e4d52884a348b211ebaab9018b286c9f7023abc349f229cc63fea89b5341341e

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 07:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ALGOI-la tabla de cálculos.xlsl.exe
Size

944KB
MD5

062aa320e3c137b1cbf7a95de8c06b6a
SHA1

7c342989469b31b75a26bcac6736483bf33aab43
SHA256

e4d52884a348b211ebaab9018b286c9f7023abc349f229cc63fea89b5341341e
SHA512

6de14698f531b010efc86bdf4a180d80231a5e0938710f4f55887d383a41de7656efb91799b35d36e8bff8dfe836e90ee832de798a3fd6e64718c759f8945181
SSDEEP

24576:y4MpPUeaHyRhYmK4vjOUu60o2Eflyw6/t:wMjeMcuK2Efllm

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe
1072	ALGOI-la tabla de cálculos.xlsl.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
33	drive.google.com
34	drive.google.com

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Tastaturteksten.ini	ALGOI-la tabla de cálculos.xlsl.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1072	ALGOI-la tabla de cálculos.xlsl.exe
1000	ALGOI-la tabla de cálculos.xlsl.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1072 set thread context of 1000	1072	ALGOI-la tabla de cálculos.xlsl.exe	635

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Kissemisseriet\vbnet.Fre	ALGOI-la tabla de cálculos.xlsl.exe
File opened for modification	C:\Windows\resources\selfed\Uncelibate.ini	ALGOI-la tabla de cálculos.xlsl.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
1072	ALGOI-la tabla de cálculos.xlsl.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 5072	1072	ALGOI-la tabla de cálculos.xlsl.exe	83
PID 1072 wrote to memory of 5072	1072	ALGOI-la tabla de cálculos.xlsl.exe	83
PID 1072 wrote to memory of 5072	1072	ALGOI-la tabla de cálculos.xlsl.exe	83
PID 1072 wrote to memory of 2132	1072	ALGOI-la tabla de cálculos.xlsl.exe	85
PID 1072 wrote to memory of 2132	1072	ALGOI-la tabla de cálculos.xlsl.exe	85
PID 1072 wrote to memory of 2132	1072	ALGOI-la tabla de cálculos.xlsl.exe	85
PID 1072 wrote to memory of 4376	1072	ALGOI-la tabla de cálculos.xlsl.exe	87
PID 1072 wrote to memory of 4376	1072	ALGOI-la tabla de cálculos.xlsl.exe	87
PID 1072 wrote to memory of 4376	1072	ALGOI-la tabla de cálculos.xlsl.exe	87
PID 1072 wrote to memory of 2044	1072	ALGOI-la tabla de cálculos.xlsl.exe	89
PID 1072 wrote to memory of 2044	1072	ALGOI-la tabla de cálculos.xlsl.exe	89
PID 1072 wrote to memory of 2044	1072	ALGOI-la tabla de cálculos.xlsl.exe	89
PID 1072 wrote to memory of 1032	1072	ALGOI-la tabla de cálculos.xlsl.exe	91
PID 1072 wrote to memory of 1032	1072	ALGOI-la tabla de cálculos.xlsl.exe	91
PID 1072 wrote to memory of 1032	1072	ALGOI-la tabla de cálculos.xlsl.exe	91
PID 1072 wrote to memory of 4160	1072	ALGOI-la tabla de cálculos.xlsl.exe	94
PID 1072 wrote to memory of 4160	1072	ALGOI-la tabla de cálculos.xlsl.exe	94
PID 1072 wrote to memory of 4160	1072	ALGOI-la tabla de cálculos.xlsl.exe	94
PID 1072 wrote to memory of 1820	1072	ALGOI-la tabla de cálculos.xlsl.exe	97
PID 1072 wrote to memory of 1820	1072	ALGOI-la tabla de cálculos.xlsl.exe	97
PID 1072 wrote to memory of 1820	1072	ALGOI-la tabla de cálculos.xlsl.exe	97
PID 1072 wrote to memory of 5036	1072	ALGOI-la tabla de cálculos.xlsl.exe	100
PID 1072 wrote to memory of 5036	1072	ALGOI-la tabla de cálculos.xlsl.exe	100
PID 1072 wrote to memory of 5036	1072	ALGOI-la tabla de cálculos.xlsl.exe	100
PID 1072 wrote to memory of 1516	1072	ALGOI-la tabla de cálculos.xlsl.exe	102
PID 1072 wrote to memory of 1516	1072	ALGOI-la tabla de cálculos.xlsl.exe	102
PID 1072 wrote to memory of 1516	1072	ALGOI-la tabla de cálculos.xlsl.exe	102
PID 1072 wrote to memory of 1352	1072	ALGOI-la tabla de cálculos.xlsl.exe	104
PID 1072 wrote to memory of 1352	1072	ALGOI-la tabla de cálculos.xlsl.exe	104
PID 1072 wrote to memory of 1352	1072	ALGOI-la tabla de cálculos.xlsl.exe	104
PID 1072 wrote to memory of 1892	1072	ALGOI-la tabla de cálculos.xlsl.exe	106
PID 1072 wrote to memory of 1892	1072	ALGOI-la tabla de cálculos.xlsl.exe	106
PID 1072 wrote to memory of 1892	1072	ALGOI-la tabla de cálculos.xlsl.exe	106
PID 1072 wrote to memory of 3640	1072	ALGOI-la tabla de cálculos.xlsl.exe	108
PID 1072 wrote to memory of 3640	1072	ALGOI-la tabla de cálculos.xlsl.exe	108
PID 1072 wrote to memory of 3640	1072	ALGOI-la tabla de cálculos.xlsl.exe	108
PID 1072 wrote to memory of 1608	1072	ALGOI-la tabla de cálculos.xlsl.exe	110
PID 1072 wrote to memory of 1608	1072	ALGOI-la tabla de cálculos.xlsl.exe	110
PID 1072 wrote to memory of 1608	1072	ALGOI-la tabla de cálculos.xlsl.exe	110
PID 1072 wrote to memory of 3372	1072	ALGOI-la tabla de cálculos.xlsl.exe	112
PID 1072 wrote to memory of 3372	1072	ALGOI-la tabla de cálculos.xlsl.exe	112
PID 1072 wrote to memory of 3372	1072	ALGOI-la tabla de cálculos.xlsl.exe	112
PID 1072 wrote to memory of 4032	1072	ALGOI-la tabla de cálculos.xlsl.exe	114
PID 1072 wrote to memory of 4032	1072	ALGOI-la tabla de cálculos.xlsl.exe	114
PID 1072 wrote to memory of 4032	1072	ALGOI-la tabla de cálculos.xlsl.exe	114
PID 1072 wrote to memory of 4568	1072	ALGOI-la tabla de cálculos.xlsl.exe	116
PID 1072 wrote to memory of 4568	1072	ALGOI-la tabla de cálculos.xlsl.exe	116
PID 1072 wrote to memory of 4568	1072	ALGOI-la tabla de cálculos.xlsl.exe	116
PID 1072 wrote to memory of 2004	1072	ALGOI-la tabla de cálculos.xlsl.exe	118
PID 1072 wrote to memory of 2004	1072	ALGOI-la tabla de cálculos.xlsl.exe	118
PID 1072 wrote to memory of 2004	1072	ALGOI-la tabla de cálculos.xlsl.exe	118
PID 1072 wrote to memory of 3856	1072	ALGOI-la tabla de cálculos.xlsl.exe	120
PID 1072 wrote to memory of 3856	1072	ALGOI-la tabla de cálculos.xlsl.exe	120
PID 1072 wrote to memory of 3856	1072	ALGOI-la tabla de cálculos.xlsl.exe	120
PID 1072 wrote to memory of 3396	1072	ALGOI-la tabla de cálculos.xlsl.exe	122
PID 1072 wrote to memory of 3396	1072	ALGOI-la tabla de cálculos.xlsl.exe	122
PID 1072 wrote to memory of 3396	1072	ALGOI-la tabla de cálculos.xlsl.exe	122
PID 1072 wrote to memory of 3816	1072	ALGOI-la tabla de cálculos.xlsl.exe	124
PID 1072 wrote to memory of 3816	1072	ALGOI-la tabla de cálculos.xlsl.exe	124
PID 1072 wrote to memory of 3816	1072	ALGOI-la tabla de cálculos.xlsl.exe	124
PID 1072 wrote to memory of 2232	1072	ALGOI-la tabla de cálculos.xlsl.exe	126
PID 1072 wrote to memory of 2232	1072	ALGOI-la tabla de cálculos.xlsl.exe	126
PID 1072 wrote to memory of 2232	1072	ALGOI-la tabla de cálculos.xlsl.exe	126
PID 1072 wrote to memory of 4672	1072	ALGOI-la tabla de cálculos.xlsl.exe	128

C:\Users\Admin\AppData\Local\Temp\ALGOI-la tabla de cálculos.xlsl.exe
"C:\Users\Admin\AppData\Local\Temp\ALGOI-la tabla de cálculos.xlsl.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x53^38"
  2⤵
  PID:5072
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x55^38"
  2⤵
  PID:2132
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x43^38"
  2⤵
  PID:4376
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:2044
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x15^38"
  2⤵
  PID:1032
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x14^38"
  2⤵
  PID:4160
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1C^38"
  2⤵
  PID:1820
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1C^38"
  2⤵
  PID:5036
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x75^38"
  2⤵
  PID:1516
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4E^38"
  2⤵
  PID:1352
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x49^38"
  2⤵
  PID:1892
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x51^38"
  2⤵
  PID:3640
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x71^38"
  2⤵
  PID:1608
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:3372
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x48^38"
  2⤵
  PID:4032
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x42^38"
  2⤵
  PID:4568
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x49^38"
  2⤵
  PID:2004
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x51^38"
  2⤵
  PID:3856
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0E^38"
  2⤵
  PID:3396
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:3816
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:2232
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x11^38"
  2⤵
  PID:4672
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:3092
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:2948
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:828
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0F^38"
  2⤵
  PID:1068
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x5F^38"
  2⤵
  PID:1224
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4B^38"
  2⤵
  PID:3020
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x55^38"
  2⤵
  PID:4748
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x50^38"
  2⤵
  PID:4132
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x45^38"
  2⤵
  PID:316
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:884
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x52^38"
  2⤵
  PID:452
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x08^38"
  2⤵
  PID:2924
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x42^38"
  2⤵
  PID:3804
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4A^38"
  2⤵
  PID:4088
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4A^38"
  2⤵
  PID:1916
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1C^38"
  2⤵
  PID:1304
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1C^38"
  2⤵
  PID:3396
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x79^38"
  2⤵
  PID:1388
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x49^38"
  2⤵
  PID:4944
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x56^38"
  2⤵
  PID:4724
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x43^38"
  2⤵
  PID:3068
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x48^38"
  2⤵
  PID:3096
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0E^38"
  2⤵
  PID:3652
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4B^38"
  2⤵
  PID:2696
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:4496
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:1664
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x12^38"
  2⤵
  PID:3808
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:2776
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:1524
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:1892
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:1824
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:3372
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:2304
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x5E^38"
  2⤵
  PID:3080
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1E^38"
  2⤵
  PID:2004
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:3820
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:3120
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:4432
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:3664
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:2036
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:4512
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:3096
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:1068
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x5E^38"
  2⤵
  PID:1224
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x17^38"
  2⤵
  PID:4396
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:3016
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:2936
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0F^38"
  2⤵
  PID:4044
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:2416
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x08^38"
  2⤵
  PID:1404
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:4860
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x13^38"
  2⤵
  PID:3628
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x5F^38"
  2⤵
  PID:1488
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x6D^38"
  2⤵
  PID:4852
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x63^38"
  2⤵
  PID:3552
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x74^38"
  2⤵
  PID:4844
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x68^38"
  2⤵
  PID:2716
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x63^38"
  2⤵
  PID:4048
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x6A^38"
  2⤵
  PID:5096
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x15^38"
  2⤵
  PID:3872
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x14^38"
  2⤵
  PID:3104
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1C^38"
  2⤵
  PID:4960
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1C^38"
  2⤵
  PID:3652
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x70^38"
  2⤵
  PID:2712
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:3784
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:1516
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x52^38"
  2⤵
  PID:1740
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x53^38"
  2⤵
  PID:528
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x47^38"
  2⤵
  PID:1892
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4A^38"
  2⤵
  PID:5076
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x67^38"
  2⤵
  PID:3636
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4A^38"
  2⤵
  PID:2160
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4A^38"
  2⤵
  PID:2216
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x49^38"
  2⤵
  PID:4848
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x45^38"
  2⤵
  PID:2492
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x63^38"
  2⤵
  PID:4356
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x5E^38"
  2⤵
  PID:3056
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0E^38"
  2⤵
  PID:3520
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:908
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:2132
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0B^38"
  2⤵
  PID:836
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x17^38"
  2⤵
  PID:4892
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:1820
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:3984
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:4132
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:1352
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:1980
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:1772
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:4856
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:1824
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1F^38"
  2⤵
  PID:3460
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x13^38"
  2⤵
  PID:3804
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1E^38"
  2⤵
  PID:4424
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x15^38"
  2⤵
  PID:4260
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1E^38"
  2⤵
  PID:3512
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x14^38"
  2⤵
  PID:3992
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:3076
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1E^38"
  2⤵
  PID:3056
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:3092
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:4140
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:4376
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:1288
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:768
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x5E^38"
  2⤵
  PID:2348
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x15^38"
  2⤵
  PID:2712
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:4492
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:1756
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:4600
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:1712
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:1492
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:2908
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:3628
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x10^38"
  2⤵
  PID:3392
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x12^38"
  2⤵
  PID:3080
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0F^38"
  2⤵
  PID:3812
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x56^38"
  2⤵
  PID:2408
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x08^38"
  2⤵
  PID:3948
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:2212
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x12^38"
  2⤵
  PID:3472
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x5F^38"
  2⤵
  PID:220
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4B^38"
  2⤵
  PID:4640
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x55^38"
  2⤵
  PID:3464
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x50^38"
  2⤵
  PID:836
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x45^38"
  2⤵
  PID:1068
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:216
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x52^38"
  2⤵
  PID:2812
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1C^38"
  2⤵
  PID:3784
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1C^38"
  2⤵
  PID:1516
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x79^38"
  2⤵
  PID:2776
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4A^38"
  2⤵
  PID:1524
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x55^38"
  2⤵
  PID:1624
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x43^38"
  2⤵
  PID:2380
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x43^38"
  2⤵
  PID:804
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4D^38"
  2⤵
  PID:3628
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0E^38"
  2⤵
  PID:3392
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:3724
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:1764
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:3596
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x13^38"
  2⤵
  PID:3396
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:4924
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:3088
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:2036
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:3976
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x11^38"
  2⤵
  PID:3464
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x17^38"
  2⤵
  PID:3096
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1F^38"
  2⤵
  PID:768
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:5036
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:4276
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:1376
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:2280
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:1280
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:2308
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:1892
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0F^38"
  2⤵
  PID:2056
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:2924
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x08^38"
  2⤵
  PID:2304
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:3944
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x11^38"
  2⤵
  PID:508
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x5F^38"
  2⤵
  PID:632
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4B^38"
  2⤵
  PID:4352
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x55^38"
  2⤵
  PID:4944
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x50^38"
  2⤵
  PID:2680
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x45^38"
  2⤵
  PID:2948
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:4640
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x52^38"
  2⤵
  PID:4444
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x08^38"
  2⤵
  PID:3464
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x42^38"
  2⤵
  PID:4072
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4A^38"
  2⤵
  PID:3388
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4A^38"
  2⤵
  PID:4748
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1C^38"
  2⤵
  PID:4280
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1C^38"
  2⤵
  PID:3352
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x79^38"
  2⤵
  PID:1740
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:884
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x43^38"
  2⤵
  PID:2308
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x47^38"
  2⤵
  PID:1492
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x42^38"
  2⤵
  PID:2628
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0E^38"
  2⤵
  PID:2452
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:2304
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:3944
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:508
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x13^38"
  2⤵
  PID:632
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:4352
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:4944
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:2680
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:220
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:2044
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x12^38"
  2⤵
  PID:4444
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:3464
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:1220
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:1664
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:1332
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1F^38"
  2⤵
  PID:5004
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x13^38"
  2⤵
  PID:316
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1E^38"
  2⤵
  PID:4600
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x15^38"
  2⤵
  PID:4332
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1E^38"
  2⤵
  PID:4508
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x14^38"
  2⤵
  PID:1492
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:2628
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1E^38"
  2⤵
  PID:3316
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0F^38"
  2⤵
  PID:3868
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x5F^38"
  2⤵
  PID:448
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x53^38"
  2⤵
  PID:632
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x55^38"
  2⤵
  PID:4908
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x43^38"
  2⤵
  PID:3520
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:724
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x15^38"
  2⤵
  PID:756
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x14^38"
  2⤵
  PID:8
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1C^38"
  2⤵
  PID:444
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x1C^38"
  2⤵
  PID:1068
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x65^38"
  2⤵
  PID:216
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x47^38"
  2⤵
  PID:2784
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4A^38"
  2⤵
  PID:3740
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4A^38"
  2⤵
  PID:2660
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x71^38"
  2⤵
  PID:2776
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:1608
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x48^38"
  2⤵
  PID:3636
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x42^38"
  2⤵
  PID:60
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x49^38"
  2⤵
  PID:3628
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x51^38"
  2⤵
  PID:2216
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x76^38"
  2⤵
  PID:4848
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:3820
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x49^38"
  2⤵
  PID:3596
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x45^38"
  2⤵
  PID:4352
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x67^38"
  2⤵
  PID:4924
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0E^38"
  2⤵
  PID:3088
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:2036
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:3844
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x54^38"
  2⤵
  PID:3020
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x12^38"
  2⤵
  PID:1224
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:3600
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:4396
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:1332
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:5004
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:4520
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:1280
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:4392
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:1892
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:2056
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:3500
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:2304
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:1976
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:4544
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:2988
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0A^38"
  2⤵
  PID:5072
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:3104
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x4F^38"
  2⤵
  PID:1060
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x06^38"
  2⤵
  PID:4632
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x16^38"
  2⤵
  PID:2696
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x0F^38"
  2⤵
  PID:2816
- C:\Windows\SysWOW64\cmd.exe
  cmd /c set /a "0x5F^38"
  2⤵
  PID:1872
- C:\Users\Admin\AppData\Local\Temp\ALGOI-la tabla de cálculos.xlsl.exe
  "C:\Users\Admin\AppData\Local\Temp\ALGOI-la tabla de cálculos.xlsl.exe"
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd6766.tmp\System.dll

Filesize
11KB

MD5
a436db0c473a087eb61ff5c53c34ba27

SHA1
65ea67e424e75f5065132b539c8b2eda88aa0506

SHA256
75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49

SHA512
908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6766.tmp\nsExec.dll

Filesize
6KB

MD5
14f5984b926208de2aafb55dd9971d4a

SHA1
e5afe0b80568135d3e259c73f93947d758a7b980

SHA256
030bcfa82e3bb424835a5fa53a3ff17ab08557d3bbeea4815313036fc4bdafe1

SHA512
e9ec97dd57ead871789d49ed38d9fde5f31d3cb2547810cae49a736e06b9f9b28cf8efea825eb83c3e07d880ee798abfb9069c6957416d5973c83e4531814e27

Download Submit
memory/1000-1144-0x0000000000400000-0x0000000001654000-memory.dmp

Filesize
18.3MB

Download
memory/1000-1157-0x0000000000400000-0x0000000001654000-memory.dmp

Filesize
18.3MB

Download