a84431961908ef38ad004555a9c259fbc0586af3688f43b4cd40cf68014ce04e

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4d9f96c964ae5e7faeefd93d6339b00_NeikiAnalytics.exe
Size

52KB
MD5

b4d9f96c964ae5e7faeefd93d6339b00
SHA1

35927f8ff1f50e4f764bb40065d58bf481c1e939
SHA256

a84431961908ef38ad004555a9c259fbc0586af3688f43b4cd40cf68014ce04e
SHA512

8f388c86a303e34b781cf40b4cb21f5da8a95a57fb597f751d553bddeef8f4b283a1028580d90d11de2cde6f755ef971d9011a661896a98dee5e89c828af7da8
SSDEEP

768:Kiz/XjR+Ony7dzHOtfTYuubMV/i+eCQsQEWTPCCNJ6m99o/1H5F/sdMABvKWe:NRG7dzH8/zDWTlNJ19uIMAdKZ

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cddecc32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hecmijim.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ipknlb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nfjjppmm.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Olfobjbg.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qbgqio32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Qffbbldm.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Amddjegd.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Aepefb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Belebq32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bdfibe32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Edbklofb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ofeilobp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Qfcfml32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Balpgb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Paegjl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Echknh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Immapg32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cdabcm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cbefaj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Dceohhja.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Gkoiefmj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Gomakdcp.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qmmnjfnl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Banllbdn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cjkjpgfi.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ckcgkldl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jbeidl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bgehcmmm.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dodbbdbb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ffimfqgm.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Gomakdcp.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Klgqcqkl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Leihbeib.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cjinkg32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Gcfqfc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Pcijeb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dobfld32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ocpgod32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Gkoiefmj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ajckij32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bcebhoii.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Aacckjaf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Eeidoc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Kimnbd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Olfobjbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Paegjl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ghopckpi.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ajckij32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Beeoaapl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cmnpgb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Chcddk32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pagdol32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Eemnjbaj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Iicbehnq.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Iejcji32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Pfjcgn32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bnmcjg32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bclhhnca.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Baocghgi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Eadopc32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hihbijhn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Hcpclbfa.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mdmnlj32.exe

Executes dropped EXE 64 IoCs

pid	Process
1428	Paegjl32.exe
208	Pcccfh32.exe
896	Pnihcq32.exe
4880	Pagdol32.exe
4284	Qjpiha32.exe
672	Qbgqio32.exe
3940	Qeemej32.exe
2764	Qloebdig.exe
820	Qalnjkgo.exe
3912	Acjjfggb.exe
1240	Anpncp32.exe
4048	Aejfpjne.exe
1280	Ajfoiqll.exe
1056	Aaqgek32.exe
428	Ahkobekf.exe
4440	Andgoobc.exe
1884	Aacckjaf.exe
4248	Alhhhcal.exe
1388	Adcmmeog.exe
4668	Bahmfj32.exe
3748	Bdfibe32.exe
4144	Bajjli32.exe
2180	Blpnib32.exe
3752	Bbifelba.exe
336	Bopgjmhe.exe
1968	Baocghgi.exe
4268	Bjghpn32.exe
4528	Bbnpqk32.exe
1576	Blfdia32.exe
4924	Cacmah32.exe
624	Cliaoq32.exe
4820	Cddecc32.exe
3144	Cbefaj32.exe
3868	Chbnia32.exe
3324	Colffknh.exe
2196	Chdkoa32.exe
3712	Ckcgkldl.exe
2104	Cdkldb32.exe
1760	Doqpak32.exe
5044	Dhidjpqc.exe
5012	Daaicfgd.exe
3212	Dlgmpogj.exe
2976	Doeiljfn.exe
1940	Deoaid32.exe
4088	Dkljak32.exe
4252	Dccbbhld.exe
3056	Dddojq32.exe
4948	Dceohhja.exe
3356	Dhbgqohi.exe
1880	Echknh32.exe
2412	Edihepnm.exe
4588	Elppfmoo.exe
3496	Ecjhcg32.exe
4036	Eeidoc32.exe
3076	Ehgqln32.exe
3060	Elbmlmml.exe
2468	Eoaihhlp.exe
3228	Eapedd32.exe
2396	Ednaqo32.exe
692	Eleiam32.exe
4828	Ekhjmiad.exe
4124	Ecoangbg.exe
3756	Eemnjbaj.exe
2948	Edpnfo32.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Jfihel32.dll	Belebq32.exe
File created	C:\Windows\SysWOW64\Pagdol32.exe	Pnihcq32.exe
File created	C:\Windows\SysWOW64\Nlmbpgdl.dll	Ednaqo32.exe
File created	C:\Windows\SysWOW64\Abckpb32.dll	Jeaikh32.exe
File opened for modification	C:\Windows\SysWOW64\Qffbbldm.exe	Qmmnjfnl.exe
File opened for modification	C:\Windows\SysWOW64\Lebkhc32.exe	Ldanqkki.exe
File created	C:\Windows\SysWOW64\Dkkcge32.exe	Dhmgki32.exe
File created	C:\Windows\SysWOW64\Bjghpn32.exe	Baocghgi.exe
File created	C:\Windows\SysWOW64\Oflgep32.exe	Oponmilc.exe
File opened for modification	C:\Windows\SysWOW64\Qmmnjfnl.exe	Qfcfml32.exe
File created	C:\Windows\SysWOW64\Maickled.dll	Ceqnmpfo.exe
File created	C:\Windows\SysWOW64\Gfngap32.exe	Gbbkaako.exe
File created	C:\Windows\SysWOW64\Elkadb32.dll	Dmjocp32.exe
File opened for modification	C:\Windows\SysWOW64\Blpnib32.exe	Bajjli32.exe
File created	C:\Windows\SysWOW64\Hafgeo32.dll	Gcfqfc32.exe
File created	C:\Windows\SysWOW64\Cmnpgb32.exe	Cjpckf32.exe
File opened for modification	C:\Windows\SysWOW64\Dmllipeg.exe	Dknpmdfc.exe
File created	C:\Windows\SysWOW64\Amfoeb32.dll	Dodbbdbb.exe
File created	C:\Windows\SysWOW64\Dbfmkjoa.dll	Gfgjgo32.exe
File opened for modification	C:\Windows\SysWOW64\Hmjdjgjo.exe	Hecmijim.exe
File created	C:\Windows\SysWOW64\Iemppiab.exe	Iejcji32.exe
File opened for modification	C:\Windows\SysWOW64\Mcmabg32.exe	Mlcifmbl.exe
File created	C:\Windows\SysWOW64\Blleba32.dll	Medgncoe.exe
File created	C:\Windows\SysWOW64\Qfbgbeai.dll	Onhhamgg.exe
File opened for modification	C:\Windows\SysWOW64\Iejcji32.exe	Iicbehnq.exe
File created	C:\Windows\SysWOW64\Olhlhjpd.exe	Ocpgod32.exe
File created	C:\Windows\SysWOW64\Ckafhlkg.dll	Dccbbhld.exe
File opened for modification	C:\Windows\SysWOW64\Fooeif32.exe	Fkciihgg.exe
File opened for modification	C:\Windows\SysWOW64\Menjdbgj.exe	Mdmnlj32.exe
File created	C:\Windows\SysWOW64\Mnjgghdi.dll	Aabmqd32.exe
File created	C:\Windows\SysWOW64\Opfkao32.dll	Chbnia32.exe
File opened for modification	C:\Windows\SysWOW64\Mmbfpp32.exe	Mcmabg32.exe
File created	C:\Windows\SysWOW64\Alcidkmm.dll	Ddmaok32.exe
File created	C:\Windows\SysWOW64\Ghopckpi.exe	Gfpcgpae.exe
File opened for modification	C:\Windows\SysWOW64\Ghaliknf.exe	Gfbploob.exe
File created	C:\Windows\SysWOW64\Ahkobekf.exe	Aaqgek32.exe
File opened for modification	C:\Windows\SysWOW64\Iikhfg32.exe	Ipbdmaah.exe
File opened for modification	C:\Windows\SysWOW64\Bmkjkd32.exe	Bfabnjjp.exe
File created	C:\Windows\SysWOW64\Bdfibe32.exe	Bahmfj32.exe
File created	C:\Windows\SysWOW64\Mjljbfog.dll	Fkciihgg.exe
File opened for modification	C:\Windows\SysWOW64\Kimnbd32.exe	Kpeiioac.exe
File created	C:\Windows\SysWOW64\Eohipl32.dll	Ngbpidjh.exe
File opened for modification	C:\Windows\SysWOW64\Ednaqo32.exe	Eapedd32.exe
File created	C:\Windows\SysWOW64\Qghlmgij.dll	Ghaliknf.exe
File opened for modification	C:\Windows\SysWOW64\Pjjhbl32.exe	Pfolbmje.exe
File created	C:\Windows\SysWOW64\Ffddka32.exe	Fcfhof32.exe
File created	C:\Windows\SysWOW64\Gkmlofol.exe	Ghopckpi.exe
File opened for modification	C:\Windows\SysWOW64\Hecmijim.exe	Hcbpab32.exe
File created	C:\Windows\SysWOW64\Balpgb32.exe	Bnmcjg32.exe
File created	C:\Windows\SysWOW64\Anpncp32.exe	Acjjfggb.exe
File created	C:\Windows\SysWOW64\Kimnbd32.exe	Kpeiioac.exe
File opened for modification	C:\Windows\SysWOW64\Nlaegk32.exe	Nfgmjqop.exe
File created	C:\Windows\SysWOW64\Mnkhmbin.dll	Miemjaci.exe
File opened for modification	C:\Windows\SysWOW64\Dmcibama.exe	Dfiafg32.exe
File created	C:\Windows\SysWOW64\Deokon32.exe	Dodbbdbb.exe
File opened for modification	C:\Windows\SysWOW64\Doeiljfn.exe	Dlgmpogj.exe
File created	C:\Windows\SysWOW64\Qadpibkg.dll	Dceohhja.exe
File created	C:\Windows\SysWOW64\Gebgohck.dll	Leihbeib.exe
File opened for modification	C:\Windows\SysWOW64\Mlcifmbl.exe	Miemjaci.exe
File created	C:\Windows\SysWOW64\Eeidoc32.exe	Ecjhcg32.exe
File created	C:\Windows\SysWOW64\Elgfgl32.exe	Edpnfo32.exe
File opened for modification	C:\Windows\SysWOW64\Kiidgeki.exe	Kfjhkjle.exe
File opened for modification	C:\Windows\SysWOW64\Amddjegd.exe	Afjlnk32.exe
File created	C:\Windows\SysWOW64\Ohkhqj32.dll	Lmiciaaj.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
7260	8116	WerFault.exe	354

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ldleel32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mogqfgka.dll"	Bfkedibe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ceehho32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mmhjbhod.dll"	Acjjfggb.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Gcimkc32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Icplcpgo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Kplpjn32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Kpjgop32.dll"	Ekhjmiad.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Choehhlk.dll"	Hecmijim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jcjpfk32.dll"	Lpcfkm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Enoogcin.dll"	Hcpclbfa.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jeaikh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Olhlhjpd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Fljcmlfd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Hfnphn32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Bfdodjhm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Cddecc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Paegjl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Gmoeoidl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ofeilobp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Hbgmcnhf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dcjfkm32.dll"	Ecoangbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Afjlnk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Cjkjpgfi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	b4d9f96c964ae5e7faeefd93d6339b00_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ckcgkldl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ednaqo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Efjecajf.dll"	Kfankifm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Mbfkbhpa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ckijjqka.dll"	Mbfkbhpa.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Acjjfggb.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Elgfgl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Fhjfhl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Aaqgek32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Iejcji32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bmkjkd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Glbandkm.dll"	Bcebhoii.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Jplfcpin.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dbagnedl.dll"	Pflplnlg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Edihepnm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Jpijnqkp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Pfaigm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Andgoobc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Dccbbhld.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bnpppgdj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Dfnjafap.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dhidjpqc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dejpjp32.dll"	Foabofnn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Gfbploob.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Pflplnlg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Dodbbdbb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Qbgqio32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Fohoigfh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Empbnb32.dll"	Pqdqof32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Cegdnopg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gebgohck.dll"	Leihbeib.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Aabmqd32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Cnnlaehj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Apignbdf.dll"	Ffkjlp32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Hmfkoh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Eelcja32.dll"	Ehgqln32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Fakdpb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pacghh32.dll"	Iemppiab.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bjghpn32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 1428	4936	b4d9f96c964ae5e7faeefd93d6339b00_NeikiAnalytics.exe	82
PID 4936 wrote to memory of 1428	4936	b4d9f96c964ae5e7faeefd93d6339b00_NeikiAnalytics.exe	82
PID 4936 wrote to memory of 1428	4936	b4d9f96c964ae5e7faeefd93d6339b00_NeikiAnalytics.exe	82
PID 1428 wrote to memory of 208	1428	Paegjl32.exe	83
PID 1428 wrote to memory of 208	1428	Paegjl32.exe	83
PID 1428 wrote to memory of 208	1428	Paegjl32.exe	83
PID 208 wrote to memory of 896	208	Pcccfh32.exe	84
PID 208 wrote to memory of 896	208	Pcccfh32.exe	84
PID 208 wrote to memory of 896	208	Pcccfh32.exe	84
PID 896 wrote to memory of 4880	896	Pnihcq32.exe	85
PID 896 wrote to memory of 4880	896	Pnihcq32.exe	85
PID 896 wrote to memory of 4880	896	Pnihcq32.exe	85
PID 4880 wrote to memory of 4284	4880	Pagdol32.exe	86
PID 4880 wrote to memory of 4284	4880	Pagdol32.exe	86
PID 4880 wrote to memory of 4284	4880	Pagdol32.exe	86
PID 4284 wrote to memory of 672	4284	Qjpiha32.exe	87
PID 4284 wrote to memory of 672	4284	Qjpiha32.exe	87
PID 4284 wrote to memory of 672	4284	Qjpiha32.exe	87
PID 672 wrote to memory of 3940	672	Qbgqio32.exe	88
PID 672 wrote to memory of 3940	672	Qbgqio32.exe	88
PID 672 wrote to memory of 3940	672	Qbgqio32.exe	88
PID 3940 wrote to memory of 2764	3940	Qeemej32.exe	89
PID 3940 wrote to memory of 2764	3940	Qeemej32.exe	89
PID 3940 wrote to memory of 2764	3940	Qeemej32.exe	89
PID 2764 wrote to memory of 820	2764	Qloebdig.exe	90
PID 2764 wrote to memory of 820	2764	Qloebdig.exe	90
PID 2764 wrote to memory of 820	2764	Qloebdig.exe	90
PID 820 wrote to memory of 3912	820	Qalnjkgo.exe	91
PID 820 wrote to memory of 3912	820	Qalnjkgo.exe	91
PID 820 wrote to memory of 3912	820	Qalnjkgo.exe	91
PID 3912 wrote to memory of 1240	3912	Acjjfggb.exe	92
PID 3912 wrote to memory of 1240	3912	Acjjfggb.exe	92
PID 3912 wrote to memory of 1240	3912	Acjjfggb.exe	92
PID 1240 wrote to memory of 4048	1240	Anpncp32.exe	94
PID 1240 wrote to memory of 4048	1240	Anpncp32.exe	94
PID 1240 wrote to memory of 4048	1240	Anpncp32.exe	94
PID 4048 wrote to memory of 1280	4048	Aejfpjne.exe	95
PID 4048 wrote to memory of 1280	4048	Aejfpjne.exe	95
PID 4048 wrote to memory of 1280	4048	Aejfpjne.exe	95
PID 1280 wrote to memory of 1056	1280	Ajfoiqll.exe	96
PID 1280 wrote to memory of 1056	1280	Ajfoiqll.exe	96
PID 1280 wrote to memory of 1056	1280	Ajfoiqll.exe	96
PID 1056 wrote to memory of 428	1056	Aaqgek32.exe	97
PID 1056 wrote to memory of 428	1056	Aaqgek32.exe	97
PID 1056 wrote to memory of 428	1056	Aaqgek32.exe	97
PID 428 wrote to memory of 4440	428	Ahkobekf.exe	98
PID 428 wrote to memory of 4440	428	Ahkobekf.exe	98
PID 428 wrote to memory of 4440	428	Ahkobekf.exe	98
PID 4440 wrote to memory of 1884	4440	Andgoobc.exe	100
PID 4440 wrote to memory of 1884	4440	Andgoobc.exe	100
PID 4440 wrote to memory of 1884	4440	Andgoobc.exe	100
PID 1884 wrote to memory of 4248	1884	Aacckjaf.exe	101
PID 1884 wrote to memory of 4248	1884	Aacckjaf.exe	101
PID 1884 wrote to memory of 4248	1884	Aacckjaf.exe	101
PID 4248 wrote to memory of 1388	4248	Alhhhcal.exe	102
PID 4248 wrote to memory of 1388	4248	Alhhhcal.exe	102
PID 4248 wrote to memory of 1388	4248	Alhhhcal.exe	102
PID 1388 wrote to memory of 4668	1388	Adcmmeog.exe	104
PID 1388 wrote to memory of 4668	1388	Adcmmeog.exe	104
PID 1388 wrote to memory of 4668	1388	Adcmmeog.exe	104
PID 4668 wrote to memory of 3748	4668	Bahmfj32.exe	105
PID 4668 wrote to memory of 3748	4668	Bahmfj32.exe	105
PID 4668 wrote to memory of 3748	4668	Bahmfj32.exe	105
PID 3748 wrote to memory of 4144	3748	Bdfibe32.exe	106

C:\Users\Admin\AppData\Local\Temp\b4d9f96c964ae5e7faeefd93d6339b00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b4d9f96c964ae5e7faeefd93d6339b00_NeikiAnalytics.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Windows\SysWOW64\Paegjl32.exe
  C:\Windows\system32\Paegjl32.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1428
- - C:\Windows\SysWOW64\Pcccfh32.exe
    C:\Windows\system32\Pcccfh32.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:208
  - - C:\Windows\SysWOW64\Pnihcq32.exe
      C:\Windows\system32\Pnihcq32.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:896
    - - C:\Windows\SysWOW64\Pagdol32.exe
        
        C:\Windows\system32\Pagdol32.exe
        5⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4880
      - C:\Windows\SysWOW64\Qjpiha32.exe
        
        C:\Windows\system32\Qjpiha32.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4284
        
        C:\Windows\SysWOW64\Qbgqio32.exe
        
        C:\Windows\system32\Qbgqio32.exe
        7⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:672
        
        C:\Windows\SysWOW64\Qeemej32.exe
        
        C:\Windows\system32\Qeemej32.exe
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3940
        
        C:\Windows\SysWOW64\Qloebdig.exe
        
        C:\Windows\system32\Qloebdig.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2764
        
        C:\Windows\SysWOW64\Qalnjkgo.exe
        
        C:\Windows\system32\Qalnjkgo.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:820
        
        C:\Windows\SysWOW64\Acjjfggb.exe
        
        C:\Windows\system32\Acjjfggb.exe
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3912
        
        C:\Windows\SysWOW64\Anpncp32.exe
        
        C:\Windows\system32\Anpncp32.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1240
        
        C:\Windows\SysWOW64\Aejfpjne.exe
        
        C:\Windows\system32\Aejfpjne.exe
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4048
        
        C:\Windows\SysWOW64\Ajfoiqll.exe
        
        C:\Windows\system32\Ajfoiqll.exe
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1280
        
        C:\Windows\SysWOW64\Aaqgek32.exe
        
        C:\Windows\system32\Aaqgek32.exe
        15⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1056
        
        C:\Windows\SysWOW64\Ahkobekf.exe
        
        C:\Windows\system32\Ahkobekf.exe
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:428
        
        C:\Windows\SysWOW64\Andgoobc.exe
        
        C:\Windows\system32\Andgoobc.exe
        17⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4440
        
        C:\Windows\SysWOW64\Aacckjaf.exe
        
        C:\Windows\system32\Aacckjaf.exe
        18⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1884
        
        C:\Windows\SysWOW64\Alhhhcal.exe
        
        C:\Windows\system32\Alhhhcal.exe
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4248
        
        C:\Windows\SysWOW64\Adcmmeog.exe
        
        C:\Windows\system32\Adcmmeog.exe
        20⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1388
        
        C:\Windows\SysWOW64\Bahmfj32.exe
        
        C:\Windows\system32\Bahmfj32.exe
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4668
        
        C:\Windows\SysWOW64\Bdfibe32.exe
        
        C:\Windows\system32\Bdfibe32.exe
        22⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3748
        
        C:\Windows\SysWOW64\Bajjli32.exe
        
        C:\Windows\system32\Bajjli32.exe
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4144
        
        C:\Windows\SysWOW64\Blpnib32.exe
        
        C:\Windows\system32\Blpnib32.exe
        24⤵
        Executes dropped EXE
        
        PID:2180
        
        C:\Windows\SysWOW64\Bbifelba.exe
        
        C:\Windows\system32\Bbifelba.exe
        25⤵
        Executes dropped EXE
        
        PID:3752
        
        C:\Windows\SysWOW64\Bopgjmhe.exe
        
        C:\Windows\system32\Bopgjmhe.exe
        26⤵
        Executes dropped EXE
        
        PID:336
        
        C:\Windows\SysWOW64\Baocghgi.exe
        
        C:\Windows\system32\Baocghgi.exe
        27⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1968
        
        C:\Windows\SysWOW64\Bjghpn32.exe
        
        C:\Windows\system32\Bjghpn32.exe
        28⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4268
        
        C:\Windows\SysWOW64\Bbnpqk32.exe
        
        C:\Windows\system32\Bbnpqk32.exe
        29⤵
        Executes dropped EXE
        
        PID:4528
        
        C:\Windows\SysWOW64\Blfdia32.exe
        
        C:\Windows\system32\Blfdia32.exe
        30⤵
        Executes dropped EXE
        
        PID:1576
        
        C:\Windows\SysWOW64\Cacmah32.exe
        
        C:\Windows\system32\Cacmah32.exe
        31⤵
        Executes dropped EXE
        
        PID:4924
        
        C:\Windows\SysWOW64\Cliaoq32.exe
        
        C:\Windows\system32\Cliaoq32.exe
        32⤵
        Executes dropped EXE
        
        PID:624
        
        C:\Windows\SysWOW64\Cddecc32.exe
        
        C:\Windows\system32\Cddecc32.exe
        33⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:4820
        
        C:\Windows\SysWOW64\Cbefaj32.exe
        
        C:\Windows\system32\Cbefaj32.exe
        34⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3144
        
        C:\Windows\SysWOW64\Chbnia32.exe
        
        C:\Windows\system32\Chbnia32.exe
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3868
        
        C:\Windows\SysWOW64\Colffknh.exe
        
        C:\Windows\system32\Colffknh.exe
        36⤵
        Executes dropped EXE
        
        PID:3324
        
        C:\Windows\SysWOW64\Chdkoa32.exe
        
        C:\Windows\system32\Chdkoa32.exe
        37⤵
        Executes dropped EXE
        
        PID:2196
        
        C:\Windows\SysWOW64\Ckcgkldl.exe
        
        C:\Windows\system32\Ckcgkldl.exe
        38⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:3712
        
        C:\Windows\SysWOW64\Cdkldb32.exe
        
        C:\Windows\system32\Cdkldb32.exe
        39⤵
        Executes dropped EXE
        
        PID:2104
        
        C:\Windows\SysWOW64\Doqpak32.exe
        
        C:\Windows\system32\Doqpak32.exe
        40⤵
        Executes dropped EXE
        
        PID:1760
        
        C:\Windows\SysWOW64\Dhidjpqc.exe
        
        C:\Windows\system32\Dhidjpqc.exe
        41⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:5044
        
        C:\Windows\SysWOW64\Daaicfgd.exe
        
        C:\Windows\system32\Daaicfgd.exe
        42⤵
        Executes dropped EXE
        
        PID:5012
        
        C:\Windows\SysWOW64\Dlgmpogj.exe
        
        C:\Windows\system32\Dlgmpogj.exe
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3212
        
        C:\Windows\SysWOW64\Doeiljfn.exe
        
        C:\Windows\system32\Doeiljfn.exe
        44⤵
        Executes dropped EXE
        
        PID:2976
        
        C:\Windows\SysWOW64\Deoaid32.exe
        
        C:\Windows\system32\Deoaid32.exe
        45⤵
        Executes dropped EXE
        
        PID:1940
        
        C:\Windows\SysWOW64\Dkljak32.exe
        
        C:\Windows\system32\Dkljak32.exe
        46⤵
        Executes dropped EXE
        
        PID:4088
        
        C:\Windows\SysWOW64\Dccbbhld.exe
        
        C:\Windows\system32\Dccbbhld.exe
        47⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:4252
        
        C:\Windows\SysWOW64\Dddojq32.exe
        
        C:\Windows\system32\Dddojq32.exe
        48⤵
        Executes dropped EXE
        
        PID:3056
        
        C:\Windows\SysWOW64\Dceohhja.exe
        
        C:\Windows\system32\Dceohhja.exe
        49⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4948
        
        C:\Windows\SysWOW64\Dhbgqohi.exe
        
        C:\Windows\system32\Dhbgqohi.exe
        50⤵
        Executes dropped EXE
        
        PID:3356
        
        C:\Windows\SysWOW64\Echknh32.exe
        
        C:\Windows\system32\Echknh32.exe
        51⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:1880
        
        C:\Windows\SysWOW64\Edihepnm.exe
        
        C:\Windows\system32\Edihepnm.exe
        52⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2412
        
        C:\Windows\SysWOW64\Elppfmoo.exe
        
        C:\Windows\system32\Elppfmoo.exe
        53⤵
        Executes dropped EXE
        
        PID:4588
        
        C:\Windows\SysWOW64\Ecjhcg32.exe
        
        C:\Windows\system32\Ecjhcg32.exe
        54⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3496
        
        C:\Windows\SysWOW64\Eeidoc32.exe
        
        C:\Windows\system32\Eeidoc32.exe
        55⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4036
        
        C:\Windows\SysWOW64\Ehgqln32.exe
        
        C:\Windows\system32\Ehgqln32.exe
        56⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3076
        
        C:\Windows\SysWOW64\Elbmlmml.exe
        
        C:\Windows\system32\Elbmlmml.exe
        57⤵
        Executes dropped EXE
        
        PID:3060
        
        C:\Windows\SysWOW64\Eoaihhlp.exe
        
        C:\Windows\system32\Eoaihhlp.exe
        58⤵
        Executes dropped EXE
        
        PID:2468
        
        C:\Windows\SysWOW64\Eapedd32.exe
        
        C:\Windows\system32\Eapedd32.exe
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3228
        
        C:\Windows\SysWOW64\Ednaqo32.exe
        
        C:\Windows\system32\Ednaqo32.exe
        60⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:2396
        
        C:\Windows\SysWOW64\Eleiam32.exe
        
        C:\Windows\system32\Eleiam32.exe
        61⤵
        Executes dropped EXE
        
        PID:692
        
        C:\Windows\SysWOW64\Ekhjmiad.exe
        
        C:\Windows\system32\Ekhjmiad.exe
        62⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4828
        
        C:\Windows\SysWOW64\Ecoangbg.exe
        
        C:\Windows\system32\Ecoangbg.exe
        63⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4124
        
        C:\Windows\SysWOW64\Eemnjbaj.exe
        
        C:\Windows\system32\Eemnjbaj.exe
        64⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3756
        
        C:\Windows\SysWOW64\Edpnfo32.exe
        
        C:\Windows\system32\Edpnfo32.exe
        65⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2948
        
        C:\Windows\SysWOW64\Elgfgl32.exe
        
        C:\Windows\system32\Elgfgl32.exe
        66⤵
        Modifies registry class
        
        PID:1516
        
        C:\Windows\SysWOW64\Eofbch32.exe
        
        C:\Windows\system32\Eofbch32.exe
        67⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\Eadopc32.exe
        
        C:\Windows\system32\Eadopc32.exe
        68⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:3624
        
        C:\Windows\SysWOW64\Edbklofb.exe
        
        C:\Windows\system32\Edbklofb.exe
        69⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2384
        
        C:\Windows\SysWOW64\Fljcmlfd.exe
        
        C:\Windows\system32\Fljcmlfd.exe
        70⤵
        Modifies registry class
        
        PID:4580
        
        C:\Windows\SysWOW64\Fohoigfh.exe
        
        C:\Windows\system32\Fohoigfh.exe
        71⤵
        Modifies registry class
        
        PID:1808
        
        C:\Windows\SysWOW64\Febgea32.exe
        
        C:\Windows\system32\Febgea32.exe
        72⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\Fdegandp.exe
        
        C:\Windows\system32\Fdegandp.exe
        73⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\Fkopnh32.exe
        
        C:\Windows\system32\Fkopnh32.exe
        74⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\Fcfhof32.exe
        
        C:\Windows\system32\Fcfhof32.exe
        75⤵
        Drops file in System32 directory
        
        PID:2116
        
        C:\Windows\SysWOW64\Ffddka32.exe
        
        C:\Windows\system32\Ffddka32.exe
        76⤵
        
        PID:632
        
        C:\Windows\SysWOW64\Fakdpb32.exe
        
        C:\Windows\system32\Fakdpb32.exe
        77⤵
        Modifies registry class
        
        PID:944
        
        C:\Windows\SysWOW64\Fhemmlhc.exe
        
        C:\Windows\system32\Fhemmlhc.exe
        78⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\Fkciihgg.exe
        
        C:\Windows\system32\Fkciihgg.exe
        79⤵
        Drops file in System32 directory
        
        PID:3464
        
        C:\Windows\SysWOW64\Fooeif32.exe
        
        C:\Windows\system32\Fooeif32.exe
        80⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\Ffimfqgm.exe
        
        C:\Windows\system32\Ffimfqgm.exe
        81⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4344
        
        C:\Windows\SysWOW64\Fhgjblfq.exe
        
        C:\Windows\system32\Fhgjblfq.exe
        82⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\Fkffog32.exe
        
        C:\Windows\system32\Fkffog32.exe
        83⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\Foabofnn.exe
        
        C:\Windows\system32\Foabofnn.exe
        84⤵
        Modifies registry class
        
        PID:4500
        
        C:\Windows\SysWOW64\Fbpnkama.exe
        
        C:\Windows\system32\Fbpnkama.exe
        85⤵
        
        PID:1272
        
        C:\Windows\SysWOW64\Ffkjlp32.exe
        
        C:\Windows\system32\Ffkjlp32.exe
        86⤵
        Modifies registry class
        
        PID:2808
        
        C:\Windows\SysWOW64\Fhjfhl32.exe
        
        C:\Windows\system32\Fhjfhl32.exe
        87⤵
        Modifies registry class
        
        PID:3876
        
        C:\Windows\SysWOW64\Gkhbdg32.exe
        
        C:\Windows\system32\Gkhbdg32.exe
        88⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\Gbbkaako.exe
        
        C:\Windows\system32\Gbbkaako.exe
        89⤵
        Drops file in System32 directory
        
        PID:4728
        
        C:\Windows\SysWOW64\Gfngap32.exe
        
        C:\Windows\system32\Gfngap32.exe
        90⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\Ghlcnk32.exe
        
        C:\Windows\system32\Ghlcnk32.exe
        91⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\Gkkojgao.exe
        
        C:\Windows\system32\Gkkojgao.exe
        92⤵
        
        PID:412
        
        C:\Windows\SysWOW64\Gofkje32.exe
        
        C:\Windows\system32\Gofkje32.exe
        93⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\Gfpcgpae.exe
        
        C:\Windows\system32\Gfpcgpae.exe
        94⤵
        Drops file in System32 directory
        
        PID:2564
        
        C:\Windows\SysWOW64\Ghopckpi.exe
        
        C:\Windows\system32\Ghopckpi.exe
        95⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:1600
        
        C:\Windows\SysWOW64\Gkmlofol.exe
        
        C:\Windows\system32\Gkmlofol.exe
        96⤵
        
        PID:768
        
        C:\Windows\SysWOW64\Gcddpdpo.exe
        
        C:\Windows\system32\Gcddpdpo.exe
        97⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\Gfbploob.exe
        
        C:\Windows\system32\Gfbploob.exe
        98⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:4120
        
        C:\Windows\SysWOW64\Ghaliknf.exe
        
        C:\Windows\system32\Ghaliknf.exe
        99⤵
        Drops file in System32 directory
        
        PID:3244
        
        C:\Windows\SysWOW64\Gkoiefmj.exe
        
        C:\Windows\system32\Gkoiefmj.exe
        100⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5092
        
        C:\Windows\SysWOW64\Gcfqfc32.exe
        
        C:\Windows\system32\Gcfqfc32.exe
        101⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5148
        
        C:\Windows\SysWOW64\Gfembo32.exe
        
        C:\Windows\system32\Gfembo32.exe
        102⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\Gdhmnlcj.exe
        
        C:\Windows\system32\Gdhmnlcj.exe
        103⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\Gmoeoidl.exe
        
        C:\Windows\system32\Gmoeoidl.exe
        104⤵
        Modifies registry class
        
        PID:5280
        
        C:\Windows\SysWOW64\Gomakdcp.exe
        
        C:\Windows\system32\Gomakdcp.exe
        105⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5320
        
        C:\Windows\SysWOW64\Gcimkc32.exe
        
        C:\Windows\system32\Gcimkc32.exe
        106⤵
        Modifies registry class
        
        PID:5368
        
        C:\Windows\SysWOW64\Gfgjgo32.exe
        
        C:\Windows\system32\Gfgjgo32.exe
        107⤵
        Drops file in System32 directory
        
        PID:5408
        
        C:\Windows\SysWOW64\Hiefcj32.exe
        
        C:\Windows\system32\Hiefcj32.exe
        108⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\Hkdbpe32.exe
        
        C:\Windows\system32\Hkdbpe32.exe
        109⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\Hckjacjg.exe
        
        C:\Windows\system32\Hckjacjg.exe
        110⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\Hfifmnij.exe
        
        C:\Windows\system32\Hfifmnij.exe
        111⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\Hihbijhn.exe
        
        C:\Windows\system32\Hihbijhn.exe
        112⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5632
        
        C:\Windows\SysWOW64\Hkfoeega.exe
        
        C:\Windows\system32\Hkfoeega.exe
        113⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\Hobkfd32.exe
        
        C:\Windows\system32\Hobkfd32.exe
        114⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\Hbpgbo32.exe
        
        C:\Windows\system32\Hbpgbo32.exe
        115⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\Hmfkoh32.exe
        
        C:\Windows\system32\Hmfkoh32.exe
        116⤵
        Modifies registry class
        
        PID:5804
        
        C:\Windows\SysWOW64\Hcpclbfa.exe
        
        C:\Windows\system32\Hcpclbfa.exe
        117⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:5848
        
        C:\Windows\SysWOW64\Hfnphn32.exe
        
        C:\Windows\system32\Hfnphn32.exe
        118⤵
        Modifies registry class
        
        PID:5892
        
        C:\Windows\SysWOW64\Himldi32.exe
        
        C:\Windows\system32\Himldi32.exe
        119⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\Hcbpab32.exe
        
        C:\Windows\system32\Hcbpab32.exe
        120⤵
        Drops file in System32 directory
        
        PID:5980
        
        C:\Windows\SysWOW64\Hecmijim.exe
        
        C:\Windows\system32\Hecmijim.exe
        121⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:6024
        
        C:\Windows\SysWOW64\Hmjdjgjo.exe
        
        C:\Windows\system32\Hmjdjgjo.exe
        122⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\Hoiafcic.exe
        
        C:\Windows\system32\Hoiafcic.exe
        123⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\Hbgmcnhf.exe
        
        C:\Windows\system32\Hbgmcnhf.exe
        124⤵
        Modifies registry class
        
        PID:5132
        
        C:\Windows\SysWOW64\Immapg32.exe
        
        C:\Windows\system32\Immapg32.exe
        125⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5208
        
        C:\Windows\SysWOW64\Ipknlb32.exe
        
        C:\Windows\system32\Ipknlb32.exe
        126⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5272
        
        C:\Windows\SysWOW64\Ifefimom.exe
        
        C:\Windows\system32\Ifefimom.exe
        127⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\Iicbehnq.exe
        
        C:\Windows\system32\Iicbehnq.exe
        128⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:5416
        
        C:\Windows\SysWOW64\Iejcji32.exe
        
        C:\Windows\system32\Iejcji32.exe
        129⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:5484
        
        C:\Windows\SysWOW64\Iemppiab.exe
        
        C:\Windows\system32\Iemppiab.exe
        130⤵
        Modifies registry class
        
        PID:5552
        
        C:\Windows\SysWOW64\Ipbdmaah.exe
        
        C:\Windows\system32\Ipbdmaah.exe
        131⤵
        Drops file in System32 directory
        
        PID:5620
        
        C:\Windows\SysWOW64\Iikhfg32.exe
        
        C:\Windows\system32\Iikhfg32.exe
        132⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\Icplcpgo.exe
        
        C:\Windows\system32\Icplcpgo.exe
        133⤵
        Modifies registry class
        
        PID:5768
        
        C:\Windows\SysWOW64\Jeaikh32.exe
        
        C:\Windows\system32\Jeaikh32.exe
        134⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5836
        
        C:\Windows\SysWOW64\Jpgmha32.exe
        
        C:\Windows\system32\Jpgmha32.exe
        135⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\Jbeidl32.exe
        
        C:\Windows\system32\Jbeidl32.exe
        136⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5972
        
        C:\Windows\SysWOW64\Jpijnqkp.exe
        
        C:\Windows\system32\Jpijnqkp.exe
        137⤵
        Modifies registry class
        
        PID:6040
        
        C:\Windows\SysWOW64\Jlpkba32.exe
        
        C:\Windows\system32\Jlpkba32.exe
        138⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\Jplfcpin.exe
        
        C:\Windows\system32\Jplfcpin.exe
        139⤵
        Modifies registry class
        
        PID:628
        
        C:\Windows\SysWOW64\Jmpgldhg.exe
        
        C:\Windows\system32\Jmpgldhg.exe
        140⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\Jcioiood.exe
        
        C:\Windows\system32\Jcioiood.exe
        141⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\Jfhlejnh.exe
        
        C:\Windows\system32\Jfhlejnh.exe
        142⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\Jifhaenk.exe
        
        C:\Windows\system32\Jifhaenk.exe
        143⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\Jpppnp32.exe
        
        C:\Windows\system32\Jpppnp32.exe
        144⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\Kfjhkjle.exe
        
        C:\Windows\system32\Kfjhkjle.exe
        145⤵
        Drops file in System32 directory
        
        PID:5616
        
        C:\Windows\SysWOW64\Kiidgeki.exe
        
        C:\Windows\system32\Kiidgeki.exe
        146⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\Klgqcqkl.exe
        
        C:\Windows\system32\Klgqcqkl.exe
        147⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5816
        
        C:\Windows\SysWOW64\Kfmepi32.exe
        
        C:\Windows\system32\Kfmepi32.exe
        148⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\Kpeiioac.exe
        
        C:\Windows\system32\Kpeiioac.exe
        149⤵
        Drops file in System32 directory
        
        PID:6064
        
        C:\Windows\SysWOW64\Kimnbd32.exe
        
        C:\Windows\system32\Kimnbd32.exe
        150⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5128
        
        C:\Windows\SysWOW64\Kfankifm.exe
        
        C:\Windows\system32\Kfankifm.exe
        151⤵
        Modifies registry class
        
        PID:5140
        
        C:\Windows\SysWOW64\Kpjcdn32.exe
        
        C:\Windows\system32\Kpjcdn32.exe
        152⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\Kefkme32.exe
        
        C:\Windows\system32\Kefkme32.exe
        153⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\Kmncnb32.exe
        
        C:\Windows\system32\Kmncnb32.exe
        154⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\Kplpjn32.exe
        
        C:\Windows\system32\Kplpjn32.exe
        155⤵
        Modifies registry class
        
        PID:5788
        
        C:\Windows\SysWOW64\Leihbeib.exe
        
        C:\Windows\system32\Leihbeib.exe
        156⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:6032
        
        C:\Windows\SysWOW64\Lmppcbjd.exe
        
        C:\Windows\system32\Lmppcbjd.exe
        157⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\Ldjhpl32.exe
        
        C:\Windows\system32\Ldjhpl32.exe
        158⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\Ligqhc32.exe
        
        C:\Windows\system32\Ligqhc32.exe
        159⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\Ldleel32.exe
        
        C:\Windows\system32\Ldleel32.exe
        160⤵
        Modifies registry class
        
        PID:5800
        
        C:\Windows\SysWOW64\Lfkaag32.exe
        
        C:\Windows\system32\Lfkaag32.exe
        161⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\Lpcfkm32.exe
        
        C:\Windows\system32\Lpcfkm32.exe
        162⤵
        Modifies registry class
        
        PID:5156
        
        C:\Windows\SysWOW64\Likjcbkc.exe
        
        C:\Windows\system32\Likjcbkc.exe
        163⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\Ldanqkki.exe
        
        C:\Windows\system32\Ldanqkki.exe
        164⤵
        Drops file in System32 directory
        
        PID:6000
        
        C:\Windows\SysWOW64\Lebkhc32.exe
        
        C:\Windows\system32\Lebkhc32.exe
        165⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\Lmiciaaj.exe
        
        C:\Windows\system32\Lmiciaaj.exe
        166⤵
        Drops file in System32 directory
        
        PID:1140
        
        C:\Windows\SysWOW64\Mbfkbhpa.exe
        
        C:\Windows\system32\Mbfkbhpa.exe
        167⤵
        Modifies registry class
        
        PID:5996
        
        C:\Windows\SysWOW64\Medgncoe.exe
        
        C:\Windows\system32\Medgncoe.exe
        168⤵
        Drops file in System32 directory
        
        PID:5244
        
        C:\Windows\SysWOW64\Mdehlk32.exe
        
        C:\Windows\system32\Mdehlk32.exe
        169⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\Mmnldp32.exe
        
        C:\Windows\system32\Mmnldp32.exe
        170⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\Mdhdajea.exe
        
        C:\Windows\system32\Mdhdajea.exe
        171⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\Miemjaci.exe
        
        C:\Windows\system32\Miemjaci.exe
        172⤵
        Drops file in System32 directory
        
        PID:6300
        
        C:\Windows\SysWOW64\Mlcifmbl.exe
        
        C:\Windows\system32\Mlcifmbl.exe
        173⤵
        Drops file in System32 directory
        
        PID:6344
        
        C:\Windows\SysWOW64\Mcmabg32.exe
        
        C:\Windows\system32\Mcmabg32.exe
        174⤵
        Drops file in System32 directory
        
        PID:6388
        
        C:\Windows\SysWOW64\Mmbfpp32.exe
        
        C:\Windows\system32\Mmbfpp32.exe
        175⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\Mdmnlj32.exe
        
        C:\Windows\system32\Mdmnlj32.exe
        176⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:6476
        
        C:\Windows\SysWOW64\Menjdbgj.exe
        
        C:\Windows\system32\Menjdbgj.exe
        177⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\Mlhbal32.exe
        
        C:\Windows\system32\Mlhbal32.exe
        178⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\Nepgjaeg.exe
        
        C:\Windows\system32\Nepgjaeg.exe
        179⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\Nebdoa32.exe
        
        C:\Windows\system32\Nebdoa32.exe
        180⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\Nphhmj32.exe
        
        C:\Windows\system32\Nphhmj32.exe
        181⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\Ngbpidjh.exe
        
        C:\Windows\system32\Ngbpidjh.exe
        182⤵
        Drops file in System32 directory
        
        PID:6744
        
        C:\Windows\SysWOW64\Npjebj32.exe
        
        C:\Windows\system32\Npjebj32.exe
        183⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\Nfgmjqop.exe
        
        C:\Windows\system32\Nfgmjqop.exe
        184⤵
        Drops file in System32 directory
        
        PID:6832
        
        C:\Windows\SysWOW64\Nlaegk32.exe
        
        C:\Windows\system32\Nlaegk32.exe
        185⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\Nfjjppmm.exe
        
        C:\Windows\system32\Nfjjppmm.exe
        186⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6920
        
        C:\Windows\SysWOW64\Oponmilc.exe
        
        C:\Windows\system32\Oponmilc.exe
        187⤵
        Drops file in System32 directory
        
        PID:6964
        
        C:\Windows\SysWOW64\Oflgep32.exe
        
        C:\Windows\system32\Oflgep32.exe
        188⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\Olfobjbg.exe
        
        C:\Windows\system32\Olfobjbg.exe
        189⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7052
        
        C:\Windows\SysWOW64\Ocpgod32.exe
        
        C:\Windows\system32\Ocpgod32.exe
        190⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:7096
        
        C:\Windows\SysWOW64\Olhlhjpd.exe
        
        C:\Windows\system32\Olhlhjpd.exe
        191⤵
        Modifies registry class
        
        PID:7140
        
        C:\Windows\SysWOW64\Opdghh32.exe
        
        C:\Windows\system32\Opdghh32.exe
        192⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\Onhhamgg.exe
        
        C:\Windows\system32\Onhhamgg.exe
        193⤵
        Drops file in System32 directory
        
        PID:6228
        
        C:\Windows\SysWOW64\Ogpmjb32.exe
        
        C:\Windows\system32\Ogpmjb32.exe
        194⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\Oqhacgdh.exe
        
        C:\Windows\system32\Oqhacgdh.exe
        195⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\Ofeilobp.exe
        
        C:\Windows\system32\Ofeilobp.exe
        196⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6428
        
        C:\Windows\SysWOW64\Pcijeb32.exe
        
        C:\Windows\system32\Pcijeb32.exe
        197⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6516
        
        C:\Windows\SysWOW64\Pmannhhj.exe
        
        C:\Windows\system32\Pmannhhj.exe
        198⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\Pfjcgn32.exe
        
        C:\Windows\system32\Pfjcgn32.exe
        199⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6648
        
        C:\Windows\SysWOW64\Pdkcde32.exe
        
        C:\Windows\system32\Pdkcde32.exe
        200⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\Pflplnlg.exe
        
        C:\Windows\system32\Pflplnlg.exe
        201⤵
        Modifies registry class
        
        PID:6780
        
        C:\Windows\SysWOW64\Pqbdjfln.exe
        
        C:\Windows\system32\Pqbdjfln.exe
        202⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\Pfolbmje.exe
        
        C:\Windows\system32\Pfolbmje.exe
        203⤵
        Drops file in System32 directory
        
        PID:6928
        
        C:\Windows\SysWOW64\Pjjhbl32.exe
        
        C:\Windows\system32\Pjjhbl32.exe
        204⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\Pqdqof32.exe
        
        C:\Windows\system32\Pqdqof32.exe
        205⤵
        Modifies registry class
        
        PID:7072
        
        C:\Windows\SysWOW64\Pfaigm32.exe
        
        C:\Windows\system32\Pfaigm32.exe
        206⤵
        Modifies registry class
        
        PID:7132
        
        C:\Windows\SysWOW64\Qqfmde32.exe
        
        C:\Windows\system32\Qqfmde32.exe
        207⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\Qfcfml32.exe
        
        C:\Windows\system32\Qfcfml32.exe
        208⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:6284
        
        C:\Windows\SysWOW64\Qmmnjfnl.exe
        
        C:\Windows\system32\Qmmnjfnl.exe
        209⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:6384
        
        C:\Windows\SysWOW64\Qffbbldm.exe
        
        C:\Windows\system32\Qffbbldm.exe
        210⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6492
        
        C:\Windows\SysWOW64\Ampkof32.exe
        
        C:\Windows\system32\Ampkof32.exe
        211⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\Acjclpcf.exe
        
        C:\Windows\system32\Acjclpcf.exe
        212⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\Ajckij32.exe
        
        C:\Windows\system32\Ajckij32.exe
        213⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6828
        
        C:\Windows\SysWOW64\Aeiofcji.exe
        
        C:\Windows\system32\Aeiofcji.exe
        214⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\Afjlnk32.exe
        
        C:\Windows\system32\Afjlnk32.exe
        215⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7040
        
        C:\Windows\SysWOW64\Amddjegd.exe
        
        C:\Windows\system32\Amddjegd.exe
        216⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7152
        
        C:\Windows\SysWOW64\Aeklkchg.exe
        
        C:\Windows\system32\Aeklkchg.exe
        217⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\Afmhck32.exe
        
        C:\Windows\system32\Afmhck32.exe
        218⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\Andqdh32.exe
        
        C:\Windows\system32\Andqdh32.exe
        219⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\Aabmqd32.exe
        
        C:\Windows\system32\Aabmqd32.exe
        220⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6772
        
        C:\Windows\SysWOW64\Aglemn32.exe
        
        C:\Windows\system32\Aglemn32.exe
        221⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\Anfmjhmd.exe
        
        C:\Windows\system32\Anfmjhmd.exe
        222⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\Aepefb32.exe
        
        C:\Windows\system32\Aepefb32.exe
        223⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6376
        
        C:\Windows\SysWOW64\Bfabnjjp.exe
        
        C:\Windows\system32\Bfabnjjp.exe
        224⤵
        Drops file in System32 directory
        
        PID:6624
        
        C:\Windows\SysWOW64\Bmkjkd32.exe
        
        C:\Windows\system32\Bmkjkd32.exe
        225⤵
        Modifies registry class
        
        PID:6904
        
        C:\Windows\SysWOW64\Bcebhoii.exe
        
        C:\Windows\system32\Bcebhoii.exe
        226⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6204
        
        C:\Windows\SysWOW64\Bfdodjhm.exe
        
        C:\Windows\system32\Bfdodjhm.exe
        227⤵
        Modifies registry class
        
        PID:6600
        
        C:\Windows\SysWOW64\Bmngqdpj.exe
        
        C:\Windows\system32\Bmngqdpj.exe
        228⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\Beeoaapl.exe
        
        C:\Windows\system32\Beeoaapl.exe
        229⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6732
        
        C:\Windows\SysWOW64\Bnmcjg32.exe
        
        C:\Windows\system32\Bnmcjg32.exe
        230⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:6484
        
        C:\Windows\SysWOW64\Balpgb32.exe
        
        C:\Windows\system32\Balpgb32.exe
        231⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6576
        
        C:\Windows\SysWOW64\Bgehcmmm.exe
        
        C:\Windows\system32\Bgehcmmm.exe
        232⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6596
        
        C:\Windows\SysWOW64\Bnpppgdj.exe
        
        C:\Windows\system32\Bnpppgdj.exe
        233⤵
        Modifies registry class
        
        PID:7208
        
        C:\Windows\SysWOW64\Banllbdn.exe
        
        C:\Windows\system32\Banllbdn.exe
        234⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7252
        
        C:\Windows\SysWOW64\Bclhhnca.exe
        
        C:\Windows\system32\Bclhhnca.exe
        235⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7292
        
        C:\Windows\SysWOW64\Bfkedibe.exe
        
        C:\Windows\system32\Bfkedibe.exe
        236⤵
        Modifies registry class
        
        PID:7340
        
        C:\Windows\SysWOW64\Bmemac32.exe
        
        C:\Windows\system32\Bmemac32.exe
        237⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\Belebq32.exe
        
        C:\Windows\system32\Belebq32.exe
        238⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:7428
        
        C:\Windows\SysWOW64\Chjaol32.exe
        
        C:\Windows\system32\Chjaol32.exe
        239⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\Cjinkg32.exe
        
        C:\Windows\system32\Cjinkg32.exe
        240⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7516
        
        C:\Windows\SysWOW64\Cmgjgcgo.exe
        
        C:\Windows\system32\Cmgjgcgo.exe
        241⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\Cdabcm32.exe
        
        C:\Windows\system32\Cdabcm32.exe
        242⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7604
        
        C:\Windows\SysWOW64\Cjkjpgfi.exe
        
        C:\Windows\system32\Cjkjpgfi.exe
        243⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7648
        
        C:\Windows\SysWOW64\Cnffqf32.exe
        
        C:\Windows\system32\Cnffqf32.exe
        244⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\Ceqnmpfo.exe
        
        C:\Windows\system32\Ceqnmpfo.exe
        245⤵
        Drops file in System32 directory
        
        PID:7732
        
        C:\Windows\SysWOW64\Cjmgfgdf.exe
        
        C:\Windows\system32\Cjmgfgdf.exe
        246⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\Cmlcbbcj.exe
        
        C:\Windows\system32\Cmlcbbcj.exe
        247⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\Cdfkolkf.exe
        
        C:\Windows\system32\Cdfkolkf.exe
        248⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\Cjpckf32.exe
        
        C:\Windows\system32\Cjpckf32.exe
        249⤵
        Drops file in System32 directory
        
        PID:7912
        
        C:\Windows\SysWOW64\Cmnpgb32.exe
        
        C:\Windows\system32\Cmnpgb32.exe
        250⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7956
        
        C:\Windows\SysWOW64\Ceehho32.exe
        
        C:\Windows\system32\Ceehho32.exe
        251⤵
        Modifies registry class
        
        PID:8000
        
        C:\Windows\SysWOW64\Chcddk32.exe
        
        C:\Windows\system32\Chcddk32.exe
        252⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8044
        
        C:\Windows\SysWOW64\Cnnlaehj.exe
        
        C:\Windows\system32\Cnnlaehj.exe
        253⤵
        Modifies registry class
        
        PID:8088
        
        C:\Windows\SysWOW64\Cegdnopg.exe
        
        C:\Windows\system32\Cegdnopg.exe
        254⤵
        Modifies registry class
        
        PID:8132
        
        C:\Windows\SysWOW64\Dfiafg32.exe
        
        C:\Windows\system32\Dfiafg32.exe
        255⤵
        Drops file in System32 directory
        
        PID:8176
        
        C:\Windows\SysWOW64\Dmcibama.exe
        
        C:\Windows\system32\Dmcibama.exe
        256⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\Danecp32.exe
        
        C:\Windows\system32\Danecp32.exe
        257⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\Ddmaok32.exe
        
        C:\Windows\system32\Ddmaok32.exe
        258⤵
        Drops file in System32 directory
        
        PID:7352
        
        C:\Windows\SysWOW64\Dobfld32.exe
        
        C:\Windows\system32\Dobfld32.exe
        259⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7420
        
        C:\Windows\SysWOW64\Delnin32.exe
        
        C:\Windows\system32\Delnin32.exe
        260⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\Dfnjafap.exe
        
        C:\Windows\system32\Dfnjafap.exe
        261⤵
        Modifies registry class
        
        PID:7552
        
        C:\Windows\SysWOW64\Dodbbdbb.exe
        
        C:\Windows\system32\Dodbbdbb.exe
        262⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:7620
        
        C:\Windows\SysWOW64\Deokon32.exe
        
        C:\Windows\system32\Deokon32.exe
        263⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\Dhmgki32.exe
        
        C:\Windows\system32\Dhmgki32.exe
        264⤵
        Drops file in System32 directory
        
        PID:7760
        
        C:\Windows\SysWOW64\Dkkcge32.exe
        
        C:\Windows\system32\Dkkcge32.exe
        265⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\Dmjocp32.exe
        
        C:\Windows\system32\Dmjocp32.exe
        266⤵
        Drops file in System32 directory
        
        PID:7904
        
        C:\Windows\SysWOW64\Dhocqigp.exe
        
        C:\Windows\system32\Dhocqigp.exe
        267⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\Dknpmdfc.exe
        
        C:\Windows\system32\Dknpmdfc.exe
        268⤵
        Drops file in System32 directory
        
        PID:8040
        
        C:\Windows\SysWOW64\Dmllipeg.exe
        
        C:\Windows\system32\Dmllipeg.exe
        269⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 396
        270⤵
        Program crash
        
        PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 8116 -ip 8116
1⤵
PID:7200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Aacckjaf.exe

Filesize
52KB

MD5
99c14ab5a579867ab8be0fbad0a7aec8

SHA1
e8b1fd1b5887d8388e3a737aee67e04e7e2c4ee1

SHA256
e079bd8005e70106c8eaa4730c9ba203022ae9c1a3f8102026b23ded31add45b

SHA512
efaadca458b8f9fea8a0962523c272dfcc71d4ca31c589edf4617a2e34069c9476f7faf788533d3a978dc0e3a1be3bfe25b455036d385528153ae8fb4e6bd10a

Download Submit
C:\Windows\SysWOW64\Aaqgek32.exe

Filesize
52KB

MD5
134d82b8418f230cbc9803bd4a75d794

SHA1
8ac6c61c60569c3e925e1d02b982ba995aa1f6b1

SHA256
92ccbac6eb1a5e7cdb8a0ba739476f1f299d281d933a9c037a60fb81ad06495d

SHA512
7e31dc240440b888f50185fc4836e990df5932016b4fc39e2952bbf96de25ae3740ae79355c960657a2b27ebb2bf4d36b39d3d7838bc6215bddc983299192947

Download Submit
C:\Windows\SysWOW64\Acjjfggb.exe

Filesize
52KB

MD5
6d7c32afd405615e5f7e7e0877bcb9d4

SHA1
10722f769fe29f8994d3259767c81664e66bf6ec

SHA256
45251648a33d8e5caae7307172b01e09bdc5ef47ab4133a2e5dfbaeefa8cfbf4

SHA512
e3063770c609748f0d5cfe4af79dd30ecb1ca4a48c51cf2dc857edd4b3d030a01d18dcd73b0b42a1b44735fb1a0e50752fe917e6f29ea0bc4791a33ff03dba95

Download Submit
C:\Windows\SysWOW64\Adcmmeog.exe

Filesize
52KB

MD5
9121f2b588297e9f5673dde5e21e0ddf

SHA1
00b3ad2aea5669655855276fa7c74109f26ee07f

SHA256
ca1c5724b15fa61c9f2e99692c771fb6cfc832856ed96a74df8d4ff878193bab

SHA512
89c73a4a86f9c1ef5bc371deda2aed289bbccb96c9508b67c6e0e67c2a3a444d2414dc8e6577faf5cb29d874077127ead07e575cbd83ba989ec4a03958ef5da4

Download Submit
C:\Windows\SysWOW64\Aejfpjne.exe

Filesize
52KB

MD5
cd9ea437feacfa9317c5111243759f79

SHA1
acfe2c833aedb746e11992da203177e76bf6265b

SHA256
0b8c25fb7a512a4f32fe82e3129120a0477f2c113c35d1d9d75e89f25f53acef

SHA512
4f9bc476f1464327ff84aeef941b5b9c1e75520098567dc70d62f374803163f43fa9cb14e31acdbf7e1c1f29684ceaefb0bc47b9014d01562b59fe3198963bcc

Download Submit
C:\Windows\SysWOW64\Afjlnk32.exe

Filesize
52KB

MD5
bb517f05a6f4ab9a34da1ad820ce3519

SHA1
e7f140658a331cf83d73b5d5608c9188e7ba61f3

SHA256
f38306d0708c05fe42565eb4e9eb0e3231cc25dc46c5c1143cf6c1f3f416b061

SHA512
1b628c1a6740a731fbe4f2e9e9b349418324b3654e50967eb189f581f31a753507b4db4010ab616f1708509f317c1db8934e19a44f0b152583376b118c13227f

Download Submit
C:\Windows\SysWOW64\Aglemn32.exe

Filesize
52KB

MD5
cd8a9b292a22d71cd6edc286e54a9502

SHA1
53d14a6ed3336443bf2d810c0fbdebb94d46a145

SHA256
cdbe481877261a2ddecb869cf290ecfc2d07f30aa59059f0cca8e4e81a778b34

SHA512
374b06520de1f03e03e98446fea877616df5e235a943dc072b8f1b1d8f8103843a7b01faa53243e72b64644c4f3b4ca2c4cd554ae42d70165e170a501d97ec83

Download Submit
C:\Windows\SysWOW64\Ahkobekf.exe

Filesize
52KB

MD5
c768a6173a93f1a398ca14a569727f3f

SHA1
644269d540436b090a5dfdbe06931e2a2d63f810

SHA256
12eb64318a9903a54bafae603c141985d1d1dce113258bd01c60a40e83af6551

SHA512
d98bbb9c16c1d931478a9e05545a61eb4ca07a4314d42c1272873eed061bdc6be7207a110580d9cd42da00883c8ebb606d02882ba150d164f040f498deb5622a

Download Submit
C:\Windows\SysWOW64\Ajckij32.exe

Filesize
52KB

MD5
28e96b0ccad308eb347dc75aa056f446

SHA1
ebd5011927ee8c1281cdc399bc8fa403b8f2fb95

SHA256
71604a94142f84f92d23f4915a89d56071e22a28750d843352152e3763624154

SHA512
2845f0b507d87c47273128968a27746c72ede93798886f1ec83eaf00fcf4680e7cca1cf03e11e061639aa2ded3cd4a3c9e1ccb41336ad9902bdf195963f3861e

Download Submit
C:\Windows\SysWOW64\Ajfoiqll.exe

Filesize
52KB

MD5
22ed48d4f2b56e74d6f61202995fd1f4

SHA1
7f606ecf6f6fe983b66b977a0b676cf7e37ced04

SHA256
4dc46ccf2c8bfbba922367421d917c7e6679dc030f7f7274c77d24af4d1c2814

SHA512
0ee5ff39e29c3f4e11fea7747edde7bb766552b544d2d9b9d7ead9280b8a893fa56dcbe72d8aedf277d62227f218c79737f92b6f5b23e413618a8edaba8c8079

Download Submit
C:\Windows\SysWOW64\Alhhhcal.exe

Filesize
52KB

MD5
6c2264e971c395180c9ab2ce61faa361

SHA1
287afbb1116542a930e3f608d2cce9cb8288f9be

SHA256
e8885e479a0e4742804595984627627a8f3747f0e85440e39a77ac2d6ab33493

SHA512
85b7ff4c73801643f83732692c902d9cad26ddc0d0a1b41c222b60d7589c87923ad723de39450dc6b043adbeb004192d2587360cc7f52cad36590517da1d5b4b

Download Submit
C:\Windows\SysWOW64\Andgoobc.exe

Filesize
52KB

MD5
86855e59564051e7d73101aaff2b225e

SHA1
89fe5ba652b53c5c5e8505923a5766c0ee31be52

SHA256
f2d02dbd17d24c25719fc8d1902d6f1bef377925c61182c178b309f7fad30eab

SHA512
b91dd83a7204c39026dced85098045fc8fc919e819d5a9053ab7421ada41eb849d5eb13d16cba030b616adf167c1a463aba673579f2d5bfd20a07a190286ca0a

Download Submit
C:\Windows\SysWOW64\Anpncp32.exe

Filesize
52KB

MD5
bc5c6021012ea2935e72f8dbe9ff077b

SHA1
15e7e5219f78b8288bcc334ecba7ff38b4fb6c93

SHA256
caa54957176f4fe9bda3e47749eeadd9eb83b1c9294294d7a2fced18a157e000

SHA512
38d274369c6ac2639a278fbc6b327e74a02e9f9e25dcf87f933983a23b8cce5aaa63d2b0a5dd6587616faaae698cb930ded5e8706eaaeb7976b6e472d9f440ff

Download Submit
C:\Windows\SysWOW64\Bahmfj32.exe

Filesize
52KB

MD5
f7bb483b69b47459f6b30502fa3a5d78

SHA1
5ae553f97b7b7973a1686826beef5b7150c361e8

SHA256
eec56b90c77e10f24808441ef868ec03c280f9daa17e172f525b23a7c5e9a36b

SHA512
5fbffc121ed27c7f1df387f67197608666840106e193e819d21ebad73d5fa6572bc550071a6f484dacfd09f82313ddc69f730c8e69c2e6a26e7c9e528e0900a9

Download Submit
C:\Windows\SysWOW64\Bajjli32.exe

Filesize
52KB

MD5
789dd6e6db8b7bedf6af52be9720fa4a

SHA1
10cce9925d8254c0b676ba9449c4ea90b2a12cff

SHA256
27d818c3b6d8c46b9aa9fec6357145c3df4bbd798e1c7d4cee84f946135bcb16

SHA512
04b686c2b65ce28ed140bf0adfe06fc17c0f0310906fe51757c443383a66bd8946b277dfc9c9f4c0766a2e9ef3ab5b2d0e521ca6d9aa87df89f28bed744b271b

Download Submit
C:\Windows\SysWOW64\Baocghgi.exe

Filesize
52KB

MD5
14b55ef476a45b034eb21eab1c30e0c7

SHA1
9dd455e8b4a211c0994c4a814d5d3be0fe6c13cc

SHA256
59e6d46b08e9a8ebace6b8c325ae50ccb96ae22bfd717e51dd86c092dfc21caa

SHA512
5a3f27dee8a52b9f09a43864f5afab1217f1e987112de5ca168abdd1aee288dc2f125952c733d46ac5c6597f85658586697baa463e97f5045f87eba32f6c4341

Download Submit
C:\Windows\SysWOW64\Bbifelba.exe

Filesize
52KB

MD5
c8d7385715f1886b7d10d66e32bc8050

SHA1
5469577218225e48516ee616271f2cb383066acd

SHA256
1777b4b268d6d9bb032db9548ad582526d9da3bca180462be6e668962a0edae3

SHA512
52f5d31121f78177e9763b21fe4956c8eec447f0a38bc496b72a38ee311f7e0db27bd252b94119b53160bee4996d7af14c7f71d2b695fb3672e937331f6ed34a

Download Submit
C:\Windows\SysWOW64\Bbnpqk32.exe

Filesize
52KB

MD5
e18ad2e5a78cfc22f3544c9b714c6f24

SHA1
882ba412ccb8e24b4cb4c4522a932dbac2db235c

SHA256
45b8614405dcc906345cab5e4b353e7f86b0fcd39b804dfcf02b4acf0608bb96

SHA512
c698f9dc79d948bb574fb5cec3327c1d835705e18e60db0a6e5ed2a510affb17807f7bdc2d31c87c13ce34ef0a78972b4be16abbf2014dc3d3363ede5de6a612

Download Submit
C:\Windows\SysWOW64\Bdfibe32.exe

Filesize
52KB

MD5
c37a753902d86e73a915ccd0fb486df7

SHA1
3498805b3856bdfbadb40aa31bdffd52c8e064c8

SHA256
5852d296dbededf8830789ce3b66c1680efbf94dba2ead88647775ad367450ec

SHA512
ea379ff98a0f3fc557f515049e4e1b42146b653c4f402413f2be46162e07a9d11a8a283c37cf6c6dec13d1eb2e00d27a5bffb07c34b381c3687aa24f32cb5416

Download Submit
C:\Windows\SysWOW64\Bfdodjhm.exe

Filesize
52KB

MD5
cc2a0c3e607180ee7a5edff5737cd4de

SHA1
502ded3d19a8d5bd906dff958eed6e04c167714b

SHA256
c20c254d8ff1c8a861a59fa844a6a625c4784151ff7e26659aba6e3373820f33

SHA512
e44b1bfc4403bd27aaa158f7736a1fc66db0479c53b30149aa362bfdf1ed6a70fa8c434b0ad0df6d4bc30fa0e49b60b28be8df62e59a169146168d6c0ced6661

Download Submit
C:\Windows\SysWOW64\Bjghpn32.exe

Filesize
52KB

MD5
0423083e62fee3724090a36829ac0666

SHA1
30e33f9af6b2b6fdc1841420132a748542f61a1c

SHA256
953259b5e79db5950c9d7acc45d8a00e789f6a74231b2fa140458b4b312f40fd

SHA512
55fa66642e89fd1bf9bc492e484e495f33d9f1c03560205611a6872d77df59ffa16523fa4933be9f4cd3e759b9670b62f5359c36eecd0316d1d0a98ea68e2c9d

Download Submit
C:\Windows\SysWOW64\Blfdia32.exe

Filesize
52KB

MD5
1c457ee8a515f601c96eb39a6113cee6

SHA1
6131280e162e5f213e56a6b95cdd6c5933c841aa

SHA256
f2841b1f63fae81fa766f54ae2aa206ec1465f8a1f4f7b5d80a000b10d0352fb

SHA512
b9a89038d0d7618e11fac2f067a1ec2c28794fea1fa293732ca37847387616b125779300c60b41abf337a536844d46c91068b547f0408a407f99122aa897e9ef

Download Submit
C:\Windows\SysWOW64\Blpnib32.exe

Filesize
52KB

MD5
fef306b452836368b5289cc6ab0f23cc

SHA1
1b6232d6856271de47c20c96efa92971ac39f41c

SHA256
674b8e3f02184a6a856f32288ea14cd1a82d4dff0cf1a3c8538a09b80d206f5a

SHA512
d5ac656a6cec97df933e71722a3a16d722e307c36920b0c9d5c2712b3026f9b377220f1f116aece1f75e94603b45683d954487adff5d849724317d55b039d10c

Download Submit
C:\Windows\SysWOW64\Bmemac32.exe

Filesize
52KB

MD5
f5eb0a9ad7fa6fa54182761a317a1e2e

SHA1
29dfaded615b2eb27e2c5c6b8faad75657f64ea9

SHA256
5e6cb4ce17e3d3e0a3afbf94aa555dc349261bd590b9e9e61e3001c696db9f11

SHA512
59a9962b52c88fc7c25264c9ce04019ab2b41e4fcfc9ae014c8bcbb2082c6d7cca95731d37dfc7f25ceb4328c48ad423201dfdb151056d48cb79212da849e646

Download Submit
C:\Windows\SysWOW64\Bnmcjg32.exe

Filesize
52KB

MD5
293f19de359c8070bcf29f41da9ff3f3

SHA1
fc22f7fbe270bab9ab954e60c1c979e6bc23f030

SHA256
095b42cd68c27ac78f32d28a3ba90e0f590df0fe4a66c13d8f94d6362c63f847

SHA512
f1dc79291eb62cd45fe7ab597fda00210e5c318e7e08268096a000207f420c29b06a912b18ab1860ed3ead74bf6542338ea00bb3e2fdedc07c70e66ff78497c3

Download Submit
C:\Windows\SysWOW64\Bopgjmhe.exe

Filesize
52KB

MD5
a505e7267124ded23ee9d05d8a20e090

SHA1
601df0a2d192b35fcfd0805af737d1c80611edd3

SHA256
8715f4305fa9682c4f638f9942fa61a30a368c9373a2253be4ccda24d8ae6f2e

SHA512
8467ee487a5f3987ee1e24f3d85da57ac903d7be26ff3246e7753733117328c1416aabdae1d2c5c859a088ef47aa57ad26e67c71c89f33a55553e1354904a41b

Download Submit
C:\Windows\SysWOW64\Cacmah32.exe

Filesize
52KB

MD5
fb9846395b14b8feee968dda360acb65

SHA1
9ed784c3e6a3acb7812140e370a734800a8ece22

SHA256
4c979d356318dc12c5cdc7475ac43a1cb348e65f25f38d1c5c015088a78493e4

SHA512
84f7fbfa2f55fb1c2d00555679daba8cc2a455de6e26a456920f0c016941be0c880c6231327ec5543b3ae5ad051a49f97ecae4f33daf475630a4967dafc22656

Download Submit
C:\Windows\SysWOW64\Cdabcm32.exe

Filesize
52KB

MD5
6c62098ab80de7940e1bb6dae8fcebb9

SHA1
864f405632508b5d94ade110fb82929f3154b197

SHA256
6ee4ff90fddd76a6256a96c6254f663cf8d56c6abcf7989d2885a43b0d906fa0

SHA512
eaac1bdd148d7fe3431f72ad3df68174f63c2cc25d401bbe5ae25a8a3f11ca7c7461163f2539bafebe1aeaecc2a298a58888f550081a7e45b6b09f6a317f69a2

Download Submit
C:\Windows\SysWOW64\Cddecc32.exe

Filesize
52KB

MD5
71a06e2a610c0504ad490b8d17996d33

SHA1
168590b6f0fc77470d83767f61d58f09c154017f

SHA256
a1731d314fb5c30628cac8779b1267fe2e17d250876a6981a9bd456498a5d9eb

SHA512
7e6e441bfc7a63f1e09193d91124220c018bb8f0331d3f957ab15f17d838350cc185bd92c49f7ffc086280cec4e14ec8eb95b9d39f8a97e3032f2aa360159dc1

Download Submit
C:\Windows\SysWOW64\Chjaol32.exe

Filesize
52KB

MD5
e7d039354ff4db57154e76117af5764a

SHA1
0bc4bf16b37c36550e57c98076aadd11fc957935

SHA256
31bdb01ddaadd7508633a160ae7eda748b66331b3a5bf17a8cfe3a77ffc26006

SHA512
48f1ae6559ab669c9dad8dc5b688f0f3b59cba38b1e5cb296b502717d9d1df162fad1e9e8f8e1ba67b99ab6a6f48d3cd7569e119bac1c626b3a6cb93d6e14e8c

Download Submit
C:\Windows\SysWOW64\Cjpckf32.exe

Filesize
52KB

MD5
7687dce71b840829c1a8e881c115f905

SHA1
2d2ef5c2c7bb4c7d6a6b1136d6abdf0be188cbd5

SHA256
deddec1f3d73cb3ed96af7500c4d87bde776f0e9b34953f10b2e6d54f3cec601

SHA512
d8c938b242e4e2dccaa2f6e194b5319c319da782aec2c7c5072826dd29de5cf1b3a8c1608d65cf0c630503c506bfb751e6a85242cbeb7b9dd22850c0823c9955

Download Submit
C:\Windows\SysWOW64\Ckcgkldl.exe

Filesize
52KB

MD5
9697bba2759430a5a510b7b13c5368bf

SHA1
d16942eab41f037dca1427754a8532d5646c35d7

SHA256
9458436a6f6e4dcf3eb015ddd5149f46e7f4474c5626094f37f20183324ef25c

SHA512
0483699de564c9fb6a9bcfde73811be59088e2d82990606806a449d041db585f298e1fab9a9a4fe4f751bf717330bc412556546338a032eaa0ee597713738090

Download Submit
C:\Windows\SysWOW64\Cliaoq32.exe

Filesize
52KB

MD5
c8966bedaf883adeae221229f7acfd9f

SHA1
0eaa9a50bc1f53a4129e5d6cd2851e92f0a7b2c9

SHA256
5bb1b68051f0fea66f24f5e283bb0f540cc9c146511eb8407344458ae2b6d76a

SHA512
02516fb0c48386a8874662622c38c46871bd2cf827c9785e83e49f5f4b2ace39af91c8c5fb1decadb73d6efaf7ac7e68fc46813427053ef504f2325ed6ee6e67

Download Submit
C:\Windows\SysWOW64\Cmlcbbcj.exe

Filesize
52KB

MD5
1a2c66dc7d076863a101d6db9343e4d6

SHA1
349b21bc39e1bad406f0739d65794fa869d9ad16

SHA256
04e9d51a81df0e2ebe099653675d51c89a3e92f8f3b46f33e7f8d74020ef1177

SHA512
5068878d584b9e1cf19837ea755b3970e27af549e1e288e3a4b7a526183d9bf2c54d738e0593b0a7a65f862c8e87ca44f5ba9bed8eb644016226cc3806dc10b5

Download Submit
C:\Windows\SysWOW64\Cnnlaehj.exe

Filesize
52KB

MD5
cc3b5651de1483ef563e96b624cca281

SHA1
e521e31a2d7f8c86f4ad8442902915ec915b2614

SHA256
80860520c355803777ea6dda9deeb340ba677f95d20713ec30d20b998dccb618

SHA512
9097eacf6934b74701095213bcdb4dee035945f779ef79a20dde3d453bdcb730d8646707bdfe8396acee6d17131a1f3062f8caa229a6c6584b0e411500e1f9ac

Download Submit
C:\Windows\SysWOW64\Colffknh.exe

Filesize
52KB

MD5
74f9b01e7ae68ffd5b2f0d7ed6d858b6

SHA1
207f88232a6a925ddb5b3d34c9226ae5304cad86

SHA256
d764c248433d60b5ed19836dd382313d219e96deb4f5ae169d6cfb0dba8853dc

SHA512
5e640a6b2a1a06643cf5e1471131dc54d5cf923c1166f64a87afbdd7a5a51c339db3e15bf20a87e9a24b51aba68673f607766efd2e1fea01a231ee513182b885

Download Submit
C:\Windows\SysWOW64\Dhmgki32.exe

Filesize
52KB

MD5
b33da2c04bc9a18be46bf3328daa7cff

SHA1
c78e553531415b4f9cb4935b906dfcca398467bd

SHA256
0324b47709550628fa06bee3fba367dc8b036ec325cf71a79e70fa5a5e56fc4b

SHA512
f4ba4009f77437c215de63bc026ad52b3611ffed6eb4d97d32a5d00f2edaa20211686326bd448e59ad97e69e95806a0ae8d33ac909012651ce84cc5f94b437ef

Download Submit
C:\Windows\SysWOW64\Dlgmpogj.exe

Filesize
52KB

MD5
1935ad8774f731e60f62128a5f6a4917

SHA1
1a51ced760ac1d86cf01d495aaa5f70473c1d333

SHA256
4f34768f5851ea692390dad6cf77ec3f6f12dcaf123745290ac0cde12a973145

SHA512
a079c79caa50bbb8b036266f2c4dcc6825234282c708c68ffd5d67ff834749d1476ae95dffa1f27f2e23176d8cadd991f42f861243a31b62757405e2b1e6dff7

Download Submit
C:\Windows\SysWOW64\Dobfld32.exe

Filesize
52KB

MD5
0bd72ce577ea7dd62f5fd8f62c9eda26

SHA1
ec72f204c900175afa9028c197223a4d79a1a9d5

SHA256
63614214ac4def995cbd1fe1e5c30865e1ed61bdf9e8e237e097d809a09500af

SHA512
4dbdfa68c0e9f482b94392635b58f188aa2999410c1e8a464fcfcb752c2442dae3be2b1f800f4cc78a99cde01596bd3dc7c79b34f13a919bd4bd59c11bef548e

Download Submit
C:\Windows\SysWOW64\Fdegandp.exe

Filesize
52KB

MD5
88aa3b963b73106a98bc3b290595a3cf

SHA1
fcb483123f3723b0db690f70d8ec14a3173c3222

SHA256
143042c389a1ddb542f92096271d48bf9b32f6ea223daef8359a59a39617c0ec

SHA512
e2a501a2628a4c6a02543d2ab4fe69dc1753c375ef52925e8418859d39942b160cd48c348f9d2bc8d16f7b07d97b82fd265ef891242f09cba609099546d36cc8

Download Submit
C:\Windows\SysWOW64\Fljcmlfd.exe

Filesize
52KB

MD5
4050daf82dc6c8141cef890e2815e6b5

SHA1
05daad90323b40e1e0ae812e055e555d0bcaa1ee

SHA256
090f7112fdbba2b18e7c22891041732e83f868b1da5ec89de2c70d71ec5faea5

SHA512
4329558189716e4d40388a625652a1aa37fc15b5dd3ae434a0e6530085e939c30edbdeaf0f4937e864d1ee7b6085ec77a090c087f015fc22e4f9d4a4872fd271

Download Submit
C:\Windows\SysWOW64\Gfgjgo32.exe

Filesize
52KB

MD5
2a78e0912d70527c862ef1cf76ab706d

SHA1
6607273349333c401e15b49c21a6d4915c1b16d6

SHA256
e4ac3d8215b83d016f709a2ab8cebdf8c8f110bfd5718015fe05ed8d342486c0

SHA512
fa5b1eb900c3a1acf893a20284d87a9769291ed9e1c30c80e4a110e5836f07bbafb8ecb14e549cdd3e8c9fe97f3313f11827118f394a113bb6c70def30606481

Download Submit
C:\Windows\SysWOW64\Hkdbpe32.exe

Filesize
52KB

MD5
86461402391c41d706b7a462a62decec

SHA1
2ed29a0af6f466c4af3c661173b4405f6d659a60

SHA256
0505420f740e7545d7749131ac7eff0fd841e739807f1ec9331dc6f07d1088cd

SHA512
a5b52640026f13254b1927c195ce8cdb42a2f8439baf83dc32366829b314bd1930cc73d79c99953cd7288a462c954f503059f692d503307afcea3462781e463e

Download Submit
C:\Windows\SysWOW64\Immapg32.exe

Filesize
52KB

MD5
a773f72684acfe8146e3fcd0e93c7c1f

SHA1
cfd5d2b9f5ddb255aa24e4b7de20ed8e626c0509

SHA256
5bf0b9e3ddbc80cf0ba40df64718761ccfe3d363a34a1a928d688ecf23bb31f8

SHA512
6c047aa74ec73292fbe22b434050416983b1b5700b8e59a185eb70b4c9bdb2cb9848a67523b7017d0f7cd208138985566c0d3391552722f0b1baf4aa1fa82330

Download Submit
C:\Windows\SysWOW64\Jpppnp32.exe

Filesize
52KB

MD5
7bf4e8e50282814a4c7114d13b8f7c76

SHA1
d79fbcf363be7a8e160e40cacd7cd0606fd83285

SHA256
3ee5e98493b1d80f1d11838b35d644aae4f7c0d98e6e07b129f6ae8a913ab96f

SHA512
87a15b830f89ecb0a32afeca07680830eeb2f5dfd256f571edde9c36f74887ecb8de06b565531c3e628ba3ae559a3ae1c16bd76e12544b28a29368ba1ad623fb

Download Submit
C:\Windows\SysWOW64\Kefkme32.exe

Filesize
52KB

MD5
882b8b50042b0f1207d90469429070a1

SHA1
3814ecf9c656857fe380319bab6e1a7b44908de7

SHA256
d1e33118f15964d34e040bb4338eaa2ca78c4abee6ff35acf87734435db4e1ce

SHA512
13e640b6b68119f7542eb1ff358650ea76b8cfc4f286eb8c8748a6744994bacac3cd6a7ba5f767f9f9d430e2bfd3355ade42272fee5143f2ce5190deded1f7c1

Download Submit
C:\Windows\SysWOW64\Kpeiioac.exe

Filesize
52KB

MD5
c48f3b530340b7e79858f29cd6473e62

SHA1
8b748839186651fc2c7f3cbed181a46390b3aabb

SHA256
dd5286be70af96a29b9eea4014116527d4fe4fb7bdc0a9b0607e8f36c023e64a

SHA512
10220cbd1bdd638eff82a5f2ba058c7549c04dbd2813fb5b6f1c56f42fdb5b31011495d371c6276de75d85f1a65ad8a0a947431045c6882f74db8bc5b3c228ce

Download Submit
C:\Windows\SysWOW64\Lebkhc32.exe

Filesize
52KB

MD5
a35197ebbb6316589d059bd7a459822e

SHA1
346b0c9e0bee837de5fccaf2548f654fad12e0d2

SHA256
c8eaefe29a8c09628955ccdb5c337a0df5fc54957d9d348d429435b9e515bc00

SHA512
2c2d3415b5afcb0eb428ccede5a5c2f879645bbb2cf7be2e4ab2def0dd0094b6286ac58ad0c4cbe395e4d0c5f4a3b41bc1eeee4d021839d6b4ec7e58d553f97d

Download Submit
C:\Windows\SysWOW64\Lmppcbjd.exe

Filesize
52KB

MD5
e0e9e3e0f3e6f791ecf79209c03fc8dd

SHA1
c02c2025895ea19ae82edd5167f1100fb3150b06

SHA256
2e5e91d03ee72282dc2a493c610b0fe4665a8eadd3f96841d2b6b0757f84b5db

SHA512
304811b8ff830e289bde22224482c348648788aac03d244fc70230a847ae8772e4e1d405d04a5c7b56bae8a7b98bf4624f912750269d01d69ef3b2caf217aa0e

Download Submit
C:\Windows\SysWOW64\Mdehlk32.exe

Filesize
52KB

MD5
ff04d93416627db2727071376029c9b8

SHA1
c4601d738a6bef86f7b1782f9b9da2880bea5d5e

SHA256
db03c7855d54c9a75011ecb030fac192f1d262bc11d1c21c66465e79c16374bb

SHA512
ff245c409ec983ce7fcc15d72352c088da465f9b85ce39be1e91c356ede488a837d7d0185a02f95fafedc86d8345d9524efeda3b27c558294ac116ea47bc84be

Download Submit
C:\Windows\SysWOW64\Nepgjaeg.exe

Filesize
52KB

MD5
f71b0f5831a8cef14f0dfcb1cf7bf576

SHA1
a1bfa393088a0e7d1f30473e81afe03f2e00c769

SHA256
6bc2b6ea75340d74a78df20bfc1c4cbb865b3348f2286eae76424e7efae20006

SHA512
1f66a53790b0a03539b620d7a2f0bf2d21be2776c4d2b71279473c7fce6a949d629b52a6f47fda98d6b517708124e768e2ac642d536da87a73a52eb0bcf5d836

Download Submit
C:\Windows\SysWOW64\Nlaegk32.exe

Filesize
52KB

MD5
be575470a668d20f07ce6484edd4f8cd

SHA1
63fd23debe3a1522d3a1f7b860cf81d0ceee68c9

SHA256
c9a0d98c5e21eb7a3ee82d462c156a009daaca66019fc12e284511599eb6379a

SHA512
cad959d9b85fd2aecd2a5cbcfb53fff62f5569b13d8aa7e04501886f17b4e77ef550a4ecfc751b63a10a563b3903ee42eddaacd0a64439982850bc1d82a53827

Download Submit
C:\Windows\SysWOW64\Onhhamgg.exe

Filesize
52KB

MD5
717c9f458553ee3b91a97b4903360da6

SHA1
8c39d54f77674108214c230a0c47dc42c5c777a8

SHA256
83f4c218bdcda0044ddf85e97aab7dafa27ad3113b9852df6e5973fdacab45f7

SHA512
161ae791ca645554bef2380ce7b590abb8c0ebcc773714cad290650311d480732d592b34f36ba45afcc951320694c74f0b5d97a4854e94f2dac610a1df8c2381

Download Submit
C:\Windows\SysWOW64\Oponmilc.exe

Filesize
52KB

MD5
7fb2a5c03c32497c152a460de56df26a

SHA1
dd3216547ee2e316075686fa22aca503a5efc8db

SHA256
6efb623c23a424f33281c7af2b25f059bd8cd61de3ae802743f9a9bfff99dbe4

SHA512
0ab373e2722668b2cc1909691b7d13d3cf4899ddf22a5aaf8ff38fec29d17302f3d7b1fe0b268895da537a425bfb3cb20d95c385d557ba6751feb677e4c0afb0

Download Submit
C:\Windows\SysWOW64\Paegjl32.exe

Filesize
52KB

MD5
f046e8ac275f9afb4b7391f2185f44fa

SHA1
71fb60dc19813c1575bfea323196281556e8a1aa

SHA256
8a3b41365dd8cd8bb78b3c2fb75685c8ee8b752c80930f945f113cbcd27437ba

SHA512
6c139f01a2398a6fcf97693a3aa86ddff887eca6025ba1293419f3e8428fd74c9d8148e63810b6e04d942caf7288aba7fb9dc1af28c28afd1b065e3369f852c3

Download Submit
C:\Windows\SysWOW64\Pagdol32.exe

Filesize
52KB

MD5
62c1366426419329157661f8e46bb232

SHA1
d4305fc12bab2a3a3dcfad37499c0cc5b1067158

SHA256
aa9d2812edf36eb51f4c064bff6a550c1ae28c6b9acf6e118b1700e6b2334472

SHA512
397190b121b14d049b1eb0cb2a1978d78a8e9f8877e8a25f1d617e17ebf65bfa1ccbfcac986c6826aa508e86fd2406a5f9b45a682eb64fd97fecb952491afc00

Download Submit
C:\Windows\SysWOW64\Pcccfh32.exe

Filesize
52KB

MD5
3881e8e37f38c35f113f2c6276ecf378

SHA1
fb21c1e331f45573231e9b0a28024bd401de5d7a

SHA256
e05a60e70d2ee895bdd19d2d8c08f7fae2191e13c6f8ae03b7ed249ccfa30ceb

SHA512
3ba46f2554c68d761f690a65afbefabd30705f6e92289cf4f90e9b71ad7feb8ee90d86aa14ce9bf6ff665f366668b50477b96ebe5af0415b1c0807d14b85d965

Download Submit
C:\Windows\SysWOW64\Pjjhbl32.exe

Filesize
52KB

MD5
d658ce631909cb3ba832e41b337fd153

SHA1
3cd4007c3826dfc2f67e3abe53c199c29341c0d9

SHA256
3ca58932c4ce0f093888984fc4d2285272a857ffa77f27962c2c1b48964f7c45

SHA512
be09ff304291090209c32a4f1e7728fe731e8e17143b93bd365b60ec9cc6f4f703c3eb3944bf98b62dd9e77f42fa14a892c2042a386bd97e2fde2e49f957c11b

Download Submit
C:\Windows\SysWOW64\Pmannhhj.exe

Filesize
52KB

MD5
0837acc597f508c18fa70a118f14243f

SHA1
4409910de6273075b075283b97c2766531fa290e

SHA256
4bf1194290906fc8459e826fc21eb73a9741a243940165379db3ffb6931e2df8

SHA512
724179a991848bf5ac68254b80d3e788365f5a6de74a2c40f287ba45cda6d77895e4f883f6bcc9837bce12936b290630adb47d245258a481df9158b241619311

Download Submit
C:\Windows\SysWOW64\Pnihcq32.exe

Filesize
52KB

MD5
c5615759f82ffc76ea4465b8736080da

SHA1
2984e94c64450f9185f39d87945f4a5067060f0c

SHA256
297a7f2260421741452c4b34e2affaada811f0a8ccbcfe636ba7c1489d221103

SHA512
47514974fd97e8633d9ddbc7943ad1916559d1b901d7ec29a495a20b714c29569841cdfef7512cd97e71dfa38780b9fc58e73bc1ea4a53b5d7645236c93c69b0

Download Submit
C:\Windows\SysWOW64\Pqbdjfln.exe

Filesize
52KB

MD5
5a617c5fd61d3e5679de763818db4926

SHA1
ca1462a6d7babe2bb9c065241ab3d8883dffb707

SHA256
08087727e766ef3a2bc16fed20219c917eba9fa0cff203cade1c8cebb28f06f5

SHA512
7843fe8fb94a99211dba2e5a689a3df8454e5ee149c9367aa484c45097604624db255d1dc8ce5b5459eadcb00ccf3ea0acca897e3ba43a685ec92c2444a2f079

Download Submit
C:\Windows\SysWOW64\Qalnjkgo.exe

Filesize
52KB

MD5
4e71b8150b6b028f7ca17e20d033bda0

SHA1
76b3ad44f4cc77dbdac364efe3c2c6f670db87ae

SHA256
bd3f0fc5c1081d2d7ce2b8e8551a5a924a754fd17e08550547da2c4dc08623bc

SHA512
17c11419104d9e99058cede674cdadd05ecbdb388676c1a12eb19c5a5c8b5df0f752ac995784a099440601c1906d06afe20cd38dd6d8c977ad9c3b8352595af8

Download Submit
C:\Windows\SysWOW64\Qbgqio32.exe

Filesize
52KB

MD5
785eb5dea7fdb66d5f18cc8e6cc27bfc

SHA1
c47368ec2c8b4c976bfee22bacbbf6aad1c5f4dd

SHA256
3fda84542690b952c0387c19ffc869017640227743a1f1b0ae0e394d4f3f15da

SHA512
0f782d43f66e5744dbd9fd1702eb00fb46a2b7fc97366acd1346ee17069a1c12fa9a8aa5bd1f3d09b0b301859f3c92c129bd2f2ba1dfb64abc63e67a62cf796c

Download Submit
C:\Windows\SysWOW64\Qeemej32.exe

Filesize
52KB

MD5
bb7afa3e100e98400dbc9467be801f9b

SHA1
dd5a4fc00f02ec866b65c9b04e34c047200fdf05

SHA256
db81b5b3f5c2084a134270a5b4dd8fab9a0a0ed065cfaaed496a8723ae283a2e

SHA512
7b54828d27af5df41e4c0fd1b5aaa28c90f3e86fb2625f9106757054bc46f0b70c43ffc5673ba0198f02461c8bab6dfdade3febb615056160e315fc63198c687

Download Submit
C:\Windows\SysWOW64\Qjpiha32.exe

Filesize
52KB

MD5
29ebe38ccb982368a76b42f6c78cc5ab

SHA1
fb94c64ec39b384cd9d5e8cc3b06be09db80c553

SHA256
6fe5247f7af3c81d2167393c9fadfdd28b924f24cd723ee5170d75e8ad127537

SHA512
e34e5900b9e6bd6ac70507c9ef56734f6e273576bffe67c461fb59f2912f1cc0a03802bde74bfefe68b9a65765d49534dafd3e37fdd875a2d34d0eac9fbac69b

Download Submit
C:\Windows\SysWOW64\Qloebdig.exe

Filesize
52KB

MD5
8806c0a37a21dc9ae1005f5678f2f516

SHA1
d4b5773f1dc2abfdde8392a2fa729aad67266207

SHA256
c675d7c0b328c7a18b492180c5a8a4fc4b7dba4e0b68518f2ec219f28c16d0c9

SHA512
988df00d73df797cc4f190ab2343ac46a8c567a032dfec8232bf150b66851664aa6f5ea0cb3537a8b52a9f47ea1811c6b2d06af0cf357accec2a2e9162e49d7f

Download Submit
C:\Windows\SysWOW64\Qmmnjfnl.exe

Filesize
52KB

MD5
2f95980ce2d1549d5999eece78171e29

SHA1
ee3523d3b336f9eb536e556f8ca2eaa59bb9335b

SHA256
276ff4f1e790479956a5fa9786c77f021c3288f9f634f39acb07d06308b9c941

SHA512
0246001e5447766e423a476b956b8dd775cfeb5d359a4d187f8be9a263222db2e7a3be3195458071a875739c3657d9f3aa379efbaed260bdaee9a1b0dd7ab402

Download Submit
memory/208-16-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/208-98-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/336-214-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/336-298-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/428-213-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/428-126-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/624-268-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/624-340-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/672-52-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/820-160-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/820-72-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/896-106-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/896-23-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1056-117-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1056-204-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1240-178-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1240-90-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1280-108-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1280-196-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1388-161-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1388-250-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1428-89-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1428-11-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1576-251-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1576-326-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1760-396-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1760-327-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1880-404-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1884-143-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1884-232-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1940-366-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1968-224-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1968-305-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2104-389-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2104-320-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2180-284-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2180-197-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2196-306-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2196-379-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2412-411-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2764-150-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2764-64-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2976-359-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3056-387-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3144-354-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3144-285-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3212-352-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3324-368-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3324-299-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3356-397-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3496-423-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3712-313-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3712-386-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3748-267-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3748-179-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3752-205-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3752-291-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3868-365-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3868-292-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3912-169-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3912-81-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3940-141-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3940-60-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4036-434-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4048-99-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4048-186-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4088-369-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4144-276-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4144-187-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4248-241-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4248-151-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4252-381-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4268-312-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4268-233-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4284-125-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4284-44-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4440-222-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4440-138-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4528-242-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4528-319-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4588-417-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4668-258-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4668-174-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4820-351-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4820-277-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4880-115-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4880-32-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4924-260-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4924-333-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4936-80-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4936-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4948-390-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5012-341-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5012-410-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5044-334-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5044-403-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads