0daafd01fe17d9f9b6d295478b9ad25f3046b1cf692ba48cf93e992ad94fd273

Analysis

max time kernel
130s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 14:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

120e2a5976fccdaab7a8ab2cd4c3d7c7.exe
Size

194KB
MD5

120e2a5976fccdaab7a8ab2cd4c3d7c7
SHA1

dd7b1cc0b68a936eedaa41ccc37a3d07aed59c48
SHA256

0daafd01fe17d9f9b6d295478b9ad25f3046b1cf692ba48cf93e992ad94fd273
SHA512

af1a19f012c2155033724eb063d145e0ff9e28d94e7c7ed2b9d562948025630cec1aff043bd5d0f0ae9d86a34c7cb901e08a017546b2ae48ecac5ba4a7f64e3c
SSDEEP

3072:cnC3gFErrdSfUNRbCeR0pN03xWlJ7mlOD6pN03:cn4RrrdSfUNRbCeKpNYxWlJ7mkD6pNY

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Gododflk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Mipcob32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Pqmjog32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Qdbiedpa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Qfcfml32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Eemnjbaj.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hkdbpe32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ncdgcf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Njefqo32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qfcfml32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qgcbgo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ghlcnk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ocegdjij.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Fhemmlhc.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ojaelm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ngcgcjnc.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dddojq32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Eoaihhlp.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Eleiam32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Fkopnh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ipnjab32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Njefqo32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pflplnlg.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ncnadk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cmqmma32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bnhjohkb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Aanjpk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cbgbgj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mcpnhfhf.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qceiaa32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Qgcbgo32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Acjclpcf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Mpolqa32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cdiooblp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ecmeig32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fakdpb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Hfifmnij.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Hoiafcic.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Immapg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Nngokoej.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cojjqlpk.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pncgmkmj.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bobcpmfc.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fdegandp.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fcfhof32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ghlcnk32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hflcbngh.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qnnanphk.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ogogoi32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Peimil32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Qecppkdm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Eepjpb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Mcmabg32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nnjlpo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Neeqea32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Lcdegnep.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Iikhfg32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Anfmjhmd.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cdkldb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Chpada32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Eepjpb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Oncofm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bnbmefbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Mjqjih32.exe

Executes dropped EXE 64 IoCs

pid	Process
216	Lkgdml32.exe
1068	Laalifad.exe
3188	Laciofpa.exe
4572	Lcdegnep.exe
372	Lnjjdgee.exe
3016	Mjqjih32.exe
1236	Mahbje32.exe
1780	Mnocof32.exe
4788	Mkbchk32.exe
4092	Mpolqa32.exe
812	Maohkd32.exe
1172	Mglack32.exe
452	Maaepd32.exe
1988	Mcbahlip.exe
4156	Nqfbaq32.exe
1484	Ngpjnkpf.exe
1688	Ngcgcjnc.exe
1244	Nnmopdep.exe
2636	Ndghmo32.exe
4884	Ncldnkae.exe
4784	Njfmke32.exe
1736	Ncnadk32.exe
4492	Okeieh32.exe
4040	Ocqnij32.exe
5092	Obangb32.exe
3492	Ogogoi32.exe
2240	Ojmcld32.exe
3136	Ocegdjij.exe
2928	Onklabip.exe
1344	Ogcpjhoq.exe
2760	Ojalgcnd.exe
228	Odgqdlnj.exe
4632	Pnpemb32.exe
4512	Peimil32.exe
1028	Pjffbc32.exe
4336	Peljol32.exe
3052	Pgjfkg32.exe
4912	Pjhbgb32.exe
2288	Pcagphom.exe
384	Pjkombfj.exe
2044	Paegjl32.exe
3596	Pkjlge32.exe
4644	Pbddcoei.exe
2792	Qecppkdm.exe
4880	Qkmhlekj.exe
2284	Qnkdhpjn.exe
2804	Qgciaf32.exe
880	Qnnanphk.exe
1624	Agffge32.exe
4360	Anpncp32.exe
4188	Aanjpk32.exe
916	Acmflf32.exe
3584	Anbkio32.exe
4624	Aaqgek32.exe
3316	Ajiknpjj.exe
1984	Aacckjaf.exe
4468	Adapgfqj.exe
3740	Abbpem32.exe
4004	Aealah32.exe
3692	Abemjmgg.exe
2316	Bdfibe32.exe
4296	Blmacb32.exe
3120	Beeflhdh.exe
5028	Bjbndobo.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Nnbnoffm.dll	Jmpgldhg.exe
File created	C:\Windows\SysWOW64\Mlcifmbl.exe	Mmpijp32.exe
File opened for modification	C:\Windows\SysWOW64\Odgqdlnj.exe	Ojalgcnd.exe
File created	C:\Windows\SysWOW64\Gdeahgnm.dll	Ajfhnjhq.exe
File opened for modification	C:\Windows\SysWOW64\Pflplnlg.exe	Pdkcde32.exe
File created	C:\Windows\SysWOW64\Mgbpghdn.dll	Aepefb32.exe
File opened for modification	C:\Windows\SysWOW64\Eofbch32.exe	Elgfgl32.exe
File created	C:\Windows\SysWOW64\Fljcmlfd.exe	Edbklofb.exe
File created	C:\Windows\SysWOW64\Fdnjgmle.exe	Fcmnpe32.exe
File created	C:\Windows\SysWOW64\Fllifblf.dll	Jcbihpel.exe
File created	C:\Windows\SysWOW64\Nkbjac32.dll	Kpjcdn32.exe
File created	C:\Windows\SysWOW64\Dlddhggk.dll	Ndghmo32.exe
File created	C:\Windows\SysWOW64\Gmoeoidl.exe	Gdhmnlcj.exe
File opened for modification	C:\Windows\SysWOW64\Hijooifk.exe	Hflcbngh.exe
File created	C:\Windows\SysWOW64\Ogibpb32.dll	Lgmngglp.exe
File opened for modification	C:\Windows\SysWOW64\Eoaihhlp.exe	Ekemhj32.exe
File created	C:\Windows\SysWOW64\Clhkicgk.dll	Gofkje32.exe
File created	C:\Windows\SysWOW64\Oncofm32.exe	Oponmilc.exe
File opened for modification	C:\Windows\SysWOW64\Fomhdg32.exe	Flnlhk32.exe
File created	C:\Windows\SysWOW64\Pldhcm32.dll	Iefioj32.exe
File opened for modification	C:\Windows\SysWOW64\Kebbafoj.exe	Klimip32.exe
File opened for modification	C:\Windows\SysWOW64\Pgllfp32.exe	Pdmpje32.exe
File created	C:\Windows\SysWOW64\Papbpdoi.dll	Qfcfml32.exe
File created	C:\Windows\SysWOW64\Eaacilcc.dll	Qecppkdm.exe
File created	C:\Windows\SysWOW64\Mhciec32.dll	Ckpjfm32.exe
File opened for modification	C:\Windows\SysWOW64\Ocdqjceo.exe	Onhhamgg.exe
File opened for modification	C:\Windows\SysWOW64\Pqmjog32.exe	Pnonbk32.exe
File created	C:\Windows\SysWOW64\Jmhale32.exe	Jeaikh32.exe
File opened for modification	C:\Windows\SysWOW64\Ofqpqo32.exe	Ognpebpj.exe
File opened for modification	C:\Windows\SysWOW64\Pfhfan32.exe	Pgefeajb.exe
File created	C:\Windows\SysWOW64\Anpncp32.exe	Agffge32.exe
File created	C:\Windows\SysWOW64\Kiljkifg.dll	Mlcifmbl.exe
File created	C:\Windows\SysWOW64\Jbaqqh32.dll	Ocpgod32.exe
File opened for modification	C:\Windows\SysWOW64\Pgefeajb.exe	Pdfjifjo.exe
File created	C:\Windows\SysWOW64\Pgllfp32.exe	Pdmpje32.exe
File created	C:\Windows\SysWOW64\Kqoieqhe.dll	Ekemhj32.exe
File created	C:\Windows\SysWOW64\Qoecnk32.dll	Kiidgeki.exe
File created	C:\Windows\SysWOW64\Pgjfkg32.exe	Peljol32.exe
File created	C:\Windows\SysWOW64\Jcpfco32.dll	Doqpak32.exe
File opened for modification	C:\Windows\SysWOW64\Gmlhii32.exe	Gbgdlq32.exe
File created	C:\Windows\SysWOW64\Gdhmnlcj.exe	Gbiaapdf.exe
File created	C:\Windows\SysWOW64\Gmcfdb32.dll	Danecp32.exe
File created	C:\Windows\SysWOW64\Iaekmb32.dll	Dlgmpogj.exe
File created	C:\Windows\SysWOW64\Fkmchi32.exe	Fljcmlfd.exe
File opened for modification	C:\Windows\SysWOW64\Mdjagjco.exe	Mlcifmbl.exe
File opened for modification	C:\Windows\SysWOW64\Kedoge32.exe	Kbfbkj32.exe
File opened for modification	C:\Windows\SysWOW64\Odocigqg.exe	Ocpgod32.exe
File created	C:\Windows\SysWOW64\Bqbodd32.dll	Qnjnnj32.exe
File created	C:\Windows\SysWOW64\Laqpgflj.dll	Qqijje32.exe
File created	C:\Windows\SysWOW64\Lppbjjia.dll	Lnjjdgee.exe
File opened for modification	C:\Windows\SysWOW64\Ocegdjij.exe	Ojmcld32.exe
File created	C:\Windows\SysWOW64\Cdiooblp.exe	Cbgbgj32.exe
File created	C:\Windows\SysWOW64\Hecmijim.exe	Hkkhqd32.exe
File opened for modification	C:\Windows\SysWOW64\Qfcfml32.exe	Qceiaa32.exe
File created	C:\Windows\SysWOW64\Mmpijp32.exe	Meiaib32.exe
File opened for modification	C:\Windows\SysWOW64\Cmqmma32.exe	Cajlhqjp.exe
File created	C:\Windows\SysWOW64\Apignbdf.dll	Fdnjgmle.exe
File opened for modification	C:\Windows\SysWOW64\Ncbknfed.exe	Npcoakfp.exe
File created	C:\Windows\SysWOW64\Dmcibama.exe	Cmqmma32.exe
File created	C:\Windows\SysWOW64\Qdchadai.dll	Bjdkjo32.exe
File created	C:\Windows\SysWOW64\Aaqfok32.dll	Icnpmp32.exe
File created	C:\Windows\SysWOW64\Jcbihpel.exe	Jmhale32.exe
File created	C:\Windows\SysWOW64\Npcoakfp.exe	Menjdbgj.exe
File created	C:\Windows\SysWOW64\Mmcdaagm.dll	Oddmdf32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
8280	7908	WerFault.exe	399

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Acmflf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Hkdbpe32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Lejfpelg.dll"	Hckjacjg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ehedfo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qkkdmeko.dll"	Flnlhk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ajgblabf.dll"	Hijooifk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Jeaikh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Bfabnjjp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Njfmke32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Daolnf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Hoiafcic.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Pgllfp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Kmfjodai.dll"	Cmqmma32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Dmcibama.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bebboiqi.dll"	Mglack32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Cojjqlpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Onhhamgg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Agjhgngj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Mcbahlip.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ddbbeade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dbnamnpl.dll"	Pggbkagp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Eaklidoi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Fomhdg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Iledokkp.dll"	Iejcji32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Lcdegnep.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Hflcbngh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Lmdina32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Pqbdjfln.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Qgcbgo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Pnpemb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hnigkegh.dll"	Chpada32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Himldi32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qgppolie.dll"	Ojaelm32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Aeklkchg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Faihkbci.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Fckajehi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Hodgkc32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Kpjcdn32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mchqfb32.dll"	Mdjagjco.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ghngib32.dll"	Pjeoglgc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ddpeoafg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Qnnanphk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dlgmpogj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ncbknfed.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gbmgladp.dll"	Nebdoa32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hmcjlfqa.dll"	Ampkof32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ffcnippo.dll"	Aeklkchg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Delnin32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Mnocof32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Bbifelba.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Iefioj32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Mmnldp32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Nnmopdep.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qdchadai.dll"	Bjdkjo32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Gmjlcj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Enlqgg32.dll"	Hmjdjgjo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Onklabip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jbgkimpf.dll"	Dldpkoil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ihidlk32.dll"	Bnkgeg32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ogcpjhoq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Nngndc32.dll"	Gbiaapdf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Hkkhqd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ffhoqj32.dll"	Kebbafoj.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Njciko32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 216	4352	120e2a5976fccdaab7a8ab2cd4c3d7c7.exe	83
PID 4352 wrote to memory of 216	4352	120e2a5976fccdaab7a8ab2cd4c3d7c7.exe	83
PID 4352 wrote to memory of 216	4352	120e2a5976fccdaab7a8ab2cd4c3d7c7.exe	83
PID 216 wrote to memory of 1068	216	Lkgdml32.exe	84
PID 216 wrote to memory of 1068	216	Lkgdml32.exe	84
PID 216 wrote to memory of 1068	216	Lkgdml32.exe	84
PID 1068 wrote to memory of 3188	1068	Laalifad.exe	85
PID 1068 wrote to memory of 3188	1068	Laalifad.exe	85
PID 1068 wrote to memory of 3188	1068	Laalifad.exe	85
PID 3188 wrote to memory of 4572	3188	Laciofpa.exe	86
PID 3188 wrote to memory of 4572	3188	Laciofpa.exe	86
PID 3188 wrote to memory of 4572	3188	Laciofpa.exe	86
PID 4572 wrote to memory of 372	4572	Lcdegnep.exe	87
PID 4572 wrote to memory of 372	4572	Lcdegnep.exe	87
PID 4572 wrote to memory of 372	4572	Lcdegnep.exe	87
PID 372 wrote to memory of 3016	372	Lnjjdgee.exe	88
PID 372 wrote to memory of 3016	372	Lnjjdgee.exe	88
PID 372 wrote to memory of 3016	372	Lnjjdgee.exe	88
PID 3016 wrote to memory of 1236	3016	Mjqjih32.exe	89
PID 3016 wrote to memory of 1236	3016	Mjqjih32.exe	89
PID 3016 wrote to memory of 1236	3016	Mjqjih32.exe	89
PID 1236 wrote to memory of 1780	1236	Mahbje32.exe	90
PID 1236 wrote to memory of 1780	1236	Mahbje32.exe	90
PID 1236 wrote to memory of 1780	1236	Mahbje32.exe	90
PID 1780 wrote to memory of 4788	1780	Mnocof32.exe	91
PID 1780 wrote to memory of 4788	1780	Mnocof32.exe	91
PID 1780 wrote to memory of 4788	1780	Mnocof32.exe	91
PID 4788 wrote to memory of 4092	4788	Mkbchk32.exe	92
PID 4788 wrote to memory of 4092	4788	Mkbchk32.exe	92
PID 4788 wrote to memory of 4092	4788	Mkbchk32.exe	92
PID 4092 wrote to memory of 812	4092	Mpolqa32.exe	93
PID 4092 wrote to memory of 812	4092	Mpolqa32.exe	93
PID 4092 wrote to memory of 812	4092	Mpolqa32.exe	93
PID 812 wrote to memory of 1172	812	Maohkd32.exe	94
PID 812 wrote to memory of 1172	812	Maohkd32.exe	94
PID 812 wrote to memory of 1172	812	Maohkd32.exe	94
PID 1172 wrote to memory of 452	1172	Mglack32.exe	95
PID 1172 wrote to memory of 452	1172	Mglack32.exe	95
PID 1172 wrote to memory of 452	1172	Mglack32.exe	95
PID 452 wrote to memory of 1988	452	Maaepd32.exe	96
PID 452 wrote to memory of 1988	452	Maaepd32.exe	96
PID 452 wrote to memory of 1988	452	Maaepd32.exe	96
PID 1988 wrote to memory of 4156	1988	Mcbahlip.exe	98
PID 1988 wrote to memory of 4156	1988	Mcbahlip.exe	98
PID 1988 wrote to memory of 4156	1988	Mcbahlip.exe	98
PID 4156 wrote to memory of 1484	4156	Nqfbaq32.exe	99
PID 4156 wrote to memory of 1484	4156	Nqfbaq32.exe	99
PID 4156 wrote to memory of 1484	4156	Nqfbaq32.exe	99
PID 1484 wrote to memory of 1688	1484	Ngpjnkpf.exe	100
PID 1484 wrote to memory of 1688	1484	Ngpjnkpf.exe	100
PID 1484 wrote to memory of 1688	1484	Ngpjnkpf.exe	100
PID 1688 wrote to memory of 1244	1688	Ngcgcjnc.exe	102
PID 1688 wrote to memory of 1244	1688	Ngcgcjnc.exe	102
PID 1688 wrote to memory of 1244	1688	Ngcgcjnc.exe	102
PID 1244 wrote to memory of 2636	1244	Nnmopdep.exe	103
PID 1244 wrote to memory of 2636	1244	Nnmopdep.exe	103
PID 1244 wrote to memory of 2636	1244	Nnmopdep.exe	103
PID 2636 wrote to memory of 4884	2636	Ndghmo32.exe	104
PID 2636 wrote to memory of 4884	2636	Ndghmo32.exe	104
PID 2636 wrote to memory of 4884	2636	Ndghmo32.exe	104
PID 4884 wrote to memory of 4784	4884	Ncldnkae.exe	106
PID 4884 wrote to memory of 4784	4884	Ncldnkae.exe	106
PID 4884 wrote to memory of 4784	4884	Ncldnkae.exe	106
PID 4784 wrote to memory of 1736	4784	Njfmke32.exe	107

C:\Users\Admin\AppData\Local\Temp\120e2a5976fccdaab7a8ab2cd4c3d7c7.exe
"C:\Users\Admin\AppData\Local\Temp\120e2a5976fccdaab7a8ab2cd4c3d7c7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Windows\SysWOW64\Lkgdml32.exe
  C:\Windows\system32\Lkgdml32.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:216
- - C:\Windows\SysWOW64\Laalifad.exe
    C:\Windows\system32\Laalifad.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1068
  - - C:\Windows\SysWOW64\Laciofpa.exe
      C:\Windows\system32\Laciofpa.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:3188
    - - C:\Windows\SysWOW64\Lcdegnep.exe
        
        C:\Windows\system32\Lcdegnep.exe
        5⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4572
      - C:\Windows\SysWOW64\Lnjjdgee.exe
        
        C:\Windows\system32\Lnjjdgee.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:372
        
        C:\Windows\SysWOW64\Mjqjih32.exe
        
        C:\Windows\system32\Mjqjih32.exe
        7⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3016
        
        C:\Windows\SysWOW64\Mahbje32.exe
        
        C:\Windows\system32\Mahbje32.exe
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1236
        
        C:\Windows\SysWOW64\Mnocof32.exe
        
        C:\Windows\system32\Mnocof32.exe
        9⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1780
        
        C:\Windows\SysWOW64\Mkbchk32.exe
        
        C:\Windows\system32\Mkbchk32.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4788
        
        C:\Windows\SysWOW64\Mpolqa32.exe
        
        C:\Windows\system32\Mpolqa32.exe
        11⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4092
        
        C:\Windows\SysWOW64\Maohkd32.exe
        
        C:\Windows\system32\Maohkd32.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:812
        
        C:\Windows\SysWOW64\Mglack32.exe
        
        C:\Windows\system32\Mglack32.exe
        13⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1172
        
        C:\Windows\SysWOW64\Maaepd32.exe
        
        C:\Windows\system32\Maaepd32.exe
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:452
        
        C:\Windows\SysWOW64\Mcbahlip.exe
        
        C:\Windows\system32\Mcbahlip.exe
        15⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1988
        
        C:\Windows\SysWOW64\Nqfbaq32.exe
        
        C:\Windows\system32\Nqfbaq32.exe
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4156
        
        C:\Windows\SysWOW64\Ngpjnkpf.exe
        
        C:\Windows\system32\Ngpjnkpf.exe
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1484
        
        C:\Windows\SysWOW64\Ngcgcjnc.exe
        
        C:\Windows\system32\Ngcgcjnc.exe
        18⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1688
        
        C:\Windows\SysWOW64\Nnmopdep.exe
        
        C:\Windows\system32\Nnmopdep.exe
        19⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1244
        
        C:\Windows\SysWOW64\Ndghmo32.exe
        
        C:\Windows\system32\Ndghmo32.exe
        20⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2636
        
        C:\Windows\SysWOW64\Ncldnkae.exe
        
        C:\Windows\system32\Ncldnkae.exe
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4884
        
        C:\Windows\SysWOW64\Njfmke32.exe
        
        C:\Windows\system32\Njfmke32.exe
        22⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4784
        
        C:\Windows\SysWOW64\Ncnadk32.exe
        
        C:\Windows\system32\Ncnadk32.exe
        23⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:1736
        
        C:\Windows\SysWOW64\Okeieh32.exe
        
        C:\Windows\system32\Okeieh32.exe
        24⤵
        Executes dropped EXE
        
        PID:4492
        
        C:\Windows\SysWOW64\Ocqnij32.exe
        
        C:\Windows\system32\Ocqnij32.exe
        25⤵
        Executes dropped EXE
        
        PID:4040
        
        C:\Windows\SysWOW64\Obangb32.exe
        
        C:\Windows\system32\Obangb32.exe
        26⤵
        Executes dropped EXE
        
        PID:5092
        
        C:\Windows\SysWOW64\Ogogoi32.exe
        
        C:\Windows\system32\Ogogoi32.exe
        27⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3492
        
        C:\Windows\SysWOW64\Ojmcld32.exe
        
        C:\Windows\system32\Ojmcld32.exe
        28⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2240
        
        C:\Windows\SysWOW64\Ocegdjij.exe
        
        C:\Windows\system32\Ocegdjij.exe
        29⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:3136
        
        C:\Windows\SysWOW64\Onklabip.exe
        
        C:\Windows\system32\Onklabip.exe
        30⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2928
        
        C:\Windows\SysWOW64\Ogcpjhoq.exe
        
        C:\Windows\system32\Ogcpjhoq.exe
        31⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1344
        
        C:\Windows\SysWOW64\Ojalgcnd.exe
        
        C:\Windows\system32\Ojalgcnd.exe
        32⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2760
        
        C:\Windows\SysWOW64\Odgqdlnj.exe
        
        C:\Windows\system32\Odgqdlnj.exe
        33⤵
        Executes dropped EXE
        
        PID:228
        
        C:\Windows\SysWOW64\Pnpemb32.exe
        
        C:\Windows\system32\Pnpemb32.exe
        34⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4632
        
        C:\Windows\SysWOW64\Peimil32.exe
        
        C:\Windows\system32\Peimil32.exe
        35⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4512
        
        C:\Windows\SysWOW64\Pjffbc32.exe
        
        C:\Windows\system32\Pjffbc32.exe
        36⤵
        Executes dropped EXE
        
        PID:1028
        
        C:\Windows\SysWOW64\Peljol32.exe
        
        C:\Windows\system32\Peljol32.exe
        37⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4336
        
        C:\Windows\SysWOW64\Pgjfkg32.exe
        
        C:\Windows\system32\Pgjfkg32.exe
        38⤵
        Executes dropped EXE
        
        PID:3052
        
        C:\Windows\SysWOW64\Pjhbgb32.exe
        
        C:\Windows\system32\Pjhbgb32.exe
        39⤵
        Executes dropped EXE
        
        PID:4912
        
        C:\Windows\SysWOW64\Pcagphom.exe
        
        C:\Windows\system32\Pcagphom.exe
        40⤵
        Executes dropped EXE
        
        PID:2288
        
        C:\Windows\SysWOW64\Pjkombfj.exe
        
        C:\Windows\system32\Pjkombfj.exe
        41⤵
        Executes dropped EXE
        
        PID:384
        
        C:\Windows\SysWOW64\Paegjl32.exe
        
        C:\Windows\system32\Paegjl32.exe
        42⤵
        Executes dropped EXE
        
        PID:2044
        
        C:\Windows\SysWOW64\Pkjlge32.exe
        
        C:\Windows\system32\Pkjlge32.exe
        43⤵
        Executes dropped EXE
        
        PID:3596
        
        C:\Windows\SysWOW64\Pbddcoei.exe
        
        C:\Windows\system32\Pbddcoei.exe
        44⤵
        Executes dropped EXE
        
        PID:4644
        
        C:\Windows\SysWOW64\Qecppkdm.exe
        
        C:\Windows\system32\Qecppkdm.exe
        45⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2792
        
        C:\Windows\SysWOW64\Qkmhlekj.exe
        
        C:\Windows\system32\Qkmhlekj.exe
        46⤵
        Executes dropped EXE
        
        PID:4880
        
        C:\Windows\SysWOW64\Qnkdhpjn.exe
        
        C:\Windows\system32\Qnkdhpjn.exe
        47⤵
        Executes dropped EXE
        
        PID:2284
        
        C:\Windows\SysWOW64\Qgciaf32.exe
        
        C:\Windows\system32\Qgciaf32.exe
        48⤵
        Executes dropped EXE
        
        PID:2804
        
        C:\Windows\SysWOW64\Qnnanphk.exe
        
        C:\Windows\system32\Qnnanphk.exe
        49⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:880
        
        C:\Windows\SysWOW64\Agffge32.exe
        
        C:\Windows\system32\Agffge32.exe
        50⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1624
        
        C:\Windows\SysWOW64\Anpncp32.exe
        
        C:\Windows\system32\Anpncp32.exe
        51⤵
        Executes dropped EXE
        
        PID:4360
        
        C:\Windows\SysWOW64\Aanjpk32.exe
        
        C:\Windows\system32\Aanjpk32.exe
        52⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4188
        
        C:\Windows\SysWOW64\Acmflf32.exe
        
        C:\Windows\system32\Acmflf32.exe
        53⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:916
        
        C:\Windows\SysWOW64\Anbkio32.exe
        
        C:\Windows\system32\Anbkio32.exe
        54⤵
        Executes dropped EXE
        
        PID:3584
        
        C:\Windows\SysWOW64\Aaqgek32.exe
        
        C:\Windows\system32\Aaqgek32.exe
        55⤵
        Executes dropped EXE
        
        PID:4624
        
        C:\Windows\SysWOW64\Ajiknpjj.exe
        
        C:\Windows\system32\Ajiknpjj.exe
        56⤵
        Executes dropped EXE
        
        PID:3316
        
        C:\Windows\SysWOW64\Aacckjaf.exe
        
        C:\Windows\system32\Aacckjaf.exe
        57⤵
        Executes dropped EXE
        
        PID:1984
        
        C:\Windows\SysWOW64\Adapgfqj.exe
        
        C:\Windows\system32\Adapgfqj.exe
        58⤵
        Executes dropped EXE
        
        PID:4468
        
        C:\Windows\SysWOW64\Abbpem32.exe
        
        C:\Windows\system32\Abbpem32.exe
        59⤵
        Executes dropped EXE
        
        PID:3740
        
        C:\Windows\SysWOW64\Aealah32.exe
        
        C:\Windows\system32\Aealah32.exe
        60⤵
        Executes dropped EXE
        
        PID:4004
        
        C:\Windows\SysWOW64\Abemjmgg.exe
        
        C:\Windows\system32\Abemjmgg.exe
        61⤵
        Executes dropped EXE
        
        PID:3692
        
        C:\Windows\SysWOW64\Bdfibe32.exe
        
        C:\Windows\system32\Bdfibe32.exe
        62⤵
        Executes dropped EXE
        
        PID:2316
        
        C:\Windows\SysWOW64\Blmacb32.exe
        
        C:\Windows\system32\Blmacb32.exe
        63⤵
        Executes dropped EXE
        
        PID:4296
        
        C:\Windows\SysWOW64\Beeflhdh.exe
        
        C:\Windows\system32\Beeflhdh.exe
        64⤵
        Executes dropped EXE
        
        PID:3120
        
        C:\Windows\SysWOW64\Bjbndobo.exe
        
        C:\Windows\system32\Bjbndobo.exe
        65⤵
        Executes dropped EXE
        
        PID:5028
        
        C:\Windows\SysWOW64\Bbifelba.exe
        
        C:\Windows\system32\Bbifelba.exe
        66⤵
        Modifies registry class
        
        PID:864
        
        C:\Windows\SysWOW64\Bjdkjo32.exe
        
        C:\Windows\system32\Bjdkjo32.exe
        67⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1944
        
        C:\Windows\SysWOW64\Bblckl32.exe
        
        C:\Windows\system32\Bblckl32.exe
        68⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\Baocghgi.exe
        
        C:\Windows\system32\Baocghgi.exe
        69⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\Bobcpmfc.exe
        
        C:\Windows\system32\Bobcpmfc.exe
        70⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2672
        
        C:\Windows\SysWOW64\Bemlmgnp.exe
        
        C:\Windows\system32\Bemlmgnp.exe
        71⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\Bhkhibmc.exe
        
        C:\Windows\system32\Bhkhibmc.exe
        72⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\Cbqlfkmi.exe
        
        C:\Windows\system32\Cbqlfkmi.exe
        73⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\Chmeobkq.exe
        
        C:\Windows\system32\Chmeobkq.exe
        74⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\Cklaknjd.exe
        
        C:\Windows\system32\Cklaknjd.exe
        75⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\Cafigg32.exe
        
        C:\Windows\system32\Cafigg32.exe
        76⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\Chpada32.exe
        
        C:\Windows\system32\Chpada32.exe
        77⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:3652
        
        C:\Windows\SysWOW64\Cojjqlpk.exe
        
        C:\Windows\system32\Cojjqlpk.exe
        78⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:3116
        
        C:\Windows\SysWOW64\Cahfmgoo.exe
        
        C:\Windows\system32\Cahfmgoo.exe
        79⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\Chbnia32.exe
        
        C:\Windows\system32\Chbnia32.exe
        80⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\Ckpjfm32.exe
        
        C:\Windows\system32\Ckpjfm32.exe
        81⤵
        Drops file in System32 directory
        
        PID:3520
        
        C:\Windows\SysWOW64\Cbgbgj32.exe
        
        C:\Windows\system32\Cbgbgj32.exe
        82⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:4044
        
        C:\Windows\SysWOW64\Cdiooblp.exe
        
        C:\Windows\system32\Cdiooblp.exe
        83⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:3536
        
        C:\Windows\SysWOW64\Cbjoljdo.exe
        
        C:\Windows\system32\Cbjoljdo.exe
        84⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\Cdkldb32.exe
        
        C:\Windows\system32\Cdkldb32.exe
        85⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5164
        
        C:\Windows\SysWOW64\Clbceo32.exe
        
        C:\Windows\system32\Clbceo32.exe
        86⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\Doqpak32.exe
        
        C:\Windows\system32\Doqpak32.exe
        87⤵
        Drops file in System32 directory
        
        PID:5248
        
        C:\Windows\SysWOW64\Daolnf32.exe
        
        C:\Windows\system32\Daolnf32.exe
        88⤵
        Modifies registry class
        
        PID:5292
        
        C:\Windows\SysWOW64\Dldpkoil.exe
        
        C:\Windows\system32\Dldpkoil.exe
        89⤵
        Modifies registry class
        
        PID:5344
        
        C:\Windows\SysWOW64\Dboigi32.exe
        
        C:\Windows\system32\Dboigi32.exe
        90⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\Ddpeoafg.exe
        
        C:\Windows\system32\Ddpeoafg.exe
        91⤵
        Modifies registry class
        
        PID:5440
        
        C:\Windows\SysWOW64\Dlgmpogj.exe
        
        C:\Windows\system32\Dlgmpogj.exe
        92⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5484
        
        C:\Windows\SysWOW64\Ddbbeade.exe
        
        C:\Windows\system32\Ddbbeade.exe
        93⤵
        Modifies registry class
        
        PID:5528
        
        C:\Windows\SysWOW64\Dafbne32.exe
        
        C:\Windows\system32\Dafbne32.exe
        94⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\Dddojq32.exe
        
        C:\Windows\system32\Dddojq32.exe
        95⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5616
        
        C:\Windows\SysWOW64\Dedkdcie.exe
        
        C:\Windows\system32\Dedkdcie.exe
        96⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\Dhbgqohi.exe
        
        C:\Windows\system32\Dhbgqohi.exe
        97⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\Eaklidoi.exe
        
        C:\Windows\system32\Eaklidoi.exe
        98⤵
        Modifies registry class
        
        PID:5744
        
        C:\Windows\SysWOW64\Ehedfo32.exe
        
        C:\Windows\system32\Ehedfo32.exe
        99⤵
        Modifies registry class
        
        PID:5792
        
        C:\Windows\SysWOW64\Eamhodmf.exe
        
        C:\Windows\system32\Eamhodmf.exe
        100⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\Eeidoc32.exe
        
        C:\Windows\system32\Eeidoc32.exe
        101⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\Ehgqln32.exe
        
        C:\Windows\system32\Ehgqln32.exe
        102⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\Ekemhj32.exe
        
        C:\Windows\system32\Ekemhj32.exe
        103⤵
        Drops file in System32 directory
        
        PID:5952
        
        C:\Windows\SysWOW64\Eoaihhlp.exe
        
        C:\Windows\system32\Eoaihhlp.exe
        104⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5992
        
        C:\Windows\SysWOW64\Ecmeig32.exe
        
        C:\Windows\system32\Ecmeig32.exe
        105⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6040
        
        C:\Windows\SysWOW64\Ednaqo32.exe
        
        C:\Windows\system32\Ednaqo32.exe
        106⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\Eleiam32.exe
        
        C:\Windows\system32\Eleiam32.exe
        107⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6128
        
        C:\Windows\SysWOW64\Eemnjbaj.exe
        
        C:\Windows\system32\Eemnjbaj.exe
        108⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5152
        
        C:\Windows\SysWOW64\Elgfgl32.exe
        
        C:\Windows\system32\Elgfgl32.exe
        109⤵
        Drops file in System32 directory
        
        PID:5216
        
        C:\Windows\SysWOW64\Eofbch32.exe
        
        C:\Windows\system32\Eofbch32.exe
        110⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\Ecandfpd.exe
        
        C:\Windows\system32\Ecandfpd.exe
        111⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\Eepjpb32.exe
        
        C:\Windows\system32\Eepjpb32.exe
        112⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5432
        
        C:\Windows\SysWOW64\Edbklofb.exe
        
        C:\Windows\system32\Edbklofb.exe
        113⤵
        Drops file in System32 directory
        
        PID:5492
        
        C:\Windows\SysWOW64\Fljcmlfd.exe
        
        C:\Windows\system32\Fljcmlfd.exe
        114⤵
        Drops file in System32 directory
        
        PID:5560
        
        C:\Windows\SysWOW64\Fkmchi32.exe
        
        C:\Windows\system32\Fkmchi32.exe
        115⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\Fcckif32.exe
        
        C:\Windows\system32\Fcckif32.exe
        116⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\Febgea32.exe
        
        C:\Windows\system32\Febgea32.exe
        117⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\Fdegandp.exe
        
        C:\Windows\system32\Fdegandp.exe
        118⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5816
        
        C:\Windows\SysWOW64\Fllpbldb.exe
        
        C:\Windows\system32\Fllpbldb.exe
        119⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\Fkopnh32.exe
        
        C:\Windows\system32\Fkopnh32.exe
        120⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5944
        
        C:\Windows\SysWOW64\Fcfhof32.exe
        
        C:\Windows\system32\Fcfhof32.exe
        121⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6012
        
        C:\Windows\SysWOW64\Faihkbci.exe
        
        C:\Windows\system32\Faihkbci.exe
        122⤵
        Modifies registry class
        
        PID:6108
        
        C:\Windows\SysWOW64\Ffddka32.exe
        
        C:\Windows\system32\Ffddka32.exe
        123⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\Fhcpgmjf.exe
        
        C:\Windows\system32\Fhcpgmjf.exe
        124⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\Flnlhk32.exe
        
        C:\Windows\system32\Flnlhk32.exe
        125⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5352
        
        C:\Windows\SysWOW64\Fomhdg32.exe
        
        C:\Windows\system32\Fomhdg32.exe
        126⤵
        Modifies registry class
        
        PID:5408
        
        C:\Windows\SysWOW64\Fakdpb32.exe
        
        C:\Windows\system32\Fakdpb32.exe
        127⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5580
        
        C:\Windows\SysWOW64\Ffgqqaip.exe
        
        C:\Windows\system32\Ffgqqaip.exe
        128⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\Fhemmlhc.exe
        
        C:\Windows\system32\Fhemmlhc.exe
        129⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5776
        
        C:\Windows\SysWOW64\Fkciihgg.exe
        
        C:\Windows\system32\Fkciihgg.exe
        130⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\Fckajehi.exe
        
        C:\Windows\system32\Fckajehi.exe
        131⤵
        Modifies registry class
        
        PID:6024
        
        C:\Windows\SysWOW64\Fdlnbm32.exe
        
        C:\Windows\system32\Fdlnbm32.exe
        132⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\Fcmnpe32.exe
        
        C:\Windows\system32\Fcmnpe32.exe
        133⤵
        Drops file in System32 directory
        
        PID:5180
        
        C:\Windows\SysWOW64\Fdnjgmle.exe
        
        C:\Windows\system32\Fdnjgmle.exe
        134⤵
        Drops file in System32 directory
        
        PID:5360
        
        C:\Windows\SysWOW64\Fhjfhl32.exe
        
        C:\Windows\system32\Fhjfhl32.exe
        135⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\Gododflk.exe
        
        C:\Windows\system32\Gododflk.exe
        136⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5784
        
        C:\Windows\SysWOW64\Gbbkaako.exe
        
        C:\Windows\system32\Gbbkaako.exe
        137⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\Gfngap32.exe
        
        C:\Windows\system32\Gfngap32.exe
        138⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\Ghlcnk32.exe
        
        C:\Windows\system32\Ghlcnk32.exe
        139⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5480
        
        C:\Windows\SysWOW64\Gofkje32.exe
        
        C:\Windows\system32\Gofkje32.exe
        140⤵
        Drops file in System32 directory
        
        PID:5668
        
        C:\Windows\SysWOW64\Gmjlcj32.exe
        
        C:\Windows\system32\Gmjlcj32.exe
        141⤵
        Modifies registry class
        
        PID:6016
        
        C:\Windows\SysWOW64\Gohhpe32.exe
        
        C:\Windows\system32\Gohhpe32.exe
        142⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\Gbgdlq32.exe
        
        C:\Windows\system32\Gbgdlq32.exe
        143⤵
        Drops file in System32 directory
        
        PID:5756
        
        C:\Windows\SysWOW64\Gmlhii32.exe
        
        C:\Windows\system32\Gmlhii32.exe
        144⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\Gbiaapdf.exe
        
        C:\Windows\system32\Gbiaapdf.exe
        145⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5860
        
        C:\Windows\SysWOW64\Gdhmnlcj.exe
        
        C:\Windows\system32\Gdhmnlcj.exe
        146⤵
        Drops file in System32 directory
        
        PID:4952
        
        C:\Windows\SysWOW64\Gmoeoidl.exe
        
        C:\Windows\system32\Gmoeoidl.exe
        147⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\Gomakdcp.exe
        
        C:\Windows\system32\Gomakdcp.exe
        148⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\Hiefcj32.exe
        
        C:\Windows\system32\Hiefcj32.exe
        149⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\Hkdbpe32.exe
        
        C:\Windows\system32\Hkdbpe32.exe
        150⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6304
        
        C:\Windows\SysWOW64\Hckjacjg.exe
        
        C:\Windows\system32\Hckjacjg.exe
        151⤵
        Modifies registry class
        
        PID:6344
        
        C:\Windows\SysWOW64\Hfifmnij.exe
        
        C:\Windows\system32\Hfifmnij.exe
        152⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6388
        
        C:\Windows\SysWOW64\Hkfoeega.exe
        
        C:\Windows\system32\Hkfoeega.exe
        153⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\Hcmgfbhd.exe
        
        C:\Windows\system32\Hcmgfbhd.exe
        154⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\Hflcbngh.exe
        
        C:\Windows\system32\Hflcbngh.exe
        155⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:6540
        
        C:\Windows\SysWOW64\Hijooifk.exe
        
        C:\Windows\system32\Hijooifk.exe
        156⤵
        Modifies registry class
        
        PID:6596
        
        C:\Windows\SysWOW64\Hodgkc32.exe
        
        C:\Windows\system32\Hodgkc32.exe
        157⤵
        Modifies registry class
        
        PID:6648
        
        C:\Windows\SysWOW64\Himldi32.exe
        
        C:\Windows\system32\Himldi32.exe
        158⤵
        Modifies registry class
        
        PID:6692
        
        C:\Windows\SysWOW64\Hkkhqd32.exe
        
        C:\Windows\system32\Hkkhqd32.exe
        159⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6736
        
        C:\Windows\SysWOW64\Hecmijim.exe
        
        C:\Windows\system32\Hecmijim.exe
        160⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\Hmjdjgjo.exe
        
        C:\Windows\system32\Hmjdjgjo.exe
        161⤵
        Modifies registry class
        
        PID:6824
        
        C:\Windows\SysWOW64\Hoiafcic.exe
        
        C:\Windows\system32\Hoiafcic.exe
        162⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6860
        
        C:\Windows\SysWOW64\Hbgmcnhf.exe
        
        C:\Windows\system32\Hbgmcnhf.exe
        163⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\Iefioj32.exe
        
        C:\Windows\system32\Iefioj32.exe
        164⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6932
        
        C:\Windows\SysWOW64\Immapg32.exe
        
        C:\Windows\system32\Immapg32.exe
        165⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6968
        
        C:\Windows\SysWOW64\Ipknlb32.exe
        
        C:\Windows\system32\Ipknlb32.exe
        166⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\Ipnjab32.exe
        
        C:\Windows\system32\Ipnjab32.exe
        167⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7048
        
        C:\Windows\SysWOW64\Iejcji32.exe
        
        C:\Windows\system32\Iejcji32.exe
        168⤵
        Modifies registry class
        
        PID:7088
        
        C:\Windows\SysWOW64\Ickchq32.exe
        
        C:\Windows\system32\Ickchq32.exe
        169⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\Iihkpg32.exe
        
        C:\Windows\system32\Iihkpg32.exe
        170⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\Icnpmp32.exe
        
        C:\Windows\system32\Icnpmp32.exe
        171⤵
        Drops file in System32 directory
        
        PID:6192
        
        C:\Windows\SysWOW64\Iikhfg32.exe
        
        C:\Windows\system32\Iikhfg32.exe
        172⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6248
        
        C:\Windows\SysWOW64\Jeaikh32.exe
        
        C:\Windows\system32\Jeaikh32.exe
        173⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6324
        
        C:\Windows\SysWOW64\Jmhale32.exe
        
        C:\Windows\system32\Jmhale32.exe
        174⤵
        Drops file in System32 directory
        
        PID:6380
        
        C:\Windows\SysWOW64\Jcbihpel.exe
        
        C:\Windows\system32\Jcbihpel.exe
        175⤵
        Drops file in System32 directory
        
        PID:6440
        
        C:\Windows\SysWOW64\Jioaqfcc.exe
        
        C:\Windows\system32\Jioaqfcc.exe
        176⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\Jcefno32.exe
        
        C:\Windows\system32\Jcefno32.exe
        177⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\Jlpkba32.exe
        
        C:\Windows\system32\Jlpkba32.exe
        178⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\Jmpgldhg.exe
        
        C:\Windows\system32\Jmpgldhg.exe
        179⤵
        Drops file in System32 directory
        
        PID:6728
        
        C:\Windows\SysWOW64\Jeklag32.exe
        
        C:\Windows\system32\Jeklag32.exe
        180⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\Jpppnp32.exe
        
        C:\Windows\system32\Jpppnp32.exe
        181⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\Kfjhkjle.exe
        
        C:\Windows\system32\Kfjhkjle.exe
        182⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\Kiidgeki.exe
        
        C:\Windows\system32\Kiidgeki.exe
        183⤵
        Drops file in System32 directory
        
        PID:2272
        
        C:\Windows\SysWOW64\Kpbmco32.exe
        
        C:\Windows\system32\Kpbmco32.exe
        184⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\Klimip32.exe
        
        C:\Windows\system32\Klimip32.exe
        185⤵
        Drops file in System32 directory
        
        PID:7004
        
        C:\Windows\SysWOW64\Kebbafoj.exe
        
        C:\Windows\system32\Kebbafoj.exe
        186⤵
        Modifies registry class
        
        PID:7072
        
        C:\Windows\SysWOW64\Kmijbcpl.exe
        
        C:\Windows\system32\Kmijbcpl.exe
        187⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\Kpgfooop.exe
        
        C:\Windows\system32\Kpgfooop.exe
        188⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\Kbfbkj32.exe
        
        C:\Windows\system32\Kbfbkj32.exe
        189⤵
        Drops file in System32 directory
        
        PID:6312
        
        C:\Windows\SysWOW64\Kedoge32.exe
        
        C:\Windows\system32\Kedoge32.exe
        190⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\Kpjcdn32.exe
        
        C:\Windows\system32\Kpjcdn32.exe
        191⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6536
        
        C:\Windows\SysWOW64\Kbhoqj32.exe
        
        C:\Windows\system32\Kbhoqj32.exe
        192⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\Kdgljmcd.exe
        
        C:\Windows\system32\Kdgljmcd.exe
        193⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\Lbmhlihl.exe
        
        C:\Windows\system32\Lbmhlihl.exe
        194⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\Ligqhc32.exe
        
        C:\Windows\system32\Ligqhc32.exe
        195⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\Llemdo32.exe
        
        C:\Windows\system32\Llemdo32.exe
        196⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\Lmdina32.exe
        
        C:\Windows\system32\Lmdina32.exe
        197⤵
        Modifies registry class
        
        PID:7120
        
        C:\Windows\SysWOW64\Lgmngglp.exe
        
        C:\Windows\system32\Lgmngglp.exe
        198⤵
        Drops file in System32 directory
        
        PID:6300
        
        C:\Windows\SysWOW64\Lljfpnjg.exe
        
        C:\Windows\system32\Lljfpnjg.exe
        199⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\Ldanqkki.exe
        
        C:\Windows\system32\Ldanqkki.exe
        200⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\Lmiciaaj.exe
        
        C:\Windows\system32\Lmiciaaj.exe
        201⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\Mbfkbhpa.exe
        
        C:\Windows\system32\Mbfkbhpa.exe
        202⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\Medgncoe.exe
        
        C:\Windows\system32\Medgncoe.exe
        203⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\Mipcob32.exe
        
        C:\Windows\system32\Mipcob32.exe
        204⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6396
        
        C:\Windows\SysWOW64\Mlopkm32.exe
        
        C:\Windows\system32\Mlopkm32.exe
        205⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\Megdccmb.exe
        
        C:\Windows\system32\Megdccmb.exe
        206⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\Mmnldp32.exe
        
        C:\Windows\system32\Mmnldp32.exe
        207⤵
        Modifies registry class
        
        PID:6644
        
        C:\Windows\SysWOW64\Mlampmdo.exe
        
        C:\Windows\system32\Mlampmdo.exe
        208⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\Mdhdajea.exe
        
        C:\Windows\system32\Mdhdajea.exe
        209⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\Mckemg32.exe
        
        C:\Windows\system32\Mckemg32.exe
        210⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\Meiaib32.exe
        
        C:\Windows\system32\Meiaib32.exe
        211⤵
        Drops file in System32 directory
        
        PID:7272
        
        C:\Windows\SysWOW64\Mmpijp32.exe
        
        C:\Windows\system32\Mmpijp32.exe
        212⤵
        Drops file in System32 directory
        
        PID:7340
        
        C:\Windows\SysWOW64\Mlcifmbl.exe
        
        C:\Windows\system32\Mlcifmbl.exe
        213⤵
        Drops file in System32 directory
        
        PID:7392
        
        C:\Windows\SysWOW64\Mdjagjco.exe
        
        C:\Windows\system32\Mdjagjco.exe
        214⤵
        Modifies registry class
        
        PID:7436
        
        C:\Windows\SysWOW64\Mcmabg32.exe
        
        C:\Windows\system32\Mcmabg32.exe
        215⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7472
        
        C:\Windows\SysWOW64\Melnob32.exe
        
        C:\Windows\system32\Melnob32.exe
        216⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\Mmbfpp32.exe
        
        C:\Windows\system32\Mmbfpp32.exe
        217⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\Mpablkhc.exe
        
        C:\Windows\system32\Mpablkhc.exe
        218⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\Mcpnhfhf.exe
        
        C:\Windows\system32\Mcpnhfhf.exe
        219⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7644
        
        C:\Windows\SysWOW64\Menjdbgj.exe
        
        C:\Windows\system32\Menjdbgj.exe
        220⤵
        Drops file in System32 directory
        
        PID:7688
        
        C:\Windows\SysWOW64\Npcoakfp.exe
        
        C:\Windows\system32\Npcoakfp.exe
        221⤵
        Drops file in System32 directory
        
        PID:7728
        
        C:\Windows\SysWOW64\Ncbknfed.exe
        
        C:\Windows\system32\Ncbknfed.exe
        222⤵
        Modifies registry class
        
        PID:7772
        
        C:\Windows\SysWOW64\Nngokoej.exe
        
        C:\Windows\system32\Nngokoej.exe
        223⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7812
        
        C:\Windows\SysWOW64\Npfkgjdn.exe
        
        C:\Windows\system32\Npfkgjdn.exe
        224⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\Ncdgcf32.exe
        
        C:\Windows\system32\Ncdgcf32.exe
        225⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7884
        
        C:\Windows\SysWOW64\Nebdoa32.exe
        
        C:\Windows\system32\Nebdoa32.exe
        226⤵
        Modifies registry class
        
        PID:7924
        
        C:\Windows\SysWOW64\Nnjlpo32.exe
        
        C:\Windows\system32\Nnjlpo32.exe
        227⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7964
        
        C:\Windows\SysWOW64\Neeqea32.exe
        
        C:\Windows\system32\Neeqea32.exe
        228⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8012
        
        C:\Windows\SysWOW64\Npjebj32.exe
        
        C:\Windows\system32\Npjebj32.exe
        229⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\Ncianepl.exe
        
        C:\Windows\system32\Ncianepl.exe
        230⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\Njciko32.exe
        
        C:\Windows\system32\Njciko32.exe
        231⤵
        Modifies registry class
        
        PID:8144
        
        C:\Windows\SysWOW64\Npmagine.exe
        
        C:\Windows\system32\Npmagine.exe
        232⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\Njefqo32.exe
        
        C:\Windows\system32\Njefqo32.exe
        233⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7232
        
        C:\Windows\SysWOW64\Oponmilc.exe
        
        C:\Windows\system32\Oponmilc.exe
        234⤵
        Drops file in System32 directory
        
        PID:7376
        
        C:\Windows\SysWOW64\Oncofm32.exe
        
        C:\Windows\system32\Oncofm32.exe
        235⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7456
        
        C:\Windows\SysWOW64\Ocpgod32.exe
        
        C:\Windows\system32\Ocpgod32.exe
        236⤵
        Drops file in System32 directory
        
        PID:7544
        
        C:\Windows\SysWOW64\Odocigqg.exe
        
        C:\Windows\system32\Odocigqg.exe
        237⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\Ognpebpj.exe
        
        C:\Windows\system32\Ognpebpj.exe
        238⤵
        Drops file in System32 directory
        
        PID:7672
        
        C:\Windows\SysWOW64\Ofqpqo32.exe
        
        C:\Windows\system32\Ofqpqo32.exe
        239⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\Onhhamgg.exe
        
        C:\Windows\system32\Onhhamgg.exe
        240⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7820
        
        C:\Windows\SysWOW64\Ocdqjceo.exe
        
        C:\Windows\system32\Ocdqjceo.exe
        241⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\Ofcmfodb.exe
        
        C:\Windows\system32\Ofcmfodb.exe
        242⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\Olmeci32.exe
        
        C:\Windows\system32\Olmeci32.exe
        243⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\Oddmdf32.exe
        
        C:\Windows\system32\Oddmdf32.exe
        244⤵
        Drops file in System32 directory
        
        PID:8104
        
        C:\Windows\SysWOW64\Ofeilobp.exe
        
        C:\Windows\system32\Ofeilobp.exe
        245⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\Ojaelm32.exe
        
        C:\Windows\system32\Ojaelm32.exe
        246⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7172
        
        C:\Windows\SysWOW64\Pmoahijl.exe
        
        C:\Windows\system32\Pmoahijl.exe
        247⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\Pdfjifjo.exe
        
        C:\Windows\system32\Pdfjifjo.exe
        248⤵
        Drops file in System32 directory
        
        PID:7464
        
        C:\Windows\SysWOW64\Pgefeajb.exe
        
        C:\Windows\system32\Pgefeajb.exe
        249⤵
        Drops file in System32 directory
        
        PID:7556
        
        C:\Windows\SysWOW64\Pfhfan32.exe
        
        C:\Windows\system32\Pfhfan32.exe
        250⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\Pnonbk32.exe
        
        C:\Windows\system32\Pnonbk32.exe
        251⤵
        Drops file in System32 directory
        
        PID:7736
        
        C:\Windows\SysWOW64\Pqmjog32.exe
        
        C:\Windows\system32\Pqmjog32.exe
        252⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7880
        
        C:\Windows\SysWOW64\Pdifoehl.exe
        
        C:\Windows\system32\Pdifoehl.exe
        253⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\Pggbkagp.exe
        
        C:\Windows\system32\Pggbkagp.exe
        254⤵
        Modifies registry class
        
        PID:8044
        
        C:\Windows\SysWOW64\Pjeoglgc.exe
        
        C:\Windows\system32\Pjeoglgc.exe
        255⤵
        Modifies registry class
        
        PID:8124
        
        C:\Windows\SysWOW64\Pdkcde32.exe
        
        C:\Windows\system32\Pdkcde32.exe
        256⤵
        Drops file in System32 directory
        
        PID:7260
        
        C:\Windows\SysWOW64\Pflplnlg.exe
        
        C:\Windows\system32\Pflplnlg.exe
        257⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7568
        
        C:\Windows\SysWOW64\Pncgmkmj.exe
        
        C:\Windows\system32\Pncgmkmj.exe
        258⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7708
        
        C:\Windows\SysWOW64\Pqbdjfln.exe
        
        C:\Windows\system32\Pqbdjfln.exe
        259⤵
        Modifies registry class
        
        PID:7956
        
        C:\Windows\SysWOW64\Pdmpje32.exe
        
        C:\Windows\system32\Pdmpje32.exe
        260⤵
        Drops file in System32 directory
        
        PID:8116
        
        C:\Windows\SysWOW64\Pgllfp32.exe
        
        C:\Windows\system32\Pgllfp32.exe
        261⤵
        Modifies registry class
        
        PID:7608
        
        C:\Windows\SysWOW64\Pjjhbl32.exe
        
        C:\Windows\system32\Pjjhbl32.exe
        262⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\Pmidog32.exe
        
        C:\Windows\system32\Pmidog32.exe
        263⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\Pcbmka32.exe
        
        C:\Windows\system32\Pcbmka32.exe
        264⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\Pfaigm32.exe
        
        C:\Windows\system32\Pfaigm32.exe
        265⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\Pjmehkqk.exe
        
        C:\Windows\system32\Pjmehkqk.exe
        266⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\Qmkadgpo.exe
        
        C:\Windows\system32\Qmkadgpo.exe
        267⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\Qdbiedpa.exe
        
        C:\Windows\system32\Qdbiedpa.exe
        268⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8284
        
        C:\Windows\SysWOW64\Qceiaa32.exe
        
        C:\Windows\system32\Qceiaa32.exe
        269⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:8324
        
        C:\Windows\SysWOW64\Qfcfml32.exe
        
        C:\Windows\system32\Qfcfml32.exe
        270⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:8364
        
        C:\Windows\SysWOW64\Qnjnnj32.exe
        
        C:\Windows\system32\Qnjnnj32.exe
        271⤵
        Drops file in System32 directory
        
        PID:8400
        
        C:\Windows\SysWOW64\Qqijje32.exe
        
        C:\Windows\system32\Qqijje32.exe
        272⤵
        Drops file in System32 directory
        
        PID:8440
        
        C:\Windows\SysWOW64\Qgcbgo32.exe
        
        C:\Windows\system32\Qgcbgo32.exe
        273⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:8488
        
        C:\Windows\SysWOW64\Ampkof32.exe
        
        C:\Windows\system32\Ampkof32.exe
        274⤵
        Modifies registry class
        
        PID:8528
        
        C:\Windows\SysWOW64\Acjclpcf.exe
        
        C:\Windows\system32\Acjclpcf.exe
        275⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8568
        
        C:\Windows\SysWOW64\Anogiicl.exe
        
        C:\Windows\system32\Anogiicl.exe
        276⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\Aqncedbp.exe
        
        C:\Windows\system32\Aqncedbp.exe
        277⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\Ajfhnjhq.exe
        
        C:\Windows\system32\Ajfhnjhq.exe
        278⤵
        Drops file in System32 directory
        
        PID:8688
        
        C:\Windows\SysWOW64\Aeklkchg.exe
        
        C:\Windows\system32\Aeklkchg.exe
        279⤵
        Modifies registry class
        
        PID:8724
        
        C:\Windows\SysWOW64\Agjhgngj.exe
        
        C:\Windows\system32\Agjhgngj.exe
        280⤵
        Modifies registry class
        
        PID:8768
        
        C:\Windows\SysWOW64\Ajhddjfn.exe
        
        C:\Windows\system32\Ajhddjfn.exe
        281⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\Amgapeea.exe
        
        C:\Windows\system32\Amgapeea.exe
        282⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\Anfmjhmd.exe
        
        C:\Windows\system32\Anfmjhmd.exe
        283⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8892
        
        C:\Windows\SysWOW64\Aminee32.exe
        
        C:\Windows\system32\Aminee32.exe
        284⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\Aepefb32.exe
        
        C:\Windows\system32\Aepefb32.exe
        285⤵
        Drops file in System32 directory
        
        PID:8960
        
        C:\Windows\SysWOW64\Accfbokl.exe
        
        C:\Windows\system32\Accfbokl.exe
        286⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\Bfabnjjp.exe
        
        C:\Windows\system32\Bfabnjjp.exe
        287⤵
        Modifies registry class
        
        PID:9036
        
        C:\Windows\SysWOW64\Bnhjohkb.exe
        
        C:\Windows\system32\Bnhjohkb.exe
        288⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:9080
        
        C:\Windows\SysWOW64\Bmkjkd32.exe
        
        C:\Windows\system32\Bmkjkd32.exe
        289⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\Bebblb32.exe
        
        C:\Windows\system32\Bebblb32.exe
        290⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\Bganhm32.exe
        
        C:\Windows\system32\Bganhm32.exe
        291⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\Bfdodjhm.exe
        
        C:\Windows\system32\Bfdodjhm.exe
        292⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\Bnkgeg32.exe
        
        C:\Windows\system32\Bnkgeg32.exe
        293⤵
        Modifies registry class
        
        PID:8268
        
        C:\Windows\SysWOW64\Beeoaapl.exe
        
        C:\Windows\system32\Beeoaapl.exe
        294⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\Bffkij32.exe
        
        C:\Windows\system32\Bffkij32.exe
        295⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\Bgehcmmm.exe
        
        C:\Windows\system32\Bgehcmmm.exe
        296⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\Bnbmefbg.exe
        
        C:\Windows\system32\Bnbmefbg.exe
        297⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8504
        
        C:\Windows\SysWOW64\Cmgjgcgo.exe
        
        C:\Windows\system32\Cmgjgcgo.exe
        298⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\Cmiflbel.exe
        
        C:\Windows\system32\Cmiflbel.exe
        299⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\Ceckcp32.exe
        
        C:\Windows\system32\Ceckcp32.exe
        300⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\Cjpckf32.exe
        
        C:\Windows\system32\Cjpckf32.exe
        301⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\Cajlhqjp.exe
        
        C:\Windows\system32\Cajlhqjp.exe
        302⤵
        Drops file in System32 directory
        
        PID:8808
        
        C:\Windows\SysWOW64\Cmqmma32.exe
        
        C:\Windows\system32\Cmqmma32.exe
        303⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        Modifies registry class
        
        PID:8876
        
        C:\Windows\SysWOW64\Dmcibama.exe
        
        C:\Windows\system32\Dmcibama.exe
        304⤵
        Modifies registry class
        
        PID:8944
        
        C:\Windows\SysWOW64\Danecp32.exe
        
        C:\Windows\system32\Danecp32.exe
        305⤵
        Drops file in System32 directory
        
        PID:8996
        
        C:\Windows\SysWOW64\Delnin32.exe
        
        C:\Windows\system32\Delnin32.exe
        306⤵
        Modifies registry class
        
        PID:9072
        
        C:\Windows\SysWOW64\Deagdn32.exe
        
        C:\Windows\system32\Deagdn32.exe
        307⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\Dmllipeg.exe
        
        C:\Windows\system32\Dmllipeg.exe
        308⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 396
        309⤵
        Program crash
        
        PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 7908 -ip 7908
1⤵
PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Aacckjaf.exe

Filesize
194KB

MD5
7d8810479633d6eea311284d2e92d998

SHA1
b4d6bd1081f39181564f5fa7b055a9de531056bc

SHA256
46f2140d6cab318ed4ce80649e5172678bcd3dd38a7494f3a83f8ae86592f611

SHA512
d42660474afb3be812039af9932722d887df22d605de697ae971cdffa31297ee9f8dca6222b82791a9cb0f66d6af1bd0124cff019364b7862fa56e61ea7b17c4

Download Submit
C:\Windows\SysWOW64\Amgapeea.exe

Filesize
194KB

MD5
c7ed686355e5e98c16da93a3aee94d9b

SHA1
768f51834baf9b8b889ac74b839d90b405ea6868

SHA256
1ff058e81cb187f678c630a685cc2ecdb23c8888e6a493e505ea5d2cb09f3a76

SHA512
84d68f0d6be1398514b8d2da02b28f282c46f8c8ef9075ca16fcf83cc035a73d95f3a2b226e492ecec6ef419a25ce5a936b667d5c3deff34c7fe5929fb479fd5

Download Submit
C:\Windows\SysWOW64\Aminee32.exe

Filesize
194KB

MD5
56422965336309dd48d41293b670b379

SHA1
f6f2a42b665ce66900c1ea275c9da8e53363f342

SHA256
37403ff7fc38eb007b50a1032efd8e657881c4a99d5db477a5432e85b0f34dec

SHA512
33406ca63dfce690ec5bf249ad34a0ea80dd5a9f912c8330761472fda0b0646ad755efdca73f53deddc9ecb7743a7e5b0eda29f124e8f18b34253747e4d5e96a

Download Submit
C:\Windows\SysWOW64\Blmacb32.exe

Filesize
194KB

MD5
ed657350e862385f5e27ecf63621f050

SHA1
7355c9f0445efd4d536e78cdf6598797a0665a2e

SHA256
023b9dd4db4642220f26d891cd815be4e7bc8f462e321d8a826f0530edc2bc4e

SHA512
0372f55aac73fdd780027300c0b8daa605dbeebb36ca4fc2e0c9d9f4b09d5e4851c35a9a93afde6c5754dd8b53923a4016ef84348be3fcd7f82a65ee989c6c01

Download Submit
C:\Windows\SysWOW64\Bnbmefbg.exe

Filesize
194KB

MD5
69ae5325467cdce550605d75c88e0207

SHA1
215da89ec56ea7fc814f124388dbd07812186af5

SHA256
35be528cc334fbff455facd11307aeb2f562fd9cdd26c395ecce13dc080f46bf

SHA512
9f1c66df724a6e485e65719cc70385d88c05878ff492e673b88eac1f6b8fe07c0051710966f5c3cef50f55d0b01c4d8360c34836b322f3c67afa12289de30de9

Download Submit
C:\Windows\SysWOW64\Chmeobkq.exe

Filesize
194KB

MD5
22cfc93813f1719e49cec5bbc7c8ae5a

SHA1
bdeabb5d6906f0b4e4db1cc6fb46eefd00b20239

SHA256
8b394457e3a3de65f2703fc7b79f0c60af9a1519b5861e1a91cbf9f18c1140ab

SHA512
f75781eee0a2ee64ea96db9560c89a87064dd0b6dbdd4333330a9b692415f5cea0d97781af54262ddf4d2bd092771ba11a1c42699e1c56ede84997dc7882c23b

Download Submit
C:\Windows\SysWOW64\Cmqmma32.exe

Filesize
194KB

MD5
9f74a1c85f6d3f70d2273b8a3e3160cc

SHA1
c7daf852b900e6b1fe20cef4efb1bf8b1bcfe210

SHA256
800b9d13415704fa37043b68e9b6d03900bda78268d160895cf158a39b1d4692

SHA512
fff77e5689cdd3d9357b2fadbd8427f0f4bd23dd1fe36d7c346c573cc37915c6113f647814743dfad34cc1d178f5e5062bd171315d3a1627c98fb085b2b9daea

Download Submit
C:\Windows\SysWOW64\Ddbbeade.exe

Filesize
194KB

MD5
8dc12a0553e04383c98f04339127e8fc

SHA1
e2219992121babf7e98f5b7f7f0e8c8acea4d79f

SHA256
5b937d7197956fa8a508ab87a9748860fa9f807915cda939def2e7849ce32b12

SHA512
4b43e44538a1d67a2017fdc18b13aff23518c3eac97e5b6f372dd401ed061b844ae754d6fe8d4f399bb0d52de1832717b4691a75df336adc23b089395165d9fe

Download Submit
C:\Windows\SysWOW64\Delnin32.exe

Filesize
194KB

MD5
6af0ffec6a2c59c221f2b6bf6b614305

SHA1
72d3be279b98d002c02bc53c876143b8721ee7d9

SHA256
daaf950ec213c4e97cbf5e68d5cbe8b46b5e14cf8c8419b60f656c80cc66cd3d

SHA512
0f0ef6c0d3e5875ee98722b402c85d7c22150ddcdcf43fc2e083eab9d575b233945498d9666ca438d4fe4a2e04f6ac1352562ef5eaf3b630c81f777930f957ad

Download Submit
C:\Windows\SysWOW64\Dmllipeg.exe

Filesize
194KB

MD5
49269e031f909b251c86cddc0c2a0fb6

SHA1
9469d9e73c93849f893d432fc6526ed84dfd28e9

SHA256
16df7fd812879cbdcddf6b118a89a430b9cc32119c8ecbe88a66221c53d8e907

SHA512
7638108df718597e91f92a9a277a1feb52f77a6dc8bda8d89fed3b85197039130294ddb3402a66f79fee9fefc6bcefd22698db755cf72bffc521e94f1100b9f4

Download Submit
C:\Windows\SysWOW64\Ecmeig32.exe

Filesize
194KB

MD5
0b952ca0e610dfba234000a4ecc73099

SHA1
8ab419196fa002ef436996f7cd2b1e3f73a866b0

SHA256
f6d84c56debade2b57af292a80b5f2a655d51f2b2492f8eb6d3d9c5f11fc96e6

SHA512
bdf40be0b8e0235b5f8ba1e3fa741ada963f6e21da9a343c995c1d7507094db00b4eed09831ee0dc4f497bdae39c0e218f242967a47d4182ef737b01b3ae52d1

Download Submit
C:\Windows\SysWOW64\Ffgqqaip.exe

Filesize
194KB

MD5
dff0bd8730286da77de61831fbb4f92c

SHA1
b00df9807876b5a6c685610a437f98c6178784bb

SHA256
731efdf2a93cc9d2ff881336db7f64a96f1c3a8aa65aeb5ddd182ae602c91656

SHA512
6b431d90237cf94b95c4283d0a0cc88cb61576dcdc9d5fdaa5c6a59f41d82e1824669b5247d191714a51e1931f6ea8aeba204337f2580e074ca9caeec1e3825a

Download Submit
C:\Windows\SysWOW64\Ghlcnk32.exe

Filesize
194KB

MD5
21043ab712ab71d71b4fd8989dee126e

SHA1
cc26922fa9fefda9fccaeba91227582c597f7c15

SHA256
2740ccd0a32f1599f0ff5a2f5db257a00ab5978e165e5dbffefe5be8e72722cc

SHA512
37a2c0ba30b23c677fd1db2cc864657b5a8ded1e6d97aa10c4a5c749d965e8c8d972a79dcae41cfe5dbe038ff31bc475fcbd0a597a1f3bc15ef9a1455133f633

Download Submit
C:\Windows\SysWOW64\Gomakdcp.exe

Filesize
194KB

MD5
c807f87075c5cead169779614cc69875

SHA1
ba5c63de029393b9e38ac3b844d074da19ee7525

SHA256
b9cf5a1d493ef6bf79a813bdbababaa6da3dc8ff3a9dbc715bbb436ce12264d8

SHA512
d95a419e5eebcc955f14435cb440fdd7ad5ab858de72d2460791be673b9f5775204ab77669fa8a7b25cf93067335013e19f645d3db89b2f6646d5f9b0cb17bc6

Download Submit
C:\Windows\SysWOW64\Hfifmnij.exe

Filesize
194KB

MD5
69a6310ec747939152b01137e57a1d45

SHA1
e934f9f34a963962efe6daf3ba7d9ad5373bfee3

SHA256
54d9798f72e3fa58f65069dfbd8246c24f547a4b42463155ddec484782479dba

SHA512
4309ddba2bacc4d849f9ea76f0f9db45f6a3ba1e1b26498c50a3b72b26a4b96447f13b1ec1b5f21d5bc6c8ae66d38831afc60af830c41eb8191eb089c3048189

Download Submit
C:\Windows\SysWOW64\Hkkhqd32.exe

Filesize
194KB

MD5
739ffb609d6816d0d89b9ec2e0316325

SHA1
e506d104691e9da235be6258ecb9859d20d13e32

SHA256
2c4f700b964bae1b79cec65ec3319dd46a117dfe394d247db90f581a49c8f470

SHA512
3f810dbd76ac3829db8aea98a48d5b785c5b37b6c7fe944492e2950918cbe55f7567bc7b36a085f1a5fbf6eb61c3133c89d2d7879cc2742be327755c9a29ca10

Download Submit
C:\Windows\SysWOW64\Hodgkc32.exe

Filesize
194KB

MD5
6646d4bfe17d1138038bcc7929c9708e

SHA1
c88768175e03f8e12538384e067cc46d3d0f90ce

SHA256
a876b6da17e0bbc29912424a786ce063daadc95bd09ee223f5eb7d961389aac0

SHA512
78c43507bf403ace2e55ac4ca1d637b4e9eeeefbf260aa18dc3ed0f2682647c4c39245e31ab96a60b26a3e25852f838c7352dfe7ee742568444452cd72cb296f

Download Submit
C:\Windows\SysWOW64\Icnpmp32.exe

Filesize
194KB

MD5
db74e22599e4b232f093e7cf7c7ece29

SHA1
b3f1131201d9b55e805ae5ab55e3846a3cefd7c9

SHA256
74103fe69e22e864654774179ccce02fb369ea82f429d5003d169438fd4331c2

SHA512
882d97f6b42e14389ea57fd19580f79a57c2b52b89f0fe3701d6df69245d6283c510adf61484e1796419dd7597e734eb2a6053238a72e631fbebde9a715f2e7f

Download Submit
C:\Windows\SysWOW64\Ipnjab32.exe

Filesize
194KB

MD5
b73524d83a3c2f238310cc63fe1d65f2

SHA1
bc3995dd82739fed98f01548dc78ef4862cd8615

SHA256
39b60df3161e7e66b1355d49871d81b2a93f469a84199ce7db90875d47994691

SHA512
ff7a6437c640c07550fb128d1da696bd104a87905adb61d33e6ac7596134bd4d1b7a31cbdbbe3b412cb1029de8a98dd1501de61ebe54ab7b442c956462d16148

Download Submit
C:\Windows\SysWOW64\Jcefno32.exe

Filesize
194KB

MD5
79f1276d4860fbc865abcf00c48ffac8

SHA1
e1d22f7f3cc67a41990369db6fd122ccedec3a47

SHA256
7dc519bb7b452350342fbd01820acc8d9a8c066f0aa81630bc4edec5156953da

SHA512
520c46cea331f72ce54ef579e114ff9d5f97c6f915ed0dfec53962553dfd72cb4e4fde33e42294be6449562eb2686c197c69e29bc63123794fcc4913a2057fbc

Download Submit
C:\Windows\SysWOW64\Jeaikh32.exe

Filesize
194KB

MD5
e1061babeb702f0a37179cae4cdb9c21

SHA1
b46de841cfe08e296bca23aeb1e0837fc4d20676

SHA256
fc7345276d406604d6c55f9f27806b076327164afea64e0ca2553cc59d9c5863

SHA512
6dbc2923f1ed5f92b740b938dba4e76422f8c1f0e5a9e828f2d46f49baa66127a5dfad938e33285b7ccdd6ea1f97064bec56eaf2010bdc8ee3a8e0331e7a7ad3

Download Submit
C:\Windows\SysWOW64\Jmhale32.exe

Filesize
194KB

MD5
34f705a9d0edaf64c0c6bd2f2d0815f6

SHA1
d35b6471eed6e68486753eacbfdc0ceb4931a98e

SHA256
3fc0e53b49c5a9afc92b06bbb884d2005fab2bfeeca24dd34eafebb374ab6b5e

SHA512
4c267e60d07172e4899d032b4819f2b450e37a5f1880d9306f668bd7b143dbd7616f66996ea0eb494b404dc075d922321b422d3cd60bf05ce2b38f98fae92154

Download Submit
C:\Windows\SysWOW64\Jmpgldhg.exe

Filesize
194KB

MD5
8cd4bc611b737060648e0d01e8c72ba8

SHA1
b573fa1fdb467f3f14e92f28843ec39c92c63479

SHA256
837b912c8dd4129f406f59dc0b8a5cd2fd2192bf3ff5b81823861454e7d7e526

SHA512
a814d8c374e269fc4b72583ac20689f169930ce595ef3d745a4d8b90db347fc26f44559def42114bf49d18a58e8901c437ee333774229e21acb0e17dfc52c887

Download Submit
C:\Windows\SysWOW64\Kdgljmcd.exe

Filesize
194KB

MD5
0ddaa885d0fbebf0295dcacc3b17b362

SHA1
c46ab04b488b15a19876a849bea3f13167bb7ecf

SHA256
5083853b27dbedae2ae752330db8c1219e9d1b01ebaa85e1a138dfa1c0c5230b

SHA512
41c7b65c23157d0e385e62e5db993cabc20f8c874fd4340223dec4cbab427232e5e07bb4c8b02c031ca39db6f30d15a6b3042f31aebb4ec68b96565002c12561

Download Submit
C:\Windows\SysWOW64\Kedoge32.exe

Filesize
194KB

MD5
23fc597ef07f02f141f099acbefb65fb

SHA1
67dacb8c0a519b81ea8d9241cc568df6debafb36

SHA256
74ad8a135860597b083b69031149158fb36931414ce1951922a44587cf8f0471

SHA512
5becd7710deaaf0ce3288415fd59d7cd3fd92c35c535ffafdf814007b24d2ce126d31e306f984c2cb74998bb1602bb8a7ab0a991b74b48cdedaff27f84ae7025

Download Submit
C:\Windows\SysWOW64\Kpbmco32.exe

Filesize
194KB

MD5
7e4b5a7883bd987947a214f00ff56b61

SHA1
14b5edfeef48fb888d964abefa152403f2d90b00

SHA256
5ca7eb2b696c36a85bdb2bc1e7e6bbbf1ff57965d6d556b4ecd1d00e42728977

SHA512
e284fda6307b3668fcda29957add0cc7c989479299d69045733644aecfcba743db3f40088193c10e576614cc7ff51abff135747a10d58cb0430fd70de0a1ad35

Download Submit
C:\Windows\SysWOW64\Laalifad.exe

Filesize
194KB

MD5
1275d8ffb23f4a8bbec768be6a2f215d

SHA1
032471bd169ce2156fb225e6f6c3ba88c829d946

SHA256
bf9773cb16ec51ebedf5f6c67e36e29fd296b2e84e7f3e6862309d6459043543

SHA512
b23c752888cea1d55d54f3ea10a4bc28d83267470a58311d9bc853a6bca4853ea325d7eca939519efacd0dfb1b001039c8be69ccd35f3746066a2d4ef7172dfb

Download Submit
C:\Windows\SysWOW64\Laciofpa.exe

Filesize
194KB

MD5
9bee5330c9cb5a5687e62a32523d1ae9

SHA1
7662a985ee71d028168d615ccd238f800c4b2aef

SHA256
8ebe9d4a14c49dd7181d56d5c944569ad4c72fc6751e271ca9ad6dbfd133ae7c

SHA512
1707859edd2ca258b9c4a1f86b437311425963f54f8a2ba28fe00c69be6c847f3effe762f4e7e5eda6562d648e3737a72c2bafa5af85f4bf959d94d5d2aa9ffd

Download Submit
C:\Windows\SysWOW64\Lcdegnep.exe

Filesize
194KB

MD5
2ee646b96489758c025090c67df47eff

SHA1
ec1245d5a1a706e91888d5e93f11a00d0feda770

SHA256
ff9a117d7391f9955f8c9ff139c4b0612a3c827e6985373b69116b473aa8f2b4

SHA512
d73b69551f00352edf718031c0997d672471caf1181483a787f078319cd3d6615f5e09a2de8842d53cc384ca0dad885a8213ff7d959ef0032320057748f4a982

Download Submit
C:\Windows\SysWOW64\Ldanqkki.exe

Filesize
194KB

MD5
e4497915d13be91c581725b6dadeefd1

SHA1
4c8eff3ddaa4951905f7411968191e1bff0fb449

SHA256
d6695eaf344528d3bdb8219e4c0ba3fe1dada20e9ee61cba08db0348cbdfc3aa

SHA512
cffb2df925f3efed020e6d1c4e0cf2e5d0c2f26074546d99cd7dd0ec8fdc5899509c4e7436747b97d9e41d63466340d3655ee34efa8c2d1784ba936ef24fcdc3

Download Submit
C:\Windows\SysWOW64\Lkgdml32.exe

Filesize
194KB

MD5
4480364a7309f03811ed9978fbb7550f

SHA1
e1908f55d08627749cfa12b5fd89d83c74e5c270

SHA256
143395f7af3515bf910b3f2c4fab1facccf34175183284678bf70af0ecd37fd7

SHA512
0a5a0931914a3ef61c214c7e5110796c0aca8ace95fb22550aa17ae56b14a726eab9995f6c140b8c7fa2b8e2eed38a0fa48fde81fe4a4021f865aacece2956ed

Download Submit
C:\Windows\SysWOW64\Lnjjdgee.exe

Filesize
194KB

MD5
6974406489df2f8562ea77c2a0c2c339

SHA1
7b2497d7623e64c29e5b5a61be7fa0bd67d5a655

SHA256
1abeefd225d64085e075b83851d2f1d2f12a23db9d7b8f8c09c09ed0d00a38d6

SHA512
a336bc16cbcfd54db258f8dba3fc4cec6be30c0e07f031863074bdc31426b5613eae920e113b534a3ddbb50efcc54238ad5d342bacf23110d7cc0b6a725022e8

Download Submit
C:\Windows\SysWOW64\Maaepd32.exe

Filesize
194KB

MD5
d03b3538968935524053fd7adbf6a43d

SHA1
ba9f60f3709a9b4d29e65bc01fae0cfa7c360d58

SHA256
ec20c530548088f3a051b3504b0c9e5f952a2fb68f2c5773cd74eb092ca901ba

SHA512
fe6782d1f539c591a315b3a07af2b46b4b1e6599e6da4af904e739a1be3210333ad042039b0c295aa55ef45cdb791049ec6ec8c98efb7e279663ef1fba0754b8

Download Submit
C:\Windows\SysWOW64\Mahbje32.exe

Filesize
194KB

MD5
3dcbb1a97ba45374bcc0d71431c14c1c

SHA1
6687df4b1cc00d0edbebc0ab96cd81633cb2040d

SHA256
2c5c61dba1f75e443996857062be9a3e94baad204bcf55ccb99b37bb303b51b2

SHA512
789d865799feceb3a7352cedc28ddf65b6ef9d03293a325552cb7e9de465f165ab8b8cdad2f578c333368bea69d3b87fa6280f6cc33cada8dbbf36bd2ac3efe0

Download Submit
C:\Windows\SysWOW64\Maohkd32.exe

Filesize
194KB

MD5
e463270091a025cc3df9a17171442636

SHA1
0ccdaf44d8fb363d058b711111e936953ed7ac5f

SHA256
70ce9540e857adc7823b5e87a77859933e5a3f2f09dc046576a68b2028d520aa

SHA512
bd3d7009cce8a03f4c4aa4635fafb25a04f76fd4241e1cd13ef0db9c05cededb72335bfec4fe84529d8b8e671060ff5ece05ca2803456570c0851f77db4147cb

Download Submit
C:\Windows\SysWOW64\Mcbahlip.exe

Filesize
194KB

MD5
0f4023f637a7063d84409d35b734acdb

SHA1
87919fd94d4d46de3a0ecfa41b98df3198161396

SHA256
21bb63cb0d2bd4bf23414fff97e413fe7113015c86cd618d9d4fd2699a2bec57

SHA512
0b1916fa94eed8aa2222ec04bafdcb625f1cdd0c45e49aa8ca44846d79349cc4dc306db8831f36892cb6b2cc7e66882c2a39100bc37bfd7b5eedee90a48bf69b

Download Submit
C:\Windows\SysWOW64\Menjdbgj.exe

Filesize
194KB

MD5
c0a6c6d6f4228c1b7c89dfbf84295173

SHA1
c4be6e01d99601e97a66f040bbb0053406d42747

SHA256
c7ce5f037129e6253fd787d6a7d3ba7e888b2c7e1d6ed7c2d7f0ac670039fd6a

SHA512
5ab58f671aa5dc1e8aebec8fa4759db8001d733cbd7c0fd6123d203abfc6d55c608fc97114e6016105ea304b6e8705216be8281a29535dfb9e40505f0b1eed68

Download Submit
C:\Windows\SysWOW64\Mglack32.exe

Filesize
194KB

MD5
59060737f1e87d14ef9f68777f622f58

SHA1
687fae65b6a72d9eaddd6f330fadc11a8d952446

SHA256
12d818c001a9ea984756a1d728e4aaca5340b743ee293badffacbeeab15eedf7

SHA512
02d2a81be790ae2cd845125b19ec3ecd268f86f9b7c694d182c2caecf87600f0b1e3c0610d62968afba8b84ada56bd9ceb0f829826c6d08f0c434631789d9fd4

Download Submit
C:\Windows\SysWOW64\Mjqjih32.exe

Filesize
194KB

MD5
887441b4d330e9166fcf905dc44db0cd

SHA1
e234726f1cc18759e2b8f98feb2f0dda346412b9

SHA256
2b6dcba3dec2c43bb66af24eff8913a3b9ff65281f4500c8ea7af05125259665

SHA512
8c3d9896d14b996192c1cc1ff6703a6639546c84e0f5dd40ecf55eb522fcf3b9c3d8a8fdb44030541ba2c20da33b62681a957a1e8f26d99a1f71d5707279ca1c

Download Submit
C:\Windows\SysWOW64\Mkbchk32.exe

Filesize
194KB

MD5
c34b1912322cd9a724244a60c1058a4d

SHA1
d0d14ac820e90028c733d8047fcc12e5f10b14da

SHA256
3dc8eabc979c000dd6d46495d5d1982a021f1ee871d8bfbe943624f50c1c8a4f

SHA512
95c97c0cd6ce50488696f9972e6cd91f940b0dd8d49f0030e7cb49d1a0041cc1c76460891ec672af88387e7c13b2a673923cfb39f0338ead820d8df43f855796

Download Submit
C:\Windows\SysWOW64\Mnocof32.exe

Filesize
194KB

MD5
68f4cfa9c4d82173a59d7403a1d82e6f

SHA1
dac1be186c24ccefe94663d4e580991d9b27ae1a

SHA256
85fa4a6738b0b9ce70616007bf59226a462c9939db3f9142479c9247ef362225

SHA512
8175369336b4a81239c8cbd5c49da9ace6ba79028ea947d56750003c8cd036fca786bb7c7d472ddd12d4e43d9516860f6ecea081ca0dd90d22993a841daa673c

Download Submit
C:\Windows\SysWOW64\Mpolqa32.exe

Filesize
194KB

MD5
565cb8a2c34510e6b128d65f1c8aad3f

SHA1
e1b40241527b39faf9370cc41cbc57221490966f

SHA256
4c5eb09f8d07405446286e938892f250548d2cf34818425257e3f693146e8040

SHA512
19e2964c6d837ab25ff8008df05ec04e2f1d92d720005c99bc7a0df42bab6ca87c375f74816953a5e4544c35d58d0e9f905d6ff76674a887749149cb5dd513d5

Download Submit
C:\Windows\SysWOW64\Ncldnkae.exe

Filesize
194KB

MD5
01a63fd67409914c4e764440c4fe703d

SHA1
ac64c5355a55024313e03d65e5f93bf9f9417cd8

SHA256
7187b605664bbc2d0196538f7d20443964461e19b0a876f26743095e58cf6a45

SHA512
3ab1be99bc9125ab010fe5872c19fbde03425ea56fd145d8011627056b8eef4197ca3682ae659ea30b057f2b2c02540f1ce2361dd87abd4aa42132874466f9a2

Download Submit
C:\Windows\SysWOW64\Ncnadk32.exe

Filesize
194KB

MD5
2b70d6150e3fc5a25137c7c315c15985

SHA1
9382c8a8d45ec60a4d30c5f2e166c2327766d87e

SHA256
57e52686b49725c9afb421a613830af36da84d4a86dfc425d350cc4d9d3dae3f

SHA512
a2eedafee6108d07c2cb4261202bc5bf17e3fbadb56e937060aa37040f4886a114e24a43eec6fc7c86d3ff643f40dfa8c0d658b63d0c21c9c33c7c1289d4f7ab

Download Submit
C:\Windows\SysWOW64\Ndghmo32.exe

Filesize
194KB

MD5
d4310acc4497e76b3db8f3144f96bd8b

SHA1
e5454a9a5e08c288c5c879f738942656a487adbe

SHA256
a30f008e42145a58b7a2102a69ed4a5d6838cdacab7b3c371b95ed2d86106c21

SHA512
5e1cc10644cdd95c418c09753547e9bebab731d94e21373fd2d7f254f43348b6bdb62049205b2f70916779bbdf81dca2ee465a7c7867c6f3af12e82421a30c1b

Download Submit
C:\Windows\SysWOW64\Ngcgcjnc.exe

Filesize
194KB

MD5
15594e4e9cfa3d31ee432056f364f7a2

SHA1
7726c2347f2419384a52af12107594202c1b4160

SHA256
bccaa55740abe7dc161b8b44189a97b226ef2b472af803bcc2516f9875f17fd2

SHA512
400d8c0af17239f42a607f4d37e0627c06c5517181e8a3dfb933ea94ff8630193fbcda2e1f36f7efd079a150b867d571afa63ed56c9379001f0a103d0d35213f

Download Submit
C:\Windows\SysWOW64\Ngpjnkpf.exe

Filesize
194KB

MD5
31e31fc9c23f1a27bc85c97043b01106

SHA1
0d90827b1a9ed77961aaf303895dd097410448b1

SHA256
78f39a6c293d243cc1876ab0d857704ee80668d37542fdb844797a37c82b6c12

SHA512
5c6ce30b8b824ec1be4de5cfdaf6b7281101bda814bb6e1f957ce430e8e617f8ddf45f0aedfc702cfe3ea3efa06de17b98bf18d3ad24109fe0f981a434ea69be

Download Submit
C:\Windows\SysWOW64\Njfmke32.exe

Filesize
194KB

MD5
3930e620221087d19640ddda82987051

SHA1
f67cf70379a76462e8a5c37f12666f9855805354

SHA256
4ced46ff696394fd0249ea70bebff628f6ef3916b22fc78cbeb5d99fbe5ba867

SHA512
1609def63e6e614237dc9caae5846587ba1fcc6ce93f796091d2193b4640d4c49c2ca720f527fc255ab917c595b992bde0142ebad16c91598a2b5730fca6b026

Download Submit
C:\Windows\SysWOW64\Nnjlpo32.exe

Filesize
194KB

MD5
d205ea85f2bbf8e1ca043bbc915c9abc

SHA1
4495a3b1dd9f5251d04299b46d3bf70f4f076046

SHA256
1ad8cd646f6d0dae5daa73316232023f7b9289186b398d38211ed00e46f8a79a

SHA512
725e5c3b4c71dd73bdc19f909f509f2dda68d54404cd60c109d51cbaeed86e2452d52ba5af751ba78aa714132f345fdabbf747247d5f7a624a77671b59953368

Download Submit
C:\Windows\SysWOW64\Nnmopdep.exe

Filesize
194KB

MD5
0a1535e9931f9b9a796a640ea3fc3b80

SHA1
7a9e4d915361b6f5eaa73674a64919cedbb00a2f

SHA256
2dbb68aa73e0923132c8a9a827204d5c814dc4ad4a8893e6c313a0e1e308f7e1

SHA512
a3f738d0550d4a88cc658be76898edcc4b3eb6055733c9ac13fb5906efb09302d404cbe9167f3e60a1141dac170181a1da4284b4d8c90649ad21f45f84a10612

Download Submit
C:\Windows\SysWOW64\Npmagine.exe

Filesize
194KB

MD5
e10f10f862848dec8169d4d19dcdcfea

SHA1
3453b53e7d0c05df834828cccd839d7aa7975a40

SHA256
6f562c1247e01bbf251790ae07599bed6dc9c9d5e7e36b0cbb78dcde46eb4226

SHA512
bccc5a029d4d937cf92759872c2b3151ff350c7a41fbb2c48f7e1218087c7d39e5f75f0185654fb53e2fce7abc3892aab877dfd77e98eb710ac3dacce17a6861

Download Submit
C:\Windows\SysWOW64\Nqfbaq32.exe

Filesize
194KB

MD5
96d733036382f9d0e7ec4990723d4cd1

SHA1
0b8b968f8e962c074861650826c7b7090e356843

SHA256
fce3419b728feb099c217129b9b1b365cdefc2484d1e4f821cb191b6cd88e6c4

SHA512
c025217b855f610e8e7b77e1916cf17fd8324d5e5b569f1d6c29d6b89139f17b9bbe9b4526ceb862b4c410287aa0e2f263edc96abfde79c4b0cac9095cc20765

Download Submit
C:\Windows\SysWOW64\Obangb32.exe

Filesize
194KB

MD5
0c1253abf84c3d357d63034b3a203a52

SHA1
8fa92cc6d498e2cd6ca208bcaf2236e919438ac3

SHA256
54d72191b590a9065dd02c7f1661682b457ba20159ecbdf766399358cd3c1704

SHA512
e41f1be24c50b2acd59f7964a13b84bfdd7294b947cacc8b48364813f3ab8a16d227f7ca4fe47a5a59c0a6e507a1f183c9f1c922355e76255cfea3d1361d5007

Download Submit
C:\Windows\SysWOW64\Ocegdjij.exe

Filesize
194KB

MD5
e53e932eb773beec3d963407698b8850

SHA1
46b05144d6d5467c85971a683de358b460fef71f

SHA256
99a9d9d74e1b9445ae659de93302364710b6e6e31bee1d64ab4c86e4a8033b43

SHA512
12188c4a90d18b25fb75418505d9a7ebf6d3aa6a53fa3c590e8257153489a58dc6fe02192d1f45c15659c6789379d858b927890d17970a60afb335880f37bfd0

Download Submit
C:\Windows\SysWOW64\Ocqnij32.exe

Filesize
194KB

MD5
c3e33ba36b962f0dedbca80c770f0a75

SHA1
b467f1c5e0d51d4949b1466bea90b49f3e77cc27

SHA256
ee549c75e15005fb58c01a3b87b55a32e221456729c96110d59c5f4028b06294

SHA512
c0f7738d6551895906b5cfd541cf806d28cf608166bf490e9e0f666677690e53c57fa41006e7e4d0f2aadf8d6b4a213b1aafc04f35577c4eca512d01d0237de3

Download Submit
C:\Windows\SysWOW64\Oddmdf32.exe

Filesize
194KB

MD5
b052032ca9fc42605b75a0841c5da4ba

SHA1
c541edb02251c04df56d4341d6b94b1a50261fed

SHA256
81a37d2f4e7257c098f925bda16f7c9932c435554957da6b6a7b10e9bd0442f8

SHA512
81ba896c416399614288aa35c4bf3907afa4511336945eccccd9fa02da9225ec1f2682e030ab7f788fc65e9056749fb040010bd6e48af6202dff1b0efc33f597

Download Submit
C:\Windows\SysWOW64\Odgqdlnj.exe

Filesize
194KB

MD5
3958b4d3ea6fb2143f655f628efe8950

SHA1
7a010f03246f48749d63ab3caeed19e79632c014

SHA256
ff2507c707ac30deaf901b872ee211c3d0a37d19df49e43f2852bfb4cf3c7731

SHA512
e7bcf7603fb9c9cda5ca7a5da6ca697bd4b4ab507bdd0a3b741f6798b3aadef33685430b0a87a2f03c740d980c72f8e16299d5ee9e92ed3b7c3b897c75365e6e

Download Submit
C:\Windows\SysWOW64\Ogcpjhoq.exe

Filesize
194KB

MD5
f1b08903c6d771c72d43b1850bc686ce

SHA1
ed9e6e868d43bf9ca12789c3b1e4228210dec26f

SHA256
33f5a8179a27a8ce3a51f721181001be494e6935eadda06db38513b24417a28d

SHA512
ff9d89ca75764c49a82b9f04735460dd426393638fbe53439b450df0ca5a24fd2212a68b35b9809fdd45c6560cdc7a2b9f6ca459ed1b9281f1dadd3ced754560

Download Submit
C:\Windows\SysWOW64\Ogogoi32.exe

Filesize
194KB

MD5
51f7c8c5dd7855d96cf9c25e0fea8cec

SHA1
a72eed0f45fb11a0b5f22cda54ef3aaf5eb2b3c4

SHA256
c816f51b11e6de85f2be4178a61fb74ce9cfed04bc984b14f1f6df28d07129d7

SHA512
8aa90f329274d5c884c8074e1eab42e79f73b61f6721050527a471b06d0c0533590ac855c4fcfcd66f1b86959c85d5b1830360d8a11f021ec11d96972b51003c

Download Submit
C:\Windows\SysWOW64\Ojalgcnd.exe

Filesize
194KB

MD5
27eecc8125d16b8819ef693b00e7b520

SHA1
39a8c051d2d8ff24b19a90b631958cbb6d9cbc0a

SHA256
3a9a14d4b8d6e94079b9026abb550927bb184f84807bc5c69e9aaf629255655e

SHA512
334cc8b4554ca2090b7f43236bb91e2ceffcc8eec8b486cae8162c6654190300b473e853b283142a04a998269e45470e6c4e83ac27d9c96053dca46e247ef552

Download Submit
C:\Windows\SysWOW64\Ojmcld32.exe

Filesize
194KB

MD5
87693cfe5c70b2fcc645e5469f1dde97

SHA1
9778ab9ca3b23139f19d1990764f7f6246a6cf7b

SHA256
e044af7948a8c939d139ab35a1330afb1fbe2d95da68c9e9cdd024b9ee908b0f

SHA512
eadfa4d58f507f811f7e354983040a5180acd15a37e2fb14e2c91ee6c8bfebdf2f98f2e6cf9d40e81eec8b069faf8dc185ed72a4944bcf6caedef8f1180bcd15

Download Submit
C:\Windows\SysWOW64\Okeieh32.exe

Filesize
194KB

MD5
4730629b90aecf7e6d477f5867eb25b2

SHA1
34688cf548a7f4871f555c9e403701ab885aee45

SHA256
ba30f68f564df6749c0bb8739f41c55803ece5c50298e6142281d5d606b33487

SHA512
3f094b461319b3d24ac9c4d2d9be12cf4b25959764e063300cd975a9ea1532e8d6ce2b266f959aced132ab0b51bbae1d8582c20d994d108d3874248facd6199a

Download Submit
C:\Windows\SysWOW64\Oncofm32.exe

Filesize
194KB

MD5
a7fff7ba66a170b687ef41982c681e06

SHA1
1f576dbb5b4a2eb6df4aeacd606d2f333fb6a471

SHA256
4d051adb2cf9284f23632f8227cfacb36e7afc5ecf27f5bca1e853ecbf396d0e

SHA512
7cc4b3e7c993f5f2bd76c02a4b93357cb47595d1b3233b4d0ddac0f14da945bf8cd455ed77f4b250c8f6a27924036fe1c75c2559e0867cfc4dc58a0ad3fbe60f

Download Submit
C:\Windows\SysWOW64\Onklabip.exe

Filesize
194KB

MD5
ff401b90de1aaebc62cb5ad9684379fc

SHA1
cc5fc12f2ae8bd64246734bffcf5fe1b73ca684d

SHA256
78fe328c497c257318bf74eaa47cefebac3617ae38a689875072a98456990faf

SHA512
141fa4b4c14d20c73e1d93d21bc0533456b7ae7cb174a0930398c6f0727b6f1a2e9a8b12721054227fa5dad30ace59c00226d028d75b63555ae871d04488fd51

Download Submit
C:\Windows\SysWOW64\Pcbmka32.exe

Filesize
194KB

MD5
787947f01e2679be432f2fd4dceceb2b

SHA1
c65a925893fed8e95ceae7e3349e28ef3cf601cd

SHA256
772383dc280127c51fb6412e7514259b590888b1dc76c19c4c756dbeb869f51f

SHA512
8bdf8c63deec172399005f82acf365e97fc714a080c42e0e96b11f85d01b6bdfa5a4a59513e2f095c5346beca645362b9eed7a6cffad0943a0ac158dd81c452f

Download Submit
C:\Windows\SysWOW64\Pflplnlg.exe

Filesize
194KB

MD5
1f58d83d6b7541c2b5ad68563a6ffbe2

SHA1
c99002c8a84ef1b54b7c76841b80a1cbd29fd846

SHA256
25bcd4415c28450cb4840142d71fae90e0c8d258f2912d02510282926bcfeafb

SHA512
7bae0c46bb14b4ba8f2fb11f8debb6208d209c815aac8d2cff21018da633c5b809e6da036aa39f6ef94dea0f5ae63196b18c8593f94ab96568630df798aacb12

Download Submit
C:\Windows\SysWOW64\Pkjlge32.exe

Filesize
194KB

MD5
ebdf505249fd329a79034a54bc3b3353

SHA1
3b165875fc35c14a69b095219fb435dbe95c7239

SHA256
4b7e5ffbdd2611bd82ab5a346da7dbfc953d1159638ffa04e00101f14bb6c614

SHA512
069f562545b502c894334d26a88052d5a7c2e4e58ec0a620b09d4c1c2fcc36759d8472315d6d3df171c43aabb744682789482e4fbc59c2376e6b7f62acee18e7

Download Submit
C:\Windows\SysWOW64\Qfcfml32.exe

Filesize
194KB

MD5
6988066e053e3f9d96552712f1c05701

SHA1
524d45fbf8c731676ce1f14386eb6ce225de12a0

SHA256
64e92f74b3c6877fcf7b30b0ec8c22b1503b54b16dccec022f13d4410132332a

SHA512
f09b19087aa683f4c81b77110f66145551e5ad5aa0dc2bfe77e98acccb5a66a6a5226d575d3612d6ee48f2b75ba0409da626cb4a955cc0c9d2873d1f42974da0

Download Submit
C:\Windows\SysWOW64\Qqijje32.exe

Filesize
194KB

MD5
28be84be8d74cd947567c52c7962b547

SHA1
81d8c334be6eebed9466f226dd5b321b13c22f6a

SHA256
6854ab4b8741d17daca1bde3db9d9d186f2efda9d660d83b561860b289a62099

SHA512
66df52775900f666db3953eaae8cd7a268b2ae8209a073b6431e79c98b1441d58520f2db9ca2206d376ca56a0cd339eacd9cafda467f396423ca2f241d1ee1ba

Download Submit
memory/216-541-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/216-12-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/228-258-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/372-569-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/372-39-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/384-301-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/452-622-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/452-104-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/812-608-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/812-87-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/864-448-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/880-347-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/916-371-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1028-271-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1068-548-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1068-16-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1172-615-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1172-96-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1236-580-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1236-56-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1244-145-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1268-481-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1268-2346-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1344-238-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1392-483-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1440-459-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1484-127-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1568-489-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1624-353-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1688-136-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1736-176-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1780-63-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1780-587-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1984-395-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1988-2459-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1988-629-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1988-112-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2044-307-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2052-527-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2240-215-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2284-335-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2288-295-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2316-424-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2636-152-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2672-471-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2748-511-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2760-246-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2800-505-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2804-341-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2928-229-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3016-48-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3016-574-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3052-287-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3120-438-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3188-23-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3188-555-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3316-389-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3328-465-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3492-207-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3520-539-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3536-549-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3584-377-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3652-2335-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3692-418-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3740-409-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4004-2369-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4040-190-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4044-542-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4092-79-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4092-601-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4156-120-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4188-365-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4296-430-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4336-281-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4352-0-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4352-538-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4360-364-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4468-401-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4512-265-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4572-561-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4572-36-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4624-383-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4644-322-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4644-2401-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4704-495-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4784-172-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4788-72-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4788-594-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4880-329-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4884-160-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4912-289-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5028-446-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5092-203-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5164-562-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5292-581-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5344-588-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5388-595-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5440-602-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5484-609-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5528-616-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5572-627-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5860-2199-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5992-2281-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/6172-2082-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/6184-2195-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/6388-2185-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/6408-2109-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/6536-2107-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/7088-2153-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/7132-2151-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/7164-2114-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/7172-1997-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/7376-2020-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/7472-2058-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/7672-2012-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/7676-1960-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/7772-2045-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/7908-1897-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/8528-1941-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/9000-1919-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/9080-1917-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads