        C:\Windows\SysWOW64\Mgnlkfal.exe
        
        C:\Windows\system32\Mgnlkfal.exe
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:636
        
        C:\Windows\SysWOW64\Mcelpggq.exe
        
        C:\Windows\system32\Mcelpggq.exe
        60⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4368
        
        C:\Windows\SysWOW64\Mcgiefen.exe
        
        C:\Windows\system32\Mcgiefen.exe
        61⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4120
        
        C:\Windows\SysWOW64\Mqkiok32.exe
        
        C:\Windows\system32\Mqkiok32.exe
        62⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2772
        
        C:\Windows\SysWOW64\Nqmfdj32.exe
        
        C:\Windows\system32\Nqmfdj32.exe
        63⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4292
        
        C:\Windows\SysWOW64\Ncnofeof.exe
        
        C:\Windows\system32\Ncnofeof.exe
        64⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:3100
        
        C:\Windows\SysWOW64\Nnfpinmi.exe
        
        C:\Windows\system32\Nnfpinmi.exe
        65⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1064
        
        C:\Windows\SysWOW64\Nnhmnn32.exe
        
        C:\Windows\system32\Nnhmnn32.exe
        66⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\Npiiffqe.exe
        
        C:\Windows\system32\Npiiffqe.exe
        67⤵
        Modifies registry class
        
        PID:400
        
        C:\Windows\SysWOW64\Oplfkeob.exe
        
        C:\Windows\system32\Oplfkeob.exe
        68⤵
        Drops file in System32 directory
        
        PID:2548
        
        C:\Windows\SysWOW64\Ojajin32.exe
        
        C:\Windows\system32\Ojajin32.exe
        69⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4548
        
        C:\Windows\SysWOW64\Ocjoadei.exe
        
        C:\Windows\system32\Ocjoadei.exe
        70⤵
        
        PID:524
        
        C:\Windows\SysWOW64\Ogjdmbil.exe
        
        C:\Windows\system32\Ogjdmbil.exe
        71⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:1768
        
        C:\Windows\SysWOW64\Pjkmomfn.exe
        
        C:\Windows\system32\Pjkmomfn.exe
        72⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4036
        
        C:\Windows\SysWOW64\Pagbaglh.exe
        
        C:\Windows\system32\Pagbaglh.exe
        73⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:568
        
        C:\Windows\SysWOW64\Pjpfjl32.exe
        
        C:\Windows\system32\Pjpfjl32.exe
        74⤵
        Drops file in System32 directory
        
        PID:864
        
        C:\Windows\SysWOW64\Pplobcpp.exe
        
        C:\Windows\system32\Pplobcpp.exe
        75⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\Ppolhcnm.exe
        
        C:\Windows\system32\Ppolhcnm.exe
        76⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\Qobhkjdi.exe
        
        C:\Windows\system32\Qobhkjdi.exe
        77⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:1424
        
        C:\Windows\SysWOW64\Agdcpkll.exe
        
        C:\Windows\system32\Agdcpkll.exe
        78⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:3056
        
        C:\Windows\SysWOW64\Aggpfkjj.exe
        
        C:\Windows\system32\Aggpfkjj.exe
        79⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:3792
        
        C:\Windows\SysWOW64\Bhhiemoj.exe
        
        C:\Windows\system32\Bhhiemoj.exe
        80⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4528
        
        C:\Windows\SysWOW64\Bpfkpp32.exe
        
        C:\Windows\system32\Bpfkpp32.exe
        81⤵
        Modifies registry class
        
        PID:4144
        
        C:\Windows\SysWOW64\Bphgeo32.exe
        
        C:\Windows\system32\Bphgeo32.exe
        82⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\Cdimqm32.exe
        
        C:\Windows\system32\Cdimqm32.exe
        83⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\Dnmaea32.exe
        
        C:\Windows\system32\Dnmaea32.exe
        84⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:4780
        
        C:\Windows\SysWOW64\Dggbcf32.exe
        
        C:\Windows\system32\Dggbcf32.exe
        85⤵
        Drops file in System32 directory
        
        PID:5128
        
        C:\Windows\SysWOW64\Enfckp32.exe
        
        C:\Windows\system32\Enfckp32.exe
        86⤵
        Drops file in System32 directory
        
        PID:5172
        
        C:\Windows\SysWOW64\Ehndnh32.exe
        
        C:\Windows\system32\Ehndnh32.exe
        87⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\Enmjlojd.exe
        
        C:\Windows\system32\Enmjlojd.exe
        88⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5268
        
        C:\Windows\SysWOW64\Ekajec32.exe
        
        C:\Windows\system32\Ekajec32.exe
        89⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5312
        
        C:\Windows\SysWOW64\Fqbliicp.exe
        
        C:\Windows\system32\Fqbliicp.exe
        90⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5352
        
        C:\Windows\SysWOW64\Fgmdec32.exe
        
        C:\Windows\system32\Fgmdec32.exe
        91⤵
        Drops file in System32 directory
        
        PID:5404
        
        C:\Windows\SysWOW64\Feqeog32.exe
        
        C:\Windows\system32\Feqeog32.exe
        92⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\Fecadghc.exe
        
        C:\Windows\system32\Fecadghc.exe
        93⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5492
        
        C:\Windows\SysWOW64\Fajbjh32.exe
        
        C:\Windows\system32\Fajbjh32.exe
        94⤵
        Drops file in System32 directory
        
        PID:5580
        
        C:\Windows\SysWOW64\Galoohke.exe
        
        C:\Windows\system32\Galoohke.exe
        95⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5632
        
        C:\Windows\SysWOW64\Gnpphljo.exe
        
        C:\Windows\system32\Gnpphljo.exe
        96⤵
        Drops file in System32 directory
        
        PID:5676
        
        C:\Windows\SysWOW64\Gnblnlhl.exe
        
        C:\Windows\system32\Gnblnlhl.exe
        97⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5724
        
        C:\Windows\SysWOW64\Gijmad32.exe
        
        C:\Windows\system32\Gijmad32.exe
        98⤵
        Drops file in System32 directory
        
        PID:5768
        
        C:\Windows\SysWOW64\Geanfelc.exe
        
        C:\Windows\system32\Geanfelc.exe
        99⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5812
        
        C:\Windows\SysWOW64\Hbenoi32.exe
        
        C:\Windows\system32\Hbenoi32.exe
        100⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:5856
        
        C:\Windows\SysWOW64\Hbgkei32.exe
        
        C:\Windows\system32\Hbgkei32.exe
        101⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\Hbihjifh.exe
        
        C:\Windows\system32\Hbihjifh.exe
        102⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6000
        
        C:\Windows\SysWOW64\Hlblcn32.exe
        
        C:\Windows\system32\Hlblcn32.exe
        103⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:6056
        
        C:\Windows\SysWOW64\Hldiinke.exe
        
        C:\Windows\system32\Hldiinke.exe
        104⤵
        Drops file in System32 directory
        
        PID:6100
        
        C:\Windows\SysWOW64\Hihibbjo.exe
        
        C:\Windows\system32\Hihibbjo.exe
        105⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:4828
        
        C:\Windows\SysWOW64\Ieojgc32.exe
        
        C:\Windows\system32\Ieojgc32.exe
        106⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:5184
        
        C:\Windows\SysWOW64\Ieagmcmq.exe
        
        C:\Windows\system32\Ieagmcmq.exe
        107⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5292
        
        C:\Windows\SysWOW64\Ipihpkkd.exe
        
        C:\Windows\system32\Ipihpkkd.exe
        108⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5372
        
        C:\Windows\SysWOW64\Iondqhpl.exe
        
        C:\Windows\system32\Iondqhpl.exe
        109⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\Jifecp32.exe
        
        C:\Windows\system32\Jifecp32.exe
        110⤵
        Drops file in System32 directory
        
        PID:5592
        
        C:\Windows\SysWOW64\Jemfhacc.exe
        
        C:\Windows\system32\Jemfhacc.exe
        111⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5664
        
        C:\Windows\SysWOW64\Jpbjfjci.exe
        
        C:\Windows\system32\Jpbjfjci.exe
        112⤵
        Modifies registry class
        
        PID:5748
        
        C:\Windows\SysWOW64\Jeocna32.exe
        
        C:\Windows\system32\Jeocna32.exe
        113⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5840
        
        C:\Windows\SysWOW64\Johggfha.exe
        
        C:\Windows\system32\Johggfha.exe
        114⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6040
        
        C:\Windows\SysWOW64\Jllhpkfk.exe
        
        C:\Windows\system32\Jllhpkfk.exe
        115⤵
        
        PID:388
        
        C:\Windows\SysWOW64\Kbhmbdle.exe
        
        C:\Windows\system32\Kbhmbdle.exe
        116⤵
        Modifies registry class
        
        PID:5204
        
        C:\Windows\SysWOW64\Klpakj32.exe
        
        C:\Windows\system32\Klpakj32.exe
        117⤵
        Modifies registry class
        
        PID:5328
        
        C:\Windows\SysWOW64\Kifojnol.exe
        
        C:\Windows\system32\Kifojnol.exe
        118⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5552
        
        C:\Windows\SysWOW64\Kcapicdj.exe
        
        C:\Windows\system32\Kcapicdj.exe
        119⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\Lafmjp32.exe
        
        C:\Windows\system32\Lafmjp32.exe
        120⤵
        Modifies registry class
        
        PID:5940
        
        C:\Windows\SysWOW64\Lhqefjpo.exe
        
        C:\Windows\system32\Lhqefjpo.exe
        121⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:5136
        
        C:\Windows\SysWOW64\Ljpaqmgb.exe
        
        C:\Windows\system32\Ljpaqmgb.exe
        122⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:4264
        
        C:\Windows\SysWOW64\Lfiokmkc.exe
        
        C:\Windows\system32\Lfiokmkc.exe
        123⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\Lcmodajm.exe
        
        C:\Windows\system32\Lcmodajm.exe
        124⤵
        Modifies registry class
        
        PID:5672
        
        C:\Windows\SysWOW64\Modpib32.exe
        
        C:\Windows\system32\Modpib32.exe
        125⤵
        Modifies registry class
        
        PID:6088
        
        C:\Windows\SysWOW64\Mfnhfm32.exe
        
        C:\Windows\system32\Mfnhfm32.exe
        126⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5320
        
        C:\Windows\SysWOW64\Mljmhflh.exe
        
        C:\Windows\system32\Mljmhflh.exe
        127⤵
        Drops file in System32 directory
        
        PID:5760
        
        C:\Windows\SysWOW64\Mfbaalbi.exe
        
        C:\Windows\system32\Mfbaalbi.exe
        128⤵
        Drops file in System32 directory
        
        PID:5180
        
        C:\Windows\SysWOW64\Mlljnf32.exe
        
        C:\Windows\system32\Mlljnf32.exe
        129⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:5692
        
        C:\Windows\SysWOW64\Mlofcf32.exe
        
        C:\Windows\system32\Mlofcf32.exe
        130⤵
        Modifies registry class
        
        PID:5500
        
        C:\Windows\SysWOW64\Nfgklkoc.exe
        
        C:\Windows\system32\Nfgklkoc.exe
        131⤵
        Modifies registry class
        
        PID:5264
        
        C:\Windows\SysWOW64\Nckkfp32.exe
        
        C:\Windows\system32\Nckkfp32.exe
        132⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\Njedbjej.exe
        
        C:\Windows\system32\Njedbjej.exe
        133⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6168
        
        C:\Windows\SysWOW64\Nqoloc32.exe
        
        C:\Windows\system32\Nqoloc32.exe
        134⤵
        Modifies registry class
        
        PID:6212
        
        C:\Windows\SysWOW64\Nfldgk32.exe
        
        C:\Windows\system32\Nfldgk32.exe
        135⤵
        Modifies registry class
        
        PID:6256
        
        C:\Windows\SysWOW64\Ncpeaoih.exe
        
        C:\Windows\system32\Ncpeaoih.exe
        136⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6308
        
        C:\Windows\SysWOW64\Nqcejcha.exe
        
        C:\Windows\system32\Nqcejcha.exe
        137⤵
        Drops file in System32 directory
        
        PID:6352
        
        C:\Windows\SysWOW64\Nbebbk32.exe
        
        C:\Windows\system32\Nbebbk32.exe
        138⤵
        Drops file in System32 directory
        
        PID:6408
        
        C:\Windows\SysWOW64\Nqfbpb32.exe
        
        C:\Windows\system32\Nqfbpb32.exe
        139⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6468
        
        C:\Windows\SysWOW64\Oiagde32.exe
        
        C:\Windows\system32\Oiagde32.exe
        140⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6512
        
        C:\Windows\SysWOW64\Ocgkan32.exe
        
        C:\Windows\system32\Ocgkan32.exe
        141⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\Oiccje32.exe
        
        C:\Windows\system32\Oiccje32.exe
        142⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6600
        
        C:\Windows\SysWOW64\Oonlfo32.exe
        
        C:\Windows\system32\Oonlfo32.exe
        143⤵
        Modifies registry class
        
        PID:6644
        
        C:\Windows\SysWOW64\Ojcpdg32.exe
        
        C:\Windows\system32\Ojcpdg32.exe
        144⤵
        Modifies registry class
        
        PID:6684
        
        C:\Windows\SysWOW64\Oqmhqapg.exe
        
        C:\Windows\system32\Oqmhqapg.exe
        145⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\Ocnabm32.exe
        
        C:\Windows\system32\Ocnabm32.exe
        146⤵
        Modifies registry class
        
        PID:6780
        
        C:\Windows\SysWOW64\Pqbala32.exe
        
        C:\Windows\system32\Pqbala32.exe
        147⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6824
        
        C:\Windows\SysWOW64\Pcbkml32.exe
        
        C:\Windows\system32\Pcbkml32.exe
        148⤵
        Drops file in System32 directory
        
        PID:6868
        
        C:\Windows\SysWOW64\Pcgdhkem.exe
        
        C:\Windows\system32\Pcgdhkem.exe
        149⤵
        Modifies registry class
        
        PID:6916
        
        C:\Windows\SysWOW64\Pakdbp32.exe
        
        C:\Windows\system32\Pakdbp32.exe
        150⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\Pififb32.exe
        
        C:\Windows\system32\Pififb32.exe
        151⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 412
        152⤵
        Program crash
        
        PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 7004 -ip 7004
1⤵
PID:7072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2312 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:7132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Aekddhcb.exe

Filesize
96KB

MD5
a21c45bf619bd66ff4da9f2e071fa588

SHA1
b390fe7f3d41302113b199c77e088c51b5b3e09b

SHA256
aa1c5d9eab9d019ee015d4c236f859e29fdc6a1e7ed5873a159e241523e44cfb

SHA512
715ca4f9f7df070318c025a93432637964b0e483b1c8d2af9d73fd0cbe762ba6f3b90653c99c04711d00e9d35cf3f78cf30c6fecd13474f38d525d0efa64a1b3

Download Submit
C:\Windows\SysWOW64\Bhhiemoj.exe

Filesize
96KB

MD5
b53a7e48d4bfba56f3b6d1862474406a

SHA1
dc1a5295007ddb640f1b16bbb029e2daa56048b8

SHA256
1ddf8c1af4a25a57470449fb1ce8e61e296c7909e7ac121195e02783db0db5b7

SHA512
61e98328365b83b5e1e652f40a2598c00bb59860e3f40ef5073b911ae8ccb3dcf60ec6e7042d6819219e180f6631fec7b7d45fb870a189201ca4c3a349cb3fa6

Download Submit
C:\Windows\SysWOW64\Bomkcm32.exe

Filesize
96KB

MD5
30dced82aa995a5d55977dae60a4479f

SHA1
905169449c5dee17f1af4f0246dc2422bb3cd886

SHA256
c237cf07c191ef5a215b2db5438db8173d128b2e85c74ee49c0ab8bcb9962e2e

SHA512
b13600911fc5cc8994b3474cc270da29cbfb137407bce7030757a7bbc7e378251ed83bab56b7c4cde698ff56a8be8a1efce32f104a6b5cb8592b9d9d56550f06

Download Submit
C:\Windows\SysWOW64\Bphgeo32.exe

Filesize
96KB

MD5
452a0042084e79921fc8822f9d424af6

SHA1
d4fc8b7de75a1ddcc3e44bbf707f6d5b7622590a

SHA256
da29b1049c6e11d3e437acf01756193634914b016e7d9bbfc7024d83069c087c

SHA512
620484a87a2773474401b0c32b1e49c382b4a340fa8528ee769e9fd5ee3bcfb1efb0f2fcfc643390c0cd776883372243f7b68cbfcfeea9f6d9382ad4e3f8a3b1

Download Submit
C:\Windows\SysWOW64\Camddhoi.exe

Filesize
96KB

MD5
852ce1d8c2071c8e8c4885121443b836

SHA1
0e7d7c1d15c4fc7ea25142a2aff7a2f979fe1cb1

SHA256
fcc936fe752c2119f372f3d7e0e0f3bf21a9c89ea1c9f76e046c4032bed83599

SHA512
b09752205c78d0c12ba86be9f79b2123ab6156b1103b580beee9e020e64f79925fc0c0d4d047e66d7aea1e800feea0da2663d20c6a382e87531f2ee436774455

Download Submit
C:\Windows\SysWOW64\Cbpajgmf.exe

Filesize
96KB

MD5
b6e4921507a95e6d9f297fc5fd8a1580

SHA1
a68236ca1b5e9d468f00e282c1dfa434ef219ba2

SHA256
c760034346ceef124df9d6d9809c4a5eb036acb84fb51c27e09cc98dc8e9aa37

SHA512
4d8faba6151bc27c1d3d82c5e2a396dc26834616cc0e9c22e4a4b9c13f906688c3f4eac586c2cdd98abdb369b349197fe10ef1931bab3acfaecd864e609edcfb

Download Submit
C:\Windows\SysWOW64\Ckhecmcf.exe

Filesize
96KB

MD5
d8fb50988269a1f1788ad8b5512942c5

SHA1
b495c22aa6a527d596580a41f21b9a230f506e65

SHA256
abd5f3435edbfd06c26ec5d25039dbe35a911e66304f6a79ffaf005f49985033

SHA512
cf213d159be50c9bb0584d0835b34dc737fb584c3aef32184755efbc0a87805073527f5f93aebff8c92e9aabaaa8bbde9778f031f91288da3c97c024310c5edc

Download Submit
C:\Windows\SysWOW64\Ckjbhmad.exe

Filesize
96KB

MD5
d2a2aba6251767d305bcba2f9a67e5ee

SHA1
a05a60babcebf5e32613fec8acfe07434cf52703

SHA256
bc527fb6cfc34c12db682f66aa23081566cd6fcc8fe457ba47cf2c2f92a2e5cb

SHA512
d9a40b78b88c3e9a351970304a43e2bd564e4c859959f7a0d7200572c8c44f47387d62b4a1c0bf48a0c7c2d5c9fe4af8076ac1f5605fdc27ad06e3f056ddbc15

Download Submit
C:\Windows\SysWOW64\Ckmonl32.exe

Filesize
96KB

MD5
557f1be928fdcdfcb2d70418b57c9fe7

SHA1
6b9306895d53a7728a6149982435eaef3da65c6b

SHA256
2845201a9064342178db91c2e305fe609db823423e81bdd93f45970245c6d761

SHA512
34d5ecdb2948ab1f2289771b479d15b8fb3c6bc27c4620892281851a38449d819aaca3e819128d8dc5ac2c631dd9fd477c3f5daef7a41b49d66b5f0b5f9f5c9d

Download Submit
C:\Windows\SysWOW64\Ddjmba32.exe

Filesize
96KB

MD5
9d206006e7238c128efd471bffef2ab0

SHA1
31adda7a66deef35183e266256c8f474a2af4a55

SHA256
cd438c9a1595d70494e0dd77748f8212868e75c54a32c48cd2e498eadba76728

SHA512
41120f0e32f0e38439c88c3be9b42b34a99d09c4fe73f5884bb97dbbcfa0a46730f38bf987d6ebe8fd13e95417f1fc186910ed69976c26e961cb1abfb5e3b1cb

Download Submit
C:\Windows\SysWOW64\Ddjmba32.exe

Filesize
96KB

MD5
d6d83cae2b74d791fddd20eea67d6c10

SHA1
bf9bdcf5b6b6a6dc61e14fd860bc2bdfb70e67ba

SHA256
95f9fb843d2d3c02ddd2e660ddc500f1374ee179a50bae82937e710931e9d62c

SHA512
b8920f418b72d358607a8de433f9958c4f62284f461ab74da53cb5a6657e127f0b7fe1c5d503aba578a8feba88057ff8094b8743fd0d417df95101962e4d6689

Download Submit
C:\Windows\SysWOW64\Dkfadkgf.exe

Filesize
96KB

MD5
1aa6efe15afafaa0e9b94171a2f4ee67

SHA1
2f01af8fb4ec073e3b12e9316f69dc9b8640c4f1

SHA256
28acba8b5390c48a23e7a7553a970ecf44f1df09c65c7e313157279c5a0cd47e

SHA512
2787ac0bc857324671fe391e384938514159e910bf04015adf1ef9147f8175589544393b687e9488ae134fb628684d562a988a1d638267b6f03000777203fde2

Download Submit
C:\Windows\SysWOW64\Dnmhpg32.exe

Filesize
96KB

MD5
e5f5da03b5c041c5cd9b563507cf08e2

SHA1
35bde254a07c0e79cffe0b0fcef1335c50e9c848

SHA256
216203b9863e63d49dca08667eab5e5f1a0db589fa9bc296528b13b16ea73952

SHA512
6f8dea8a238b0d7011413b708dccbd2224165f30be32ae018c95a39708a33b5e67291b78860117f4c8330187f82301134735b8c89cc5ab71454b66d423ef3489

Download Submit
C:\Windows\SysWOW64\Eiokinbk.exe

Filesize
96KB

MD5
9d8a4e0694a504689078be0d2d337ffd

SHA1
9eb57c611f827e5916c926b6e72308863d6b9857

SHA256
0b0d70c980b15e8cfc636e86528c827f1dce7e847b5b827ab2655034a94218f4

SHA512
a9fbc31d76ea7f18acefb297218911b08129505cc15bb15e0c60bba0fb603a0f26428574b1c7ef4eebea42905241854337da70b37a66dc122d61e344b06a634c

Download Submit
C:\Windows\SysWOW64\Ekkkoj32.exe

Filesize
96KB

MD5
e9a93b75e8835551af41a0eb4d931730

SHA1
ee36677e251ed78376a61468be702f083e9f97e8

SHA256
35f5af82c28e9fd1cde9dd16cad31e64a192dbe34acad11ba9dbd14838a732b9

SHA512
b13ff450c8f7ecb2adb4344ab23a49ef15c225ee928efa119fe0925f42d59283aefb73558fe1c229a6828ff118e5210b005e98e8d1cdb243ee34a13c3a367324

Download Submit
C:\Windows\SysWOW64\Ekodjiol.exe

Filesize
96KB

MD5
4359ca9fd50e26462062939752eb70f4

SHA1
72c0e3561aa66eb38f15f1ee90643dbf098f26f3

SHA256
aecf2a2cc9ca3b755ca9e557a48a96fae89e06ee10df95ce52aa366f9d323b68

SHA512
3e92f98e38f11b1d80386bab89444f491d83ce9a184d38ed145c3a92f0ac36b10214627a85f52d80ee6fce85356c643a3e798a129e4c04d9364ad33540a028f7

Download Submit
C:\Windows\SysWOW64\Enpmld32.exe

Filesize
96KB

MD5
f2f721e045d22700c288a7ff018e9311

SHA1
994359113a16a1ebea8cb81c20b44e72982d30ee

SHA256
ff8f7d2e05063c5545fb6cd656d794c7c03df1c0709496d1df5b01255ecac385

SHA512
502cd910502adf785d77a069ccd2714448a938bbf70680ac60e174431fcb863a201781d5f6fbaefbf750b36cdb6ace4594abbea3a8697a6a384fd1871a705e4d

Download Submit
C:\Windows\SysWOW64\Eppjfgcp.exe

Filesize
96KB

MD5
0c80856f35abab1c4a5b79f98347de27

SHA1
58010e01964459721e637a664c900fe04e94f134

SHA256
bc017f7f7bb16aedae77979093603dc723077bcfaf6a5cca0eb2624cf1bf9dbc

SHA512
28567b6005a39428cd2207b6cf6167b4895ad2e090cd07e42e7f9f6724fafd2d88d695835edf140320a17258beddfe83694db7224540d00f5d2ab257bd7b24e4

Download Submit
C:\Windows\SysWOW64\Fflohaij.exe

Filesize
96KB

MD5
9a0ddec621859b79dbaa3733e6518efd

SHA1
ae1c6303d5b946e002c441b999321b48bd29692f

SHA256
9711c12ff2c82be9c721cc64f0bb2fd923985e6195cc6d60160c223cd8c93ef7

SHA512
648b5ca2577d9583bf006a75bec9acca0bdec4f353ebd0da658550fd4b99c108fe855fef489a997751c8e29c1e80f416f5a55f4f5f49b372126657785601c9ff

Download Submit
C:\Windows\SysWOW64\Fgmdec32.exe

Filesize
96KB

MD5
6cbeeea421f8f1f80bfed5b016003971

SHA1
a1fe11581b304c8aa2275ec7e1dda880f147e985

SHA256
36a693a8e6ab47006e4d953db493e883cd30684a16aa3dbd120a4138ffca6f13

SHA512
22374d5ed45f8c781b21485fdb27d5775633ffb37cb67785d3b81d80507f1cc076c2042c436f2f3f8477d485a663c8e922c1d312fd978042fce1b978608b26ba

Download Submit
C:\Windows\SysWOW64\Fiaael32.exe

Filesize
96KB

MD5
d4558af7f4ce252c0a4bd40013791a57

SHA1
f15c3426dfcbeb162b8e80111d58b8d94bb7951b

SHA256
44c206dc921ba379517f72024e5d31c7e9ffde8529f492ceaae7baf753570cdf

SHA512
aa50265e260af09c3e0a369c5200e319bce77487d6ad7e5fbd476f029183ee5abb6049eb2e5fdc4094ce0981bbbeb559525a1efec341ea0b5eb1980fa6dea8fb

Download Submit
C:\Windows\SysWOW64\Flkdfh32.exe

Filesize
96KB

MD5
0c0246c641b85f8b1aded6f12d1f68b9

SHA1
dd5a0020643ef97f2057bc02ead96a073c5b82f0

SHA256
46a7919448bc31d389b83f43e623257e05987f332261f03cfdab86a859677730

SHA512
8886416aeaac1af8280c6627f1508085ccb269d6e58411917fe72c979dad092bc6b72ce5ec1ca8923621d30663643753bf0389261501a84462d615b6c90872ad

Download Submit
C:\Windows\SysWOW64\Geanfelc.exe

Filesize
96KB

MD5
074f5bf55c02d37128c07bb595aeda37

SHA1
365de560236ac13d23cc6ab3a7f0f1292e787717

SHA256
3d622692a3294572e71040eab01ab3379082dc4cde69bfd40eeeca20dda72f8f

SHA512
9a17e1c2517757950be57f1798c5a0ce13305310d70bc35fd83d0422e8d0475d9c1e520987677246ac179525380c84eb527cd7380f08d118fbd61d520d2e5095

Download Submit
C:\Windows\SysWOW64\Gidnkkpc.exe

Filesize
96KB

MD5
338664ca31e9db6e10227ca0789ca272

SHA1
ff440ed629376cbb62ab4fb91872b3b475ae10fd

SHA256
8ea382be285b82a2ff9fadb872ecfb66a08c61c441902f2ef7483ca4d685c722

SHA512
056efdac1781227b52723de91db08dbe37065c8b244b30ca5b324a691b7741aa1e670dc7048b091176e3c3593386536599d1c9d8f8c412c5851018a6362c9e7b

Download Submit
C:\Windows\SysWOW64\Gldglf32.exe

Filesize
96KB

MD5
d020e559ae9234a7a74d795ae7670909

SHA1
03cfb4ee3f5e695abe263b38fdc45c2ab4538fbb

SHA256
d16684a2ae86c1c7e7583aa8f44908f620e2ac3a5499a8600ba9e1ca8bf761b6

SHA512
eb4b9ef0125510db6bbec4e919db7256c31c01f6b2f8b121917a1ce80e951ab445f3aa7c3c785e63dde2964cbb676d4ea137130473e37faec66edc1facefccee

Download Submit
C:\Windows\SysWOW64\Glgcbf32.exe

Filesize
96KB

MD5
ed711f84fcb374e404d4308c4ce2cb89

SHA1
7f7e4736274bb9329cca1f7ce6e92d249a5be846

SHA256
2a5150e700e67d900e7379aa87d1217f808f785b77431771ab0904c223aa2e80

SHA512
c0f2bc48b3c093c40e82a1f7739cd49e389e29a0688bb00c90d8bed2e0ec2ed0a3eaf618b01bfe99002fd50f9d674bf589ace08c0eaf594402fd9fd6cf943e37

Download Submit
C:\Windows\SysWOW64\Glipgf32.exe

Filesize
96KB

MD5
a9bfe55b825e3d0161c8274a0643590b

SHA1
a7f51868f4e2ee5c39e519cad6ea490c282ff2fc

SHA256
6e1fcceae149f992c54572ba3cd9583cc93f092b2443c566c4ae8f3822a62d42

SHA512
5cf8eacc795738ffcacaf93acf67a43035fc0251cab3e84ce227ffdda040d916db8a920e4b2a904c002e395354a9bc092560607a25c2bdd229b1c4b0076f3f9c

Download Submit
C:\Windows\SysWOW64\Gnblnlhl.exe

Filesize
96KB

MD5
62eecb4878c8bf4d862958e27a6d9fca

SHA1
f469642a54f82db0dfda0d566375765ad3544836

SHA256
bef130f80f6e1d9136e339e34bb714cf302f09be826ab58659965e7c2ff43946

SHA512
434fde955a4a796c527250b6076ab8189378ac20dcba9bae966496242e4f55faf1c59e94d7ff31eb57fa2011781b9e3cffd0969232c968a0bb82293e6ec0bc25

Download Submit
C:\Windows\SysWOW64\Hpqldc32.exe

Filesize
96KB

MD5
944545ea0fc4134e492dade5fd2868a2

SHA1
c14767230499cc52c6076582de30e7f6b12f5a93

SHA256
a95ebc761a5484db5c562e851483637c2904bdb9f6aa28230cbbcb4e1b5dad7b

SHA512
191f284db30af608efe7f1c6d81179d6e6616c42ad91ca12387b85d4a732b72ff8c02fbe6ea3f831397b3aeefe10d25b5d42e9f0ff908690caf77a7f2a8c407d

Download Submit
C:\Windows\SysWOW64\Ieagmcmq.exe

Filesize
96KB

MD5
a86e127b1b2d4926cc842ffc39061f71

SHA1
222ac48e83f2df093ef3f1d9e943158e5768665e

SHA256
d8bf8fb221ca79c6177d77b276083438bb5f94994b66c4dbe7264f39e1c8ad40

SHA512
c97ac05cc1bfafe3553e85288205b8d805f4d07ac8c4d695b903ca87baf2bf9052fb0e0b19f990774b3ff77c8ca7c1d0e4401ab37b4e5e6ca90ed27940622ad2

Download Submit
C:\Windows\SysWOW64\Ifomll32.exe

Filesize
96KB

MD5
11e48d0f896768f963df34b68be57d8e

SHA1
0823bb694e03949222da4b6c4f82de175bf3195b

SHA256
14e37d1fe85612ab4ba67b78d2795824c2464beb78a2b6e21250b295425fe1b9

SHA512
f59e2965d46686f463e56ab41716f2c3ad0825347b924dcaa7f7a50a392c3f1b8df0aa5dc98d52c599c03a1d8a3831d5bb4937f6fb77c8e74284df01f7f8921b

Download Submit
C:\Windows\SysWOW64\Jenmcggo.exe

Filesize
96KB

MD5
00e74c564ab0cfcd66be058a8c576e91

SHA1
ab966a07f093cf2ba27499e7d0293db90d4dc8bc

SHA256
2fd680fca073021040be09b2c1d379f8c13905e96acf043cb13f68fc79a61495

SHA512
b2865dab0b0d1cbc56a0f091112a0405679a36f000d91270138879daffe093918e7dc298b18a40123b6a8b8443c83d5e77bfafe90de4117cef848a65676fb553

Download Submit
C:\Windows\SysWOW64\Kjeiodek.exe

Filesize
96KB

MD5
7ac349b2c875d1be8697016799b2b018

SHA1
630698f3dadfef63b1f3dab206baec07679532a2

SHA256
bbe8c1aeab6f232c9502c7c0bd8119f45288c0db91ef38e1a5cee486b9b22e09

SHA512
2cf3932650778eee9ea8a775d1a1dfe547e9a6368b095f516d67cd1af586cbc8d846d2a9200ea1d60678955a1c665de87b3e4d3b88629b0bd8a982ad6e48bd58

Download Submit
C:\Windows\SysWOW64\Kpjgaoqm.exe

Filesize
96KB

MD5
aa91367102fe1c2b735506b70b8b0486

SHA1
0d780f73c4244fbf6c435380de3cfc982b01aa57

SHA256
eda75e7f903189c9d6534e66c68f5d9df2668dd80b2d702093deaa445f8d4de3

SHA512
9569f2fa2cc698f90591a7840895c375320cdff6887a16640e8c36247da7542af0065926aeb9ba50a691a4c29e76770788d743a33832565d86e7ffb7ac7e6f33

Download Submit
C:\Windows\SysWOW64\Lobjni32.exe

Filesize
96KB

MD5
54e872fb200a784a546c73d46a53d220

SHA1
09e3aa47e14525dd2fd8c9a926ec9ac7c0c2df5d

SHA256
236a333066577fbe671364d519500ef72e1499b28ceb2b7eb557220675f38352

SHA512
0fc667765a888dc4e66a706375dd4202914cf6fc856fbfe80d628ba65b2577827632dd8d80c19d3d22cacfa841ccfa9680e3d4405e3b37c70049855d28e2bf3c

Download Submit
C:\Windows\SysWOW64\Loighj32.exe

Filesize
96KB

MD5
548b4148781c28fef1205d8499637405

SHA1
db9f1f5c30dfec5c266a6582d6bf203aeecb672f

SHA256
5b273ac0e9746fdfd1d85588a7f357a46540a14a8269ce5d0a341b61ed2553c8

SHA512
4912f49569deb79f68d44a62d074f788276fe3031bea9957dbd738d9a958b36d255a24215107af79563499323882bcc2467d38802caccfdc6eeb278b8ef13bcb

Download Submit
C:\Windows\SysWOW64\Mfnhfm32.exe

Filesize
96KB

MD5
f0030d667fc0f28df5e1a73ecc31ad0c

SHA1
f2cb8da4ed786e904d076efc725ba6a60491d9e7

SHA256
838620f0e0e5ee892050e1010632ad5394bb196e096487cfc5af700e130f2769

SHA512
97d1e4a6203a2ff4228e61f372faf86c5fe4bd684c41f1995908d25cb8e2092874004db76e582dae614a007b81b32ac24b6ddd605c8592c0c797ac7d5c7ee516

Download Submit
C:\Windows\SysWOW64\Mgnlkfal.exe

Filesize
96KB

MD5
ecb9b92bc5b7defd3664648efa721b93

SHA1
75911645644d3dd5527cfb4531b628e6409acd64

SHA256
c0349fbbb60dccf8364425a12fe79bff64102644798d895237a21550b4d0d9be

SHA512
f5c6101c9e6bd714144265e028a3f71b88b6553ba6daf97ff36a4f77f3aa35f4797ed7dd1485e886fa0af66bece53fd4a43bce0843cef7b5a580b3325e2db0d4

Download Submit
C:\Windows\SysWOW64\Mkhapk32.exe

Filesize
96KB

MD5
f1fd52735a8076a0613f0240fe636c71

SHA1
ad022fa92ebf6e57aa3de5140ab772bf412b4475

SHA256
1007c42466390c89d22298c515e587d009af6410cbf1a14e5d47ca0bd7193dae

SHA512
93a1b2c39456064d2c033963ef115f6cd1d204e10eed060cdc9a47e64464fdecd71b8708a39cd8d16ac42ac5d1f68d22f14465bd4765b420fa826ac2c1b52991

Download Submit
C:\Windows\SysWOW64\Mmpdhboj.exe

Filesize
96KB

MD5
04e9dc9ae9b1dd5713da07ebd00bf66f

SHA1
b1915a13e06fe688917e718c9ad5f752f342eb16

SHA256
fa8be5d9396f9afd486f1fd4ed0692d55f4e8cebf541dfbaf40f6d05a0b9e897

SHA512
384a06f4021a5c2b10f9f4bb98026acee8c24a5fa1187dd339c7574fc462ab3c65900e6fdc533d58c2316613bdd8afad77427ecf4646acd7bdaf569e6f7daa79

Download Submit
C:\Windows\SysWOW64\Nclikl32.exe

Filesize
96KB

MD5
5e1007472bd700b96f81537023a64fc9

SHA1
6faae0c37670577638939f359600ae681f36882e

SHA256
600988885c315c7b8a9f53ba01930163ba2da64fe8b14d51385e9ca526c873d4

SHA512
81bb15eca7d0560296c54d3a4d2ee084c00dfeb005c8dd3b6e77579c4a4f2927425d8a62de4de18299de716cd39616ae9e44b2d5be8a82b00ee24d29eb20877b

Download Submit
C:\Windows\SysWOW64\Nfldgk32.exe

Filesize
96KB

MD5
9b2b628eb4be2bf30cb6fc4acf9e6521

SHA1
ecef8b6fe1f8e448a102923a50fa155a20a1a6b0

SHA256
2af9a7ef232af3f2f7dc7d855a24bd234484f5a64aad300e0a1d4b7cd066a86d

SHA512
077e75d8c5ef0543536eca826835604de5ce057a1bd17dd52aa0a144c5c9875cbb2b971c8dc005d12d8922b7644525665bfb5b9499b9bbdbbf2a46bb185a6667

Download Submit
C:\Windows\SysWOW64\Njinmf32.exe

Filesize
96KB

MD5
fdb7da015a6a3a084e2b318cef7309aa

SHA1
a9b19f2a32a6d31fd9ef98845f491cc57f6ec285

SHA256
66e69bc4c7b5c58c5e7785c50c488b0b030a6d4451870942a61907c123f32fee

SHA512
52cb95b5773dfba7eac38d377688f6cd4b23cfe8e6000bf95c868eac0721fe530a7aab91bb66bee4508db77c00b290a8cd794ffe5c5e24fe624b833646185ec5

Download Submit
C:\Windows\SysWOW64\Njmhhefi.exe

Filesize
96KB

MD5
d45bf0f4948aed4bf5c701280686bcbd

SHA1
6de0019e840c91e7d0d5c54fb0b7f9f9d2b6e755

SHA256
292a2b4920f5c6b9adebf2f453e094063be5b2e571c61f63f860870d9e166168

SHA512
f7abfe72274d8d6d927f1ef6811ded28161fb6827f371a2a826fc6239408884d29e766f9d87a4f0ed79452eea5746c574ae14042b8ad200c6f1c7aaebdbd0ff7

Download Submit
C:\Windows\SysWOW64\Nnhmnn32.exe

Filesize
96KB

MD5
12b59b13bf5e7b4ae80bd6731344af4e

SHA1
040f8a4bf246981ed261696e6fd460d3ff1527c6

SHA256
cc96293ae9cda76c1e4382d1981321de9eb296b69945e5eac8d0d30bc77a2682

SHA512
9b278a40b54cf08ed3c3b30549623683f207fc1c74cf09d00bd56be75aa322d4ec30dc966fd4fdd90f79f92aed1ec5776deff2f945ad24816dcf51e505e3d8b0

Download Submit
C:\Windows\SysWOW64\Oejbfmpg.exe

Filesize
96KB

MD5
bd073d04e2b4fb6e4a63d542f3b02695

SHA1
9632010b71e97f7fa751942b69366dbe4764e40d

SHA256
628064fa1514bcd5b10cbc80c9a0861ccde44281b7adf570b69fb0aa74bdc13c

SHA512
1ac3c3f0dcffd3ca7f6cfae2c19cc2273ed4c5a890da11b32c881f1c5a5b4011d8249620013421c330317ac7a4546c9e2fbbeb06bed4716b314f76a8448cc218

Download Submit
C:\Windows\SysWOW64\Ogjdmbil.exe

Filesize
96KB

MD5
a93df7dabb3e38403bf151e79ebd3516

SHA1
9e0972139ca0fa7e45399eff62865c8f567bf687

SHA256
c68ad353009b837a2a5a2d5b144d466450b1fc9412a3fd9ca770d14261bbba12

SHA512
04136c8fc3f63c4fb080e46bec55e9869a6a10da4e5e3e8000d37af6c80172d8a98baf1d14b373cc50b2afcb262181308a4485728eda972bc648cf871398b445

Download Submit
C:\Windows\SysWOW64\Oiccje32.exe

Filesize
96KB

MD5
cf157bc1c3499fa8a0441d6e14fd702f

SHA1
3dd3bea9548a2151345625fb2f78aadd23892250

SHA256
218cc1ee0e264216f6c82d4114a4c62673d4f6d74182d525da2fc8aacc61243d

SHA512
b80fad6f704a10a07a67f4b177c5c3f8909d9dbceb988cbeaa4a5db261e7a39e134e8ae39914a7111806ffed6c3f303a64b1adaca7f24b5d2d4bdcb5f121cc64

Download Submit
C:\Windows\SysWOW64\Ojbacd32.exe

Filesize
96KB

MD5
c52516e23521f05214eb31caea2db526

SHA1
68791947213264f3c7104d1c8e0ef288521d9ab3

SHA256
7c084806ff61ddbddd7e74dca2bed2b6dde6524dd3a37f4bac2dd60abae71800

SHA512
6a2534ae64bc4d23675aabf8d2071feccb58c3ce63ae4200b374f970a1ece4033985ca386df1dbdd4356a2ba5439371f2a8fa3f2c88eb20be9aa6c57c6e48b13

Download Submit
C:\Windows\SysWOW64\Ojigdcll.exe

Filesize
96KB

MD5
0a26592462ea2e40ec5d68492abb9937

SHA1
352a969fa70c5d5bac40ba0d6b7e2f3ee95b2e5b

SHA256
39b856af7cf4a60da91942a62f811533e6b98795cbbf0dced976a61ce9c1b807

SHA512
d2885e3e9978b9f2ecf4488c81b5a896f7b0465aa530aac64764e28b7235157ccf70432ddda88fded637badea6f0f9b5629df953bf626f8846e8214ebcdf29ca

Download Submit
C:\Windows\SysWOW64\Okkdic32.exe

Filesize
96KB

MD5
e4f151206a318153989780c201ee7a00

SHA1
d6e492dd2b2146cefe2e102e865f3cf62208098b

SHA256
ca8737fb04bcebcb45224fa8c2864d1583ba768c4f1776412ee9adfb1ba50968

SHA512
a9381a080f63fe1bf675edf73f1f1109ae13ba42d032599f3fb775f71e80685d983b2aeaa78d9ed61f3cde71a4ec30ec4ae43f36e09850573a157c7a42f167d3

Download Submit
C:\Windows\SysWOW64\Oodlnfco.dll

Filesize
7KB

MD5
af903dd3ee0890fb2767eaa2e7129fa0

SHA1
ecf049562caf08c3bb80220c7127840a9a92a0e4

SHA256
f4f98321c1ee24a7a3eb008bd47da537d53180ca83fed2b3c8195719773ac31a

SHA512
de2629a8f9054a92713766390527dc530a677d9da7f1fa25b9bb6288ceedd5aacf61e3cf071daa356d6bd091f7365fc6170a2248dac325bd92b03342001a55e7

Download Submit
C:\Windows\SysWOW64\Oqmhqapg.exe

Filesize
96KB

MD5
c38ca87e2fa4f49ea064e35c804c6a92

SHA1
edde3dd2bd29891a727fd0151f14f8aa6c18e93f

SHA256
536baa3f2caf63491067ff40738c09e8f18d612d153f23a91724251fa0368f44

SHA512
752a057d6f20d883397cbf7706cd499fc2ef224d06df0ebbe043c323da6021ba1c761af35295100433e89f8cf6d2c5448c06935af1f513b4b8d43bdf17a5234a

Download Submit
C:\Windows\SysWOW64\Pcbkml32.exe

Filesize
96KB

MD5
17226458c84a1d2ab5f5add72a3e7d29

SHA1
83c1821d00d9175a7ac5c0341ad58053eadd1b6f

SHA256
9ec547c97e8167612f86fa1d01d44e19ce5b8755a92528cafa918ce62ab0b31e

SHA512
f9791a3321275b51e10372f4332362641efed4df73a7aa551e42650a357cbadc80ad2e4c2924194d824118cd0ec85155a38c5699f27964e4d7d9538309ae4c7c

Download Submit
C:\Windows\SysWOW64\Pmaffnce.exe

Filesize
96KB

MD5
436c8e18d64f757c52903b9daa05926e

SHA1
73ec4ee697413a0d4e2cf3533f664dffae1ff44c

SHA256
e177695a25d78df6923af8f985e94c5577e5ea0873d74053929ae0cedb34a281

SHA512
9ef85d39922da572cd6534df4ca1cf553315d163a22dcc384c3ebd5897c42681b437900e4745ace530f9f8de5b28d72dc814131ef2a3cc726dbeb0aa8956872a

Download Submit
C:\Windows\SysWOW64\Pmlmkn32.exe

Filesize
96KB

MD5
1d5ba3d503c5a54462767c989bc8d1f7

SHA1
85c03908e004dc31c337586997763b97511406c5

SHA256
117452faafd2eafcca59063d8c299b8aafb9595fb1c09f89c7e5c280f34dfb63

SHA512
ec3744e6c4d8b35a42670c232f3e0bbfc3c98301c8a21fbadca573bcae820881eec177a7fe9f26ba93c43ca3f2a1ba3d90fc4e3b308ef04cb9d316d1f0fae24e

Download Submit
C:\Windows\SysWOW64\Qobhkjdi.exe

Filesize
96KB

MD5
ed16512c89ad63df93239a6aaeba522c

SHA1
cb0b5eb0b685b3523aa56facaf3a2836f31abe6f

SHA256
f4ee1f4caa996a2ac8f4d589b4c8e83800e24f05432af8990c9b394887761e84

SHA512
8452f057732c87701edccdb04293f411585eb1e5fb8275a998de9e4fd32166a8f2405a0f66c1d03f2498a5ef89846f4e47a38296f8a535add7db47515ffc472a

Download Submit
memory/220-55-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/220-593-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/348-346-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/400-460-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/524-478-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/568-496-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/636-412-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/640-551-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/640-7-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/648-538-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/648-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/740-183-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/776-286-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/864-502-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/944-376-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1048-88-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1064-448-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1156-565-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1156-23-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1228-262-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1252-508-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1256-63-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1280-364-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1288-334-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1300-563-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1424-520-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1432-406-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1628-119-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1680-280-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1708-370-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1768-484-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1844-215-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1992-167-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2016-298-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2124-224-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2164-127-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2168-268-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2328-328-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2356-39-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2356-579-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2440-135-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2500-400-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2548-466-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2772-430-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2908-207-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2916-310-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3012-191-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3056-526-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3100-442-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3104-552-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3232-454-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3468-256-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3480-143-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3596-71-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3604-152-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3620-358-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3628-111-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3672-304-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3792-532-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3972-292-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4036-490-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4108-388-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4120-424-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4144-545-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4240-176-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4288-31-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4288-572-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4292-436-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4304-586-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4304-47-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4308-352-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4348-248-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4368-418-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4396-322-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4428-514-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4504-394-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4516-340-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4528-539-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4544-160-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4548-472-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4552-80-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4572-232-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4632-274-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4688-239-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4692-382-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4780-566-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4804-200-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4816-562-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4816-15-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4876-316-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5024-95-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5068-103-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5128-573-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5172-580-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5216-587-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5268-598-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads