Analysis Overview
SHA256
a4696769bb36471e52d9aac44a733f2d4cdaf119289b47fb2a523fda92f2f085
Threat Level: Known bad
The file cf9d11295694eb3cb4b29c9211968ab0_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
Berbew family
Malware Dropper & Backdoor - Berbew
Adds autorun key to be loaded by Explorer.exe on startup
Loads dropped DLL
Executes dropped EXE
Drops file in System32 directory
Unsigned PE
Program crash
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-23 06:03
Signatures
Berbew family
Malware Dropper & Backdoor - Berbew
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-23 06:03
Reported
2024-05-23 06:06
Platform
win7-20240508-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Adds autorun key to be loaded by Explorer.exe on startup
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Dbehoa32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Eiaiqn32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Facdeo32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Fbgmbg32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Bpafkknm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Bokphdld.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Fejgko32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Ggpimica.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Hggomh32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Qlhnbf32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Ebbgid32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Facdeo32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Gfefiemq.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Gangic32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Gbnccfpb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Goddhg32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Hahjpbad.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Eflgccbp.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Epieghdk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Fphafl32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Gpknlk32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Gaemjbcg.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Hgbebiao.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Ckignd32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Fjdbnf32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Fjlhneio.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Gmgdddmq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Adeplhib.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Epfhbign.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Ennaieib.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Hlcgeo32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Hhjhkq32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Adjigg32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Gaemjbcg.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Dbehoa32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Bhcdaibd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Bnefdp32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Ckignd32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Dnlidb32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Eflgccbp.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Efncicpm.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Faagpp32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Qlhnbf32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Henidd32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Gkkemh32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Iaeiieeb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Eloemi32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Bcaomf32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Dnlidb32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Enkece32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Fejgko32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Gpknlk32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Ghkllmoi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Geolea32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Bommnc32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Hhjhkq32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Hpapln32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Hgilchkf.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Adeplhib.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Ebbgid32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Gfefiemq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Gangic32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Qdccfh32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Bnbjopoi.exe | N/A |
Malware Dropper & Backdoor - Berbew
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\Lgahch32.dll | C:\Windows\SysWOW64\Fmekoalh.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Fdoclk32.exe | C:\Windows\SysWOW64\Faagpp32.exe | N/A |
| File created | C:\Windows\SysWOW64\Ghkllmoi.exe | C:\Windows\SysWOW64\Gbnccfpb.exe | N/A |
| File created | C:\Windows\SysWOW64\Hlcgeo32.exe | C:\Windows\SysWOW64\Hggomh32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Epieghdk.exe | C:\Windows\SysWOW64\Ebedndfa.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Fhhcgj32.exe | C:\Windows\SysWOW64\Fejgko32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Dfijnd32.exe | C:\Windows\SysWOW64\Dqlafm32.exe | N/A |
| File created | C:\Windows\SysWOW64\Fjdbnf32.exe | C:\Windows\SysWOW64\Flabbihl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Gicbeald.exe | C:\Windows\SysWOW64\Gfefiemq.exe | N/A |
| File created | C:\Windows\SysWOW64\Gddifnbk.exe | C:\Windows\SysWOW64\Gaemjbcg.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Gddifnbk.exe | C:\Windows\SysWOW64\Gaemjbcg.exe | N/A |
| File created | C:\Windows\SysWOW64\Oiahfd32.dll | C:\Windows\SysWOW64\Apcfahio.exe | N/A |
| File created | C:\Windows\SysWOW64\Bnbjopoi.exe | C:\Windows\SysWOW64\Bkdmcdoe.exe | N/A |
| File created | C:\Windows\SysWOW64\Khejeajg.dll | C:\Windows\SysWOW64\Hlcgeo32.exe | N/A |
| File created | C:\Windows\SysWOW64\Jjcpjl32.dll | C:\Windows\SysWOW64\Gddifnbk.exe | N/A |
| File created | C:\Windows\SysWOW64\Aljgfioc.exe | C:\Windows\SysWOW64\Apcfahio.exe | N/A |
| File created | C:\Windows\SysWOW64\Bpafkknm.exe | C:\Windows\SysWOW64\Bnbjopoi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Ghkllmoi.exe | C:\Windows\SysWOW64\Gbnccfpb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Hahjpbad.exe | C:\Windows\SysWOW64\Hgbebiao.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Hkpnhgge.exe | C:\Windows\SysWOW64\Hcifgjgc.exe | N/A |
| File created | C:\Windows\SysWOW64\Ndejjf32.dll | C:\Windows\SysWOW64\Adeplhib.exe | N/A |
| File created | C:\Windows\SysWOW64\Dhjgal32.exe | C:\Windows\SysWOW64\Cndbcc32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Fmekoalh.exe | C:\Windows\SysWOW64\Fhhcgj32.exe | N/A |
| File created | C:\Windows\SysWOW64\Clphjpmh.dll | C:\Windows\SysWOW64\Facdeo32.exe | N/A |
| File created | C:\Windows\SysWOW64\Gobgcg32.exe | C:\Windows\SysWOW64\Ghhofmql.exe | N/A |
| File created | C:\Windows\SysWOW64\Kkjjld32.dll | C:\Users\Admin\AppData\Local\Temp\cf9d11295694eb3cb4b29c9211968ab0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Ddeaalpg.exe | C:\Windows\SysWOW64\Dnlidb32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Hcnpbi32.exe | C:\Windows\SysWOW64\Hlcgeo32.exe | N/A |
| File created | C:\Windows\SysWOW64\Lefmambf.dll | C:\Windows\SysWOW64\Dnlidb32.exe | N/A |
| File created | C:\Windows\SysWOW64\Filldb32.exe | C:\Windows\SysWOW64\Fdoclk32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Bhcdaibd.exe | C:\Windows\SysWOW64\Bokphdld.exe | N/A |
| File created | C:\Windows\SysWOW64\Lilchoah.dll | C:\Windows\SysWOW64\Bhcdaibd.exe | N/A |
| File created | C:\Windows\SysWOW64\Aoipdkgg.dll | C:\Windows\SysWOW64\Bpafkknm.exe | N/A |
| File created | C:\Windows\SysWOW64\Hfbenjka.dll | C:\Windows\SysWOW64\Cndbcc32.exe | N/A |
| File created | C:\Windows\SysWOW64\Dfijnd32.exe | C:\Windows\SysWOW64\Dqlafm32.exe | N/A |
| File created | C:\Windows\SysWOW64\Ajlppdeb.dll | C:\Windows\SysWOW64\Ennaieib.exe | N/A |
| File created | C:\Windows\SysWOW64\Kleiio32.dll | C:\Windows\SysWOW64\Gfefiemq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Hhjhkq32.exe | C:\Windows\SysWOW64\Hgilchkf.exe | N/A |
| File created | C:\Windows\SysWOW64\Andkhh32.dll | C:\Windows\SysWOW64\Adjigg32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Bingpmnl.exe | C:\Windows\SysWOW64\Aljgfioc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Iknnbklc.exe | C:\Windows\SysWOW64\Idceea32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Flabbihl.exe | C:\Windows\SysWOW64\Ennaieib.exe | N/A |
| File created | C:\Windows\SysWOW64\Iknnbklc.exe | C:\Windows\SysWOW64\Idceea32.exe | N/A |
| File created | C:\Windows\SysWOW64\Gfefiemq.exe | C:\Windows\SysWOW64\Gpknlk32.exe | N/A |
| File created | C:\Windows\SysWOW64\Djnpnc32.exe | C:\Windows\SysWOW64\Dodonf32.exe | N/A |
| File created | C:\Windows\SysWOW64\Lbidmekh.dll | C:\Windows\SysWOW64\Epieghdk.exe | N/A |
| File created | C:\Windows\SysWOW64\Iebpge32.dll | C:\Windows\SysWOW64\Gbnccfpb.exe | N/A |
| File created | C:\Windows\SysWOW64\Dbnkge32.dll | C:\Windows\SysWOW64\Gmgdddmq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Iaeiieeb.exe | C:\Windows\SysWOW64\Hlhaqogk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Qdccfh32.exe | C:\Windows\SysWOW64\Qlhnbf32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Dnlidb32.exe | C:\Windows\SysWOW64\Ddcdkl32.exe | N/A |
| File created | C:\Windows\SysWOW64\Ikeogmlj.dll | C:\Windows\SysWOW64\Bdjefj32.exe | N/A |
| File created | C:\Windows\SysWOW64\Ddflckmp.dll | C:\Windows\SysWOW64\Bhhnli32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Ckignd32.exe | C:\Windows\SysWOW64\Bcaomf32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Ddcdkl32.exe | C:\Windows\SysWOW64\Dbehoa32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Ebedndfa.exe | C:\Windows\SysWOW64\Epfhbign.exe | N/A |
| File created | C:\Windows\SysWOW64\Gicbeald.exe | C:\Windows\SysWOW64\Gfefiemq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Aljgfioc.exe | C:\Windows\SysWOW64\Apcfahio.exe | N/A |
| File created | C:\Windows\SysWOW64\Bkdmcdoe.exe | C:\Windows\SysWOW64\Bdjefj32.exe | N/A |
| File created | C:\Windows\SysWOW64\Eqpofkjo.dll | C:\Windows\SysWOW64\Idceea32.exe | N/A |
| File created | C:\Windows\SysWOW64\Inljnfkg.exe | C:\Windows\SysWOW64\Iknnbklc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Gangic32.exe | C:\Windows\SysWOW64\Gpmjak32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Gbnccfpb.exe | C:\Windows\SysWOW64\Gobgcg32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Fmlapp32.exe | C:\Windows\SysWOW64\Fbgmbg32.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\Iagfoe32.exe |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Gkkemh32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mncnkh32.dll" | C:\Windows\SysWOW64\Gpmjak32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Dmafennb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Ecmkghcl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Gobgcg32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Ghkllmoi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hfmpcjge.dll" | C:\Windows\SysWOW64\Bkfjhd32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ihomanac.dll" | C:\Windows\SysWOW64\Balijo32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Djnpnc32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Dfijnd32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Lpdhmlbj.dll" | C:\Windows\SysWOW64\Ebedndfa.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Epieghdk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gfoihbdp.dll" | C:\Windows\SysWOW64\Fmlapp32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Aplpai32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Bhcdaibd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mocaac32.dll" | C:\Windows\SysWOW64\Bkdmcdoe.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Acpmei32.dll" | C:\Windows\SysWOW64\Eloemi32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Fbgmbg32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Gicbeald.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Bokphdld.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Bnefdp32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Memeaofm.dll" | C:\Windows\SysWOW64\Dhjgal32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Dnlidb32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Ddeaalpg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Gddifnbk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Fealjk32.dll" | C:\Windows\SysWOW64\Hahjpbad.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Hgilchkf.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Oiahfd32.dll" | C:\Windows\SysWOW64\Apcfahio.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Filldb32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Hahjpbad.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Hlcgeo32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Chcphm32.dll" | C:\Windows\SysWOW64\Efncicpm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Lefmambf.dll" | C:\Windows\SysWOW64\Dnlidb32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Ennaieib.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Facdeo32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gmibbifn.dll" | C:\Windows\SysWOW64\Hlhaqogk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Bommnc32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Gicbeald.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pabfdklg.dll" | C:\Windows\SysWOW64\Gobgcg32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Ggpimica.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Bpafkknm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jkamkfgh.dll" | C:\Windows\SysWOW64\Filldb32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Ghhofmql.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dbnkge32.dll" | C:\Windows\SysWOW64\Gmgdddmq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Hcnpbi32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Glqllcbf.dll" | C:\Windows\SysWOW64\Hhjhkq32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Ambmpmln.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Geolea32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hojopmqk.dll" | C:\Windows\SysWOW64\Hgilchkf.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Eloemi32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Goddhg32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Hcnpbi32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Eiaiqn32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Bdjefj32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Cgcmfjnn.dll" | C:\Windows\SysWOW64\Dqlafm32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Dfijnd32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Fmlapp32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Gobgcg32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Hcifgjgc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Hgilchkf.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node | C:\Users\Admin\AppData\Local\Temp\cf9d11295694eb3cb4b29c9211968ab0_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Hpapln32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Bkfjhd32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Aofqfokm.dll" | C:\Windows\SysWOW64\Ambmpmln.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\cf9d11295694eb3cb4b29c9211968ab0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cf9d11295694eb3cb4b29c9211968ab0_NeikiAnalytics.exe"
C:\Windows\SysWOW64\Qlhnbf32.exe
C:\Windows\system32\Qlhnbf32.exe
C:\Windows\SysWOW64\Qdccfh32.exe
C:\Windows\system32\Qdccfh32.exe
C:\Windows\SysWOW64\Adeplhib.exe
C:\Windows\system32\Adeplhib.exe
C:\Windows\SysWOW64\Aplpai32.exe
C:\Windows\system32\Aplpai32.exe
C:\Windows\SysWOW64\Adjigg32.exe
C:\Windows\system32\Adjigg32.exe
C:\Windows\SysWOW64\Ambmpmln.exe
C:\Windows\system32\Ambmpmln.exe
C:\Windows\SysWOW64\Apcfahio.exe
C:\Windows\system32\Apcfahio.exe
C:\Windows\SysWOW64\Aljgfioc.exe
C:\Windows\system32\Aljgfioc.exe
C:\Windows\SysWOW64\Bingpmnl.exe
C:\Windows\system32\Bingpmnl.exe
C:\Windows\SysWOW64\Bokphdld.exe
C:\Windows\system32\Bokphdld.exe
C:\Windows\SysWOW64\Bhcdaibd.exe
C:\Windows\system32\Bhcdaibd.exe
C:\Windows\SysWOW64\Bommnc32.exe
C:\Windows\system32\Bommnc32.exe
C:\Windows\SysWOW64\Balijo32.exe
C:\Windows\system32\Balijo32.exe
C:\Windows\SysWOW64\Bdjefj32.exe
C:\Windows\system32\Bdjefj32.exe
C:\Windows\SysWOW64\Bkdmcdoe.exe
C:\Windows\system32\Bkdmcdoe.exe
C:\Windows\SysWOW64\Bnbjopoi.exe
C:\Windows\system32\Bnbjopoi.exe
C:\Windows\SysWOW64\Bpafkknm.exe
C:\Windows\system32\Bpafkknm.exe
C:\Windows\SysWOW64\Bhhnli32.exe
C:\Windows\system32\Bhhnli32.exe
C:\Windows\SysWOW64\Bkfjhd32.exe
C:\Windows\system32\Bkfjhd32.exe
C:\Windows\SysWOW64\Bnefdp32.exe
C:\Windows\system32\Bnefdp32.exe
C:\Windows\SysWOW64\Bpcbqk32.exe
C:\Windows\system32\Bpcbqk32.exe
C:\Windows\SysWOW64\Bcaomf32.exe
C:\Windows\system32\Bcaomf32.exe
C:\Windows\SysWOW64\Ckignd32.exe
C:\Windows\system32\Ckignd32.exe
C:\Windows\SysWOW64\Cndbcc32.exe
C:\Windows\system32\Cndbcc32.exe
C:\Windows\SysWOW64\Dhjgal32.exe
C:\Windows\system32\Dhjgal32.exe
C:\Windows\SysWOW64\Dodonf32.exe
C:\Windows\system32\Dodonf32.exe
C:\Windows\SysWOW64\Djnpnc32.exe
C:\Windows\system32\Djnpnc32.exe
C:\Windows\SysWOW64\Dbehoa32.exe
C:\Windows\system32\Dbehoa32.exe
C:\Windows\SysWOW64\Ddcdkl32.exe
C:\Windows\system32\Ddcdkl32.exe
C:\Windows\SysWOW64\Dnlidb32.exe
C:\Windows\system32\Dnlidb32.exe
C:\Windows\SysWOW64\Ddeaalpg.exe
C:\Windows\system32\Ddeaalpg.exe
C:\Windows\SysWOW64\Dmafennb.exe
C:\Windows\system32\Dmafennb.exe
C:\Windows\SysWOW64\Dqlafm32.exe
C:\Windows\system32\Dqlafm32.exe
C:\Windows\SysWOW64\Dfijnd32.exe
C:\Windows\system32\Dfijnd32.exe
C:\Windows\SysWOW64\Ecmkghcl.exe
C:\Windows\system32\Ecmkghcl.exe
C:\Windows\SysWOW64\Eflgccbp.exe
C:\Windows\system32\Eflgccbp.exe
C:\Windows\SysWOW64\Ebbgid32.exe
C:\Windows\system32\Ebbgid32.exe
C:\Windows\SysWOW64\Efncicpm.exe
C:\Windows\system32\Efncicpm.exe
C:\Windows\SysWOW64\Epfhbign.exe
C:\Windows\system32\Epfhbign.exe
C:\Windows\SysWOW64\Ebedndfa.exe
C:\Windows\system32\Ebedndfa.exe
C:\Windows\SysWOW64\Epieghdk.exe
C:\Windows\system32\Epieghdk.exe
C:\Windows\SysWOW64\Enkece32.exe
C:\Windows\system32\Enkece32.exe
C:\Windows\SysWOW64\Eiaiqn32.exe
C:\Windows\system32\Eiaiqn32.exe
C:\Windows\SysWOW64\Eloemi32.exe
C:\Windows\system32\Eloemi32.exe
C:\Windows\SysWOW64\Ennaieib.exe
C:\Windows\system32\Ennaieib.exe
C:\Windows\SysWOW64\Flabbihl.exe
C:\Windows\system32\Flabbihl.exe
C:\Windows\SysWOW64\Fjdbnf32.exe
C:\Windows\system32\Fjdbnf32.exe
C:\Windows\SysWOW64\Fmcoja32.exe
C:\Windows\system32\Fmcoja32.exe
C:\Windows\SysWOW64\Fejgko32.exe
C:\Windows\system32\Fejgko32.exe
C:\Windows\SysWOW64\Fhhcgj32.exe
C:\Windows\system32\Fhhcgj32.exe
C:\Windows\SysWOW64\Fmekoalh.exe
C:\Windows\system32\Fmekoalh.exe
C:\Windows\SysWOW64\Faagpp32.exe
C:\Windows\system32\Faagpp32.exe
C:\Windows\SysWOW64\Fdoclk32.exe
C:\Windows\system32\Fdoclk32.exe
C:\Windows\SysWOW64\Filldb32.exe
C:\Windows\system32\Filldb32.exe
C:\Windows\SysWOW64\Facdeo32.exe
C:\Windows\system32\Facdeo32.exe
C:\Windows\SysWOW64\Fbdqmghm.exe
C:\Windows\system32\Fbdqmghm.exe
C:\Windows\SysWOW64\Fjlhneio.exe
C:\Windows\system32\Fjlhneio.exe
C:\Windows\SysWOW64\Fphafl32.exe
C:\Windows\system32\Fphafl32.exe
C:\Windows\SysWOW64\Fbgmbg32.exe
C:\Windows\system32\Fbgmbg32.exe
C:\Windows\SysWOW64\Fmlapp32.exe
C:\Windows\system32\Fmlapp32.exe
C:\Windows\SysWOW64\Gpknlk32.exe
C:\Windows\system32\Gpknlk32.exe
C:\Windows\SysWOW64\Gfefiemq.exe
C:\Windows\system32\Gfefiemq.exe
C:\Windows\SysWOW64\Gicbeald.exe
C:\Windows\system32\Gicbeald.exe
C:\Windows\SysWOW64\Gpmjak32.exe
C:\Windows\system32\Gpmjak32.exe
C:\Windows\SysWOW64\Gangic32.exe
C:\Windows\system32\Gangic32.exe
C:\Windows\SysWOW64\Ghhofmql.exe
C:\Windows\system32\Ghhofmql.exe
C:\Windows\SysWOW64\Gobgcg32.exe
C:\Windows\system32\Gobgcg32.exe
C:\Windows\SysWOW64\Gbnccfpb.exe
C:\Windows\system32\Gbnccfpb.exe
C:\Windows\SysWOW64\Ghkllmoi.exe
C:\Windows\system32\Ghkllmoi.exe
C:\Windows\SysWOW64\Goddhg32.exe
C:\Windows\system32\Goddhg32.exe
C:\Windows\SysWOW64\Gmgdddmq.exe
C:\Windows\system32\Gmgdddmq.exe
C:\Windows\SysWOW64\Geolea32.exe
C:\Windows\system32\Geolea32.exe
C:\Windows\SysWOW64\Ggpimica.exe
C:\Windows\system32\Ggpimica.exe
C:\Windows\SysWOW64\Gkkemh32.exe
C:\Windows\system32\Gkkemh32.exe
C:\Windows\SysWOW64\Gaemjbcg.exe
C:\Windows\system32\Gaemjbcg.exe
C:\Windows\SysWOW64\Gddifnbk.exe
C:\Windows\system32\Gddifnbk.exe
C:\Windows\SysWOW64\Hgbebiao.exe
C:\Windows\system32\Hgbebiao.exe
C:\Windows\SysWOW64\Hahjpbad.exe
C:\Windows\system32\Hahjpbad.exe
C:\Windows\SysWOW64\Hcifgjgc.exe
C:\Windows\system32\Hcifgjgc.exe
C:\Windows\SysWOW64\Hkpnhgge.exe
C:\Windows\system32\Hkpnhgge.exe
C:\Windows\SysWOW64\Hpmgqnfl.exe
C:\Windows\system32\Hpmgqnfl.exe
C:\Windows\SysWOW64\Hggomh32.exe
C:\Windows\system32\Hggomh32.exe
C:\Windows\SysWOW64\Hlcgeo32.exe
C:\Windows\system32\Hlcgeo32.exe
C:\Windows\SysWOW64\Hcnpbi32.exe
C:\Windows\system32\Hcnpbi32.exe
C:\Windows\SysWOW64\Hgilchkf.exe
C:\Windows\system32\Hgilchkf.exe
C:\Windows\SysWOW64\Hhjhkq32.exe
C:\Windows\system32\Hhjhkq32.exe
C:\Windows\SysWOW64\Hpapln32.exe
C:\Windows\system32\Hpapln32.exe
C:\Windows\SysWOW64\Hcplhi32.exe
C:\Windows\system32\Hcplhi32.exe
C:\Windows\SysWOW64\Henidd32.exe
C:\Windows\system32\Henidd32.exe
C:\Windows\SysWOW64\Hlhaqogk.exe
C:\Windows\system32\Hlhaqogk.exe
C:\Windows\SysWOW64\Iaeiieeb.exe
C:\Windows\system32\Iaeiieeb.exe
C:\Windows\SysWOW64\Idceea32.exe
C:\Windows\system32\Idceea32.exe
C:\Windows\SysWOW64\Iknnbklc.exe
C:\Windows\system32\Iknnbklc.exe
C:\Windows\SysWOW64\Inljnfkg.exe
C:\Windows\system32\Inljnfkg.exe
C:\Windows\SysWOW64\Iagfoe32.exe
C:\Windows\system32\Iagfoe32.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 140
Network
Files
memory/1196-0-0x0000000000400000-0x0000000000434000-memory.dmp
\Windows\SysWOW64\Qlhnbf32.exe
| MD5 | 8d00b2a2ae78e2238e2f3ab72b9c1230 |
| SHA1 | 0ae1f605767812cac5cd6525d8a0e1f48bd5ad85 |
| SHA256 | 9ebbddb211496e0c32ced3c26a7c72f50d52503a1b81aae8b5e466a8d5adf341 |
| SHA512 | 49ba8b53b20aa641554bb75496c28b358da46c82a421fe89768a6e3beb8c7a6233b9d09b724f43289205b56856eb1b9445880e8dfb72f293dbc78755377b5b06 |
memory/1196-6-0x00000000002A0000-0x00000000002D4000-memory.dmp
\Windows\SysWOW64\Qdccfh32.exe
| MD5 | 1a014abb0c39c4d3fdb48539e3bb1963 |
| SHA1 | 3c229e0aa8b356df3a8db75b89a3f9d7e2ebcff4 |
| SHA256 | bf06dbe649949b9fbd65c32740af2dbb0eecbb6470c82c97e44a025697605321 |
| SHA512 | 81b895e5eca1fba3abf04d910153c8c3164fa6a3484c3087eae9b88521228a020fcdea7869a512fb838344acd33caf0daa755c29b588166b92f243f7080338bf |
memory/2936-20-0x0000000000250000-0x0000000000284000-memory.dmp
memory/2936-25-0x0000000000250000-0x0000000000284000-memory.dmp
\Windows\SysWOW64\Adeplhib.exe
| MD5 | cd4e8dd633d8fc4369bb045cecf4b324 |
| SHA1 | d62c62a43ee942bf89016d0ce2b5ee9e08ba706f |
| SHA256 | 55cd6af141a16729c9793546d618bfe8e8de9cec4eb08296bb4f6ad47e6b281e |
| SHA512 | 85c51addfb67ed2fcade152e2f08c923ea3a89815f69949fbf61f81b2aa60fa3cffff72b7e6abfd2977bd99056180be48e3fcf5c2028d9ff4feff1eaed9ec0ff |
memory/1812-33-0x0000000000290000-0x00000000002C4000-memory.dmp
C:\Windows\SysWOW64\Aplpai32.exe
| MD5 | 5b42579e7dd0f54bd84db29cf929ae9c |
| SHA1 | b1bb298277d8bf4fc7270157ff0ec56f87693229 |
| SHA256 | bc8cd98e685aef7e600a2d1b87c58513783726366afccbc714ef9bda5b7065a8 |
| SHA512 | 8d6b2b77e74530b1b3cf65bfad53073e6322df1646771717cd892be396fbe82a1027b791c1b2cdebd860e0bc5633e55a769004805fe200f1a9ac4ded35bba83a |
memory/2572-53-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2892-52-0x0000000000260000-0x0000000000294000-memory.dmp
C:\Windows\SysWOW64\Jngohf32.dll
| MD5 | 467410cc87e618cc89e38483c41220c5 |
| SHA1 | 3c2ed54416437f329b4f4bad04dff2ac02768d50 |
| SHA256 | 6e9d7cd95e2a053658366472244989fa6c6cbf8726b0dc5c4534c05e04ae652f |
| SHA512 | 972bf29fe53b730f4283b4bbdcd4dc76a431bf6646396161bf274a77351c1a820bdabaf0b507dc9804970e5894ae708a2bb2d3ff2435dd1c3e964fe2b9ea5f0f |
\Windows\SysWOW64\Adjigg32.exe
| MD5 | 4ed1a5758e727c08780aae9821093dfb |
| SHA1 | ffa8f85a865f8e21875b92c1d4bca342709544b7 |
| SHA256 | 924469a2455d9e5df80a88c989028a8259af3423bbf35f7adab56ca8ad4346f2 |
| SHA512 | 79553ffaa0776f426997b2ee0873ec61917a515a66e136ef9345c8c05978f3d7476946e382969ca1d43bb13220feab4880961011897b0acb49f398d4b7a13b16 |
memory/2572-60-0x0000000000250000-0x0000000000284000-memory.dmp
memory/2788-67-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2716-80-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Ambmpmln.exe
| MD5 | a08626e2e943b3e0dec0d22eab662323 |
| SHA1 | 477716d5ab3d88e0646af276955218027322ba60 |
| SHA256 | 1417886db4d51a7ec87cfda320ca55225f1b5729c8fac7ab53e8fb0cca2b2cfa |
| SHA512 | 72ca146acd763b9e3cba18ade47c11659cabd618611be6d54eb34681ad0de56ce44e4acfcf4204f5e1e43459b6ded8272c80d4178f84442c4d48f493fdb50f69 |
\Windows\SysWOW64\Apcfahio.exe
| MD5 | db39ff22b46fe1294bae8d520c1fbbe6 |
| SHA1 | d0339004820f3f14850740fba4a288d8e673ad67 |
| SHA256 | 93430f6b651b036fcde9f2174f8b11b72580ca95e102eb81a7062ec60c682f07 |
| SHA512 | 2e4da6cf25dffeefb58b20261276c755f2bd5abbd068ee5bc5389d9d5d0d1ee6cf2383cd21fbd367d32be2a214323bf227f1d497907d438e67f52f20e00314c7 |
memory/2716-89-0x0000000000250000-0x0000000000284000-memory.dmp
\Windows\SysWOW64\Aljgfioc.exe
| MD5 | 44a36c505ddbc59d2a35b1ae768d0bf9 |
| SHA1 | 7843ac42042c823d43f34373ef7a9b4640ebbb9d |
| SHA256 | a08eae709bc8fdac98bb0bd4f12f39b8ab77970c936ed53a79257b13555fddb3 |
| SHA512 | e43811c1e6adb29c85a4bcaffb5998bdd220777cce07cd42b6fd5edccb0da3b08be1099844d572c790aa3b75d8e81112f43ecabcf2783f08592fbc93ecd27083 |
memory/2524-107-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2708-106-0x0000000000250000-0x0000000000284000-memory.dmp
\Windows\SysWOW64\Bingpmnl.exe
| MD5 | de85d191a6339b14bb2023a29aba69e5 |
| SHA1 | 73ae247282bb662e70a9a2ba10dd7168b3a2be88 |
| SHA256 | 4ef0aacf4c9ff17e1d79f5bbfde4b949bb641da314521b619ef70a8dfa43b9a4 |
| SHA512 | 773361f0e7e09494b813d6e15b29fbae1adb1923b5a1099a377b3fe29401043a041e83f9b97eebfd9102f7d54c042420423d5b676cc8b5aec86ccf1154d4ebc8 |
memory/2384-121-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2524-120-0x0000000000250000-0x0000000000284000-memory.dmp
C:\Windows\SysWOW64\Bokphdld.exe
| MD5 | 8146ba11822b3a07bba9d0238dfcd9c2 |
| SHA1 | 8ac40826f19d837d7876daa82b00ea1124ed42b9 |
| SHA256 | c175891b914e353f1a30f7a57a2277f4f0a41854ca98e31a8f6a08c5f0b6ded5 |
| SHA512 | 93bf2a34742d10558114c50b690b923207ca59bc4940a5db8490cc020c88be3781505a39c79cdb4eb316eaf2d737f677e119c90be3b2a7a632eeacb9aa6ce443 |
memory/1696-135-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2384-134-0x0000000000250000-0x0000000000284000-memory.dmp
\Windows\SysWOW64\Bhcdaibd.exe
| MD5 | 9a04ea842570490fa2678cd15e007edb |
| SHA1 | afe9980f9c1cdfd3007086a587eb1f86d99938bf |
| SHA256 | d3257762c03e4171291e62917e820eb08cf63344140ce5fe76480a12a5f2ae3f |
| SHA512 | 51f95856b9017182f78ad9a8c95a0c854dddc1b9ad40c2e20129f5dabbffee93e9832b0f5cc6953648f46034faba21e022873406ec544770da5692c4f91a47a1 |
memory/2352-150-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2744-163-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2768-176-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2408-189-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2236-205-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Bnbjopoi.exe
| MD5 | 60941ad34b369cb31850b25e8a798347 |
| SHA1 | 5149bbd5aa7e363d4b10db6d1e649d19bd3cc390 |
| SHA256 | 3452c6058ae32b2b7b418c7660c98cd5f3400e16f58c278e0974e94d002b28ae |
| SHA512 | 87e225cc95325f110d7010e96abb79a050efaf496e885582a8cbdee2ba41e4cc302fdf7c82308fa69a5f1eec571b95551d25e92d094393f9722f2de39fb83476 |
memory/1920-224-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2428-233-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1316-266-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1384-279-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1316-275-0x0000000000440000-0x0000000000474000-memory.dmp
C:\Windows\SysWOW64\Bcaomf32.exe
| MD5 | ca395f7e5f6956b7da10e8cc4881a5f3 |
| SHA1 | 219ad6b700915e383c4293c1ceea4ff2ff512ee9 |
| SHA256 | dcb0f1998bcf999284abc71d7d36e114f51467d5f00e987021657725606dc873 |
| SHA512 | 9b8231b17e0ba0238ab8684d6cd51b1f14349e5f2b8e7da9e053a23aec8a64fff5b39613f968c6e39441ad4629561744b670a5c617aeb054e0db186dde6f7edc |
memory/1144-265-0x0000000000290000-0x00000000002C4000-memory.dmp
memory/1144-264-0x0000000000290000-0x00000000002C4000-memory.dmp
C:\Windows\SysWOW64\Bpcbqk32.exe
| MD5 | fd5389cfcdbb5925dbbe2a474b38f7e1 |
| SHA1 | 50276785ca4309e9547e91cbccec263ed0b044f4 |
| SHA256 | b069c37f559985523f9fb91e2c18ba3d7c7ccd2df717c7ea83453ce6196fc9e6 |
| SHA512 | 58696055c9893d30f2ab83011f75aff5df4acbb6ef7adf8c0b6e43f923ee68bc1d8350c9e43dce1e52974ef55e6f6dc481af3ff242dfc3f7cee9e48b8134e362 |
memory/1144-255-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1128-254-0x0000000000280000-0x00000000002B4000-memory.dmp
memory/1128-253-0x0000000000280000-0x00000000002B4000-memory.dmp
C:\Windows\SysWOW64\Bnefdp32.exe
| MD5 | 481d05fffbca23a9df10d6937c42d6f6 |
| SHA1 | d3c7c2ec440c10a0d06f4f5edc8e05e82728b2a3 |
| SHA256 | 8e59345a22072ed6db832bf7371e9f7b93a17445aab5799017bf23b152ebbedd |
| SHA512 | 90187e541dc2142c3f7c5e181819137d00a3d6cd021f701d6d6255f3f36f7b9ffe502b15e32812fdee1abfef430f1ab7dd05b0e7ae90b0c713d0ef3e156be182 |
memory/1128-244-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2428-243-0x0000000000260000-0x0000000000294000-memory.dmp
memory/2428-242-0x0000000000260000-0x0000000000294000-memory.dmp
C:\Windows\SysWOW64\Bkfjhd32.exe
| MD5 | 855a12ac041c354efe8507a13546b622 |
| SHA1 | f47b575a87efff7e2edd28df8ff1ba493d2acef4 |
| SHA256 | 4f8762cd36f18158ce0093c6c5636601900a32eb4237b10c82ad24f571eb8d85 |
| SHA512 | 731a28f7aef77cc67a13ac268ccffc2dbb4627ad65a18eb73b171d880a418ae4a0f4d3f90e46e832958c1250d0f798f44cdbba2179c2fa51b5c1783ee3268b03 |
C:\Windows\SysWOW64\Bhhnli32.exe
| MD5 | 1bfbb522d0b52ac34f0bd9df2c773c16 |
| SHA1 | e8e61dcc91472cc3b4812a02850321f56b92871c |
| SHA256 | 3657a647be8015c3a521117e624f17c12796f6b702d88c108241ce03b10a8b57 |
| SHA512 | bc03712c07ec512a893099c7a63a00477c1a478e7eb17a301a5c9c4cf84c86087775a9d38c1eb3609e5882d82420e514777909725fc64adeaaaf79e16b329ff5 |
C:\Windows\SysWOW64\Bpafkknm.exe
| MD5 | f2293781e887d068e8da437de57828bf |
| SHA1 | 198996aebadfef2e8eca5010c0a620a26a7ecf85 |
| SHA256 | 11c28bc3fda7137783805f061938c4d20afa264f6aef74b4b49a86eaf102631c |
| SHA512 | aa4749cd28c8a23cabc9636bf2546883413904dfe417afbc2e17b6cde76f48be955f7462df50b7c5d3898a55f8a61d6be2aad16a565e5e85fc7e82891bb58c69 |
memory/992-214-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Bkdmcdoe.exe
| MD5 | 242dcb5f2012b793505d2592b9b3d456 |
| SHA1 | 8bda28cf5d2875346725284b02c4caeb6e9b9423 |
| SHA256 | ae522bf192929edcb0265809c439602cc9eb755eaa2611ac6ea4cb938818a277 |
| SHA512 | 73518242c74ff8845bb3949ebf37b7cd37026ac497201bc76ce61573f71485d764d515560529d08d1d05547ed880ac233df8578135a818c04d5ac3062b0527b1 |
C:\Windows\SysWOW64\Bdjefj32.exe
| MD5 | bb2ec82beb4a2b9c0f158f3c470e10d4 |
| SHA1 | 013d89da376a4674743d2dd44d525cd1dafe03dd |
| SHA256 | 7d77bcf641dcf64427694f403f6e877435cb485b0e0e89fe5e8922775eee772b |
| SHA512 | 25528908cb23cb7308f0e6c3f302da466744a98b483f1b5e594dbc10b3a2f3563783a1ca4b1d5e2a8226e67864855ff41e14ca41f495e35344af32e6fc41d5e2 |
C:\Windows\SysWOW64\Balijo32.exe
| MD5 | 7df09ca9392a0ba6157dd2b578cb2e05 |
| SHA1 | 13355e3e7f922918e3692e2a542b45ed453ad24f |
| SHA256 | 6707d47cd41086870a8cfa4806b847c9e889ce45ea97995f4de9ba15cbb64062 |
| SHA512 | c190f25493601436d9734fd82f9291219987a0d74c34981d23aefe33165d363049308cb924fa125d4bdc7a12bd56441aa806b6ea194f5650ae61a7de669aebd1 |
C:\Windows\SysWOW64\Bommnc32.exe
| MD5 | 48cc6287cb604676cbe90b0ea21f7b85 |
| SHA1 | 2f482de1ca4e4ee2743e6f570ed017627c76d679 |
| SHA256 | 7506a653a8543eb7f0ade5d514f324fb35002c45ee9a2f4d2aff6cfc1534070d |
| SHA512 | d2827da0a299e9b5d5b47ee1edd114bf700e25d457dc193c873ef9103a79df3f50cd2e466f6b4f5ee76f26eaebdfc8ae807f18aa40c3e676daf092b62638889c |
memory/1696-149-0x00000000002D0000-0x0000000000304000-memory.dmp
C:\Windows\SysWOW64\Ckignd32.exe
| MD5 | 4594dfea16bd855d08277a5e184a88bb |
| SHA1 | 2669616ce93bc0cc3f455bbc0652ddc916a9a78f |
| SHA256 | aab5b1faf1be121c685cd09db30be905200e60e477582229abde4d9289c3bb64 |
| SHA512 | 2ebc31c5a13e6eeb4f27c10818a3e61224189ebc4ac1b5186e93e38df7331529e3e50c137e8e4635ef8b3f9a972f8ae310ddede42956488012785dfeeaa764d3 |
memory/1384-285-0x0000000000330000-0x0000000000364000-memory.dmp
memory/2108-286-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Cndbcc32.exe
| MD5 | 5658705ab1c01977eeefe277713f3dd4 |
| SHA1 | e9d6e66100cbb953f9d2c2599a0baad6fa59612e |
| SHA256 | 180682e9c4e84519dd9b9a065ed0abbfac785737ed73208b353b28c28b931386 |
| SHA512 | a00599d258f23950289f3a29a83ed5c06ab394c7f5075b4fc580e10f617edd9faaddffc14a65c175f5900b19b9e5bb2a67aec0e7ea6ff9c66c4d7ff786d5c6b5 |
memory/3040-296-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2108-295-0x0000000000270000-0x00000000002A4000-memory.dmp
C:\Windows\SysWOW64\Dhjgal32.exe
| MD5 | c521ea95e4ee9e6223d4116336b37f34 |
| SHA1 | b3602e6bca85ac93b280095808336b620d0a818f |
| SHA256 | 7c737c0d2fc6c505c422fed6f21500c8162dffd7546b8cb5bcccee3b4bb22522 |
| SHA512 | 0998f207a570e8067f2b7c06cd769cfd0da129a26ff5e4110a77d79bc01da6ecba562d680be3a09dabba75d4de3efabd9821e37ed6316097935838599916d7c3 |
memory/620-310-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3040-309-0x00000000005D0000-0x0000000000604000-memory.dmp
C:\Windows\SysWOW64\Dodonf32.exe
| MD5 | 0ce7bf12c95ef7b4e5f64064bf6cb917 |
| SHA1 | 9f9632c6bf9a34eb4eb8eb745863fdc294a31537 |
| SHA256 | 01ef3cac6c49a7b9bdac047f6784560b0eb91aba3f11d761c80939860e7f4ca4 |
| SHA512 | e59282941881d4a8d9fdec72b1d0a90db0095243aa0ccc63fdbb7abb681b17f75cdc3a3b0842845c51303802ec91072f3f6322777d60a5eb0c7452b53d9ae8cb |
memory/620-316-0x0000000001FA0000-0x0000000001FD4000-memory.dmp
memory/620-315-0x0000000001FA0000-0x0000000001FD4000-memory.dmp
memory/2960-317-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Djnpnc32.exe
| MD5 | be4cab44d94bb1beb84658e957d9f046 |
| SHA1 | 41eef95bb749e99acfff19ae868525ddbe304df9 |
| SHA256 | 7c5b09ccc92a471883e13bcb4b3584b404da3f1d7b2d77dd04dc917294802a91 |
| SHA512 | eeb5f36e5d51c6fc6068c5b81dfed5950f6d2dd8107016b9355d31584672cb7bedb063fd9bb6c338c21bcd9af3a73d018929956ca7245d25638fb906395c90e6 |
memory/1592-339-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1452-338-0x0000000000260000-0x0000000000294000-memory.dmp
memory/1452-337-0x0000000000260000-0x0000000000294000-memory.dmp
memory/1452-334-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Dbehoa32.exe
| MD5 | 79693274eca908eb95ca7effe12042b0 |
| SHA1 | 16875f8344caec1cc70b3d6f42162a3c73c6fee2 |
| SHA256 | 26512963eadafd9c304330541a6f133a19da8bb14de68f6937497628e524fd72 |
| SHA512 | 5f5ef84009690681b096853d9ef213fe69de77ea590b60239e1a2ceb2b1b37ca3563d639ec50c9039e3580b879d60f64f4d113289649b2284247130e28d30c09 |
memory/2960-332-0x0000000000250000-0x0000000000284000-memory.dmp
memory/2960-331-0x0000000000250000-0x0000000000284000-memory.dmp
C:\Windows\SysWOW64\Ddcdkl32.exe
| MD5 | 61883b0aeab8d3d66f3cf8c99a79cc45 |
| SHA1 | cdd8d38b7c9e22ed6a3ac6dd269906f25e90172b |
| SHA256 | f62db1c6a48554893e147d8941ae0aeff5304a9950e611a9908abb385ed824c4 |
| SHA512 | a869a092a982d4c9f167c66f20a0edb056ee3d5f9c9039ba7c8f863090c8b9edc9f500ca0b02bfb534aad01df38ecab641f44e622affd7332618f2d641d2a32e |
memory/1592-349-0x0000000000270000-0x00000000002A4000-memory.dmp
memory/1592-348-0x0000000000270000-0x00000000002A4000-memory.dmp
memory/292-353-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Dnlidb32.exe
| MD5 | 3fe6e947e8974ed3261d4457eb48816c |
| SHA1 | 2623f90a0ee690ecbcd9f54695824afc338d1d09 |
| SHA256 | a1ffe8f6501f929b66f5fce75ce0a13603d7f9f9c10659276b4263241beed766 |
| SHA512 | 18174ad5ff0512c786465cf8b5b472f26d78581d63c6bd66483262994577cd67f0872da8806ba0484febf27da3b603ade129d7d569cd570adcbad9a48ef1ae87 |
memory/1508-361-0x0000000000400000-0x0000000000434000-memory.dmp
memory/292-360-0x0000000000250000-0x0000000000284000-memory.dmp
memory/292-359-0x0000000000250000-0x0000000000284000-memory.dmp
memory/2592-372-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1508-371-0x0000000000440000-0x0000000000474000-memory.dmp
memory/1508-370-0x0000000000440000-0x0000000000474000-memory.dmp
C:\Windows\SysWOW64\Ddeaalpg.exe
| MD5 | f47bd54556245a9711b441203fc0e452 |
| SHA1 | f127dc2910ea062c1ac630c02c8f358654c8a497 |
| SHA256 | 297f84288ed8b6cc8e54d04906b7d0c3018be9f22a14f2cb517237a6f7707f0b |
| SHA512 | 2ceff37b3eb3105d66e60050454e4b917bcb6ddeb4b15d5a82a4edc3d9c3484a2ce19301f26d400f018ec46ea6501048cb004d120bb9933ca3cb350cb1b0840b |
C:\Windows\SysWOW64\Dmafennb.exe
| MD5 | e0c8ef97486c61d833f71195ae85cba3 |
| SHA1 | 57ab166ea98bfb13ee58cc7dd89d1300adeb737c |
| SHA256 | 456161b20611e4058f2355651e979e912bc0efb896624a52c4b1d7e16a5ae461 |
| SHA512 | 9ac813e11f9f4de0ce84551fc4f389719070ac38cf6c2ab32b0c97a9ecae2f11389fccf318eb15995368361581e9c536b6c9b8c0846c1adc34a284868846a083 |
memory/2796-383-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2592-382-0x0000000000250000-0x0000000000284000-memory.dmp
memory/2592-381-0x0000000000250000-0x0000000000284000-memory.dmp
C:\Windows\SysWOW64\Dqlafm32.exe
| MD5 | adb16f30994419222959c7ce70d2391c |
| SHA1 | f75426dc2f9168795cb8fc11c5b143ed9e8b79df |
| SHA256 | f2b1f771c354296d5ff59967cceedd22f64e1248c69c6a3d21fd33058f031d71 |
| SHA512 | 46e3a72d2a65a5f850847e168890bf16ba66845eb5749ca9628933306d189861850d43819e931fc96e2797205576989451cb28703d24bfd365586e0debe3e108 |
memory/2496-393-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2796-392-0x0000000000250000-0x0000000000284000-memory.dmp
C:\Windows\SysWOW64\Dfijnd32.exe
| MD5 | 1ebdccad4a5056b4a8802f0be399a799 |
| SHA1 | c6e1c70ffb6dc2b99d8d9fdd61c0601c2ddfcfbf |
| SHA256 | c8914a9427d2f2b40491bd6c8b6e036f80b9c35176f0bb3061d1e39832de5084 |
| SHA512 | cd37d2a39ac1bb01d76c036246e23ba418a9c0d6c54dcc57f546c49b6c126b12ce48b33f51b0e44665e89ab81bb1d2737366a631e8768916654a3c8ee30d73c9 |
memory/2944-404-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2496-403-0x0000000000280000-0x00000000002B4000-memory.dmp
memory/2496-399-0x0000000000280000-0x00000000002B4000-memory.dmp
memory/2944-414-0x00000000002D0000-0x0000000000304000-memory.dmp
memory/2944-413-0x00000000002D0000-0x0000000000304000-memory.dmp
C:\Windows\SysWOW64\Ecmkghcl.exe
| MD5 | 7deeb7aad2508cb6cc25f61af72cbde2 |
| SHA1 | 2e4658c7e514ad43a8335a3037882d86ed64ebc2 |
| SHA256 | c9902cb25f741fb9e5b8f3e8fb36cb3636cfa58b47b7aac531e35d687714a9d2 |
| SHA512 | f34fc68f9c44f74546ad3b97c7a044f3fcbbaca61f9b18411e5a9d1b3f1ddb084a58a73cd0e3e2e7e36f5a59b771ec36d99dec29010468cd7c3f1e8b9049dfa5 |
memory/2632-426-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2476-425-0x0000000000270000-0x00000000002A4000-memory.dmp
memory/2476-424-0x0000000000270000-0x00000000002A4000-memory.dmp
C:\Windows\SysWOW64\Eflgccbp.exe
| MD5 | 3fc3472aa52bf2af8ffd66f49d41a041 |
| SHA1 | d210020b050f0b6b66d0e79cc5cc885b500d93c1 |
| SHA256 | 101ea02cc03cbfd6f2b8ee99e473521bb038a6d3a4c8465fdeba7e8222120139 |
| SHA512 | 8e15f2e30bc85640607a7ad53116e60219cbd811412b9deb3f16e4eced35f9f5245e9ba211bfe974be38893ecd4f02baf0102b98df711b78f2944acc6711c402 |
memory/2476-415-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Ebbgid32.exe
| MD5 | 04da049d3a5b4078140b4da3480f9d8c |
| SHA1 | a2d93838d2595d854e0be51d17e90e88e839995f |
| SHA256 | 68f602ecbdb02ee18b825869ab784b42c304fb0487d3103a937df59d1d6bc4d9 |
| SHA512 | 2c1989de9f7755e5781cb0517f389d719d46d97e97b4ae0ec90467d2303511d49f7c976a836e10797f8658cf720a35e44e9d43caaafb8b70cd3afd2eed5c6c9e |
memory/1280-448-0x0000000000400000-0x0000000000434000-memory.dmp
memory/848-447-0x00000000002D0000-0x0000000000304000-memory.dmp
memory/848-446-0x00000000002D0000-0x0000000000304000-memory.dmp
C:\Windows\SysWOW64\Efncicpm.exe
| MD5 | 858f9e378bf3f4c109f0f3c06355c3e7 |
| SHA1 | 8a7d488f3c88d922a177e0290394df31b7654561 |
| SHA256 | a18bffd6b38961c86b592e0aa4ca614f85d696cab57861937eceaeefc7caab88 |
| SHA512 | 0c780b680403888947a9e1eb63e26b935598ed75d35796c1c914dba695d77d7ef3240e0c35bcfd9ccb680856e08932f032c98930b5fe38b6e39190d88b217573 |
memory/848-441-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2632-436-0x00000000002D0000-0x0000000000304000-memory.dmp
memory/2632-435-0x00000000002D0000-0x0000000000304000-memory.dmp
C:\Windows\SysWOW64\Epfhbign.exe
| MD5 | 46ae2ed3f66ba527dc92b5fa4de93390 |
| SHA1 | 4a3dd4c68bcac68fbfea969f6d4fe4a5c334e9bb |
| SHA256 | db80c570e68835aa0d6eda589765426b16c7d5cf1ab7edc4c80f833d46ad6b08 |
| SHA512 | 9f4a711d47b26994a37573a8f9a5cc30173bb97d338a152026345e8ef12f2b156ebd33f1d73fba8af834e1200cb516446c3bfa2fd9db2e860cde638e520225d9 |
memory/2692-463-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1280-462-0x0000000000440000-0x0000000000474000-memory.dmp
memory/1280-461-0x0000000000440000-0x0000000000474000-memory.dmp
C:\Windows\SysWOW64\Ebedndfa.exe
| MD5 | 345b1aa096410706a9a36e8696b63568 |
| SHA1 | 3a344703f9b4071347cf70b3208d53280953ce3d |
| SHA256 | 946d78db31382bf1377ad54dd2ea29134c2ef6ae6d3fd9d800f078bc6cf66962 |
| SHA512 | 8b6e1ff6e9ce81c391d0602a097a30765300037cdc6c0f439f8c300ab9ef6a4251517620a8fefab2ff4534febfb25c2af7f00c96763b005eda702568a64fb964 |
memory/2760-470-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2692-469-0x0000000000250000-0x0000000000284000-memory.dmp
memory/2692-468-0x0000000000250000-0x0000000000284000-memory.dmp
memory/1924-491-0x0000000000400000-0x0000000000434000-memory.dmp
memory/776-490-0x0000000000270000-0x00000000002A4000-memory.dmp
C:\Windows\SysWOW64\Enkece32.exe
| MD5 | 71ed6660a283a04302c006d18ef8108d |
| SHA1 | 565a55d6f0026b7ec53c11f71d5a45bfad613850 |
| SHA256 | 22621c0bf5d0162bf5105129ec476a2d7ff3b13ebd7b7cd890d86344dc0c2885 |
| SHA512 | be2ae4b751c1f31aef4b411cc2dfaf966f0293cb77c19019372f080a3dc2ee92f7b66578056ea9a9dc87fee4da14aa72c361317880fdadbb02b91b5ddc153165 |
memory/776-484-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2760-480-0x00000000002E0000-0x0000000000314000-memory.dmp
C:\Windows\SysWOW64\Epieghdk.exe
| MD5 | 453685d7d271da925f580c70ec211039 |
| SHA1 | f879fb4490db27a7e7452d20d19d286f9f4d16c5 |
| SHA256 | 2df1638e2ed98a6c685d923e7f156f0eaf5fd3edf26a36a3c9411132490eaf08 |
| SHA512 | 56ee804602430fd93653c8dbdb29d8ad15a318fd47eb9cf9177485f1f11806983e8fa8192d3c833407717d4e6205f3d2f97d6076cd736d75298b6db744383082 |
memory/2760-479-0x00000000002E0000-0x0000000000314000-memory.dmp
C:\Windows\SysWOW64\Eiaiqn32.exe
| MD5 | 25a1cf2af53a5b2ef258ce3b3e31d582 |
| SHA1 | 7a1ff6a7d7e22e6b729baab858a5d19780bf6d49 |
| SHA256 | e948f4967dd2ed36c930b298b55e0be47e1dc3971c5ff322ac066e028dfbee80 |
| SHA512 | b176a6ca02ec956f80ef7daa3de1898aa2dabbf5ced691546118c46b54a0a2d0d48f614ba42495ab6c8428e0cf17ff5b044ff4d3a75982124a6ff1b72d8d058c |
memory/908-511-0x0000000000250000-0x0000000000284000-memory.dmp
memory/908-510-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1924-509-0x0000000000300000-0x0000000000334000-memory.dmp
memory/1924-508-0x0000000000300000-0x0000000000334000-memory.dmp
C:\Windows\SysWOW64\Eloemi32.exe
| MD5 | 6a5660008c0fedfc52c067049b2301c9 |
| SHA1 | 40262629a0abd830b574949915f0337ef7f9bad6 |
| SHA256 | f110d4e08e6f69ff93f0b00e5557512e0673c98317899bdcd3a39dc0bb74265e |
| SHA512 | e4d945487652a78686e766baf6b2f8ef30be06c52522e2a70c3bf858c1d02c3381a65d46f81ffbb714741e2eb0e53fd46a224941bf71f787d67deecd5caf96f4 |
C:\Windows\SysWOW64\Ennaieib.exe
| MD5 | b33172717f78fa71d2d4d7b89a45c104 |
| SHA1 | 85109704f797c6afde28f4d10c9c8b808f06c51d |
| SHA256 | 0ece4eaf32e6227ffa238571b825f7b6082b1c89491e5bf6010ca4482daf7fa1 |
| SHA512 | d2e79a59f71af08ec16d3f11a20e0fea3b3c10bba1f9093d5b48f3a0275e8f66347920f3d44c6d38298affc099db9736de0f2f8731a04bf6dc21c16313d0ef29 |
C:\Windows\SysWOW64\Flabbihl.exe
| MD5 | 806bab4dbfa507a75899ab5aed8bd4ce |
| SHA1 | 67bc200caaa65ff9ac06d5d174c065736df62466 |
| SHA256 | 3499bfc60cc7753741725069c910198a96edf52e060baebae8dd3903170b6790 |
| SHA512 | 1d7521752484c692623db75d297f115a0cd95a1bd2c8d5bd32ba894264d1b4221dbdacd762764ba62a64a21630c89d0c91060b9af8b190c576fdedc9b650e206 |
C:\Windows\SysWOW64\Fjdbnf32.exe
| MD5 | b52819f4b84aab1a109971c7a84adf90 |
| SHA1 | 6420cd59927f261302df0ca32182534c7635426a |
| SHA256 | d0f21e6f2be3bacb6a8c794d501f65ed36be52a8cb864065cc6bb6f56671825e |
| SHA512 | 705d5724216c22f30f797bdf154510f6c3066f5806348424717b8021ee878b40e8257aac3b942cfe22db81a08a6b3b00b4db9ff26ddcc0cb9e77978b2ac7eb6a |
C:\Windows\SysWOW64\Fmcoja32.exe
| MD5 | 1b47515588b00f944d5818b8d82c3f04 |
| SHA1 | 731632f83d7c9bb9e79d56d0091bdbe5a24fc321 |
| SHA256 | bb52b5d37d76063eb731acb3254e188444d33b8561504b0aba8af3adcb2316f8 |
| SHA512 | a76220f35df04314b448274f92c5993d9034649d64664add09ee8926b42031a8102a33abeaf1f743b96681f65fc2e92199ef6f11e4e1c7d4cac4ee5940ed2848 |
C:\Windows\SysWOW64\Fejgko32.exe
| MD5 | af136bfdd69ddfd0b2153325d1f36a4a |
| SHA1 | 4a673a9e7280758ee6ce4a4fff41e79d4bad6440 |
| SHA256 | 82c482b89236eab0420a1c338b7add86ecbda142a160bd489b62f39a025270c2 |
| SHA512 | 444b35ac119198f203c7950c8aa43fffc1a8fe1921ba665d55a01915e0706cd4cafbf0c8a7247741b074594fb6f429cc2e8e7042eeb6f0275bced8375f1a1e89 |
C:\Windows\SysWOW64\Fhhcgj32.exe
| MD5 | d4afbe420b3293af8d37dc1c66c20a5f |
| SHA1 | bf5682729789a66884504762fe57cf46f72489d0 |
| SHA256 | bfba1862b421da054f62d42f3d659dbd72b4a5c0272478fd029c366f7548365c |
| SHA512 | 61052dcbf87f6de41f78469f24d6957b685d2e3bf271aad8034f29a09dfdeb19bac7783c1d82a2cbf17f11b85c2630c1ed653d3419dd52c360ece66eaea1a5ec |
C:\Windows\SysWOW64\Fmekoalh.exe
| MD5 | b9d8c4a816e3fa041c3f548573b0b907 |
| SHA1 | 3a83f34c48cdf8df3b6b667597acccdb9961ea86 |
| SHA256 | a60c6cc7640a436820030730d6bedc1b621a691b776fa1d56276f5886af7b49a |
| SHA512 | 0610e5907f22efc8e40c3b02fdd76586c069fd19358b2907e8ffc8a42f71c8f1fe91cd910c397d249e15fa180dcd22f512f11dcbdc7cc2bdbd6e4b40bf4fdf1a |
C:\Windows\SysWOW64\Faagpp32.exe
| MD5 | 80b9f72649095487fced1ca45b9c200f |
| SHA1 | 88363c1276d7ce74276399c920fa0bf7fe3ad736 |
| SHA256 | 671700a61085893c454cc9aec2cf672d0c9164c4cc1bc4a32ac8d263795709e4 |
| SHA512 | 9f82b0597aa322f39f00ed7c04f795ca27efc190c680627528544d4782a3d0bcf03fefdf176f34a2db2f6d26f621349124b5a4583dbc7cffc1c73b6edbb8cd9d |
C:\Windows\SysWOW64\Fdoclk32.exe
| MD5 | f74770609ff595bf09e1f64e985751d7 |
| SHA1 | a1efe71406b88c2be000561088e443549381c82d |
| SHA256 | 8ffa50e1a9999143a5c07735528aeec57c9e0c4f61686f0900387e613bd9cad0 |
| SHA512 | d93f403692451b41e0907db9878ff4231db2b98d3b3db46b1a2d5a7ba8814a87c1a8e643b648126f8b7274a7ad4d08fee1ac03c3f660ae912510c6845817342d |
C:\Windows\SysWOW64\Filldb32.exe
| MD5 | 7532d58c785b11a19e1d0472285696d1 |
| SHA1 | 0e7061365f80d0a4078fce715bed9fea9e47f816 |
| SHA256 | 7cba4ab7ab110f6a03a6a251cb7d18db2955d8a3053d1b15a215bdb813b0ff1a |
| SHA512 | 1aa08002d4c19069c75f529a9b9e34442348d84eadc44029fb94a2e26f759c4122bc5561c0fe0ec1b87be7e86d48872c1a4c93e858199e52afdb3e080baba8bf |
C:\Windows\SysWOW64\Facdeo32.exe
| MD5 | be57c69c0c05c00d28e8eaa3d09bfde0 |
| SHA1 | 9c4379a9e7006aff29d318d53e5ab3e8609c4207 |
| SHA256 | 4e25f45ca020b66b618e6168ddaea2f1a587185f6ec6d544c5ca086c5f2a1392 |
| SHA512 | d46ab507e8987c51d6668a38c4fc81f1dbe6e0ae30e5dde995f16fffc468026a81745449f662e868ad3f7f7b8c379b28b29b4a524b09ab8a10db93b6c7e25bd6 |
C:\Windows\SysWOW64\Fbdqmghm.exe
| MD5 | 2459f79f04fff69183baf3ef540aee25 |
| SHA1 | c0a72d78e24395d9b0e58a1c657b88918687df6a |
| SHA256 | e1c7d0463f6e8d66b867d0207b035b2a1b65f58f3d2ca953401c1232e09de864 |
| SHA512 | e9525389ac5276f7e779ab3435b41f8fd9a6a589a7104251ae3a1cd439b89e2d612e5afb2c215594fb8947bf648851807cf62b1ddcc5334b7cc63fe99aa995e6 |
C:\Windows\SysWOW64\Fjlhneio.exe
| MD5 | 1036caced5150cdcd7cd04adc4691086 |
| SHA1 | 74289535a86da1907777e08344a318227982a74d |
| SHA256 | 531a7c72c5251da4a47854c350eca23e5a655167f05f0c1d541481e3b3dc231e |
| SHA512 | d32925ed2dd8eeb0184827c90297e794809e101051039e90b854ff10f35396c9b1c8aedcf932a358710aa1217cc80000ca4e93829f959ca5cc727c8929e15b91 |
C:\Windows\SysWOW64\Fphafl32.exe
| MD5 | 58bb3aea00d6d3ab022251ac7654fcc7 |
| SHA1 | 2c8b6f8e65196d265edb6425ebd8cb1334f996b4 |
| SHA256 | f771f79eb17a296c94bd8343442788c3c95a15b84fb7e22ed3e7906fe07df3d5 |
| SHA512 | ef6e64b683ec6e5233dbabbd5b35c096661a054173b48ade77347775aa7849c9de1693299e6e517b7ae8b529564e6ca003b4a0be76003b1d5c40e1d1411a463e |
C:\Windows\SysWOW64\Fbgmbg32.exe
| MD5 | a451323774d1afdf9e52e3acb67a13cc |
| SHA1 | 4c4b11453c14410277055f7004be5a6e29b070f1 |
| SHA256 | 97330283ab881eed20416c88ecaba026217c43df03ce12bf774ea3c5e8919fee |
| SHA512 | 3f313d9625ac1b6c7717c6401ebdbf0e5151beee08b72ce2f3a9223ad79f629ce20e719cbae158b6fd751f8f718eede845489aba5813d05fc29538811818b10a |
C:\Windows\SysWOW64\Fmlapp32.exe
| MD5 | abd5e632d046fadb054eb018808a7b7b |
| SHA1 | 48510273ebcfffdc4e918bebac8293037f2bcee5 |
| SHA256 | 88d653366a2a6310d90975d4b4764ec71f3c812d097fde46536cb68b5185a323 |
| SHA512 | 6ef51167e8f61bc0bab53f1b9dce5bf8ba2f4c09d962b91ba476fe56d966da20c77c4e55ed7c18c7facb1aeddd913bbf7f305b32dd1a45ee4936f2bc26626c4c |
C:\Windows\SysWOW64\Gpknlk32.exe
| MD5 | ecb9c8bec65fbd0539c602cdf94fee54 |
| SHA1 | fd286a6e67465d6b33027cf0833f20c41c5d9417 |
| SHA256 | 9ea7e6105a8c194324ef64cbde3c3a745c695ddd0fd887402f498fb18234c8b5 |
| SHA512 | 9e083b7f2e030615267301af3bd184e66dc6d0e84638b95c68d97f9a92e9a1f7989a32c751fb9021c331cc117d32c9ea19da06e83638ab53f75d81f436e064c3 |
C:\Windows\SysWOW64\Gfefiemq.exe
| MD5 | 0dd9e65db9a5e0edbad9248ec693daee |
| SHA1 | f91383fe2f9083fce5b3b760212f7450f4c6e7c4 |
| SHA256 | 1da3ff950b2b1d87fa325fd62898d0c7aff3cd4dd13ca89f30320f3870a68471 |
| SHA512 | 5afe797a4d1606a76b995a697b656c1c85073ea97b225e07ae8b3d0a6d21661619a5e364e9730519d4c63f068204fe1b7299c822864db35df6478fd34a5bd9d9 |
C:\Windows\SysWOW64\Gicbeald.exe
| MD5 | f940e96e02f0a4344633da7bad25f664 |
| SHA1 | 2d7b0794d28207e829a02cc92c56fd64d6316358 |
| SHA256 | c386c668014e4aeba4312b8a12b16cb2979cbbe6d366bf82826778155ea4c51a |
| SHA512 | 50249ae292cb2699b39c9b65282a5b874b6b60410e86945ee0fcb3208621a51e360cb192eda46964f450d8d36c43cdbe3c6eed2ea4d46d129987b90bd390e62a |
C:\Windows\SysWOW64\Gpmjak32.exe
| MD5 | 79475ae22dc1a01ba562a90346b7693d |
| SHA1 | b32d33f573e29641c8675fae3e3e9854c962484b |
| SHA256 | 08ae4a82e60b086c7927c048d0cec6d9096e3ef3d2b532ee579629b0e5c70d68 |
| SHA512 | 67b73cfa1301d2d51c9d514c4ec2d9892ee28d31dde1aeed385225c30ecd6a72d7185e752279cc37c6747f2663b6ae52c134660bed623db1b36b1659f51a4db1 |
C:\Windows\SysWOW64\Gangic32.exe
| MD5 | 45add15a6bc831cf01a1d16e54e35d62 |
| SHA1 | 65abcf4eab5bed499e4809fe13f6870d6f69d759 |
| SHA256 | bbf4046e34cefc4ff19d50310e04d1833d73f9f624a2949e9e4a67a0eeb9e985 |
| SHA512 | 7a4c902e0ba6e0a4864ccfbf7ccf956e2d828e04b7348d9fd3c5b4724f8ab83b876b3e4a0a5359b68390257a7c54a854f8432505525be66854c7fc033110447e |
C:\Windows\SysWOW64\Ghhofmql.exe
| MD5 | c8e2973be84513a67507909c8f722a3c |
| SHA1 | 821bc853e4f792f7fff6b8c4107a6e333a436134 |
| SHA256 | 605b803d1aad978c99d6205a94edff61f2438257705b71c5852e27bfcd5c2978 |
| SHA512 | 729242f54c604022794ee1ed32ea20f09a5b98b76b62cb09334ec716da7f9cb8f06340013ff34b9cd2d9ac0dd8110079ee2d7c94712bf78ef4301aa67bc379ee |
C:\Windows\SysWOW64\Gobgcg32.exe
| MD5 | 2d00bf76e81a45ffefc3b320e345f378 |
| SHA1 | ecca3a2c3bb1121a7f245048b31154cf484247e6 |
| SHA256 | 81a671119704c1f3ebd8e79e3853108a859a117dbc90a51814cdbd3533bb003e |
| SHA512 | 8b057d12b60475cac2c0ad4373b5295b57ffd40228d39054884f2a3826ac14c22e3a178c0dbf9e49b53199e23fece1b2968ad642aae299759ae206bfdfd3be66 |
C:\Windows\SysWOW64\Gbnccfpb.exe
| MD5 | 8162b7aa16730e667532a651437e85fd |
| SHA1 | aeea9e521515b1303f0ad79d53f87aff56347a47 |
| SHA256 | ac8e09f94e55f8a1812e25874a5b171bceecbd4708ec5266fd17424192eff50a |
| SHA512 | c1b019441439830a0c681a57ae98327a82d021318af372d73156bc15e1e066956938e287693e4ad774f19c1b20eb101f596c02853c13dd575d7fd953ee821ed0 |
C:\Windows\SysWOW64\Ghkllmoi.exe
| MD5 | a56bebef2b65b9fa417d331bd9e36aab |
| SHA1 | 7e7713da8763eefdeaee0352aaa73ff2ad7f6bda |
| SHA256 | fccfcbec98650721a71664bae6faa33a0e4018617e87ffa402236e68e59a3a0d |
| SHA512 | 682417eb005d46a7e124ee6d94ea5609e96795f63c10aff10bd11a8e18f1599bba9d7fa79ff0a2fdec1829e63c54d7352ae02ae91a695734ab36c3cda0b75d4f |
C:\Windows\SysWOW64\Goddhg32.exe
| MD5 | 6458efa91ff4d38a7ee43c6a8b3aa0ac |
| SHA1 | f7ffc3badaf068225aad3f8b713931dd3e75fbe7 |
| SHA256 | a836ea965aba6bea0630ba3413bbfabbc7f5d371ec847e9e989659bf55bf083c |
| SHA512 | a26ccea485f2210c4d8d75a956f282ee3bed730d704f9e0a145056871983f80ac439385e0031c4eeefe40a7dd2938fe9978d0eb967a11bbf69149e6d9c3ff0cb |
C:\Windows\SysWOW64\Gmgdddmq.exe
| MD5 | 4507a022bd6579ac54a439e29fb33218 |
| SHA1 | 719c9139fa44fd8c84e8915f176485f299a6b06f |
| SHA256 | 738e7cd361df4cf3266ef9db2999e18fee19f96f66c6d117dc441ba0afc2f3a2 |
| SHA512 | 6d050dc538f4c4cc61a12345fd66411768658ea81a3e1d53fd194a559eaccb72681aeddd635f2f974342cc54699adee677cf1903a7cfc5fab400985096bd3008 |
C:\Windows\SysWOW64\Geolea32.exe
| MD5 | b4b0da95e833b1632b9090f636ad7e62 |
| SHA1 | e070cef2a7c02f1ae9e4c9320ab940deaa6ce859 |
| SHA256 | 670e4a6b9ffad9f17641939f1a2c246286efca7f2f64a221ef96a09cf1d88d9a |
| SHA512 | a97252cef3698fa7eb0e3f506da7e79b9f5f1a154a959645312c5c0f1519bff8b8642bc7cc12f73d29331360b1d6385c749f61224cc2d2e1c2c351577b0494f3 |
C:\Windows\SysWOW64\Gkkemh32.exe
| MD5 | 215548ba4f1a154c2300694957617481 |
| SHA1 | f2c572daf0e3da7eb5a4e8fcacb3707dabc5064a |
| SHA256 | be52a7ff38748da51e9abaa5776895de822b4170acb881ce63e2c72584cb9df9 |
| SHA512 | fea8422ef882b8e02d4562bc7d7ef8a9fb815dcf1c0c171bb56d92514c4abcd844055d1a254b5b2b999f62b1ca1c898d67329d7d2706ce4242ca3f0fe8d6f410 |
C:\Windows\SysWOW64\Gaemjbcg.exe
| MD5 | 8291973795af4f65bb94649054ee15c5 |
| SHA1 | 3bb2eb74e49c2bcb0ce83395787d9a79249b990e |
| SHA256 | 162fcb00f8332d9b246b1d7b0f9b564e6fb46477e9f3651e5bdd84cb5d942b6d |
| SHA512 | 79cd19673125edc299007eb3fdc04a799f8557614284956908d1879dded23ab10fdd960bf47b0582eeda6133a3f46e80cf41324737d06ae5c982ba3926a6c7fb |
C:\Windows\SysWOW64\Gddifnbk.exe
| MD5 | d4a42226b0eb96ec2afe69ec731c8518 |
| SHA1 | b5de4b3a6362c64873221969beee17d01591f7ea |
| SHA256 | 250fefb51c060d51294d70cf56f273bf4633e4e66495a59740fbb8176c3bbc02 |
| SHA512 | e0531dcc9274ffb94d2ac5158440eb8d17c8c53df7890676cd383c5912106089e2544544fc67d13180a0add7bbc291700206d20c845782908be04a0dc005ff79 |
C:\Windows\SysWOW64\Hgbebiao.exe
| MD5 | 6e23c658c6b64ff779ef23929ad34ddd |
| SHA1 | 93b59007213bfda310423a3edba9727194707ec1 |
| SHA256 | b5e4ef2b05109fa67b195c38387b0245e914374db35ee50a3f69590afed0f0d3 |
| SHA512 | 5d7e1972ffef17e1ab6d659b45864f2419c270dc2539ac7eca736cd1129e3c3555031cab49ee4f2811cdba0f8a491b2a3b77f50464987e9ea6f76dbccacf3d39 |
C:\Windows\SysWOW64\Hahjpbad.exe
| MD5 | 92fb2bcff60d07879514dac4bb95bc57 |
| SHA1 | 6a75eff107250882d56b684463e5efd217008ee5 |
| SHA256 | b48d7f8bd95636de494f8a3422eac3b771b77ad997804184d6f1a27aa2281949 |
| SHA512 | 15ee56792bd900f49bd42971cad2e205ce032b8d3db953938e2af8e59e2630f3fcd1b6de131f8a16ff77f80ae0a037fa08ebdacbd630824beb73024aaf6f0e23 |
C:\Windows\SysWOW64\Hcifgjgc.exe
| MD5 | b0584a79b77c9f9a772a8a1a34580361 |
| SHA1 | 43873a241c3344b83aa6c45c5e34b7f94cec56ba |
| SHA256 | 37eea30451b517b34d3896fcb8064cc6360b83fbb2bde3cfe69d290513f9f6f2 |
| SHA512 | 047e607d644efd9d64e11b704fa186ab4389f8496d421171cbf350e4673291c1912f180eb88cbca382a46e2edc68f877dd4056d8dac57a53c2f6a8daded15e1a |
C:\Windows\SysWOW64\Hkpnhgge.exe
| MD5 | a038b74f8dd6aef4d09c891344d825da |
| SHA1 | 31b84aac19d70a3e3a24c3d2451d9654f5d627a8 |
| SHA256 | b6b1b9c08e0d82470a01c21a07e72664637863e5b17ff51a749105bc12544466 |
| SHA512 | bf6f553fbd1e08a270deea0df8c676a7ad4527a44f1097a9b01a0f7cd09bdeca15dc81cffca8fe318c59e1bc63951facafc554eaa55078d996fd5a69c25dda6a |
C:\Windows\SysWOW64\Hpmgqnfl.exe
| MD5 | b3a10302450d659b6a5ce3cd59c8c189 |
| SHA1 | 658954a6dd9f067c17a97d4bad64eccccbf95c53 |
| SHA256 | cea1b477884d9ca470f2906832fe586977c2983bcc2127071944840bc8a1e0c3 |
| SHA512 | be6995a854f9282eb02dce452b2216905231059ac884a6c7fe35248b563809964598895de7bc2e17ab8b39c495ec39999c013af0fcb31596fd1d442500f25a96 |
C:\Windows\SysWOW64\Hggomh32.exe
| MD5 | 1aec8ad9a1d26e3967794faaef15ae00 |
| SHA1 | f77db786756d77c268d83ce0aa9da11330d64864 |
| SHA256 | e670bca0afb53320a6d7bfa30b986cb231ae224168b6f9e06c22815033bd0ab2 |
| SHA512 | 129148c976d148bc6f2f31f4b2f7abbeafe15fbd3291c90f46c58878750a8cf16bcfbc5b323554066d4d013470dde54f71d721921a3ff090bd0b2326199f3d37 |
C:\Windows\SysWOW64\Hlcgeo32.exe
| MD5 | 91e31541341ced330291ce86e014214f |
| SHA1 | 4be3617c9d6db0494913acfce0ad1e6827b92a5b |
| SHA256 | e483d39def26e84d50717d412635b815135ef609ea87635f166c31115f5887a1 |
| SHA512 | d649055bf79eb83b814b4be397d69f7b2a66aec21e6ed1f86bb1ced2fd7e595d400d9132fec48c203f910d787526b6ff3a3f1a7a7df0adf416142671f271684a |
C:\Windows\SysWOW64\Hcnpbi32.exe
| MD5 | fb70b3ef86acea4ff1238f2762e60d81 |
| SHA1 | 587fc73451e7022fe92e9bb1e777456a7a723d0c |
| SHA256 | cc8ffaf509db80a2efa8fc16e42d32e01ea38d513752e692d090af0f0ea33a47 |
| SHA512 | b3a3a0d4efb43ac726e1d0e1696ad997256be7e76d1a9795d230346a2ea2f9f177385820f1c0136cba86e65bf0fdeb85a3c38279ee60d592c9d1ff10f3414d43 |
C:\Windows\SysWOW64\Hgilchkf.exe
| MD5 | e46b4285d401203faed36c842a38c1d1 |
| SHA1 | 0490aed3026c3d487869f6760090cb094e5d0c28 |
| SHA256 | c668ebdde25160a71ce919931e3c79572788fbf3986e5c1b081fae55d560f752 |
| SHA512 | b1c80cd3178525b4a0a2bbc620c6ac6f291d91b50b51f302e5c6b3dd94d285962edd5e68f65480faf40fe290a9e6a8c707f3002a5ac06413900ed119104e92cb |
C:\Windows\SysWOW64\Hhjhkq32.exe
| MD5 | 0554163e4c107372c79685fcec1841c1 |
| SHA1 | 7e1a2bed5870a1f09c0e96b004cc553863cd1c01 |
| SHA256 | 09bba14450727577a9f19e75f1044c0a92dae04c8170fcbc25374badbb7bca8e |
| SHA512 | 6147454819645393a900b379045e5274719101c02a1c701eae2a1b14792b31628177f92327732daa5065818d19d2bf24b43c9c732fd1764dccfe1a48607109de |
C:\Windows\SysWOW64\Hpapln32.exe
| MD5 | 285a64b12f3209e6bb101017e14deec6 |
| SHA1 | ef6d8e83e77a9e6d31ded9d00e6e74f4eda9ae1e |
| SHA256 | 57934a12983f9770b3d5f4d9f2d4208b2aa2eb9a3299c4abd7435889eeb10258 |
| SHA512 | 5d2fb5cf4e175621d27d7fc9bac157d5adbaf8a3c9a3ef48d0ee1d864bfef97d49e7aa1f0399f781e1bf1bd9c29e12fa20ef2ef544972a3596fa820b89fd26ef |
C:\Windows\SysWOW64\Hcplhi32.exe
| MD5 | 583ec3ec3d559da6f5eb10d5e8714b68 |
| SHA1 | 0891a6df17953afb6a7ebcad2968482600cdab84 |
| SHA256 | aa14eb7aea3da02c0da5e29ef8a18b9bd5d94c9829d4998434dec70125ee0bf6 |
| SHA512 | a5c43d784dac9152b4628bb38128350716de3020b6b771060c1cdf7686793a5f9a9175b713a57b04cab7c5b08a66cf14b16a20a0d2b86636e4a2e69b9c8c73b4 |
C:\Windows\SysWOW64\Henidd32.exe
| MD5 | a29597909f02b963db7e868b250b8037 |
| SHA1 | 73ab4a3dc8da20efaa558ab5a11072f8346c9897 |
| SHA256 | c4c44aecf590d57a20fd766ad34627b05a29e86808e9665e0671aedb5d71d756 |
| SHA512 | ef0a40f00506c7ab09681bf87a6e04d1d9ddef6e0793662a2cae1d4bce8f04734f6f694929596d82fb25462554928d184f0866ff100861bf4497cce86a65dd26 |
C:\Windows\SysWOW64\Hlhaqogk.exe
| MD5 | 2fed88792535aecad6a3eb7206c1a294 |
| SHA1 | 523b2c33b597e0afe08f67cc8a4471e2b8688c34 |
| SHA256 | 3049a9c4b41f20376e806cabc69571dd21cfa515add7ed072132fb55093ff92f |
| SHA512 | 699c93814a2e532140e7611d704040e686ef9ce400292bfdf79666029fa0f6492aa2237661728f70d7a52c8fab21e8280242dd39204b0854cd7518e5d053c8a1 |
C:\Windows\SysWOW64\Iaeiieeb.exe
| MD5 | 729b0278b9148f16a8b4856d779a568c |
| SHA1 | 6b82252c2812d666468a2e40d07720d8b263441e |
| SHA256 | 82d361c5002c0e516cd40d9fa79b44b602875a879bc6ca74f80023a1275a50cc |
| SHA512 | 8f743630e1c9a9fb98c172342630fe5a648cd1e17a7dcce2c9a159c0bc5737aefb57b31ab1995aba852b1fc077797114080f8253552d0ec5242a0b67d4d2d484 |
C:\Windows\SysWOW64\Idceea32.exe
| MD5 | 4551ffa47411aafe1b8cb301295ef47f |
| SHA1 | aa799d9e97f710c00ef7fe2d9bac8e9bb4d9dcb4 |
| SHA256 | 28f6013d811a84d3466b93ed2468c007c9bd0d069264b6746d805e1669da7c53 |
| SHA512 | 9977c52eb2424ba732475c6d1335fe3bac7ddf6ed645222da13ee6d71f0912e402b95d0f073887fccf0d0d54a6283fba8cbe3324ace4b30f7492bd2928f2f269 |
C:\Windows\SysWOW64\Iknnbklc.exe
| MD5 | 12eff18e2dcbad5d320e3a96cd8a6055 |
| SHA1 | 16c4ce895b79e937c9a97844aeb8f4ddfae7ee78 |
| SHA256 | be3b8aa2a05ffd1c58b0097c1c7f94d9367a775f8b3081d61374fe477cf22db4 |
| SHA512 | a5cbb861e5ecfa3e2c8bce161ff1a40668098c622f2e6ade2746ca6322b897ccb46b3e977a79181fec73a598b30c0a39b44a3f2fbcf1ffc44e4d1871cef2e6fc |
C:\Windows\SysWOW64\Inljnfkg.exe
| MD5 | 1e6347c3973478ef3caf62b9af68b72d |
| SHA1 | ec62a99c443b796c22ba5641c13e3b16dbdadeea |
| SHA256 | 9d7a443c1b7dab18b795f928d21d6010d3feaf39c1ed91802dff706861a3c865 |
| SHA512 | 8607dd255cdf369dbda2d725fb67e1cdc937b414e569f23f132121a1afdfb936296148ac48abbe1e1d1af65c90f4c934496ce05466535e1c5a7c86bec0e46787 |
C:\Windows\SysWOW64\Iagfoe32.exe
| MD5 | 9d1bbcfc550d8c29ea391a9fc832da4a |
| SHA1 | b298aa646d6ff564451c3725528ca1a9a3512cf2 |
| SHA256 | 74dccf9d3e4909d321b73f846df68810f6012b34f2f0f18c7f9fdaf1d4fff66e |
| SHA512 | d7c27c9cb187afac1f22dccc15d3e224633711dec267e342c5ac267d48e0976b177bcd00870a89079b946ae96404292eb243e2d982820fadbb4394fef3101055 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-23 06:03
Reported
2024-05-23 06:06
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Adds autorun key to be loaded by Explorer.exe on startup
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Imdgqfbd.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Qnjnnj32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Cmiflbel.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Gokdeeec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Heapdjlp.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Pbbgnpgl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Dhpjkojk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Mciobn32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Odnnnnfe.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Dllfkn32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Fooeif32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Migjoaaf.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Lpnlpnih.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Qmkadgpo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Cjkjpgfi.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Ncnadk32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Llemdo32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Ceehho32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Jblpek32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Mlampmdo.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Mckemg32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Aadifclh.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Fcckif32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Gkkojgao.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Dhkjej32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Ahkobekf.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Dhnnep32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Ecandfpd.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Ibcmom32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Kibgmdcn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Qgcbgo32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Kbhoqj32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Meiaib32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Olfobjbg.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Pkhoae32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Abkjdnoa.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Olcbmj32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Dogogcpo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Dhmgki32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Aacckjaf.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Kdcbom32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Cfmajipb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Mgidml32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Ajkhdp32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Bdhfhe32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Ehedfo32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Jedeph32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Lekehdgp.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Aniajnnn.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Pnbbbabh.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Jfcbjk32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Jefbfgig.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Kfankifm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Mpablkhc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Pdfjifjo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Pbpjhp32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Mgddhf32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Ocegdjij.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Kmkfhc32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Bagflcje.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Bjghpn32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Hkdbpe32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79ECA078-17FF-726B-E811-213280E5C831}" | C:\Windows\SysWOW64\Pgemphmn.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | C:\Windows\SysWOW64\Aaepqjpd.exe | N/A |
Malware Dropper & Backdoor - Berbew
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\Chdkoa32.exe | C:\Windows\SysWOW64\Cefoce32.exe | N/A |
| File created | C:\Windows\SysWOW64\Dmamoe32.dll | C:\Windows\SysWOW64\Jefbfgig.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Mmpijp32.exe | C:\Windows\SysWOW64\Meiaib32.exe | N/A |
| File created | C:\Windows\SysWOW64\Npcoakfp.exe | C:\Windows\SysWOW64\Mnebeogl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Mjcgohig.exe | C:\Windows\SysWOW64\Mciobn32.exe | N/A |
| File created | C:\Windows\SysWOW64\Efpmmmoo.dll | C:\Windows\SysWOW64\Ckedalaj.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Dekhneap.exe | C:\Windows\SysWOW64\Dbllbibl.exe | N/A |
| File created | C:\Windows\SysWOW64\Iihkpg32.exe | C:\Windows\SysWOW64\Ifjodl32.exe | N/A |
| File created | C:\Windows\SysWOW64\Qjkmdp32.dll | C:\Windows\SysWOW64\Ndaggimg.exe | N/A |
| File created | C:\Windows\SysWOW64\Bdjinlko.dll | C:\Windows\SysWOW64\Pmoahijl.exe | N/A |
| File created | C:\Windows\SysWOW64\Ajanck32.exe | C:\Windows\SysWOW64\Qgcbgo32.exe | N/A |
| File created | C:\Windows\SysWOW64\Cmiflbel.exe | C:\Windows\SysWOW64\Cjkjpgfi.exe | N/A |
| File created | C:\Windows\SysWOW64\Ajfoiqll.exe | C:\Windows\SysWOW64\Abkjdnoa.exe | N/A |
| File created | C:\Windows\SysWOW64\Hcmgfbhd.exe | C:\Windows\SysWOW64\Hihbijhn.exe | N/A |
| File created | C:\Windows\SysWOW64\Fhccdhqf.dll | C:\Windows\SysWOW64\Kfankifm.exe | N/A |
| File created | C:\Windows\SysWOW64\Eohipl32.dll | C:\Windows\SysWOW64\Nnlhfn32.exe | N/A |
| File created | C:\Windows\SysWOW64\Gpaekf32.dll | C:\Windows\SysWOW64\Olkhmi32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Pnfdcjkg.exe | C:\Windows\SysWOW64\Pfolbmje.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Ajanck32.exe | C:\Windows\SysWOW64\Qgcbgo32.exe | N/A |
| File created | C:\Windows\SysWOW64\Dmllipeg.exe | C:\Windows\SysWOW64\Dhocqigp.exe | N/A |
| File created | C:\Windows\SysWOW64\Oijgnaaa.dll | C:\Windows\SysWOW64\Fdlnbm32.exe | N/A |
| File created | C:\Windows\SysWOW64\Pjcbnbmg.dll | C:\Windows\SysWOW64\Nckndeni.exe | N/A |
| File created | C:\Windows\SysWOW64\Hjfgfh32.dll | C:\Windows\SysWOW64\Qqijje32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Aadifclh.exe | C:\Windows\SysWOW64\Aeniabfd.exe | N/A |
| File created | C:\Windows\SysWOW64\Peljol32.exe | C:\Windows\SysWOW64\Pqpnombl.exe | N/A |
| File created | C:\Windows\SysWOW64\Hnicfelf.dll | C:\Windows\SysWOW64\Qecppkdm.exe | N/A |
| File created | C:\Windows\SysWOW64\Edihepnm.exe | C:\Windows\SysWOW64\Echknh32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Jifhaenk.exe | C:\Windows\SysWOW64\Jeklag32.exe | N/A |
| File created | C:\Windows\SysWOW64\Bapolp32.dll | C:\Windows\SysWOW64\Dohfbj32.exe | N/A |
| File created | C:\Windows\SysWOW64\Ekemhj32.exe | C:\Windows\SysWOW64\Edkdkplj.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Lmppcbjd.exe | C:\Windows\SysWOW64\Liddbc32.exe | N/A |
| File created | C:\Windows\SysWOW64\Njciko32.exe | C:\Windows\SysWOW64\Ncianepl.exe | N/A |
| File created | C:\Windows\SysWOW64\Qeobam32.dll | C:\Windows\SysWOW64\Qgcbgo32.exe | N/A |
| File created | C:\Windows\SysWOW64\Omocan32.dll | C:\Windows\SysWOW64\Chmndlge.exe | N/A |
| File created | C:\Windows\SysWOW64\Mciobn32.exe | C:\Users\Admin\AppData\Local\Temp\cf9d11295694eb3cb4b29c9211968ab0_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Nbhkac32.exe | C:\Windows\SysWOW64\Njacpf32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Clkndpag.exe | C:\Windows\SysWOW64\Cogmkl32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Dldpkoil.exe | C:\Windows\SysWOW64\Dhidjpqc.exe | N/A |
| File created | C:\Windows\SysWOW64\Kmdqgd32.exe | C:\Windows\SysWOW64\Kemhff32.exe | N/A |
| File created | C:\Windows\SysWOW64\Odegmceb.dll | C:\Windows\SysWOW64\Mnapdf32.exe | N/A |
| File created | C:\Windows\SysWOW64\Fkalchij.exe | C:\Windows\SysWOW64\Fhcpgmjf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Jmhale32.exe | C:\Windows\SysWOW64\Ibcmom32.exe | N/A |
| File created | C:\Windows\SysWOW64\Mmpijp32.exe | C:\Windows\SysWOW64\Meiaib32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Pfhfan32.exe | C:\Windows\SysWOW64\Pdfjifjo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Aeniabfd.exe | C:\Windows\SysWOW64\Aeklkchg.exe | N/A |
| File created | C:\Windows\SysWOW64\Lcfcfldc.dll | C:\Windows\SysWOW64\Qnnanphk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Hckjacjg.exe | C:\Windows\SysWOW64\Hkdbpe32.exe | N/A |
| File created | C:\Windows\SysWOW64\Lphoelqn.exe | C:\Windows\SysWOW64\Lgokmgjm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Nepgjaeg.exe | C:\Windows\SysWOW64\Ngmgne32.exe | N/A |
| File created | C:\Windows\SysWOW64\Jdeflhhf.dll | C:\Windows\SysWOW64\Nfjjppmm.exe | N/A |
| File created | C:\Windows\SysWOW64\Beeflhdh.exe | C:\Windows\SysWOW64\Bbgipldd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Pgjfkg32.exe | C:\Windows\SysWOW64\Peljol32.exe | N/A |
| File created | C:\Windows\SysWOW64\Cleqadmh.dll | C:\Windows\SysWOW64\Aacckjaf.exe | N/A |
| File created | C:\Windows\SysWOW64\Echknh32.exe | C:\Windows\SysWOW64\Dhbgqohi.exe | N/A |
| File created | C:\Windows\SysWOW64\Jmnoof32.dll | C:\Windows\SysWOW64\Gcimkc32.exe | N/A |
| File created | C:\Windows\SysWOW64\Khchklef.dll | C:\Windows\SysWOW64\Jcioiood.exe | N/A |
| File created | C:\Windows\SysWOW64\Llemdo32.exe | C:\Windows\SysWOW64\Ligqhc32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Ekjfcipa.exe | C:\Windows\SysWOW64\Edpnfo32.exe | N/A |
| File created | C:\Windows\SysWOW64\Ffhoqj32.dll | C:\Windows\SysWOW64\Kimnbd32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Qgcbgo32.exe | C:\Windows\SysWOW64\Qddfkd32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Cnkplejl.exe | C:\Windows\SysWOW64\Cjpckf32.exe | N/A |
| File created | C:\Windows\SysWOW64\Ckedalaj.exe | C:\Windows\SysWOW64\Chghdqbf.exe | N/A |
| File created | C:\Windows\SysWOW64\Dohfbj32.exe | C:\Windows\SysWOW64\Dkljak32.exe | N/A |
| File created | C:\Windows\SysWOW64\Bnmqkjel.dll | C:\Windows\SysWOW64\Fcckif32.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\Dmllipeg.exe |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Bbgipldd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Bdhfhe32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Ckpjfm32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Akalojih.dll" | C:\Windows\SysWOW64\Cbgbgj32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Ehedfo32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Hiefcj32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Hcbpab32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Pjmlbbdg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Njnpppkn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Ncianepl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qgppolie.dll" | C:\Windows\SysWOW64\Ofeilobp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Pqbdjfln.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Flpafo32.dll" | C:\Windows\SysWOW64\Kbaipkbi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Hbgmcnhf.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Pkfblfab.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ceipnc32.dll" | C:\Windows\SysWOW64\Qnkdhpjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Bhkhibmc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Fhemmlhc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Jcioiood.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hipnbb32.dll" | C:\Windows\SysWOW64\Njfmke32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Peljol32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Qnnanphk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Lgmlbfod.dll" | C:\Windows\SysWOW64\Fomhdg32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Gdcdbl32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Jcllonma.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Mdhdajea.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Mdjagjco.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Aafdghob.dll" | C:\Windows\SysWOW64\Pclneicb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mkijij32.dll" | C:\Windows\SysWOW64\Cmgjgcgo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Cfmajipb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Kpbmco32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Mlopkm32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hddeok32.dll" | C:\Windows\SysWOW64\Ndfqbhia.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Qfbgbeai.dll" | C:\Windows\SysWOW64\Ocdqjceo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Cmlcbbcj.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Ffimfqgm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Ckpjfm32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bgdpie32.dll" | C:\Windows\SysWOW64\Beeflhdh.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dhoholen.dll" | C:\Windows\SysWOW64\Ehimanbq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bnmqkjel.dll" | C:\Windows\SysWOW64\Fcckif32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Jioaqfcc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gebgohck.dll" | C:\Windows\SysWOW64\Liddbc32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Eamhodmf.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jnmljl32.dll" | C:\Windows\SysWOW64\Alhhhcal.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Bnlnon32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Demecd32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Cajolcjk.dll" | C:\Windows\SysWOW64\Ecandfpd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Glhonj32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mpnaemnl.dll" | C:\Windows\SysWOW64\Hoiafcic.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Knkkfojb.dll" | C:\Windows\SysWOW64\Npcoakfp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jbllbm32.dll" | C:\Windows\SysWOW64\Pbmncp32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\Pnfdcjkg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Fhcpgmjf.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Iihqganf.dll" | C:\Windows\SysWOW64\Lenamdem.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gdeahgnm.dll" | C:\Windows\SysWOW64\Amddjegd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Qloebdig.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ipkobd32.dll" | C:\Windows\SysWOW64\Njacpf32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hekcnknf.dll" | C:\Windows\SysWOW64\Pjmlbbdg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Cojlbcgp.dll" | C:\Windows\SysWOW64\Lpnlpnih.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Olfobjbg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\ = "C:\\Windows\\SysWow64\\Cogflbdn.dll" | C:\Windows\SysWOW64\Dopigd32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Dhmgki32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Nqiogp32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32 | C:\Windows\SysWOW64\Ekemhj32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\cf9d11295694eb3cb4b29c9211968ab0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cf9d11295694eb3cb4b29c9211968ab0_NeikiAnalytics.exe"
C:\Windows\SysWOW64\Mciobn32.exe
C:\Windows\system32\Mciobn32.exe
C:\Windows\SysWOW64\Mjcgohig.exe
C:\Windows\system32\Mjcgohig.exe
C:\Windows\SysWOW64\Mnapdf32.exe
C:\Windows\system32\Mnapdf32.exe
C:\Windows\SysWOW64\Mpolqa32.exe
C:\Windows\system32\Mpolqa32.exe
C:\Windows\SysWOW64\Mgidml32.exe
C:\Windows\system32\Mgidml32.exe
C:\Windows\SysWOW64\Maaepd32.exe
C:\Windows\system32\Maaepd32.exe
C:\Windows\SysWOW64\Mcbahlip.exe
C:\Windows\system32\Mcbahlip.exe
C:\Windows\SysWOW64\Ndbnboqb.exe
C:\Windows\system32\Ndbnboqb.exe
C:\Windows\SysWOW64\Nqiogp32.exe
C:\Windows\system32\Nqiogp32.exe
C:\Windows\SysWOW64\Njacpf32.exe
C:\Windows\system32\Njacpf32.exe
C:\Windows\SysWOW64\Nbhkac32.exe
C:\Windows\system32\Nbhkac32.exe
C:\Windows\SysWOW64\Ngedij32.exe
C:\Windows\system32\Ngedij32.exe
C:\Windows\SysWOW64\Njfmke32.exe
C:\Windows\system32\Njfmke32.exe
C:\Windows\SysWOW64\Ncnadk32.exe
C:\Windows\system32\Ncnadk32.exe
C:\Windows\SysWOW64\Odnnnnfe.exe
C:\Windows\system32\Odnnnnfe.exe
C:\Windows\SysWOW64\Onfbfc32.exe
C:\Windows\system32\Onfbfc32.exe
C:\Windows\SysWOW64\Oqgkhnjf.exe
C:\Windows\system32\Oqgkhnjf.exe
C:\Windows\SysWOW64\Ocegdjij.exe
C:\Windows\system32\Ocegdjij.exe
C:\Windows\SysWOW64\Ojopad32.exe
C:\Windows\system32\Ojopad32.exe
C:\Windows\SysWOW64\Oqihnn32.exe
C:\Windows\system32\Oqihnn32.exe
C:\Windows\SysWOW64\Okolkg32.exe
C:\Windows\system32\Okolkg32.exe
C:\Windows\SysWOW64\Onmhgb32.exe
C:\Windows\system32\Onmhgb32.exe
C:\Windows\SysWOW64\Oqkdcn32.exe
C:\Windows\system32\Oqkdcn32.exe
C:\Windows\SysWOW64\Pcjapi32.exe
C:\Windows\system32\Pcjapi32.exe
C:\Windows\SysWOW64\Pgemphmn.exe
C:\Windows\system32\Pgemphmn.exe
C:\Windows\SysWOW64\Pjdilcla.exe
C:\Windows\system32\Pjdilcla.exe
C:\Windows\SysWOW64\Pnpemb32.exe
C:\Windows\system32\Pnpemb32.exe
C:\Windows\SysWOW64\Pqnaim32.exe
C:\Windows\system32\Pqnaim32.exe
C:\Windows\SysWOW64\Peimil32.exe
C:\Windows\system32\Peimil32.exe
C:\Windows\SysWOW64\Pclneicb.exe
C:\Windows\system32\Pclneicb.exe
C:\Windows\SysWOW64\Pghieg32.exe
C:\Windows\system32\Pghieg32.exe
C:\Windows\SysWOW64\Pkceffcd.exe
C:\Windows\system32\Pkceffcd.exe
C:\Windows\SysWOW64\Pnbbbabh.exe
C:\Windows\system32\Pnbbbabh.exe
C:\Windows\SysWOW64\Pbmncp32.exe
C:\Windows\system32\Pbmncp32.exe
C:\Windows\SysWOW64\Pqpnombl.exe
C:\Windows\system32\Pqpnombl.exe
C:\Windows\SysWOW64\Peljol32.exe
C:\Windows\system32\Peljol32.exe
C:\Windows\SysWOW64\Pgjfkg32.exe
C:\Windows\system32\Pgjfkg32.exe
C:\Windows\SysWOW64\Pkfblfab.exe
C:\Windows\system32\Pkfblfab.exe
C:\Windows\SysWOW64\Pjhbgb32.exe
C:\Windows\system32\Pjhbgb32.exe
C:\Windows\SysWOW64\Pbpjhp32.exe
C:\Windows\system32\Pbpjhp32.exe
C:\Windows\SysWOW64\Pabkdmpi.exe
C:\Windows\system32\Pabkdmpi.exe
C:\Windows\SysWOW64\Pengdk32.exe
C:\Windows\system32\Pengdk32.exe
C:\Windows\SysWOW64\Pgmcqggf.exe
C:\Windows\system32\Pgmcqggf.exe
C:\Windows\SysWOW64\Pkhoae32.exe
C:\Windows\system32\Pkhoae32.exe
C:\Windows\SysWOW64\Pjkombfj.exe
C:\Windows\system32\Pjkombfj.exe
C:\Windows\SysWOW64\Pnfkma32.exe
C:\Windows\system32\Pnfkma32.exe
C:\Windows\SysWOW64\Pbbgnpgl.exe
C:\Windows\system32\Pbbgnpgl.exe
C:\Windows\SysWOW64\Peqcjkfp.exe
C:\Windows\system32\Peqcjkfp.exe
C:\Windows\SysWOW64\Pcccfh32.exe
C:\Windows\system32\Pcccfh32.exe
C:\Windows\SysWOW64\Pgopffec.exe
C:\Windows\system32\Pgopffec.exe
C:\Windows\SysWOW64\Pjmlbbdg.exe
C:\Windows\system32\Pjmlbbdg.exe
C:\Windows\SysWOW64\Pnihcq32.exe
C:\Windows\system32\Pnihcq32.exe
C:\Windows\SysWOW64\Pbddcoei.exe
C:\Windows\system32\Pbddcoei.exe
C:\Windows\SysWOW64\Qecppkdm.exe
C:\Windows\system32\Qecppkdm.exe
C:\Windows\SysWOW64\Qcepkg32.exe
C:\Windows\system32\Qcepkg32.exe
C:\Windows\SysWOW64\Qgallfcq.exe
C:\Windows\system32\Qgallfcq.exe
C:\Windows\SysWOW64\Qkmhlekj.exe
C:\Windows\system32\Qkmhlekj.exe
C:\Windows\SysWOW64\Qnkdhpjn.exe
C:\Windows\system32\Qnkdhpjn.exe
C:\Windows\SysWOW64\Qbgqio32.exe
C:\Windows\system32\Qbgqio32.exe
C:\Windows\SysWOW64\Qeemej32.exe
C:\Windows\system32\Qeemej32.exe
C:\Windows\SysWOW64\Qchmagie.exe
C:\Windows\system32\Qchmagie.exe
C:\Windows\SysWOW64\Qloebdig.exe
C:\Windows\system32\Qloebdig.exe
C:\Windows\SysWOW64\Qnnanphk.exe
C:\Windows\system32\Qnnanphk.exe
C:\Windows\SysWOW64\Abkjdnoa.exe
C:\Windows\system32\Abkjdnoa.exe
C:\Windows\SysWOW64\Ajfoiqll.exe
C:\Windows\system32\Ajfoiqll.exe
C:\Windows\SysWOW64\Anbkio32.exe
C:\Windows\system32\Anbkio32.exe
C:\Windows\SysWOW64\Aaqgek32.exe
C:\Windows\system32\Aaqgek32.exe
C:\Windows\SysWOW64\Aelcfilb.exe
C:\Windows\system32\Aelcfilb.exe
C:\Windows\SysWOW64\Acocaf32.exe
C:\Windows\system32\Acocaf32.exe
C:\Windows\SysWOW64\Ahkobekf.exe
C:\Windows\system32\Ahkobekf.exe
C:\Windows\SysWOW64\Ajiknpjj.exe
C:\Windows\system32\Ajiknpjj.exe
C:\Windows\SysWOW64\Andgoobc.exe
C:\Windows\system32\Andgoobc.exe
C:\Windows\SysWOW64\Aacckjaf.exe
C:\Windows\system32\Aacckjaf.exe
C:\Windows\SysWOW64\Aeopki32.exe
C:\Windows\system32\Aeopki32.exe
C:\Windows\SysWOW64\Adapgfqj.exe
C:\Windows\system32\Adapgfqj.exe
C:\Windows\SysWOW64\Alhhhcal.exe
C:\Windows\system32\Alhhhcal.exe
C:\Windows\SysWOW64\Ajkhdp32.exe
C:\Windows\system32\Ajkhdp32.exe
C:\Windows\SysWOW64\Abbpem32.exe
C:\Windows\system32\Abbpem32.exe
C:\Windows\SysWOW64\Aaepqjpd.exe
C:\Windows\system32\Aaepqjpd.exe
C:\Windows\SysWOW64\Adcmmeog.exe
C:\Windows\system32\Adcmmeog.exe
C:\Windows\SysWOW64\Ahoimd32.exe
C:\Windows\system32\Ahoimd32.exe
C:\Windows\SysWOW64\Ajneip32.exe
C:\Windows\system32\Ajneip32.exe
C:\Windows\SysWOW64\Aniajnnn.exe
C:\Windows\system32\Aniajnnn.exe
C:\Windows\SysWOW64\Abemjmgg.exe
C:\Windows\system32\Abemjmgg.exe
C:\Windows\SysWOW64\Becifhfj.exe
C:\Windows\system32\Becifhfj.exe
C:\Windows\SysWOW64\Bhaebcen.exe
C:\Windows\system32\Bhaebcen.exe
C:\Windows\SysWOW64\Blmacb32.exe
C:\Windows\system32\Blmacb32.exe
C:\Windows\SysWOW64\Bnlnon32.exe
C:\Windows\system32\Bnlnon32.exe
C:\Windows\SysWOW64\Bbgipldd.exe
C:\Windows\system32\Bbgipldd.exe
C:\Windows\SysWOW64\Beeflhdh.exe
C:\Windows\system32\Beeflhdh.exe
C:\Windows\SysWOW64\Bdhfhe32.exe
C:\Windows\system32\Bdhfhe32.exe
C:\Windows\SysWOW64\Bhdbhcck.exe
C:\Windows\system32\Bhdbhcck.exe
C:\Windows\SysWOW64\Bjbndobo.exe
C:\Windows\system32\Bjbndobo.exe
C:\Windows\SysWOW64\Bnnjen32.exe
C:\Windows\system32\Bnnjen32.exe
C:\Windows\SysWOW64\Balfaiil.exe
C:\Windows\system32\Balfaiil.exe
C:\Windows\SysWOW64\Bjghpn32.exe
C:\Windows\system32\Bjghpn32.exe
C:\Windows\SysWOW64\Bobcpmfc.exe
C:\Windows\system32\Bobcpmfc.exe
C:\Windows\SysWOW64\Bemlmgnp.exe
C:\Windows\system32\Bemlmgnp.exe
C:\Windows\SysWOW64\Bhkhibmc.exe
C:\Windows\system32\Bhkhibmc.exe
C:\Windows\SysWOW64\Bkidenlg.exe
C:\Windows\system32\Bkidenlg.exe
C:\Windows\SysWOW64\Cbqlfkmi.exe
C:\Windows\system32\Cbqlfkmi.exe
C:\Windows\SysWOW64\Cdainc32.exe
C:\Windows\system32\Cdainc32.exe
C:\Windows\SysWOW64\Cliaoq32.exe
C:\Windows\system32\Cliaoq32.exe
C:\Windows\SysWOW64\Cogmkl32.exe
C:\Windows\system32\Cogmkl32.exe
C:\Windows\SysWOW64\Clkndpag.exe
C:\Windows\system32\Clkndpag.exe
C:\Windows\SysWOW64\Cojjqlpk.exe
C:\Windows\system32\Cojjqlpk.exe
C:\Windows\SysWOW64\Cahfmgoo.exe
C:\Windows\system32\Cahfmgoo.exe
C:\Windows\SysWOW64\Chbnia32.exe
C:\Windows\system32\Chbnia32.exe
C:\Windows\SysWOW64\Ckpjfm32.exe
C:\Windows\system32\Ckpjfm32.exe
C:\Windows\SysWOW64\Cbgbgj32.exe
C:\Windows\system32\Cbgbgj32.exe
C:\Windows\SysWOW64\Cefoce32.exe
C:\Windows\system32\Cefoce32.exe
C:\Windows\SysWOW64\Chdkoa32.exe
C:\Windows\system32\Chdkoa32.exe
C:\Windows\SysWOW64\Clpgpp32.exe
C:\Windows\system32\Clpgpp32.exe
C:\Windows\SysWOW64\Conclk32.exe
C:\Windows\system32\Conclk32.exe
C:\Windows\SysWOW64\Cbjoljdo.exe
C:\Windows\system32\Cbjoljdo.exe
C:\Windows\SysWOW64\Cehkhecb.exe
C:\Windows\system32\Cehkhecb.exe
C:\Windows\SysWOW64\Chghdqbf.exe
C:\Windows\system32\Chghdqbf.exe
C:\Windows\SysWOW64\Ckedalaj.exe
C:\Windows\system32\Ckedalaj.exe
C:\Windows\SysWOW64\Dbllbibl.exe
C:\Windows\system32\Dbllbibl.exe
C:\Windows\SysWOW64\Dekhneap.exe
C:\Windows\system32\Dekhneap.exe
C:\Windows\SysWOW64\Dhidjpqc.exe
C:\Windows\system32\Dhidjpqc.exe
C:\Windows\SysWOW64\Dldpkoil.exe
C:\Windows\system32\Dldpkoil.exe
C:\Windows\SysWOW64\Docmgjhp.exe
C:\Windows\system32\Docmgjhp.exe
C:\Windows\SysWOW64\Daaicfgd.exe
C:\Windows\system32\Daaicfgd.exe
C:\Windows\SysWOW64\Demecd32.exe
C:\Windows\system32\Demecd32.exe
C:\Windows\SysWOW64\Dhkapp32.exe
C:\Windows\system32\Dhkapp32.exe
C:\Windows\SysWOW64\Dkjmlk32.exe
C:\Windows\system32\Dkjmlk32.exe
C:\Windows\SysWOW64\Dbaemi32.exe
C:\Windows\system32\Dbaemi32.exe
C:\Windows\SysWOW64\Deoaid32.exe
C:\Windows\system32\Deoaid32.exe
C:\Windows\SysWOW64\Dhnnep32.exe
C:\Windows\system32\Dhnnep32.exe
C:\Windows\SysWOW64\Dkljak32.exe
C:\Windows\system32\Dkljak32.exe
C:\Windows\SysWOW64\Dohfbj32.exe
C:\Windows\system32\Dohfbj32.exe
C:\Windows\SysWOW64\Dhpjkojk.exe
C:\Windows\system32\Dhpjkojk.exe
C:\Windows\SysWOW64\Dllfkn32.exe
C:\Windows\system32\Dllfkn32.exe
C:\Windows\SysWOW64\Dceohhja.exe
C:\Windows\system32\Dceohhja.exe
C:\Windows\SysWOW64\Dedkdcie.exe
C:\Windows\system32\Dedkdcie.exe
C:\Windows\SysWOW64\Dhbgqohi.exe
C:\Windows\system32\Dhbgqohi.exe
C:\Windows\SysWOW64\Echknh32.exe
C:\Windows\system32\Echknh32.exe
C:\Windows\SysWOW64\Edihepnm.exe
C:\Windows\system32\Edihepnm.exe
C:\Windows\SysWOW64\Ehedfo32.exe
C:\Windows\system32\Ehedfo32.exe
C:\Windows\SysWOW64\Eamhodmf.exe
C:\Windows\system32\Eamhodmf.exe
C:\Windows\SysWOW64\Edkdkplj.exe
C:\Windows\system32\Edkdkplj.exe
C:\Windows\SysWOW64\Ekemhj32.exe
C:\Windows\system32\Ekemhj32.exe
C:\Windows\SysWOW64\Ecmeig32.exe
C:\Windows\system32\Ecmeig32.exe
C:\Windows\SysWOW64\Ednaqo32.exe
C:\Windows\system32\Ednaqo32.exe
C:\Windows\SysWOW64\Ehimanbq.exe
C:\Windows\system32\Ehimanbq.exe
C:\Windows\SysWOW64\Ekhjmiad.exe
C:\Windows\system32\Ekhjmiad.exe
C:\Windows\SysWOW64\Eocenh32.exe
C:\Windows\system32\Eocenh32.exe
C:\Windows\SysWOW64\Eabbjc32.exe
C:\Windows\system32\Eabbjc32.exe
C:\Windows\SysWOW64\Edpnfo32.exe
C:\Windows\system32\Edpnfo32.exe
C:\Windows\SysWOW64\Ekjfcipa.exe
C:\Windows\system32\Ekjfcipa.exe
C:\Windows\SysWOW64\Ecandfpd.exe
C:\Windows\system32\Ecandfpd.exe
C:\Windows\SysWOW64\Eepjpb32.exe
C:\Windows\system32\Eepjpb32.exe
C:\Windows\SysWOW64\Ehnglm32.exe
C:\Windows\system32\Ehnglm32.exe
C:\Windows\SysWOW64\Fkmchi32.exe
C:\Windows\system32\Fkmchi32.exe
C:\Windows\SysWOW64\Fcckif32.exe
C:\Windows\system32\Fcckif32.exe
C:\Windows\SysWOW64\Febgea32.exe
C:\Windows\system32\Febgea32.exe
C:\Windows\SysWOW64\Fdegandp.exe
C:\Windows\system32\Fdegandp.exe
C:\Windows\SysWOW64\Fkopnh32.exe
C:\Windows\system32\Fkopnh32.exe
C:\Windows\SysWOW64\Fcfhof32.exe
C:\Windows\system32\Fcfhof32.exe
C:\Windows\SysWOW64\Ffddka32.exe
C:\Windows\system32\Ffddka32.exe
C:\Windows\SysWOW64\Fhcpgmjf.exe
C:\Windows\system32\Fhcpgmjf.exe
C:\Windows\SysWOW64\Fkalchij.exe
C:\Windows\system32\Fkalchij.exe
C:\Windows\SysWOW64\Fomhdg32.exe
C:\Windows\system32\Fomhdg32.exe
C:\Windows\SysWOW64\Fakdpb32.exe
C:\Windows\system32\Fakdpb32.exe
C:\Windows\SysWOW64\Ffgqqaip.exe
C:\Windows\system32\Ffgqqaip.exe
C:\Windows\SysWOW64\Fhemmlhc.exe
C:\Windows\system32\Fhemmlhc.exe
C:\Windows\SysWOW64\Fkciihgg.exe
C:\Windows\system32\Fkciihgg.exe
C:\Windows\SysWOW64\Fooeif32.exe
C:\Windows\system32\Fooeif32.exe
C:\Windows\SysWOW64\Ffimfqgm.exe
C:\Windows\system32\Ffimfqgm.exe
C:\Windows\SysWOW64\Fdlnbm32.exe
C:\Windows\system32\Fdlnbm32.exe
C:\Windows\SysWOW64\Fhgjblfq.exe
C:\Windows\system32\Fhgjblfq.exe
C:\Windows\SysWOW64\Flceckoj.exe
C:\Windows\system32\Flceckoj.exe
C:\Windows\SysWOW64\Fkffog32.exe
C:\Windows\system32\Fkffog32.exe
C:\Windows\SysWOW64\Fcmnpe32.exe
C:\Windows\system32\Fcmnpe32.exe
C:\Windows\SysWOW64\Ffkjlp32.exe
C:\Windows\system32\Ffkjlp32.exe
C:\Windows\SysWOW64\Fdnjgmle.exe
C:\Windows\system32\Fdnjgmle.exe
C:\Windows\SysWOW64\Glebhjlg.exe
C:\Windows\system32\Glebhjlg.exe
C:\Windows\SysWOW64\Gkhbdg32.exe
C:\Windows\system32\Gkhbdg32.exe
C:\Windows\SysWOW64\Gcojed32.exe
C:\Windows\system32\Gcojed32.exe
C:\Windows\SysWOW64\Gbbkaako.exe
C:\Windows\system32\Gbbkaako.exe
C:\Windows\SysWOW64\Gdqgmmjb.exe
C:\Windows\system32\Gdqgmmjb.exe
C:\Windows\SysWOW64\Glhonj32.exe
C:\Windows\system32\Glhonj32.exe
C:\Windows\SysWOW64\Gkkojgao.exe
C:\Windows\system32\Gkkojgao.exe
C:\Windows\SysWOW64\Gcagkdba.exe
C:\Windows\system32\Gcagkdba.exe
C:\Windows\SysWOW64\Gbdgfa32.exe
C:\Windows\system32\Gbdgfa32.exe
C:\Windows\SysWOW64\Gdcdbl32.exe
C:\Windows\system32\Gdcdbl32.exe
C:\Windows\SysWOW64\Ghopckpi.exe
C:\Windows\system32\Ghopckpi.exe
C:\Windows\SysWOW64\Gkmlofol.exe
C:\Windows\system32\Gkmlofol.exe
C:\Windows\SysWOW64\Gcddpdpo.exe
C:\Windows\system32\Gcddpdpo.exe
C:\Windows\SysWOW64\Gbgdlq32.exe
C:\Windows\system32\Gbgdlq32.exe
C:\Windows\SysWOW64\Gdeqhl32.exe
C:\Windows\system32\Gdeqhl32.exe
C:\Windows\SysWOW64\Gkoiefmj.exe
C:\Windows\system32\Gkoiefmj.exe
C:\Windows\SysWOW64\Gokdeeec.exe
C:\Windows\system32\Gokdeeec.exe
C:\Windows\SysWOW64\Gbiaapdf.exe
C:\Windows\system32\Gbiaapdf.exe
C:\Windows\SysWOW64\Gicinj32.exe
C:\Windows\system32\Gicinj32.exe
C:\Windows\SysWOW64\Gkaejf32.exe
C:\Windows\system32\Gkaejf32.exe
C:\Windows\SysWOW64\Gcimkc32.exe
C:\Windows\system32\Gcimkc32.exe
C:\Windows\SysWOW64\Gblngpbd.exe
C:\Windows\system32\Gblngpbd.exe
C:\Windows\SysWOW64\Hiefcj32.exe
C:\Windows\system32\Hiefcj32.exe
C:\Windows\SysWOW64\Hkdbpe32.exe
C:\Windows\system32\Hkdbpe32.exe
C:\Windows\SysWOW64\Hckjacjg.exe
C:\Windows\system32\Hckjacjg.exe
C:\Windows\SysWOW64\Hfifmnij.exe
C:\Windows\system32\Hfifmnij.exe
C:\Windows\SysWOW64\Hihbijhn.exe
C:\Windows\system32\Hihbijhn.exe
C:\Windows\SysWOW64\Hcmgfbhd.exe
C:\Windows\system32\Hcmgfbhd.exe
C:\Windows\SysWOW64\Hflcbngh.exe
C:\Windows\system32\Hflcbngh.exe
C:\Windows\SysWOW64\Hijooifk.exe
C:\Windows\system32\Hijooifk.exe
C:\Windows\SysWOW64\Hodgkc32.exe
C:\Windows\system32\Hodgkc32.exe
C:\Windows\SysWOW64\Hbbdholl.exe
C:\Windows\system32\Hbbdholl.exe
C:\Windows\SysWOW64\Heapdjlp.exe
C:\Windows\system32\Heapdjlp.exe
C:\Windows\SysWOW64\Hcbpab32.exe
C:\Windows\system32\Hcbpab32.exe
C:\Windows\SysWOW64\Hioiji32.exe
C:\Windows\system32\Hioiji32.exe
C:\Windows\SysWOW64\Hoiafcic.exe
C:\Windows\system32\Hoiafcic.exe
C:\Windows\SysWOW64\Hbgmcnhf.exe
C:\Windows\system32\Hbgmcnhf.exe
C:\Windows\SysWOW64\Iefioj32.exe
C:\Windows\system32\Iefioj32.exe
C:\Windows\SysWOW64\Iehfdi32.exe
C:\Windows\system32\Iehfdi32.exe
C:\Windows\SysWOW64\Icifbang.exe
C:\Windows\system32\Icifbang.exe
C:\Windows\SysWOW64\Ifgbnlmj.exe
C:\Windows\system32\Ifgbnlmj.exe
C:\Windows\SysWOW64\Imakkfdg.exe
C:\Windows\system32\Imakkfdg.exe
C:\Windows\SysWOW64\Ildkgc32.exe
C:\Windows\system32\Ildkgc32.exe
C:\Windows\SysWOW64\Ickchq32.exe
C:\Windows\system32\Ickchq32.exe
C:\Windows\SysWOW64\Ifjodl32.exe
C:\Windows\system32\Ifjodl32.exe
C:\Windows\SysWOW64\Iihkpg32.exe
C:\Windows\system32\Iihkpg32.exe
C:\Windows\SysWOW64\Imdgqfbd.exe
C:\Windows\system32\Imdgqfbd.exe
C:\Windows\SysWOW64\Icnpmp32.exe
C:\Windows\system32\Icnpmp32.exe
C:\Windows\SysWOW64\Ifllil32.exe
C:\Windows\system32\Ifllil32.exe
C:\Windows\SysWOW64\Iikhfg32.exe
C:\Windows\system32\Iikhfg32.exe
C:\Windows\SysWOW64\Ipdqba32.exe
C:\Windows\system32\Ipdqba32.exe
C:\Windows\SysWOW64\Ibcmom32.exe
C:\Windows\system32\Ibcmom32.exe
C:\Windows\SysWOW64\Jmhale32.exe
C:\Windows\system32\Jmhale32.exe
C:\Windows\SysWOW64\Jpgmha32.exe
C:\Windows\system32\Jpgmha32.exe
C:\Windows\SysWOW64\Jcbihpel.exe
C:\Windows\system32\Jcbihpel.exe
C:\Windows\SysWOW64\Jbeidl32.exe
C:\Windows\system32\Jbeidl32.exe
C:\Windows\SysWOW64\Jedeph32.exe
C:\Windows\system32\Jedeph32.exe
C:\Windows\SysWOW64\Jioaqfcc.exe
C:\Windows\system32\Jioaqfcc.exe
C:\Windows\SysWOW64\Jlnnmb32.exe
C:\Windows\system32\Jlnnmb32.exe
C:\Windows\SysWOW64\Jcefno32.exe
C:\Windows\system32\Jcefno32.exe
C:\Windows\SysWOW64\Jfcbjk32.exe
C:\Windows\system32\Jfcbjk32.exe
C:\Windows\SysWOW64\Jefbfgig.exe
C:\Windows\system32\Jefbfgig.exe
C:\Windows\SysWOW64\Jmmjgejj.exe
C:\Windows\system32\Jmmjgejj.exe
C:\Windows\SysWOW64\Jlpkba32.exe
C:\Windows\system32\Jlpkba32.exe
C:\Windows\SysWOW64\Jcgbco32.exe
C:\Windows\system32\Jcgbco32.exe
C:\Windows\SysWOW64\Jfeopj32.exe
C:\Windows\system32\Jfeopj32.exe
C:\Windows\SysWOW64\Jidklf32.exe
C:\Windows\system32\Jidklf32.exe
C:\Windows\SysWOW64\Jmpgldhg.exe
C:\Windows\system32\Jmpgldhg.exe
C:\Windows\SysWOW64\Jpnchp32.exe
C:\Windows\system32\Jpnchp32.exe
C:\Windows\SysWOW64\Jcioiood.exe
C:\Windows\system32\Jcioiood.exe
C:\Windows\SysWOW64\Jblpek32.exe
C:\Windows\system32\Jblpek32.exe
C:\Windows\SysWOW64\Jeklag32.exe
C:\Windows\system32\Jeklag32.exe
C:\Windows\SysWOW64\Jifhaenk.exe
C:\Windows\system32\Jifhaenk.exe
C:\Windows\SysWOW64\Jpppnp32.exe
C:\Windows\system32\Jpppnp32.exe
C:\Windows\SysWOW64\Jcllonma.exe
C:\Windows\system32\Jcllonma.exe
C:\Windows\SysWOW64\Kemhff32.exe
C:\Windows\system32\Kemhff32.exe
C:\Windows\SysWOW64\Kmdqgd32.exe
C:\Windows\system32\Kmdqgd32.exe
C:\Windows\SysWOW64\Kpbmco32.exe
C:\Windows\system32\Kpbmco32.exe
C:\Windows\SysWOW64\Kbaipkbi.exe
C:\Windows\system32\Kbaipkbi.exe
C:\Windows\SysWOW64\Kepelfam.exe
C:\Windows\system32\Kepelfam.exe
C:\Windows\SysWOW64\Kpeiioac.exe
C:\Windows\system32\Kpeiioac.exe
C:\Windows\SysWOW64\Kfoafi32.exe
C:\Windows\system32\Kfoafi32.exe
C:\Windows\SysWOW64\Kimnbd32.exe
C:\Windows\system32\Kimnbd32.exe
C:\Windows\SysWOW64\Kmijbcpl.exe
C:\Windows\system32\Kmijbcpl.exe
C:\Windows\SysWOW64\Kdcbom32.exe
C:\Windows\system32\Kdcbom32.exe
C:\Windows\SysWOW64\Kfankifm.exe
C:\Windows\system32\Kfankifm.exe
C:\Windows\SysWOW64\Kipkhdeq.exe
C:\Windows\system32\Kipkhdeq.exe
C:\Windows\SysWOW64\Kmkfhc32.exe
C:\Windows\system32\Kmkfhc32.exe
C:\Windows\SysWOW64\Klngdpdd.exe
C:\Windows\system32\Klngdpdd.exe
C:\Windows\SysWOW64\Kbhoqj32.exe
C:\Windows\system32\Kbhoqj32.exe
C:\Windows\SysWOW64\Kefkme32.exe
C:\Windows\system32\Kefkme32.exe
C:\Windows\SysWOW64\Kibgmdcn.exe
C:\Windows\system32\Kibgmdcn.exe
C:\Windows\SysWOW64\Kplpjn32.exe
C:\Windows\system32\Kplpjn32.exe
C:\Windows\SysWOW64\Lbjlfi32.exe
C:\Windows\system32\Lbjlfi32.exe
C:\Windows\SysWOW64\Lffhfh32.exe
C:\Windows\system32\Lffhfh32.exe
C:\Windows\SysWOW64\Liddbc32.exe
C:\Windows\system32\Liddbc32.exe
C:\Windows\SysWOW64\Lmppcbjd.exe
C:\Windows\system32\Lmppcbjd.exe
C:\Windows\SysWOW64\Llcpoo32.exe
C:\Windows\system32\Llcpoo32.exe
C:\Windows\SysWOW64\Lpnlpnih.exe
C:\Windows\system32\Lpnlpnih.exe
C:\Windows\SysWOW64\Lfhdlh32.exe
C:\Windows\system32\Lfhdlh32.exe
C:\Windows\SysWOW64\Lekehdgp.exe
C:\Windows\system32\Lekehdgp.exe
C:\Windows\SysWOW64\Ligqhc32.exe
C:\Windows\system32\Ligqhc32.exe
C:\Windows\SysWOW64\Llemdo32.exe
C:\Windows\system32\Llemdo32.exe
C:\Windows\SysWOW64\Lpqiemge.exe
C:\Windows\system32\Lpqiemge.exe
C:\Windows\SysWOW64\Lfkaag32.exe
C:\Windows\system32\Lfkaag32.exe
C:\Windows\SysWOW64\Lenamdem.exe
C:\Windows\system32\Lenamdem.exe
C:\Windows\SysWOW64\Lmdina32.exe
C:\Windows\system32\Lmdina32.exe
C:\Windows\SysWOW64\Lpcfkm32.exe
C:\Windows\system32\Lpcfkm32.exe
C:\Windows\SysWOW64\Ldoaklml.exe
C:\Windows\system32\Ldoaklml.exe
C:\Windows\SysWOW64\Lepncd32.exe
C:\Windows\system32\Lepncd32.exe
C:\Windows\SysWOW64\Lmgfda32.exe
C:\Windows\system32\Lmgfda32.exe
C:\Windows\SysWOW64\Lpebpm32.exe
C:\Windows\system32\Lpebpm32.exe
C:\Windows\SysWOW64\Ldanqkki.exe
C:\Windows\system32\Ldanqkki.exe
C:\Windows\SysWOW64\Lgokmgjm.exe
C:\Windows\system32\Lgokmgjm.exe
C:\Windows\SysWOW64\Lphoelqn.exe
C:\Windows\system32\Lphoelqn.exe
C:\Windows\SysWOW64\Mipcob32.exe
C:\Windows\system32\Mipcob32.exe
C:\Windows\SysWOW64\Mlopkm32.exe
C:\Windows\system32\Mlopkm32.exe
C:\Windows\SysWOW64\Mpjlklok.exe
C:\Windows\system32\Mpjlklok.exe
C:\Windows\SysWOW64\Mchhggno.exe
C:\Windows\system32\Mchhggno.exe
C:\Windows\SysWOW64\Mgddhf32.exe
C:\Windows\system32\Mgddhf32.exe
C:\Windows\SysWOW64\Megdccmb.exe
C:\Windows\system32\Megdccmb.exe
C:\Windows\SysWOW64\Mlampmdo.exe
C:\Windows\system32\Mlampmdo.exe
C:\Windows\SysWOW64\Mdhdajea.exe
C:\Windows\system32\Mdhdajea.exe
C:\Windows\SysWOW64\Mckemg32.exe
C:\Windows\system32\Mckemg32.exe
C:\Windows\SysWOW64\Meiaib32.exe
C:\Windows\system32\Meiaib32.exe
C:\Windows\SysWOW64\Mmpijp32.exe
C:\Windows\system32\Mmpijp32.exe
C:\Windows\SysWOW64\Mdjagjco.exe
C:\Windows\system32\Mdjagjco.exe
C:\Windows\SysWOW64\Mgimcebb.exe
C:\Windows\system32\Mgimcebb.exe
C:\Windows\SysWOW64\Melnob32.exe
C:\Windows\system32\Melnob32.exe
C:\Windows\SysWOW64\Migjoaaf.exe
C:\Windows\system32\Migjoaaf.exe
C:\Windows\SysWOW64\Mpablkhc.exe
C:\Windows\system32\Mpablkhc.exe
C:\Windows\SysWOW64\Mcpnhfhf.exe
C:\Windows\system32\Mcpnhfhf.exe
C:\Windows\SysWOW64\Miifeq32.exe
C:\Windows\system32\Miifeq32.exe
C:\Windows\SysWOW64\Mnebeogl.exe
C:\Windows\system32\Mnebeogl.exe
C:\Windows\SysWOW64\Npcoakfp.exe
C:\Windows\system32\Npcoakfp.exe
C:\Windows\SysWOW64\Ncbknfed.exe
C:\Windows\system32\Ncbknfed.exe
C:\Windows\SysWOW64\Ngmgne32.exe
C:\Windows\system32\Ngmgne32.exe
C:\Windows\SysWOW64\Nepgjaeg.exe
C:\Windows\system32\Nepgjaeg.exe
C:\Windows\SysWOW64\Nngokoej.exe
C:\Windows\system32\Nngokoej.exe
C:\Windows\SysWOW64\Nljofl32.exe
C:\Windows\system32\Nljofl32.exe
C:\Windows\SysWOW64\Ndaggimg.exe
C:\Windows\system32\Ndaggimg.exe
C:\Windows\SysWOW64\Ngpccdlj.exe
C:\Windows\system32\Ngpccdlj.exe
C:\Windows\SysWOW64\Njnpppkn.exe
C:\Windows\system32\Njnpppkn.exe
C:\Windows\SysWOW64\Nnjlpo32.exe
C:\Windows\system32\Nnjlpo32.exe
C:\Windows\SysWOW64\Nphhmj32.exe
C:\Windows\system32\Nphhmj32.exe
C:\Windows\SysWOW64\Ndcdmikd.exe
C:\Windows\system32\Ndcdmikd.exe
C:\Windows\SysWOW64\Neeqea32.exe
C:\Windows\system32\Neeqea32.exe
C:\Windows\SysWOW64\Nnlhfn32.exe
C:\Windows\system32\Nnlhfn32.exe
C:\Windows\SysWOW64\Npjebj32.exe
C:\Windows\system32\Npjebj32.exe
C:\Windows\SysWOW64\Ndfqbhia.exe
C:\Windows\system32\Ndfqbhia.exe
C:\Windows\SysWOW64\Ncianepl.exe
C:\Windows\system32\Ncianepl.exe
C:\Windows\SysWOW64\Njciko32.exe
C:\Windows\system32\Njciko32.exe
C:\Windows\SysWOW64\Nlaegk32.exe
C:\Windows\system32\Nlaegk32.exe
C:\Windows\SysWOW64\Ndhmhh32.exe
C:\Windows\system32\Ndhmhh32.exe
C:\Windows\SysWOW64\Nckndeni.exe
C:\Windows\system32\Nckndeni.exe
C:\Windows\SysWOW64\Nfjjppmm.exe
C:\Windows\system32\Nfjjppmm.exe
C:\Windows\SysWOW64\Njefqo32.exe
C:\Windows\system32\Njefqo32.exe
C:\Windows\SysWOW64\Olcbmj32.exe
C:\Windows\system32\Olcbmj32.exe
C:\Windows\SysWOW64\Ocnjidkf.exe
C:\Windows\system32\Ocnjidkf.exe
C:\Windows\SysWOW64\Oflgep32.exe
C:\Windows\system32\Oflgep32.exe
C:\Windows\SysWOW64\Ojgbfocc.exe
C:\Windows\system32\Ojgbfocc.exe
C:\Windows\SysWOW64\Olfobjbg.exe
C:\Windows\system32\Olfobjbg.exe
C:\Windows\SysWOW64\Opakbi32.exe
C:\Windows\system32\Opakbi32.exe
C:\Windows\SysWOW64\Ocpgod32.exe
C:\Windows\system32\Ocpgod32.exe
C:\Windows\SysWOW64\Ojjolnaq.exe
C:\Windows\system32\Ojjolnaq.exe
C:\Windows\SysWOW64\Oneklm32.exe
C:\Windows\system32\Oneklm32.exe
C:\Windows\SysWOW64\Opdghh32.exe
C:\Windows\system32\Opdghh32.exe
C:\Windows\SysWOW64\Ocbddc32.exe
C:\Windows\system32\Ocbddc32.exe
C:\Windows\SysWOW64\Ofqpqo32.exe
C:\Windows\system32\Ofqpqo32.exe
C:\Windows\SysWOW64\Ojllan32.exe
C:\Windows\system32\Ojllan32.exe
C:\Windows\SysWOW64\Olkhmi32.exe
C:\Windows\system32\Olkhmi32.exe
C:\Windows\SysWOW64\Oqfdnhfk.exe
C:\Windows\system32\Oqfdnhfk.exe
C:\Windows\SysWOW64\Ocdqjceo.exe
C:\Windows\system32\Ocdqjceo.exe
C:\Windows\SysWOW64\Ogpmjb32.exe
C:\Windows\system32\Ogpmjb32.exe
C:\Windows\SysWOW64\Ojoign32.exe
C:\Windows\system32\Ojoign32.exe
C:\Windows\SysWOW64\Olmeci32.exe
C:\Windows\system32\Olmeci32.exe
C:\Windows\SysWOW64\Oddmdf32.exe
C:\Windows\system32\Oddmdf32.exe
C:\Windows\SysWOW64\Ofeilobp.exe
C:\Windows\system32\Ofeilobp.exe
C:\Windows\SysWOW64\Pmoahijl.exe
C:\Windows\system32\Pmoahijl.exe
C:\Windows\SysWOW64\Pdfjifjo.exe
C:\Windows\system32\Pdfjifjo.exe
C:\Windows\SysWOW64\Pfhfan32.exe
C:\Windows\system32\Pfhfan32.exe
C:\Windows\SysWOW64\Pqmjog32.exe
C:\Windows\system32\Pqmjog32.exe
C:\Windows\SysWOW64\Pgioqq32.exe
C:\Windows\system32\Pgioqq32.exe
C:\Windows\SysWOW64\Pqbdjfln.exe
C:\Windows\system32\Pqbdjfln.exe
C:\Windows\SysWOW64\Pfolbmje.exe
C:\Windows\system32\Pfolbmje.exe
C:\Windows\SysWOW64\Pnfdcjkg.exe
C:\Windows\system32\Pnfdcjkg.exe
C:\Windows\SysWOW64\Qnhahj32.exe
C:\Windows\system32\Qnhahj32.exe
C:\Windows\SysWOW64\Qmkadgpo.exe
C:\Windows\system32\Qmkadgpo.exe
C:\Windows\SysWOW64\Qdbiedpa.exe
C:\Windows\system32\Qdbiedpa.exe
C:\Windows\SysWOW64\Qgqeappe.exe
C:\Windows\system32\Qgqeappe.exe
C:\Windows\SysWOW64\Qfcfml32.exe
C:\Windows\system32\Qfcfml32.exe
C:\Windows\SysWOW64\Qnjnnj32.exe
C:\Windows\system32\Qnjnnj32.exe
C:\Windows\SysWOW64\Qqijje32.exe
C:\Windows\system32\Qqijje32.exe
C:\Windows\SysWOW64\Qddfkd32.exe
C:\Windows\system32\Qddfkd32.exe
C:\Windows\SysWOW64\Qgcbgo32.exe
C:\Windows\system32\Qgcbgo32.exe
C:\Windows\SysWOW64\Ajanck32.exe
C:\Windows\system32\Ajanck32.exe
C:\Windows\SysWOW64\Anmjcieo.exe
C:\Windows\system32\Anmjcieo.exe
C:\Windows\SysWOW64\Aqkgpedc.exe
C:\Windows\system32\Aqkgpedc.exe
C:\Windows\SysWOW64\Acjclpcf.exe
C:\Windows\system32\Acjclpcf.exe
C:\Windows\SysWOW64\Afhohlbj.exe
C:\Windows\system32\Afhohlbj.exe
C:\Windows\SysWOW64\Aclpap32.exe
C:\Windows\system32\Aclpap32.exe
C:\Windows\SysWOW64\Afjlnk32.exe
C:\Windows\system32\Afjlnk32.exe
C:\Windows\SysWOW64\Amddjegd.exe
C:\Windows\system32\Amddjegd.exe
C:\Windows\SysWOW64\Aeklkchg.exe
C:\Windows\system32\Aeklkchg.exe
C:\Windows\SysWOW64\Aeniabfd.exe
C:\Windows\system32\Aeniabfd.exe
C:\Windows\SysWOW64\Aadifclh.exe
C:\Windows\system32\Aadifclh.exe
C:\Windows\SysWOW64\Accfbokl.exe
C:\Windows\system32\Accfbokl.exe
C:\Windows\SysWOW64\Bagflcje.exe
C:\Windows\system32\Bagflcje.exe
C:\Windows\SysWOW64\Bchomn32.exe
C:\Windows\system32\Bchomn32.exe
C:\Windows\SysWOW64\Bffkij32.exe
C:\Windows\system32\Bffkij32.exe
C:\Windows\SysWOW64\Balpgb32.exe
C:\Windows\system32\Balpgb32.exe
C:\Windows\SysWOW64\Bmbplc32.exe
C:\Windows\system32\Bmbplc32.exe
C:\Windows\SysWOW64\Bmemac32.exe
C:\Windows\system32\Bmemac32.exe
C:\Windows\SysWOW64\Cfmajipb.exe
C:\Windows\system32\Cfmajipb.exe
C:\Windows\SysWOW64\Cmgjgcgo.exe
C:\Windows\system32\Cmgjgcgo.exe
C:\Windows\SysWOW64\Cenahpha.exe
C:\Windows\system32\Cenahpha.exe
C:\Windows\SysWOW64\Chmndlge.exe
C:\Windows\system32\Chmndlge.exe
C:\Windows\SysWOW64\Cjkjpgfi.exe
C:\Windows\system32\Cjkjpgfi.exe
C:\Windows\SysWOW64\Cmiflbel.exe
C:\Windows\system32\Cmiflbel.exe
C:\Windows\SysWOW64\Cmlcbbcj.exe
C:\Windows\system32\Cmlcbbcj.exe
C:\Windows\SysWOW64\Cjpckf32.exe
C:\Windows\system32\Cjpckf32.exe
C:\Windows\SysWOW64\Cnkplejl.exe
C:\Windows\system32\Cnkplejl.exe
C:\Windows\SysWOW64\Ceehho32.exe
C:\Windows\system32\Ceehho32.exe
C:\Windows\SysWOW64\Cffdpghg.exe
C:\Windows\system32\Cffdpghg.exe
C:\Windows\SysWOW64\Ddjejl32.exe
C:\Windows\system32\Ddjejl32.exe
C:\Windows\SysWOW64\Dopigd32.exe
C:\Windows\system32\Dopigd32.exe
C:\Windows\SysWOW64\Dfknkg32.exe
C:\Windows\system32\Dfknkg32.exe
C:\Windows\SysWOW64\Daqbip32.exe
C:\Windows\system32\Daqbip32.exe
C:\Windows\SysWOW64\Dhkjej32.exe
C:\Windows\system32\Dhkjej32.exe
C:\Windows\SysWOW64\Dkifae32.exe
C:\Windows\system32\Dkifae32.exe
C:\Windows\SysWOW64\Dhmgki32.exe
C:\Windows\system32\Dhmgki32.exe
C:\Windows\SysWOW64\Dogogcpo.exe
C:\Windows\system32\Dogogcpo.exe
C:\Windows\SysWOW64\Dhocqigp.exe
C:\Windows\system32\Dhocqigp.exe
C:\Windows\SysWOW64\Dmllipeg.exe
C:\Windows\system32\Dmllipeg.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 11152 -ip 11152
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11152 -s 416
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.173.189.20.in-addr.arpa | udp |
Files
memory/2732-0-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Mciobn32.exe
| MD5 | 992c62b1833dda71d9ecf57ff19c58ed |
| SHA1 | b173b36ab63bb1addcfeca81dbb975cd785ef4f9 |
| SHA256 | 4bc9d7cdff0a87da5caadd3da1f5d06516a1bcf414d0279de742be690da50aa0 |
| SHA512 | dfa9feaf10dd6fb0ac3c28aa832079566f221a9f2d607cc7d52b4bac0bb6f79d883945b5a7337e0b0d018a15abba6545f6adc08e9f3e2107f31c49cc9b8c1ef4 |
memory/4480-7-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Mjcgohig.exe
| MD5 | 7b87c171fcfbb41029b96857f5a8da6f |
| SHA1 | 27387eef82ff50d700ba341a99b749535ee250fb |
| SHA256 | 52e6dacecea38629067d509bd5d8e8aba6189337ac56cb5016249dd15c09f31b |
| SHA512 | 49718f1336afc782bf9532565bde7eb1399ffe0b8df19f8a8b7573619f16cc3a1ea9870ff1b8ce654d6bb9cab2a0a08a0918fd4ea3dfcee546aef7d85f622ebe |
memory/3216-16-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Mnapdf32.exe
| MD5 | 6f19b1786bfed8a745a19e84f86cfbb5 |
| SHA1 | ffcfd4b1a572655a2cc86ce440352c9bc7f56b06 |
| SHA256 | 13cda45bf88e1785876beafa61b55e392bc68e4851201b7c5b1903fe6f63e6ee |
| SHA512 | 6ac092e16ecf39ee1ee070ae9e15a9f819b758cec26865af97af01c676f40fbc26384e1982d8a38a75414e574cd967844bd41ad061dd2b6901f124e954a283ca |
memory/1432-27-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Mpolqa32.exe
| MD5 | 1adf2265b111c4121e1fcda8bfc6e1de |
| SHA1 | 6c75b9282ecb45ac53de69907e071e5089477936 |
| SHA256 | be063c5167f5d1a9952a02c0cdbfd88088c5105b8468f52bdd289edbe7fbcea8 |
| SHA512 | 06fcdd32799fef2e1a1d17a3461d4d471c28a83a8a33bcb8d82ea518c4c1d759f5e274004f85309020577234bc59132156c444b1f423395b82cd1f86c5dd16ce |
memory/3224-34-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Cnacjn32.dll
| MD5 | 37686dbd1338c3c5280e3588e3a77a7a |
| SHA1 | 20a1068b21ce29101039244ad5b63ffa8360dc92 |
| SHA256 | 71f023d02669201083cdfc703d420a9ed5729e75dfdeb510d278c06d1c5414e3 |
| SHA512 | 5dec79f5474b98e165eef625764654931e66dcb26cb0afac34f832a2005c05d618ff4ae2afe5d1f1c90e6d61444f89c075f9ac9cfcbbadf1e700f116a3dbe615 |
C:\Windows\SysWOW64\Mgidml32.exe
| MD5 | 049a1a993d587da4dc16d910cc182155 |
| SHA1 | a29d5f2a8dbcec13869001144568f300086da94c |
| SHA256 | 86e7efd1faf366f2001b9345eacbbb72a90a40c1218579bc74c2aab30f8426f9 |
| SHA512 | fa7babaee2d26f379fa25be6bcfc0f2d37a43a7a5227b9844ffdcae2d11c65f38fed1c808a2e8e225d0111f5c2b20f0d32c90c00e58e6cb0799cea6d855678d2 |
memory/2696-40-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Maaepd32.exe
| MD5 | 5d77eefab6afea606f10a3f93c01af48 |
| SHA1 | f5d328bb8f999a3bf4954aa99606a216d933a617 |
| SHA256 | 3686a7cd3d904e8233f5b1230d60b6e680db2ceb5b4954520c6070ad47cd3708 |
| SHA512 | f4b4ec6b5808c6a33fc276ddd60129a7730ecd6508138d3dea3f1075065ac2c363f680ed8cb107b89053f9064471511b30ca0106fa063e4b2cbd93fbe26ea7b7 |
memory/3408-48-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Mcbahlip.exe
| MD5 | bcf78c94369664eabdf377e28adbe376 |
| SHA1 | ef5e0fcd34fb4a39efb2b332a6d5d6caea280f29 |
| SHA256 | cb5f2308b6a291cb3bc143bedafee5393ba0959c16003466ed169a8bd07401fb |
| SHA512 | e829614c508c21b530b5a3a6df0e49ef07ad9fdaa855d4d9963a957da2da6843d69a21e78358efe3104d4179c4ddf5ef5e2c51050708e7adab9ce958d47d8178 |
memory/4772-55-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Ndbnboqb.exe
| MD5 | 58ff799ea8d2fedbf2728e024945171e |
| SHA1 | d607fd8437410423bfddfc0ff5ff4dd338a11448 |
| SHA256 | c392a213587d89c0d41f40df1512572061140c8e810da514f0de093bb75117a2 |
| SHA512 | 98a683cea333fdfb05066c3ecb6c84828b2109cb00a5d0b4c1aca866b7e08166cc557963b9ccfc7430fcc416233926e0fad06c4eca85cba967082206e1833dc6 |
memory/4356-63-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Nqiogp32.exe
| MD5 | 3ac4905e8729e12f3517d59341309114 |
| SHA1 | 2a81edb032ce97b9815b9497c007fada3e8a7bbf |
| SHA256 | c9142244fcb90356ab07a8536939e33d4973bca119b86a5d8c0c03ac5bac68e2 |
| SHA512 | dba13b9825e3711f4d195005b711a6526e6b681e346aac8521895ae733849ebdfea7554f0b4bba09d26bbe54b6eff0e54cece1b52801e3d8e12ff1d0e2114ce8 |
memory/3968-71-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Njacpf32.exe
| MD5 | 3a805a1cdcedd0f44c65aa006bda9a13 |
| SHA1 | fb7f9d77aee116f0ce58e71875f8f31acd9dfa42 |
| SHA256 | cd47a22e001d2538be1dbfd2a53799d49ad185c5cce0358bc0315c7443f16934 |
| SHA512 | 91319ad813a6d438edd27243ba8fbb75777a4db0b3831c37be3c706830a421c7926c685f92d0087b48b07e07a75fe4982c43fb52d9d19529a7f821d8d6c18aa3 |
memory/4380-80-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Nbhkac32.exe
| MD5 | e3153588bb436dda0c9facafae51cbc1 |
| SHA1 | a9e75b19b27efde54c443a1def1d8aaa70580380 |
| SHA256 | a222d6f2673d2428e780c8f8df0395e76aa1cd9877fb4986c4316511f58eaeac |
| SHA512 | 794dd566483dfd6c0c4c9a30ccea37ae77272d388371b8113257bd81318a97e21ee85b6caac6a66efafce6cd02ee12a40724f7e1af0e45271fb612aaad5c9b94 |
memory/4616-88-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Ngedij32.exe
| MD5 | d569616bc168e9ff55c80c210e60afaf |
| SHA1 | 8e43c510422c5b785e11fc7c7fd261b42066675d |
| SHA256 | af86d01fd15aba317212696a8a382756eed7770a1a536e870568c39661855aab |
| SHA512 | 725432cb011709829ef3dbbb2968b900b415dfd14b67f0a510ab766229e7e2fbc77f3a29be241f886edd6bdf71a3640539a9213d55686085bb7af0b835a54fb1 |
memory/2552-95-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Njfmke32.exe
| MD5 | f008f2c238aaae56f3157b931216cb2a |
| SHA1 | cb21eb328fe84bb428074d3767a697aaa5fdaf6d |
| SHA256 | 811cb2bc662ef947fd60a069d4747f8240a1cb7330f399a07401692cba55a9ab |
| SHA512 | e7aaa5c4910b0d04d072e1427a2f18b265864d727311860e2f59c85e725beaf312bdb63c86bdee71ea91df9c0f88813ec2e4747dd22cbd3c21732250a7fbc201 |
memory/3276-104-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Ncnadk32.exe
| MD5 | a5597070dcdf22edbef870afe5e400b9 |
| SHA1 | 71204e044ac79dd9b19bf1158fa939d863763eb1 |
| SHA256 | 93d2a6416ab1d4448c6359c3b3bc4f763ae3e6ff2458371b8af34f540aedb793 |
| SHA512 | 7b1101161dd9366fc34e3cfa22c9f8c3aca6e47f45fc7a562671c4929e4943db7a8badfdb57167496d002260990e4b06c368a6db13fb50d8bf39479768615fdd |
memory/4792-112-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Odnnnnfe.exe
| MD5 | d9ca571f7a60899e37b6b043f1a0deb6 |
| SHA1 | d2909685a6ffcae068710b068c7f5255644b2b11 |
| SHA256 | 04ef4c6b715d6866bf254993d2b110699f36454dc7433feccb4352a02b433ac6 |
| SHA512 | be485d96dd393a5ec5be0155d7c9fd953b692b6ecf418950193acf902294e75f8d453e612b429466477c55a7707da0fb3106662472629a40d74e35cc7bbec0b5 |
memory/3324-124-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Onfbfc32.exe
| MD5 | fc6aa1867fe94e987f6338c6466ae714 |
| SHA1 | b5656f7a9f24e17b8570c160a685afc751253548 |
| SHA256 | 72ecf9667ba4793698adbada0b47f88964a557caaf93b3e9bacdddaed2803a9c |
| SHA512 | e5da56e0bfdc7cdc4f7664eb1fa077bb549be031804c72f0342994192a79c8711e35e267e2cbb5cee99397af0ac2f324d17f74dd86652f2acf1c0a4d9c79f6c3 |
memory/2376-127-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Oqgkhnjf.exe
| MD5 | 5e05c5c65e2fe66befae13602da5583a |
| SHA1 | 616fa6cbaf3b4a7c4db58d126d7047608b957ad6 |
| SHA256 | b92d873a40de64f72eeee4db575ebdfd8372e848e59bc21d1d822d4d8d9a1655 |
| SHA512 | 67e27bd95f6711610c9863957d9f02191b58abbacc839ed966838530a4e871b9d43b3fe07c1d2281d2a5b63edb60bd131ea192273fdcc75fad3bd892ac94858a |
memory/4832-136-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Ocegdjij.exe
| MD5 | 0d7bd035ecdf5f78e6e5888e3d44f55b |
| SHA1 | 99694f9299eee6c556c7d61ba1f9a7dd67f0ad8f |
| SHA256 | 82e22a6a9680255bfb55561b8b8187714419be7181eb0f450446d7934739e3f8 |
| SHA512 | 0bd64cb770f4e21d4dd5565df5cc6e2c06319d0615422694e479d7c52689d528ad6a3c667ced292a13a1c1271e1a4b1040ac411266bd572c361a114a7a9ad001 |
memory/1128-144-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Ojopad32.exe
| MD5 | 25916932bac894690b79bb7e70c0258b |
| SHA1 | 1b6f22b58a7ba6d4969103bbed43ff94fddb468e |
| SHA256 | e67bbbabaf08e9a8d90cd734f908e8ee1147dcd33745c77fdabd272ddc6ec72f |
| SHA512 | af2b15202395ca4445b8b9a4e397fa637e8c7c41c0a99187dd1dea7f6b246a0cc5af6afe706e1b3668d8e9d81cd33fb445bf08e2bc0dfd81cb3324f07633593d |
C:\Windows\SysWOW64\Oqihnn32.exe
| MD5 | a4af1917cc6621bcf36944232a4ca6dd |
| SHA1 | b29e6c446181e19edb1ca826c708a396373adfc9 |
| SHA256 | b0af4354c533cd207287af51649fa51ad017d2b1470652c06fdaf67d5d8afbb6 |
| SHA512 | 7d0135fde16586e5b63d252cc8b6edfe4476832fe74c96394fcc75edd677a7883aeaf490de7a84691411cded56b656d14794a82cf1274702c26b75f0773f82db |
memory/2124-164-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Okolkg32.exe
| MD5 | 05f419fd0b225339cc9f600d6aef1446 |
| SHA1 | 8ccbbf49bbfa5f373493dd050aeb079fb3664bea |
| SHA256 | 83b7f137e7ed3f2fa7ce5149b0e207984af0ef271b6e4ff273bc8784d1b80f4f |
| SHA512 | 6e4c7d0914838c45236449ea56a8d460fa8b015ecb8ffc55d97120ec001bc9091b63d25476e00ea694192ad877101248a502fce0d746b4257773bd91bef759be |
C:\Windows\SysWOW64\Onmhgb32.exe
| MD5 | d3c9d965a54c072dcffcf6f5c1d2f24a |
| SHA1 | b29ae31a7159e7c559a921feba6e21b311846080 |
| SHA256 | c60a1fb3103596cfc3aa156253ad8af2651244f5228ca82af00ffa89939cae1e |
| SHA512 | 7ac139376f0f75a015d0fe49a220f9ecb5cf5ceac92f64c76c84c5154855480f34d3233cca7d9b7c31b39ba18717b677c03d1656231ed8614ebb408e6ca42f7b |
C:\Windows\SysWOW64\Pcjapi32.exe
| MD5 | 20a65825c77415cb3502ef5b6e4bbb13 |
| SHA1 | 90e649552b122487ce6a2ca06148e0ad4bc8ca65 |
| SHA256 | 568321a1106e5ff7be2aa36caf60a2004bb8ab711926c4cb6c69e94350d70d87 |
| SHA512 | 72a2363e7c4a4c74bc69e5d7ae43badcef6fcd26bc35265d131f1ecfafe9e5642e6cdc0920f50947bce74f214722573dd0aacd275369b71f6dfa54a6e49e5071 |
C:\Windows\SysWOW64\Pgemphmn.exe
| MD5 | 7e1bc160a70a2d6237d0f1d20f4568eb |
| SHA1 | 768f34b2d07c877347343f0be9e41bbc21c1814c |
| SHA256 | cef1b43ad67513cec31c1a0ffa4777914da5aea0886db40b46f94be32a926b26 |
| SHA512 | 82e2a76fba14dc5740a18b921066392406d58ff0c51c8d2a4ba73f456cddb96f202e0b7678bf42d75b02348b20c1eeb19509ba295274b30bf5769966d37b2dd7 |
C:\Windows\SysWOW64\Pclneicb.exe
| MD5 | 9f4c2771eb4dc779fe55ce8a48a82edc |
| SHA1 | f55492c842972acc885b2579b941734aaa653bc6 |
| SHA256 | 7b645b5fe6d747da4011b3beea988ad7a043006eb8a883c15b738fcc54762d09 |
| SHA512 | 2bd83df876a43ea285749ed348032e148538e3a9ee03cb201389a9ac91b07ca343d98e420b3b8d94d4b6ec5b3e72b3486f8c7cf98650a7ae7a5f69838568f604 |
memory/3228-396-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4656-417-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4512-427-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3672-429-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2040-431-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1052-442-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4192-441-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1268-566-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2392-565-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2380-567-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3916-563-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2736-562-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4788-561-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3032-560-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1192-559-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4808-558-0x0000000000400000-0x0000000000434000-memory.dmp
memory/528-555-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2472-552-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1080-551-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2504-550-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3636-549-0x0000000000400000-0x0000000000434000-memory.dmp
memory/412-548-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3432-440-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2388-439-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1472-438-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4064-437-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4408-436-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2264-435-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1464-434-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3572-433-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2416-432-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3800-430-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1420-426-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4284-425-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2636-424-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3076-423-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4664-422-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4592-421-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1460-420-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4812-419-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1176-418-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3956-416-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2052-415-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4768-413-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3272-412-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4960-411-0x0000000000400000-0x0000000000434000-memory.dmp
memory/752-410-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5068-409-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3576-407-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2844-403-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4620-402-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3180-401-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3260-400-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4532-399-0x0000000000400000-0x0000000000434000-memory.dmp
memory/960-398-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4184-397-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3096-428-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Pkceffcd.exe
| MD5 | c4a1d39d757967193ad0129331d9bca2 |
| SHA1 | 9d6da3272f57a2342798b18be8f51d0bb40518ce |
| SHA256 | ccbec350d0f8e2b10156c82885573be97095317122421bb100782d8542de652f |
| SHA512 | 0880b02ff2e7e6b239262f01b89179aaca878a5d4c5e424e7fad9c9161cb4025c16537633d38a4b0f03b96cc1e181901862f667458415b9e75f43ceef91a0fcc |
C:\Windows\SysWOW64\Pghieg32.exe
| MD5 | 113a279e4b807c54abf8460ac9f990c5 |
| SHA1 | e30b99b061fadb43bf0b7b953cddf1599577980d |
| SHA256 | 1b6a34096fe25b1028ad34a409e22f5ca448d7cc2960b048bb8bfa90c586ba55 |
| SHA512 | 5a6774e11be0d9ffa636917f810828103f6913354d6d1115a731bb1e1642ecd75295d64794705626edac3e61697fa8d9dbde0e59e538ed16190c1221b4879130 |
C:\Windows\SysWOW64\Peimil32.exe
| MD5 | 950bcfd7d6fc7091057a71df1cec805b |
| SHA1 | 52ddcec7c71f31f2d790e3cc85664419c1dfb10e |
| SHA256 | 686b589e20c68ce6b4be9508f07e2b2faad7012c073989a96935a88b6a2ff852 |
| SHA512 | 1dd06fdcfedc59c7b03be0a7cd8a571fb2b9cf924ac7c8aea13f91955de2a0b39040f592b42dbe9fcc395ae06197c5a974f41734a85f00324b5e87ab8ee41f03 |
C:\Windows\SysWOW64\Pqnaim32.exe
| MD5 | ad450eb63a4df3305b51949609e09726 |
| SHA1 | ec6ba7efead52b0afed2793cd5d239af6cb3152a |
| SHA256 | ee40324fe92a4932ce8412a8bf3d8737b9c7341c96ae90f5802af5ade1e126da |
| SHA512 | ab28c6c0c2ac085718b46f31c9a883ee90c4dc241b810536d68d5e43e9e102dbd327ab948de5b1da26e2f0214695d375075f38da027367307d54e252d522f121 |
C:\Windows\SysWOW64\Pnpemb32.exe
| MD5 | ad0cb3369e1f4277104c31977d349b0a |
| SHA1 | 6c34486febe417d34d2104589226f7f7ce0560a5 |
| SHA256 | b62b380e666cf165bf5e74c1790bbf62d023bb3e49b0d6e1a42207a07e7dd44d |
| SHA512 | 509140620ddf3c46ca05c0476964b7aacaf0360ec85abda3245fd709a0a2006a08b83d8e96f3a45701b6ec0768aa2f3a0f4925145e9cc55397765f919b5404df |
C:\Windows\SysWOW64\Pjdilcla.exe
| MD5 | e06f9c0bde9d8c1a0edbf4135c3e4529 |
| SHA1 | f9504c3f9871c0d51411bb21cda4ef1a1dd40783 |
| SHA256 | 2f3aa27809fd2ec9c6e50638907c007cb2c68c123c3e1e5f565727e08b4126c7 |
| SHA512 | 66d9d57901d4d513dd091b11877da6824e57fef3c9498ce9ff3e28c8557c43026bbd79460dc988a218e7d56575f3a4ceaa211678a47f86d899f8277f06ec57e7 |
C:\Windows\SysWOW64\Oqkdcn32.exe
| MD5 | 4a71be9401dff3b69ce7143a2ee2dfb6 |
| SHA1 | 420969a1494a09309cbc95a31bf1714d44e91f61 |
| SHA256 | 4dc8fd9a4c1ebd5d0d660d857b7b25a7d035c25107d5adb028e4c907f190bc04 |
| SHA512 | 559fdf22818e882b454959b7ed56a6a3d9c5ebe06027770413d19411355dc6d3378a526e81a7fa7014c67a7e21b74a4d4fe0d2acea94795ad8ccdaae454b47bf |
memory/5440-623-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5308-622-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5268-621-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5236-620-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5196-617-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5164-614-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5124-613-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3044-173-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5380-633-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5724-632-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5692-631-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5656-630-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5620-628-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5580-627-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5548-626-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5508-625-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5476-624-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5792-634-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3852-157-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Windows\SysWOW64\Cbqlfkmi.exe
| MD5 | b0ff16ec9bb05a151a184a5059decf20 |
| SHA1 | 105b40561fddd5c7329e842ab63544415927d856 |
| SHA256 | 4a1d85433cea8cab3d4ef55500a1299b23afa6147f2ce22ce9d5ba78235a533c |
| SHA512 | 0a0326b7694b0e2e6e51c46b21ce32179de07a0c4c665c607c1789343ef1d35ea05c70c8217dec4ab99da9724c1da3ce97b43a6032af16197243095e1512c5f6 |
C:\Windows\SysWOW64\Cahfmgoo.exe
| MD5 | 3d41b17c45d7fe6603b2dae373504c43 |
| SHA1 | de3eb50d501ff24e481c9f2a73416e83daad40b4 |
| SHA256 | 91fd15a5fdf5ee03302e2f02e46706987c8550d3e7b1910672a70e21ce63713f |
| SHA512 | fb164c5d9dbb6073f094de8e0a1cb3df3127480ae1815709d05bd50bed34cebf0928ed1c032b543f1171750ec3914a1538712ea3d26763aa5af9d84d2395a16e |
C:\Windows\SysWOW64\Dllfkn32.exe
| MD5 | c7c93ec8354fea095336a7a7f190b1e7 |
| SHA1 | 3258cf23c404118573653674d2bdb9497ba42ef0 |
| SHA256 | 1851a18547b0ec39f30e9ea4b208005692f64d4a1e3b4d12b70ef091efc0ee46 |
| SHA512 | 5cdeebecaf74674813bcd49b0b33cd0d64e630fe5ba312ad3f29796c2cad35b7f2420380ef2cc863e85ebed7159beab5c984edf8b1aa5b21badeb69d944e8937 |
C:\Windows\SysWOW64\Edkdkplj.exe
| MD5 | 66fa0394ddbe5ca5bee367a14809e7b8 |
| SHA1 | 48ed8bff012599d70aa5b0887f4eaff1f96ef1e7 |
| SHA256 | 193e5df42552962e5c6beb6f3c3080a4339ff00e80f8a902ad2479a2f003748f |
| SHA512 | 3010dd3f02e70e46013fecb7813bab5a778a34b33035785325c9cf9b1d9bcc425f9e8fca868e69a691b463df23562822a7445c6cfe985f376238fe289ae7306b |
C:\Windows\SysWOW64\Ecmeig32.exe
| MD5 | a961868f4e21b6700515a60ff34a1465 |
| SHA1 | b354261531603784e047af09e6e0aa554595b732 |
| SHA256 | df0a2f6d048d908f38a5ff7381dab22174f1de85ff7ec8ecac40d74a802b3a47 |
| SHA512 | f84b1084dec69edad099ee6c4d04bbe59c0774b0efd42bdf27c4e92f31018d460ba9f8e8e01b65129618d462bc930215bad0ad8aaeed051e0c3d69c79bfafb53 |
C:\Windows\SysWOW64\Edpnfo32.exe
| MD5 | af43982029dd995e3e45ecd4fd9e3648 |
| SHA1 | 73d2a12cc74600f92b6ab404abbca55ef3c57d7f |
| SHA256 | 1bdc61664cb5add56f7245d695b2a7b2a76b932bceff31613d3abc28d8002f3b |
| SHA512 | 3de3bc8bb61a66759c9dca8a07b19fc5f1c0bbc7c824eb2a90967cc87dc55136661b9052068099f9ec044a24ce1166e4ca0705bec5a056200333635fe5aff5d0 |
C:\Windows\SysWOW64\Fdegandp.exe
| MD5 | d93272002c186c9eb21fe49e6f6cad4e |
| SHA1 | 2f54d0590d6a0d26b1aeee31c07fc8df5a5e9577 |
| SHA256 | 53cf2999e7b3211da7ea949b57d8c04ad4073e37004de523aa46288f18a1ebd9 |
| SHA512 | bcc9365ce0beb91bb7e884abcdf56d6f17ff6a17f60fb070d5df65f5a083b4840ccbe87e9426de2d771a339f8af5f9f9f1a1b1ffd072659d229a253c06479e77 |
C:\Windows\SysWOW64\Hcbpab32.exe
| MD5 | 58fd36a3d8ccc44d1893606980a8e3f6 |
| SHA1 | 5f09121af31a09d33b0c4236b5322f65cc4ce7bc |
| SHA256 | 0626e9928e7478026b196a2a3a4d19dc69a9fb668101ad1580d7dca7833919aa |
| SHA512 | 5dbf1a6e2cd0d8814281481c7ec29b3a024ecf27efe84396ace82aa44895ff87b460dd19df6a5df20266e47ba9b8c0f5ba50ee88d8aa2743a61153eaf6ead6d7 |
C:\Windows\SysWOW64\Hioiji32.exe
| MD5 | b50cdccd191aa01e38efc05dedbb9af4 |
| SHA1 | 8dc0ea3dcc05e482d7a68843ffdbe7e1d6a85239 |
| SHA256 | 0a9a7ab9864f0b50eb609f82eea4484df2e507e88dcf2485244b9401ff141a41 |
| SHA512 | 69ade716cf65b998a635ae7fe37e1e04ba727bf6c8d1fafeb3994a0b5fefd9aba2dcadb451d8b25f8908b6512753b128ae49bee2cd68364a1250c0122c26830f |
C:\Windows\SysWOW64\Iefioj32.exe
| MD5 | c95e35fa42af9155af5691ddefd1eec2 |
| SHA1 | 02b8de8b9e7f57801ea676fa1a78188910aeeed5 |
| SHA256 | fbebaf1eb875c0ca7942b1f82f8c3e03d0741da2fba67600d66cd04c4308013e |
| SHA512 | cb635d2dabc4e9e701316efbe51e236416c94d881d34e336c1c548bebd194dc89af5d245fa0aad7ff92d236b033615f67cb917c1ec1114abb1a75dfc176fb769 |
C:\Windows\SysWOW64\Ibcmom32.exe
| MD5 | a964125dbf138a0c89a0c267c234112c |
| SHA1 | ac4161520fb95c869f6da384da02cf2cba860443 |
| SHA256 | 75fba3ebaa778dfa49b118d7f5ce9abc69ad58aca78fa280b4d89c9567d97f06 |
| SHA512 | bd8c2b62ed5f50f252601367f2bdef0b165d9ed8580ae8e2b333588f2f023c3719d58e35bca97080568f3602f512fda38d308e9f420a827932d37d88a376a664 |
C:\Windows\SysWOW64\Jcllonma.exe
| MD5 | 063372f971c0c992a7c6f20ff4c210af |
| SHA1 | 67ea8a8a78793e59cb6d533c9ff0e049c11ca6a5 |
| SHA256 | 88b5bbf88da11243e580ff57227e90860e02303f6bb64de4810635c73da179c4 |
| SHA512 | 919c097de86436379e2f9ab1c38ae745c3a14e299926ae798b2f1a2796e9561202915a528d296ed32c6df4485168ddd48bb7622a7ff7f163e7a6a4026be3381f |
C:\Windows\SysWOW64\Kpeiioac.exe
| MD5 | a40a34c8047e5b610e42b257f350ca7c |
| SHA1 | 8ef5aa0d36ea32cc88eeaa0e03689fbf7b3be97d |
| SHA256 | fafe1bc9e4653b654ea5ef45220b8a715749122f1944c6697e184a90af346562 |
| SHA512 | 390147bccb826e70cf1b3c214198ccdeeb62134c22d258f1f57e39b630ab21795e3a63027dacf0402039618b1769e95915aa7cdc011786f8420b0a9acbb168d5 |
C:\Windows\SysWOW64\Kdcbom32.exe
| MD5 | 0c4e15aa5a074b31876275add690e4e8 |
| SHA1 | 10992f3f014cb4a379348d50ccdecd3589d54b46 |
| SHA256 | f0e67c0d368bfdbfae25f16ef7b88bb7ad8f2fb50887a2a49be46bac01ae2f71 |
| SHA512 | f6a15700c89958e3bea5ce44c8ba8edca90a7638339150586164064aff23c3a559ec9c43a1ec451b0568626ce9312810fa320d6f9bc933b0db5b0e3b15f695df |
C:\Windows\SysWOW64\Kbhoqj32.exe
| MD5 | 49bc4701869cb18e236e2b5a096f5fc9 |
| SHA1 | 075d89b8e50ac7075e63d4c05a49997fabc8568b |
| SHA256 | 0b34efc52164b490c6763a02828324ab88e985c4ce969bbcc55f91b4c0dfcb3a |
| SHA512 | ecd2437acda9ea6121004a6c5c8bd786c149b21302eb59ec9c59811562efe5f80c84783cc3cc030326961d1c3e9cebd501f59d6a6665e342b6bede0d065ff53c |
C:\Windows\SysWOW64\Lpnlpnih.exe
| MD5 | 965fadd05581313261a716a049c4ca90 |
| SHA1 | 5e95999848848bc95d0954c603bbce3567409016 |
| SHA256 | 1cdd18555cf3327f4a99611f8d45ab94c2bfbd187b2ca8c1bb8ebc70aa110c5e |
| SHA512 | 155c320e565c8f58319e8fdb4d5b66f3175267d030dd3c0628c7f277d06d797f51c07e6b02c7d16cf37b240be39972efb63301ac42b076ab8831a717e4e90ebb |
C:\Windows\SysWOW64\Ldoaklml.exe
| MD5 | 28a0eca2928ade06d3bb4c3e92586f5d |
| SHA1 | 3b02d8a8a47f03f6a6184561b8439ce08dc8d2bf |
| SHA256 | 722baa5b06dacae89ec1486567117a1750694b9bedc9f6c8ec0881deea3f3341 |
| SHA512 | 5fbea8d932c4820069e5681fc3456b28990b2a8dbd727c97daf689f6c96b9e33fdb51c99aba99562764231cf281f6c00f93dd085aa4d3301d5e68dd1e1f9586e |
C:\Windows\SysWOW64\Lphoelqn.exe
| MD5 | 550f32f932c98cf32dfff98e3d3a6df7 |
| SHA1 | c37ebb016d14f6c3af8a4d43b2c280874e4c8924 |
| SHA256 | 6920ce3b6735e465140fcf96e05f39ebec5fe355f172b35d2ad209b8e2facc60 |
| SHA512 | 82974ad242ed98621ca9393ee5aed1ff4a2e12381eeca0912bf30434f8d33243c877a6885d3018eac84e24c877f709498d705f39fff6bfbba0c8950b126eca6a |
C:\Windows\SysWOW64\Mmpijp32.exe
| MD5 | d64b720afd40e58147f151b4a7e4baaa |
| SHA1 | 90c0f5d841d4fe3967d7839541ff91521d603401 |
| SHA256 | 1682ca8762ecdeb5f0e0fc88b461916163b3fab3f621238bde65d2bb51ed1d3f |
| SHA512 | 5936c3d7dc7a8a3662c856163cd5ae068fd46d69ad8ab7402a73d544cfa8d16d8c8d8fc7ca11469d5a386fd6d8369d0ead32aba39fb13c9e09c9d80f1a49c268 |
C:\Windows\SysWOW64\Migjoaaf.exe
| MD5 | ab66b1a497a5034ee5920ecd14dd933a |
| SHA1 | f002e78fd9e3fbefa535d062c08c72290183fc74 |
| SHA256 | 915337c84bb4fd575e14381051481150221e32c37be0a959715f58b512bb40da |
| SHA512 | 124ffa0227b152490e26d113c9759e98cf776972b5fe8272c5cfe404ac1eb69960611a5da77f8d61bedd69e042bc36d496fd3d7562fa8888e1efed5123afb869 |
C:\Windows\SysWOW64\Mcpnhfhf.exe
| MD5 | f0ead314611e9fc20693ecfe9f212593 |
| SHA1 | 0835f886b4bf879bf25f996fad636da74a914dfe |
| SHA256 | 5631c73cc2fa071950d6112aef888b453ef3873eae16e21babac3934f0abd3ec |
| SHA512 | 96baeba5aba50c60d824561fafb6edf5588c19bcd84bde3bb2409c5f0fbf6fe1abbb6092c4c056f96e265dd4c5ae716119f92ac3fff68bcad5c14c5d5fa506ee |
C:\Windows\SysWOW64\Ndcdmikd.exe
| MD5 | fbcd794970dbb31a01b0d3ea9c675918 |
| SHA1 | 30f1df293f7e2f20765a661ad25d80eadd08b859 |
| SHA256 | 16c0349d52184673b6da4709500b0a1cfca95540f576e230134d9db5ebe01ff1 |
| SHA512 | 8cdaf27ba173ff7dc886a5936c2dfa019c6af7c7106dfd3c2a1b70083bbd83ef2469816c2cd017620f848e3069a9f6977dab0f8e5aa2bc809b70a2b65f0d9514 |
C:\Windows\SysWOW64\Ncianepl.exe
| MD5 | 79b5bc30bb6d370a3f40338471e9bf56 |
| SHA1 | 1c3201e620c5839885e1f839270c4f599586f81c |
| SHA256 | 7f5c5f457ba8e5d4c436eebd71ed273a30d5fb80edee42bfd669461983856908 |
| SHA512 | cbcc6366f7c34bcce268cff236ae9c92c2eea7d52cb1554214d1647d2eea2bf4fa0bed313991ccd9706263782fc910c07015868c51bd7bb840e4ff35cfbd5a7b |
C:\Windows\SysWOW64\Olcbmj32.exe
| MD5 | b0d948b26d99c9f64061248092d450c5 |
| SHA1 | 34ccd57f53e81b72bac3273a633af156154932de |
| SHA256 | 9b7378415f84e28b2e67af56dea51644aabdfedb6b00b1f97e343349bb724c94 |
| SHA512 | 632f28771856333370ad05ec785c26ef49a4d1ff7a3d13be10ec546686e4d2f9a708b20b1810c3c38de6317f85912cc54fb7ac04c9556d11df20ffdf98133aff |
C:\Windows\SysWOW64\Ocpgod32.exe
| MD5 | 104c1cbf1b37cc3d0ede273f5d5030e0 |
| SHA1 | 0c5bbf991b0f561a48a07ee58467f57d6a3a61ec |
| SHA256 | de7550591c011762b3d89cb15954cb187f69b9fe4f90a5f6863f678846fa6d9a |
| SHA512 | 882efe9d70d9d1941a4627be977ddee52c43d3ebcc89381cbb153f82189913d6b01c9313d32825e2f3951bcb5b6720fe4d0bea282fa04eb93e238b5d0b602a03 |
C:\Windows\SysWOW64\Pdfjifjo.exe
| MD5 | 876840e6fbd6f53ce7340bab27bfd205 |
| SHA1 | f727f98ad81d3e7cfdf2ef906dafb7f4ea921bd2 |
| SHA256 | c20725e773489f69100bd8178f3a03455c76fd54e93993aaf1fa198acbe952a1 |
| SHA512 | 0271a96d356b29fdfec89bb8e392ffaf8cbb70d4d993b00d5d5f9ad50f8735aa92f5de73d12f801c78cf1f3f4785fc026e3362af1522927c3ab11e83d8ad7a66 |
C:\Windows\SysWOW64\Pqmjog32.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\SysWOW64\Pqbdjfln.exe
| MD5 | b134b889eef66bea9d1f0cb39df6ee31 |
| SHA1 | 0f848bd405c2e9f217b547ebfb33f8a3d1182d9b |
| SHA256 | 486df935336a96103db7c3907c64535858ffd7df5ef6d5ad828c828ff9fb4d2d |
| SHA512 | 36ba492f45c42dbad337313ab873a1210688ae24ab97dff9181854eab89305541cd2478f6da7323a852fe8a8d0b23d9411776008cfd0b4ec20ad8ebc49d2aad7 |
C:\Windows\SysWOW64\Aeklkchg.exe
| MD5 | d2beeed85ab846cc05b25c02a26d323d |
| SHA1 | 513a40fe6e7ec1a268d9b92bff6b53032fcd753b |
| SHA256 | 131168db069def258f5c154d7f16ac623c54fc4f119136ee8b503547f97d6810 |
| SHA512 | 3bf913eabfb7256f1b67473c6ac698115794dac14204f5084e7627c8f5e6e8d0a320124b8f4aa005128f8920ff166447643b0fdfdb3be4a0d2fc1571111349f6 |
C:\Windows\SysWOW64\Bagflcje.exe
| MD5 | dd4473aa95894418fb44b26c6a25be50 |
| SHA1 | bf04bd09ab87c9c0ca0a0e24dd68a94fe8cf7a4a |
| SHA256 | d56620e1faa01553d1175bd7387d0a38a892d1c0db4edb4732eef4f093ce43d3 |
| SHA512 | 3070eaee827cca738f18bbab026c8fe1579bfd0030d5835e495d2c40fbdc8f18a5e2311d391795c5dedf020abdfc833ff37ea3f38d4227085845a6518ab12443 |
C:\Windows\SysWOW64\Balpgb32.exe
| MD5 | 6dfb1d326be969d8da022fa22a7cc893 |
| SHA1 | 497aeb74bab9314da1931926b89d722f8ac116b7 |
| SHA256 | 2d8eb9f5f51e344c4777eb479fa8b69e896fd9d195b79dff22063ff76c470f12 |
| SHA512 | b92a305b3c555785378ca195079ec2d69936bc27e360210b0d5feeff314717ac79036f687b77047f32b9698a9d3796a39ae60a90828fecfca75d94c265379988 |
C:\Windows\SysWOW64\Bmbplc32.exe
| MD5 | c8eaee27c85b1fc226714ad3e493dca4 |
| SHA1 | e46ddc9b763ce8819a8fd56784b5fb16e223ea8e |
| SHA256 | 398678132287d4858b67a57565949b42e89e4fdd97c159103cfd97f770b79996 |
| SHA512 | 48d3f5dd48e5fb8bda555a1fe6546508f8a9928ff967e0501e968bb60bc096449ce839c3f4b5c1182bca1318164d0e431c997efa308599837d890253c0ff2ddd |
C:\Windows\SysWOW64\Cmiflbel.exe
| MD5 | 4f7b43a6579133175e8f9abccc2c0d54 |
| SHA1 | 87e098fa13f81ba3a11638913ff947bf932ffa94 |
| SHA256 | 871a2c81594ee5ab16bfe39d5b5b2ee09ceda09050de7a403441c6e588fecae1 |
| SHA512 | fe5419394c89fc998abd0b6a8cf5c7a113fbd3545b0e788c2d3f9f95992eab14c3a183dd4bda610b54e06ad2cd41fac715f118b8364c59657e28a16b2303a6b0 |
C:\Windows\SysWOW64\Dopigd32.exe
| MD5 | 47de8e0e9697cab6b212a2e96d4eee96 |
| SHA1 | 9210efd6b54fa32df6e4e0158faf9a00a27ea630 |
| SHA256 | 6a0f7185faeaf906b402bf3a8c957f1d6318ceadb25903ade1c81cd8cddbce82 |
| SHA512 | b1c9b075b6d368289addd2d9d07910bb9f3356b5ba9a38dc659cc0748eebf3bd7527d58699e5c8aae2cf015ee248ea6fcd4c4f6208d6a2c86558d48f659ea0bc |
C:\Windows\SysWOW64\Dkifae32.exe
| MD5 | 9b419f64c0a0431410af587834bfa441 |
| SHA1 | 5ad8fd37cf5fca057211bcb441ed081416a3542c |
| SHA256 | b4f3d281800be3e35d2485785f17cb8fd1d2fd1fa823fa0a1a605000626009b3 |
| SHA512 | 04669bfeed35e04b3e8febcf06328a99795de0d3de06366734d408640ab566286935047494a3474ccb8c2dd51be8f0e6ab61464db5a6be29f859d43c23d30d45 |
C:\Windows\SysWOW64\Dogogcpo.exe
| MD5 | a8923bb18a9728af1aaf0535c5cd4118 |
| SHA1 | 635bcf2e6c1f73b8a1fdaad7fd58cc811d76f621 |
| SHA256 | 40107abffb1e5c598c24e1a428beb1a824dce7771d4faaffd48e22a48e0e8b12 |
| SHA512 | 97ce6766a1578b86e0c81c70e825b9249da150bfb498f25740d180bcaa4d1b041c457b9dd5581fb57763f95545a5f1ebf4eaf3fad90b6daba5fc13fca655c572 |